When you upgrade the firmware or apply security patches to your gateway, the golden profile of your gateway changes, but this action does not qualify as file tampering. To avoid attestation failures for such instances, create a security profile corresponding to the change and apply it to all the gateway devices that require an upgrade using campaigns.
- Create a security profile corresponding to the file change.
- Create an IoTC Package with a label added to the package-spec.yml file. For example:
# This is a simple array of strings which are just that - labels by # which you could search a package in VMware Pulse IoT Center labels: - security-profile-id:eaa7f966-2915-480f-bf73-2524e019a96dNote: The
security-profile-id: <label>must match the security profile ID that you create in step 1.
- Upload the package to VMware Pulse IoT Center. For information about uploading IoTC Packages, see #GUID-8D88204B-0B3E-4FFA-AED3-ED515CC337C7.
- To apply updates to all gateway devices that require an update, create a campaign with the appropriate query. For information about creating campaigns, see Create a Campaign.
- Run the campaign.
- After the campaign runs successfully, click an updated gateway device and verify that the
security-profile-idis updated under Custom Properties.Note: For the attestation configuration to take effect, you must reboot the upgraded devices by running the following script when the campaign is in the ACTIVATE phase:
now="date" echo $now >> /tmp/activtion.log 2>&1 echo "Starting Activation for Updating Security Profile" >> /tmp/activtion.log 2>&1 sudo shutdown -r +1 >> /tmp/activtion.log 2>&1 echo 0
You have successfully applied a security profile across multiple gateway devices using campaigns.