7 node [style=filled,color=white];
26 //start [shape=Mdiamond];
27 //end [shape=Msquare];
35 label="Collector(Init)"
36 node [style=filled, color=gray]
39 platform_new [color=green]
40 platform_boot_bios [label="Enable TPM (BIOS conf)",color=green]
41 platform_running_1st [color=green]
44 tpm_takeownership[label="tpm_takeownership -y -z",shape=box]
46 tss_config [label="Config tcsd\n/etc/tcsd.conf\nservice tcsd restart",shape=note]
47 iml2text [label="iml2text\n(should dump the IML)",shape=box]
48 iml2text_error [color=orange]
51 ptsc_error_config [color=orange, label="Config error\nManifest error\nTPM error"]
54 group_config [label="groupadd ptsc\nusermod -a -G ptsc account",shape=box]
55 ptsc_config [label="Config ptsc\n/etc/ptsc.conf",shape=note]
56 ptsc_init [label="ptsc -i\n(init)", color=yellow,shape=box]
57 ptsc_selftest0 [label="ptsc -t\n(selftest)", color=yellow,shape=box]
60 platform_new -> platform_boot_bios [label="first boot"]
61 platform_boot_bios -> platform_running_1st [label="first boot"]
62 platform_running_1st -> tpm_takeownership [label="first boot"]
63 tpm_takeownership -> tss_config
64 tss_config -> group_config
66 tss_config -> iml2text
67 iml2text -> iml2text_error [label="missing IML"]
68 iml2text_error -> tss_config
70 {rank=same; tss_config; iml2text;}
72 group_config -> ptsc_config
75 ptsc_config -> ptsc_init
76 ptsc_init -> ptsc_error_config [label="fail"]
77 ptsc_error_config -> ptsc_config
78 ptsc_init -> ptsc_selftest0
79 ptsc_selftest0 -> ptsc_error_config [label="fail"]
81 {rank=same; ptsc_config; ptsc_init;}
82 {rank=same; ptsc_selftest0; ptsc_error_config;}
88 label="Collector(Operation)"
89 node [style=filled, color=gray]
95 platform_running [label="Running\n(w/ consistent IML and RM)",color=green]
96 platform_update [label="Update/Attack\ne.g. BIOS update",color=orange]
97 platform_update_running [label="Running\n(w/ inconsistent IML and RM)",color=orange]
98 platform_update_boot [label="Boot\n(Unknown sequence)",color=orange]
99 platform_shoutdown [label="Shoutdown"]
100 platform_boot [label="Boot\n(Known sequence)",color=green]
103 platform_running -> platform_shoutdown
104 platform_shoutdown -> platform_boot
105 platform_boot -> platform_running [label="(w/ consistent IML)"]
107 platform_running -> platform_update [label="(legitimate change OR attack)"]
108 platform_update -> platform_update_boot [label="(reboot w/ new boot components)"]
109 platform_update_boot -> platform_update_running [label="(w/ inconsistent IML)"]
110 platform_update_running -> platform_shoutdown
112 platform_update -> ptsc_autoupdate
114 {rank=same; platform_boot; platform_update_boot;}
115 {rank=same; platform_running; platform_update_running;}
123 ptsc_valid [label="Valid",color=green]
124 ptsc_invalid [label="Invalid",color=orange]
125 ptsc_error [label="ERROR",color=orange]
126 ptsc_attack [label="ATTACKED",color=red]
127 ptsc_s_update [label="Legitimate Update",color=orange]
130 ptsc_selftest [label="ptsc -t\n(selftest)", color=yellow,shape=box]
131 ptsc_startup [label="ptsc -s\n(startup)", color=yellow,shape=box]
132 ptsc_display [label="ptsc -D\n(status)",shape=box]
133 ptsc_update [label="ptsc -u\n(update)", color=yellow,shape=box]
134 ptsc_autoupdate [label="ptsc -U\n(auto update)", color=yellow,shape=box]
135 ptsc_ifm [label="SSH(ptsc -m)", color=yellow,shape=box]
136 ptsc_clear [label="ptsc -e",shape=box]
139 {rank=same; ptsc_valid; ptsc_invalid;ptsc_attack;}
140 {rank=same; ptsc_error; ptsc_s_update;}
142 {rank=same; ptsc_startup; ptsc_update;ptsc_display; ptsc_selftest;}
148 platform_running -> ptsc_startup
149 ptsc_startup -> ptsc_valid [label="success"]
151 platform_update_running -> ptsc_startup
152 ptsc_startup -> ptsc_invalid [label="fail"]
153 // ptsc_invalid -> ptsc_update [label="update host manifest\n(legitimate change)"]
154 ptsc_update -> ptsc_valid
156 //ptsc_valid -> ptsc_display;
157 //ptsc_invalid -> ptsc_display;
159 //ptsc_valid -> ptsc_selftest
161 //ptsc_valid -> ptsc_clear -> ptsc_null
162 // ptsc_invalid -> ptsc_selftest
163 ptsc_invalid -> ptsc_s_update
164 ptsc_invalid -> ptsc_error
166 //ptsc_selftest -> ptsc_error
167 //ptsc_selftest -> ptsc_s_update
168 ptsc_s_update -> ptsc_update [label="update host manifest\n(legitimate change)"]
169 ptsc_invalid -> ptsc_attack
171 ptsc_error -> ptsc_clear [label="reset ptsc"]
172 // ptsc_invalid -> ptsc_attack
173 ptsc_clear -> ptsc_null
175 ptsc_valid -> ptsc_ifm
176 ptsc_invalid -> ptsc_ifm
184 label="Verifier(enroll)"
185 node [style=filled, color=gray]
192 verifier_new->ssh_keygen->ssh_copyid-> ssh_ready
194 openpts_enroll [label="openpts -i [-f] hostname", color=yellow,shape=box]
195 openpts_enroll_error [label="ERROR",color=orange]
196 openpts_enroll_fix [label="FIX",color=orange]
198 openpts_enroll -> openpts_enroll_error [label="SSH Error, IFM error"]
199 openpts_enroll_error -> openpts_enroll_fix
200 openpts_enroll_fix -> openpts_enroll
202 {rank=same; openpts_enroll_error; openpts_enroll_fix;}
206 label="Verifier(operation)"
207 node [style=filled, color=gray]
209 openpts_verify [label="openpts [-v] hostname\n(verify)", color=yellow,shape=box]
210 openpts_remove [label="openpts -r hostname",shape=box]
211 openpts_display [label="openpts -D hostname",shape=box]
212 openpts_enroll_force [label="openpts -i -f hostname", color=yellow,shape=box]
214 openpts_valid [color=green]
215 openpts_invalid [color=orange]
216 openpts_update [color=orange]
217 openpts_error [color=orange]
218 openpts_attack [color=red]
219 openpts_null [label="Fix the problem and Enroll again"]
221 ssh_ready -> openpts_enroll
222 openpts_enroll -> openpts_valid
223 //openpts_enroll -> openpts_enroll_force
224 openpts_enroll_force -> openpts_valid
228 openpts_remove -> openpts_null
230 //openpts_valid -> openpts_display
231 //openpts_valid -> openpts_display
232 //openpts_null -> openpts_display [label="empty"]
234 openpts_verify -> openpts_valid [label="Valid"]
235 openpts_verify -> openpts_invalid [label="Invalid"]
236 openpts_invalid -> openpts_error [label="ERROR"]
237 openpts_invalid -> openpts_update [label="legitimate change"]
238 openpts_update -> openpts_enroll_force [label="update host manifest\n(legitimate change)"]
239 openpts_invalid -> openpts_attack [label="invesigate the host"]
240 openpts_error -> openpts_remove [label="delete odd host"]
241 //openpts_remove -> openpts_null
243 //openpts_null -> openpts_enroll
244 //openpts_null -> openpts_verify [label="ERROR"]
246 {rank=same; openpts_verify; openpts_display;}
247 {rank=same; openpts_valid; openpts_invalid; openpts_attack;}
248 {rank=same; openpts_remove; openpts_enroll_force;}
252 ptsc_init -> ptsc_valid
253 ptsc_null -> ptsc_init
255 //NG {rank=same2; platform_running_1st; platform_running;}
257 openpts_verify -> ptsc_ifm [label="IF-M over SSH",dir=both]