| Component |
Purpose |
Description |
| Trusted deployment |
Trusted environment for first installation |
The Edge Device is delivered with a fully installed Industrial Edge Device OS (IED‑OS), secured by default from the manufacturer site.* |
| Secure Boot |
Verified boot artifacts |
With Secure Boot, UEFI will only launch verified and unaltered Industrial Edge boot artifacts which are digitally signed by Siemens. |
| IMA |
Linux Integrity Measurement Architecture |
Industrial Edge implements the Linux Integrity Measurement Architecture (IMA) to guarantee the integrity of the loaded modules. |
| Measured boot |
Measure trusted boot and update channels |
The measured boot checks the integrity of the whole boot chain and compares it with the trusted initial deployment. The fingerprints are stored in crypto hardware. |
| Digital signatures for Industrial Edge software artifacts |
Integrity and authenticity of the software artifacts |
CMS (Cryptographic Message Syntax) signatures and dedicated Industrial Edge code signing certificates ensure that the code has not been corrupted and the origin of the software has not been altered. |
| Secure onboarding |
Trust establishment from Edge Devices to the Industrial Edge Management |
The onboarding process is secured by an expiry token which must be transferred from the Industrial Edge Management to the IED. The operator is responsible for protecting the token from unauthorized access during the transfer. |
| System update |
Keep the system updated and secure. Possible from the IEM and schedule possible. |
A remote system update functionality is provided by the Ecosystem. The operator of the Industrial Edge Management is notified on the availability of new updates. The operator is responsible for keeping the system up to date. This is an optional feature for device builders. |
| *planned |