Measurement set in ComponentIntegrity

sajek
Minnow

Posts: 11

Measurement set in ComponentIntegrity Jan 8, 2024 11:48:18 GMT

Quote

Post by sajek on Jan 8, 2024 11:48:18 GMT

Hello,

In the ComponentIntegrity schema, there is a property field:- LastUpdated, which shows the date and time when information for the component was last updated. Similarly, each of the measurements in the measurement set also having this information. i.e, each of these measurements will have LastUpdated field.

Does it means that, the collected measurement is a cached value? In the componentintegrity schema, is there any option to fetch the latest measurement from the component? If there's no option available to fetch the latest measurement from the component, how do we update the measurement and update the LastUpdated field?

mraineri
Administrator

Posts: 1,056

Measurement set in ComponentIntegrity Jan 8, 2024 13:44:43 GMT sajek likes this

Quote

Post by mraineri on Jan 8, 2024 13:44:43 GMT

Yes, it's cached based on the manager's policy for how often it will query the device's measurements. The measurements obtained via GET operations are intended to surface data the manager has collected. It's not possible to force a manager to update these values on demand via the standard, much like how there's no mechanism to force new sensor values in various metrics resources.

However, if you want to get fresh measurements, you can use the SPDMGetSignedMeasurements or TPMGetSignedMeasurements actions (depending on the type of device in question). This action guarantees that the client receives the current measurements on the device.

sajek
Minnow

Posts: 11

Measurement set in ComponentIntegrity Jan 9, 2024 9:43:32 GMT

Quote

Post by sajek on Jan 9, 2024 9:43:32 GMT

Thanks for you reply.

The device in question was an SPDM device. As you suggested, we need to use SPDMGetSignedMeasurements to fetch the fresh measurements from the SPDM device.

So, the initial measurement collection also will be dependent on the manager's policy. Isn't it?

mraineri
Administrator

Posts: 1,056

Measurement set in ComponentIntegrity Jan 9, 2024 13:53:05 GMT sajek likes this

Quote

Post by mraineri on Jan 9, 2024 13:53:05 GMT

I would expect the GET responses to always be based on the manager's policy. While SPDMGetSignedMeasurements does collect fresh measurements, they are signed based on a client-specified nonce, and I wouldn't expect the manager to refresh what it's showing in the GET response for the resource based on the SPDMGetSignedMeasurements action usage.

sajek Minnow Posts: 11	Measurement set in ComponentIntegrity Jan 10, 2024 4:43:02 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by sajek on Jan 10, 2024 4:43:02 GMT Thanks for the clarification.

Post by sajek on Jan 8, 2024 11:48:18 GMT

Post by mraineri on Jan 8, 2024 13:44:43 GMT

Post by sajek on Jan 9, 2024 9:43:32 GMT

Post by mraineri on Jan 9, 2024 13:53:05 GMT

Post by sajek on Jan 10, 2024 4:43:02 GMT