\chapter{Conclusion and Outlook}
\label{cha:conclusion}

\section{Future Work}
\begin{itemize}
  \item Remove building tools on target device - just deliver binaries
  \item Remove complex runtime environments like Java, Python, etc. to reduce bloating the integrity logs
  \item Set file system read only, just use e.g. a ramdisk for working files
  \item Integrate USB sensors into the trusted/integrity environment, including device firmware.
\end{itemize}
\subsection{Closing the chain of trust between TPM manufacturer and DAA issuer}
Activate a credential with to certify that the Membership key is in the Endorsement hierarchy, which can be verified with the TPM certificate.
\begin{itemize}
  \item Theoretical concept in the \emph{Practical Guide to TPM 2.0, pp 109 ff}
  \item Practical approach: with EK, AK and AIK to show validity of EK:\\ \url{https://ericchiang.github.io/post/tpm-keys/?utm_campaign=Go%20Full-Stack&utm_medium=email&utm_source=Revue%20newsletter#credential-activation}
  \end{itemize}

  Further integration in the Digidow environment if DAA is useful for that.

  \section{Outlook}
  Hardening of the system beyond IMA useful.
  Minimization also useful, because the logging gets shorter.