Re: [EAT] [Rats] Real EAT implementations

Suresh Marisetty <> Mon, 08 October 2018 03:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 072A6128766; Sun, 7 Oct 2018 20:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bRc-JBmX26WC; Sun, 7 Oct 2018 20:15:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 992071200D7; Sun, 7 Oct 2018 20:15:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NZmm66fJ9MzqBFrQOAwkPx80nAfiyzaNUiGuNy+QuQs=; b=LGcl/XWcjMG/1yNLK4lEsRZVdhWAmZyEBxtP9aLgIBy8G15C3Soqo6Z54Dfc0q1wYY29VY2hoWqAIfP7hoqy7Bi3wM0bXP9C5MhFh60i7gjEHuMtnd6e7ZBf/jGn7bKox3OeGWbYVGDBRLnsxoIntPe1EOkLIyQDNs13aW3GSdo=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.21; Mon, 8 Oct 2018 03:15:43 +0000
Received: from ([fe80::f4d7:1902:be2f:c087]) by ([fe80::f4d7:1902:be2f:c087%4]) with mapi id 15.20.1207.024; Mon, 8 Oct 2018 03:15:42 +0000
From: Suresh Marisetty <>
To: Hannes Tschofenig <>, Michael Richardson <>, "" <>, "" <>
Thread-Topic: [EAT] [Rats] Real EAT implementations
Thread-Index: AQHUXZpWDpOZ71LwM02HMmb6pZBuSqUTqvgAgAEDBYA=
Date: Mon, 8 Oct 2018 03:15:42 +0000
Message-ID: <>
References: <> <30469.1538847042@localhost> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB7PR08MB3098; 6:tYndAIoFNZQoh1bpRPFsQrcwLU4SfN0A+WSkG1HuXaJMpY/b8CWsMGqLmTznhT+jK8yuVARhGP1a12HLURun07+0HubO+dE/dh9rXpDw6QnbLkodEPdt5tcO2uY0B+csb8sNeRtz7ZqcCT8aTsRSVOypkq5n7qYoYNXda11baOwURzUgJ1IMjiie5rJfkmRZz3Nbk3CqlTnrzK822QyODRDQXZjIVO0BWTbnvzVCmye4Dyn3U2YEuAWEPCs8yvude8m9Mn6drJ6StgLB01T+d6yNABifW3IS6ylhZj55oeHmpNbZgQfKgrbcD9hfacYJkvceb8IyT/0nDuS+xSkDMfj7/JkG9g+ELtdkOcrwcgynC3omH/Oat6pC2uJ2IKEMeddWPyBemHVZm4yefvR9Op284um9+qFdT9EScU2d1kHHXRvZHqS2hx8Mi9xtVE6gJb+Fw0hQlvYOepF3psgscg==; 5:ex994y/nhjhj+XKs9FZfJpvimmsYfyzCBArTCksE9ObjglrwsAfFtEPVF37F4EBDE/EzpZTw87KRUthQm755yE8GOVy45E+1VTvhQq64nTppN5AeqnlTltCKFVuDYrFaSHqcDJecCT0xQ/K2DY79ywdKxBwC5rRxWbCnWn/bDlw=; 7:3WEfwSdACb0YQ9gw6ruvUGuj5B22ct0dDDH0aL84lNL61BOiQIBouQ1/XATYP7x6dPUP9tE4wVIlYzRj/IC/ItueH4957TQMtPi6nPPXH/WY95EgB8nP0tPWmq42zEY8bg+l37P6/Q68QDI3aiyyVPrSs8NVKLCgKhJQKJhoqWI3mxmPVog7w1Uy+77aMMvGNnGKL+r+dDjMf+d+YotTAyenvzdlWEtXk59UjP+qgh5O6cMRKGmVclgTircLc4Oo
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-ms-office365-filtering-correlation-id: 79aa3c48-3746-484a-42b9-08d62ccc54e4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB7PR08MB3098;
x-ms-traffictypediagnostic: DB7PR08MB3098:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(192374486261705)(11711142671493)(180628864354917);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231355)(944501410)(52105095)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(201708071742011)(7699051); SRVR:DB7PR08MB3098; BCL:0; PCL:0; RULEID:; SRVR:DB7PR08MB3098;
x-forefront-prvs: 081904387B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39850400004)(136003)(376002)(396003)(346002)(40434004)(199004)(189003)(13464003)(110136005)(316002)(8676002)(486006)(229853002)(74316002)(7736002)(305945005)(14454004)(256004)(2900100001)(7696005)(33656002)(6436002)(966005)(478600001)(53936002)(71200400001)(66066001)(68736007)(14444005)(99286004)(72206003)(9686003)(76176011)(5024004)(11346002)(476003)(2906002)(71190400001)(6306002)(55016002)(81166006)(81156014)(26005)(106356001)(105586002)(8936002)(5250100002)(102836004)(2501003)(3846002)(6116002)(5660300001)(53546011)(6246003)(186003)(86362001)(6506007)(25786009)(446003)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR08MB3098;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: qf/KFXEh3zXqJ5aql79rTtF66W/bkggYZZFJNqZW+z0THrwUziWcGMSYeq7WqM/7ho9QxIvwP8+/1W7cD5/y/ZVY5GgLa6Cyic+446vtXIXtKymV+Z4yHsUJrMP10rPlFml9jNhIUCIdek1sGI4BiShEh0xIQeAUVBlBAfoSHDZ89siNUbw/WSAkBWiluHz1unJjXt8b9EOytx3JwCHBnri/8DHQv+nIvrjq31e5mvMbsz/YLM7nNkcbR8fE9Bgi+s/28sARB3GsnqcqY51npRvC1Yw0ZgL5YZEaT55+jkTsSjgub4X8VIEXL0lyWoFmm0aO04qJsvy3YvtmOy4Js0vkiQ3woy4dv21//Zc3udQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 79aa3c48-3746-484a-42b9-08d62ccc54e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2018 03:15:42.8074 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3098
Archived-At: <>
Subject: Re: [EAT] [Rats] Real EAT implementations
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EAT - Entity Attestation Token <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Oct 2018 03:15:49 -0000


Like Jeremy informed in another thread, GlobalPlatform is aligning with these standard claims and working on API definition as well as part of the Trusted Platform Services committee.

In synch up with above, Arm Platform Security Architecture is also aligning with it.

Defining the base claims and standardizing them is a win-win in the IoT space specifically, to reduce market fragmentation and promote interoperability with Cloud Relying Parties/Verifiers.

Suresh Marisetty

-----Original Message-----
From: EAT <> On Behalf Of Hannes Tschofenig
Sent: Sunday, October 7, 2018 4:44 AM
To: Michael Richardson <>ca>;;
Subject: Re: [EAT] [Rats] Real EAT implementations

Hi Michael,

Arm has launched the Platform Security Architecture (PSA) at Arm TechCon 2017 with the goal to improve IoT security.
It is a fairly broad effort clustered into three areas, namely an analysis, architecture and implementation phase. For the first phase we provide templates for threat analysis to derive security requirements. For the architecture phase we offer hardware specifications. For the third phase we offer code.

The Linaro foundation has started a project for firmware development on these Cortex M-class devices (called Trusted Firmware M, or TF-M), see The TF-M is the place where we are implement the EAT token functionality (as part of the attestation API). There are also other APIs, such as crypto and secure storage.
Since the attestation API not only allows an application to access attestation functionality locally on the device but also to expose these attestation tokens to other services there is an interoperability problem. The Qualcomm-developed token format, which re-uses existing IETF technology, showed up at the right time for us and we believe it is a good approach. For this reason we support draft-ietf-mandyam-eat.

The TF-M implementation and the work we do on attestation feels pretty real to me. We hope that many companies implementing IoT products want to make use of the TF-M code as a foundation to make their devices more secure.


PS: More details about the PSA can be found at If you happen to be in San Jose in the week of 16th - 18th October Arm and its partners will talk about the recent developments around the PSA (and IoT security in general) at Arm TechCon.

-----Original Message-----
From: EAT <> On Behalf Of Michael Richardson
Sent: Saturday, October 6, 2018 7:31 PM
Subject: Re: [EAT] [Rats] Real EAT implementations

Laurence Lundblade <> wrote:
    > I believe one of the area directors asked who’s going to implement
    > these attestation schemes we standardize. One answer is Qualcomm’s
    > already commercialized precursor implementation of EAT which is
    > described very briefly in official marketing material on Qualcomm’s
    > web site as “Hardware Token”.

I see this as evidence:
  1) the market doesn't need/want a standard
  2) Qualcomm isn't going to implement our standard, they already have their own.

Now that could be trivially be refuted if we saw clear participation from qualcomm, but I haven't seen it yet.  But, maybe I missed it.

I await the charter.
So far I haven't seen something that is concrete enough to be useful on its own.

Michael Richardson <>ca>, Sandelman Software Works  -= IPv6 IoT consulting =-

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
EAT mailing list
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.