Re: [Fud] Charter Text

Hannes Tschofenig <> Tue, 08 August 2017 10:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4250F132198 for <>; Tue, 8 Aug 2017 03:39:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HWCXRjLH1oZd for <>; Tue, 8 Aug 2017 03:39:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F082132193 for <>; Tue, 8 Aug 2017 03:39:28 -0700 (PDT)
Received: from [] ([]) by (mrgmx002 []) with ESMTPSA (Nemesis) id 0M6jMS-1dSq7F3uGi-00wR7M; Tue, 08 Aug 2017 12:39:18 +0200
To: Olaf Bergmann <>, Emmanuel Baccelli <>
References: <> <> <>
From: Hannes Tschofenig <>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <>
Date: Tue, 8 Aug 2017 12:39:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:VzjL3aAgs/s3gIqH9CS3EDR+tmVNkn+qlrULiahEvs0a+XCESq3 f7fj/Sw5Ynqeg50fPSsOy37Vl1wzUTUcQEd3QMnEI3ApdJrEVWp5POKSVHIJIVbQfesbJpN GrjslNFjIcY6E73uSncQ8Fd5OfmQe0FPRENJVWc10fMwVYnrO1H6beeA/TVWyqTkObuk2yl QK0lWgBI+qZEEtWck3M3A==
X-UI-Out-Filterresults: notjunk:1;V01:K0:0vW0zSbZKaw=:j0KP21IpMTWDHqb10VUvsK cTUA4tkZWUwrK/DUpPyenj2c9xFCM/OlkQubkW5RV8PDJUFPiekfi2+SzCEkrZkVgiD57Tw/p tUQytZDXuSKNPH9rJ/V1tQLfQz1MXgcFDezS2OIoTqQQjSm4DMiD42FM3c3Rq7o8eVQAFCqqV Wny/fLpUKztTVtkp8r2WE0fJzTYrjEJw9HXa7TKr2V2lKzKeHyZG/7mZ8l8hb4NhNlbVDYUoJ QFrpVvKb11PIEzf2Jr1jvc9cBsPJGXiqJX+UKbERQFU8r2+YyvCn4f9cY3P/43lx4TMzaw700 nsGY+rSBkjHldYJuirRSKHordke8ocf8uNRVmmuLJlbPKPjQ9M7hdpKF3ttp3po7iOSgopuy7 IhkI7QQPBE74o2RucIP71zYdUyO7WLaaRUrSNmECzSvYymuPVwZbGp/KCfPT85N9RB5cPCdX9 t+GO08nZ8jl+71OXb5LsD59V2HwgjUjn/dm+o6zTFJXNQoXRoZZ9JVLl8EPkoPdLWkapoJHrE AKVCGwYtVMw1nqMk71HDJPsibGYieSCpMpeQO316jNRWDaC+noVrJj/Hk4FHz3ziH13F+dvoN opDiSMJEoYjcpnxrtjxQODe9phHq4DrPjV9nTNkPLswO41usi2ksb8wUbYE3bVmYzkJVCewqM GH8arS+UjfpQ9H/xOsjRX1FflEPsMsaIZ9az61OLcSy6tyupmcOLFvBnbE7X09r8jvF7rvyKJ WQo4XGQHI6xmEWVoSIjCRTuZEWN6ov29slLZJpFZU6247A6Pg5IiKauh2A9eCTRt52YSu9APL S12IZYH4zyIie55avpPslxPUKadmPwyC2BDHuOYJPS+t2FrRBI=
Archived-At: <>
Subject: Re: [Fud] Charter Text
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FUD - Firmware Updating Description <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Aug 2017 10:39:30 -0000

Hi Olaf,

>> - we have the case of software updates, not only firmware updates, so
>> I'd rather we talk about the more general case of software updates. Is
>> there a strong reason against this?
> This is more a question of whether a module is regarded as part of the
> firmware (cf. "firmware package" in the text). Some application-specific
> JavaScript code may or may not fall under this category. (You could,
> e.g., discuss if Ethereum contracts are "software" in this sense. But I
> am not sure that this would be addressed in this WG?)

I believe Emmanuel needs to tell us a bit more about the use case he has
in mind.

The use cases I would like to cover are:

- a developer creates a single firmware image, which may consist of
source code from various parties and may also contain binaries from
third parties.

- a developer creates multiple firmware images (since the device has
multiple microcontrollers that need to be updated).

In this model the update service on a microcontroller gets code from a
single source only (at least for the device it appears so since it does
not know whether an included library was written by a different developer).

What I specifically want to exclude is a model like JavaScript where you
can get code from multiple different sources dynamically during code
execution. Not only does this lead to challenges for code execution on
these constrained devices but it also raises all sorts of security
issues, which are difficult to solve on these low end devices. While
there are isolation techniques available (like the MPU on Cortex M class
devices and TrustZone for v8-M in upcoming devices) they have their limits.


PS: I consider Smart Contracts also outside the scope of this group.
Maybe an IRTF research group should work on them.

> Grüße
> Olaf