Re: [Rats] [sacm] CoSWID and EAT and CWT
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 28 November 2019 12:22 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 975A7120845 for <rats@ietfa.amsl.com>; Thu, 28 Nov 2019 04:22:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bibDIniHvrIi for <rats@ietfa.amsl.com>; Thu, 28 Nov 2019 04:22:28 -0800 (PST)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B584120841 for <rats@ietf.org>; Thu, 28 Nov 2019 04:22:27 -0800 (PST)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id xASCMLAa002163 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Thu, 28 Nov 2019 13:22:22 +0100
Received: from [192.168.178.8] (134.102.43.219) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Thu, 28 Nov 2019 13:22:16 +0100
To: Adrian Shaw <Adrian.Shaw@arm.com>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
References: <2A12D8A3-722A-44D1-8011-218C89C8B50B@island-resort.com> <VI1PR08MB5360236E3583EBD3A78085EDFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <60C4E362-02FD-4DDF-BFB4-D09D358282D4@arm.com> <b5bca8a7-7e7c-4432-a1be-6cf1fc21c352@sit.fraunhofer.de> <05D67FD7-B95E-4716-B844-2F2F3A09030F@arm.com> <BB362412-1C0B-4BF6-99FF-6BE210C939B5@arm.com> <2bc157dd-deb6-9fb8-40b4-7e10722545e6@sit.fraunhofer.de> <20047.1574929414@dooku.sandelman.ca> <0d31154b-e85c-f352-2c59-08d4a0070bb6@sit.fraunhofer.de> <516500FB-3176-4527-B686-0FB7FCE62086@arm.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <25edb1da-774a-6c55-b80e-f65b93aefc86@sit.fraunhofer.de>
Date: Thu, 28 Nov 2019 13:22:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <516500FB-3176-4527-B686-0FB7FCE62086@arm.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.43.219]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/3O0-XoSCyB6eqRb9om5KF2YgLLo>
Subject: Re: [Rats] [sacm] CoSWID and EAT and CWT
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 12:22:30 -0000
Ah! Yes, updating a Trusted Application in a TEE is way way easier than updating an "early stage boot loaders and the image signing systems". I also totally agree with that. Somehow my point of view came from the other side around. But the same is true for creating EAT, right? Or is it easier for "early stage boot loaders and the image signing systems" to create EAT than to process SUIT. I think that is intended to be the conclusion here, if I am not mistaken, but I do not yet understand why that is the case. Viele Grüße, Henk On 28.11.19 12:39, Adrian Shaw wrote: > Hi Henk, > > The scenario that Michael described was one I had in mind. It is much easier to update a TA or a TEE to support EAT on an existing system than it is to update the early stage boot loaders and the image signing systems in order to support SUIT. > > Glad that you somewhat agree :-) > > Adrian > >> On 28 Nov 2019, at 08:40, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote: >> >> I am not convinced that the gap is as big as illustrated. >> >> Maybe because I need a use case description why the "boot/recovery roms" are already creating EAT and not a software component running in the TEE. >> >> Creating Measurements & Creating EAT are not tightly coupled time-wise, is my assumption today, for example in a cell-phone, I'd assume today. >> >> I am in full agreement, that the entire SUIT Manifest would be over-kill in the stages "boot/recovery roms". Although, I know of recovery roms that do exactly that: retrieving a SUTI Manifest including firmware to do... well recovery. >> >> Viele Grüße, >> >> Henk >> >> On 28.11.19 09:23, Michael Richardson wrote: >>> Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote: >>> > to your first point: I am not sure what legacy systems that would be able to >>> > create/process EAT would not be able to process a SUIT manifest. Could you >>> > elaborate on that? >>> I think that an example is in your hand, a smartphone. >>> I think that their boot/recovery roms do not process SUIT today, but it would >>> be possible to generate measurements in EAT format as to what is running >>> if the measurements are available. >>> > I'd maybe not call that a dependency, but rather synergy >>> > in data models, but I am under the suspicion that I simply don't understand >>> > the scenario that you are talking about. >>> I think that the synnergy makes sense to me. >>> Just because we describe what is running using SUIT terminology and >>> constructs does not mean that we have use the entire Manifest. >>> -- >>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works >>> -= IPv6 IoT consulting =- >>> _______________________________________________ >>> RATS mailing list >>> RATS@ietf.org >>> https://www.ietf.org/mailman/listinfo/rats >> >> _______________________________________________ >> RATS mailing list >> RATS@ietf.org >> https://www.ietf.org/mailman/listinfo/rats > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. >
- [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] CoSWID and EAT and CWT Ira McDonald
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [Rats] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] CoSWID and EAT and CWT Hannes Tschofenig
- Re: [Rats] [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] [sacm] CoSWID and EAT and CWT Adrian Shaw
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Adrian Shaw
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Thomas Fossati
- Re: [Rats] [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] [sacm] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Brendan Moran
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [sacm] [Suit] CoSWID and EAT and CWT Henk Birkholz
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Smith, Ned
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Michael Richardson
- Re: [Rats] [Suit] [sacm] CoSWID and EAT and CWT Smith, Ned
- [Rats] Review of draft-birkholz-rats-uccs-01 Russ Housley
- Re: [Rats] Review of draft-birkholz-rats-uccs-01 Henk Birkholz