IETF Logo Mail Archive

Re: [Rats] Definition of an Attesting Environment (and layered attestation)

Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Mon, 19 July 2021 10:00 UTC

Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB7223A2D8B for <rats@ietfa.amsl.com>; Mon, 19 Jul 2021 03:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SkJtiNbkZi5T for <rats@ietfa.amsl.com>; Mon, 19 Jul 2021 03:00:35 -0700 (PDT)
Received: from esa.hc3962-90.iphmx.com (esa.hc3962-90.iphmx.com [216.71.140.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45C3B3A2D8A for <rats@ietf.org>; Mon, 19 Jul 2021 03:00:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qccesdkim1; t=1626688835; x=1627293635; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=tc5rRoynpDgAVpZ18Z6Cl8IwZBZH/rcIFu7xwzgV8Lg=; b=HST/zIbFyJjZnBjPE+/DBUNKLylAgTtdRhgCrYqWSTOuB1M+f8EXP8Lf TaZHZSGIvWRhDxaMZRqhQlabG+h4Lw2v8fYq9zIrb/8NxXBv0pgHI/+sQ Pz1jHGDeRTudxcduRNDKjQdAqxh22OvziTTFkiRwPmS5hxQPBYIOXp+Yr M=;
Received: from mail-bn8nam11lp2171.outbound.protection.outlook.com (HELO NAM11-BN8-obe.outbound.protection.outlook.com) ([104.47.58.171]) by ob1.hc3962-90.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jul 2021 10:00:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jnICFPWa5QMvfD9+e9fxNukWrvVjP4zEzZL5XReDX1r59pmBO1yiAEDhpBvsoZhG0W+9mAsi61iQEV96h4b+oQyLb4rx87meRCfBKwWiUY9h7MOX+9Vn6qfLpbxU8C6ixqauGzG8MYmQ22d3utgIVddk738HrQQo4zOAeJCubSVzS1EpsJwFTPLmZmQeqRAfCSmT286FzgWFmbMoqEJ62YLRoms2t2S+jJEmjsFAhGrtSIoa2vVTe2CD8Dp3br4L3UcfeNcM68yNsxoVecozcMkdyYYddLpPu+E6K6J8SjrVRIPtNc8jeij/5KbBr2NTTqB+ZRWIogpHsFLHLCQENg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jBo5uSC7EbrYV723JBw+sZ5zcWX3i5RFX+a/5l6ocCw=; b=e2R9w6VbPi68LFfNPvZQxuRJ6AWoYHVlpdvoD3iif5VwUdoZkFsmP70XC8Lhrax0RZudf9XNOtCc9n6detxW1Y+hcFq8wXMBiTAHM1kFyrEvarf0uuaBqscDkavD8DluWH08EYpRQth8OF881ZtEA8pxY2Mgp+eHGUhozUphCVa3RtN0mjle85GqRDOcdWLPwbHdAwPuLV18+SvXLknBgpvHPmxFuVoJDyFvt1mmRBIbDxE9Yy91REmPignoIgRlEwyRUMbjHSUmYHKGu4O+R4+k5SSP9sB1t7JEB2aPGiSaF+j1qDjhpMLb7S7L3TACnwTMMhu90MIsn0KZEt0CNQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB7133.namprd02.prod.outlook.com (2603:10b6:a03:2a2::9) by BYAPR02MB5942.namprd02.prod.outlook.com (2603:10b6:a03:128::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.24; Mon, 19 Jul 2021 10:00:24 +0000
Received: from SJ0PR02MB7133.namprd02.prod.outlook.com ([fe80::8cf5:21a1:f213:b94b]) by SJ0PR02MB7133.namprd02.prod.outlook.com ([fe80::8cf5:21a1:f213:b94b%7]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021 10:00:24 +0000
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: Laurence Lundblade <lgl@island-resort.com>, "Smith, Ned" <ned.smith@intel.com>
CC: "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <tho.ietf@gmail.com>
Thread-Topic: [Rats] Definition of an Attesting Environment (and layered attestation)
Thread-Index: AQHXdoO3UL7h11mX002airlaRiA92KtBjIsAgABfhACAAmwsgIADKlGAgAKZPww=
Date: Mon, 19 Jul 2021 10:00:23 +0000
Message-ID: <SJ0PR02MB713360E35D1560A5DFED8209F2E19@SJ0PR02MB7133.namprd02.prod.outlook.com>
References: <617FC3B4-5C1B-4D35-BD4B-9AC2D1362930@island-resort.com> <CAObGJnNRbA1sKuTCBLpdUtLmjNW+qgRZrGd=dHZ7ZrfXkJJizw@mail.gmail.com> <5426682C-48CB-4D7D-A9DF-01FB17B168E8@island-resort.com> <9EDE7661-4443-4D2E-BF72-FBF238A6EF4D@intel.com> <CABF0A5F-DC51-4D38-8772-6351FA80E6A8@island-resort.com> <A998AEAF-3E1C-480A-866D-410D0B0D4362@intel.com> <B525A1CF-C9CE-46DC-BCCD-BF3BE6684A22@island-resort.com> <13651801-BEC5-450B-B814-BD85A1D1C08E@intel.com>, <1DA4C37E-D9A8-4F02-900F-E870C76D14D0@island-resort.com>
In-Reply-To: <1DA4C37E-D9A8-4F02-900F-E870C76D14D0@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=qti.qualcomm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 78e40775-4727-4d53-94e4-08d94a9c06df
x-ms-traffictypediagnostic: BYAPR02MB5942:
x-microsoft-antispam-prvs: <BYAPR02MB5942E9B385F747CB83BACA7BF2E19@BYAPR02MB5942.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GmNuryBpMnh4+QLOK84XqzoMOvkk58O6RvfH6n27HqQ1SFudWefkDCKJf0tSfTgPhuSvm5BVaVgU1xvdba0eHY1qhWjfGbTVcs8IfoRiwyIfxeYejKoB5MGJp+3cgqaXQ6TOEBXto4DY0w1B7PK4OcD8bc90INLgbVoG5NRBAQdavZrdsB/iwqWGNS5ZLY/SNpykNT78Zh9wxeOee4yOdlg/60EHaWlLV9vYr5CEV56gAWkHoq96kEubVoXiBRlNWTM9f8B5OU5NoYTPlwiBDtAznVt/obnon7a4jnD2todl9t9zcHPzNvbE7D60lHO9qAourYFGDbmU/QAs5aKZC4l5XW7qUL6s5RG2rw5ke9A167zABPrH7gQ6HuU++JyCzmKAqDGDrCqxyQgLTJ1EagL/OfsFB3xvL4beamohejSFwwNAOpuCNW2dEgRUovJwS7i5GpNK3JIMfXiPwZ60IMXBXnG/mgCTrvR8lsZS4KT3r9zaq+IG9aHIJLTa4Y8JafkhurhFcTkgc/zgqkFnZ653O9hRuvfUkey54KVpcYmIQomLuUbn9lSJ/U/aQVkyg+Lpe7vAZhQEPr9ErMEzuSmivpXB/gHSUsjN3U4WJA1r1n5BU3aOACNg9o6tSGtzrK3p6JW+2KDaLHeASQKjWE0POMVeyrBy4of5WuQmkusT9fCmz2lJMBdhzthOHzwPZbmW84eNYrflPYbWp0X6SQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB7133.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(39860400002)(366004)(346002)(122000001)(38100700002)(54906003)(71200400001)(66556008)(9686003)(66946007)(91956017)(478600001)(2906002)(64756008)(66476007)(76116006)(66446008)(26005)(8676002)(33656002)(55016002)(186003)(6506007)(5660300002)(4326008)(86362001)(8936002)(52536014)(53546011)(110136005)(7696005)(316002)(83380400001)(38070700004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jKWDcQbKi+qteOv+l5aSckPTe5RZvliCVcZAjf3EtWszjBXV6ffMB1BEgiMTJCpj9qsKNVT1ExglDLp9F72lvHrQVHlhUAGM2OUBpW9HE7j6xBYoOaCoyi3j56rkK6Xy/ZXuqRoq3plrhWu5zims+77savTS2WCKRkv9Hp5+cMm6tAiZA/qPfT70lvaXcm0DdWHVBIPfTBbMmbtfbW20t78jPhKOBEA582Dk+p/Al8BOIRpqxFy81Si4tYTfO4tu6ZT+W16iaeHvcl+NPc4miCCqMameExV++k7K70XXOTTtk6J5ZgqRtvxU4HjztHRzuAS1F1Okvt+9KuL7pU5U9lTAQ4+VAXbl5uUR8X4SHU8rSE4wy53AV1PVdmt/QO8CI58XTWBDkShFDNCjLAjadIAvrLWeKJ0yfDpjLgKJdzsKC3OpwB2eBqJeY1waliATmS/jluePd6K+Mu22WThlESp9gsv+8SZlVtYIiAMxvVscYvJqWnKM7QYXTZ6rHEA9JgpOJ5WymDTT/pZvOOdgeZooTKtqBl1kOVdmq6fQ9aH4NjANXbM1IoFrpJfpQfOx42gfNnN/wJ2E5wqrEaYFZIfaO612+F62Sz4+soqZL+wtCTrv27XKf5OTC+yO27bAQQv7TQE8XEBfYrogn/pR76YRhXdjwkHpqv/AwLMxYMaTBn2uG15bMPcK/xt1x/iYQ5V0LuaXfP8Up1cZT0VfnRle2SZyuYarjkwatWsGhKMmTnk0QKF1R0tROB7MJI5myHMNkrBv+OVlPMcuTtiNLY+P/Lips20hBh9ptV+gJqEbyrzkO1hebf3n8E2gd+C0IW5l5xIvd/Vzk0m3I42YXme97IK4cBiYa8X1xaSeQePYMkjONIGQXxF70W+Guj7UyRYuJSHn8BtbRZMrbzgXzyPS5FxQeRWf3lE0gn0nmW8GC2sRO9fDrRtgtiCBkQpYVoXdWOcXBveJvuyiTmeHgrCAAZENxIS32OTlVKFflHvC+2FAVl/HF4bQ6F6ucPMsdWrVrdXnlJFLg3pcujIirv7NROa2tFvdxp2GAHg8YjHjcplPaKRE+jTG8f2ktWDBfSoNbyuTZfI5iEh3UCq8qVqUF8jF1ABzp9ux3UsudIyF9+hesOGGQ8tH/mMmhd6i80q+zBz5WQtbu2RjB0T566519t126yb4yAQtCf7R43TTTIvOE44ZxCIUiZjfBE8TQWi5IB6BenQQvoVlxzmt5uW9yH26i96Fvv7sZv5z3fBUZAkSKIDPlh7YgoBB5fQa9lgOTqAD1KJSDTHv9D3tKUorkDsfGXLtHHE+5a4ewNi07BSC3KC5gqlYdcaSaenGx6RIFjQtb9CQ872cs3JDuA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB713360E35D1560A5DFED8209F2E19SJ0PR02MB7133namp_"
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7133.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 78e40775-4727-4d53-94e4-08d94a9c06df
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2021 10:00:23.8871 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tIVk/5allZ+tuKVY6aqhD0lTbix9oSodWOWA1EClYB8C7YA2naZQ1QYA8FcZO/SP773yYWLaOvqKymg2c7gM/zEc1RjHFa2CHK8zIUFyUi4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB5942
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6sPdzwG00VkOI-DSmUs8Qmw0vhs>
Subject: Re: [Rats] Definition of an Attesting Environment (and layered attestation)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 10:00:41 -0000

I agree strongly with Laurence on this point - #3 is not necessarily a duty of the Attesting Environment. It is also  necessarily true that an attesting environment retains a thread of control in a composite device – I can think of cases where this is not so.

Best regards
Jeremy

On 17/07/2021, 19:19, "RATS" <rats-bounces@ietf.org> wrote:


CAUTION: This email originated from outside of the organization.

On Jul 15, 2021, at 10:55 AM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:

The Arch draft captures two duties of an Attesting Env fairly clearly (1- collect Claims, 2- create Evidence). In a layering context the Attesting Env has another duty (3- pass execution thread to the Target Env).

#3 is probably also true for composite device as well, though in composite device the Attesting Env retains a thread of control.

Does the list believe these points should be in the arch draft or are they reasonably inferred?

Here’s a few more reasons I don’t think #3, the secure start up of the following layer, should be part of the duties of an Attesting Environment even for layered attestation.

— There are several architectures which one layer can use to secure the start up of the following layer. It can use a code signing scheme based on public key crypto to verify the code for the next layer. This scheme can be very simple or very complex. There could be SW version roll-back protection. It could also be done just with hashes, though this is less flexible. It could be super simple and just know which location in ROM to jump to. It can be a combination of any of the above.

— It is a local device implementation characteristic; one among many RATS may rely on. While, the endorser needs to know some high-level characteristics of the architecture, it also needs to know lots of other stuff that is not mentioned in the architecture draft.

— As written, the layered attestation text implies to some of us that there is a Verifier on the device.

LL

v2.23.0 | Report a Bug | By Email