Re: [Rats] EAT claims needed by TEEP

[Dave Thaler <dthaler@microsoft.com>]

Yes I agree that PR would be sufficient to close the issue I raised.
Thanks Laurence for opening the PR, and I hope others will review so this
could get merged before the Friday meeting if there are no objections.

Dave

From: Laurence Lundblade <lgl@island-resort.com>
Sent: Monday, November 8, 2021 1:20 PM
To: Dave Thaler <dthaler@microsoft.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>; rats@ietf.org; teep <teep@ietf.org>
Subject: Re: [Rats] EAT claims needed by TEEP

This PR<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Feat%2Fpull%2F139&data=04%7C01%7Cdthaler%40microsoft.com%7Ccd1bfedf9bf24e41e68208d9a2fd94a6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637720032296857318%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=33oCO7YuLj53p%2BgsjN%2FAINMAnc7Yec1oKj5%2F2WR4fYg%3D&reserved=0> now exists to address class.

I was never quite sure what it was and it seemed TEEP/SUITE specific to me, one of the reasons I didn't do anything about it for the -11 draft. See if what I've got in the PR makes sense.

LL



On Nov 8, 2021, at 9:20 AM, Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> wrote:

Following up on the RATS meeting today, I compared the latest EAT document
against the TEEP requirements discussed most recently at the IETF 111 RATS meeting.

There were 5 requirements from TEEP for claims, ideally general use ones not profile specific ones.
My reading is that the latest EAT doc now meets 4 of the 5 and only "device class" is missing,
and indeed the EAT document discussion of ueid explicitly says
"It does not identify types, models or classes of devices."
but nothing else in the document I could find provides a way to identify such.

Henk's proposal there was section 3.1.2 of draft-birkholz-rats-suit-claims:

> 3.1.2.  class-identifier
>
>   A RFC 4122 UUID representing the class of the Attester or one of its
>   hardware and/or software components.
>
>   $$system-property-claim //= ( class-identifier => RFC4122_UUID )

The other four requirements from TEEP can be met as follows, if I understand
the intent correctly:

  1.  Device unique identifier -> use ueid claim
  2.  Vendor of the device -> use oemid
  3.  Firmware type -> use sw-name
  4.  Firmware version -> use sw-version

The above claims would go in a claimset about the TEE (which may or may not be
a separate processor), but EAT already supports different claimsets for different
components as I understand it, so that's fine.

https://github.com/ietf-rats-wg/eat/issues/138<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-rats-wg%2Feat%2Fissues%2F138&data=04%7C01%7Cdthaler%40microsoft.com%7Ccd1bfedf9bf24e41e68208d9a2fd94a6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637720032296857318%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1yQ6r3uJM0T%2B9MvBxu901cHuyZZBNxRpY%2BLZSLd8nfI%3D&reserved=0> tracks this issue and my belief
is it should be simple to add a device class claim into a draft -12 of EAT.

I will also cover this in the TEEP WG meeting on Friday where I will discuss
what we need to change in the TEEP protocol spec, where this is tracked by
https://github.com/ietf-teep/teep-protocol/issues/165<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fietf-teep%2Fteep-protocol%2Fissues%2F165&data=04%7C01%7Cdthaler%40microsoft.com%7Ccd1bfedf9bf24e41e68208d9a2fd94a6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637720032296867281%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xYQeyXBbyZ3FORI8I5ISSeMVQ0F4ZJ7aNS1nDfZxOOE%3D&reserved=0>

Dave

From: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Sent: Thursday, October 29, 2020 2:21 PM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Cc: rats@ietf.org<mailto:rats@ietf.org>; teep <teep@ietf.org<mailto:teep@ietf.org>>; Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>>; Simon Frost <Simon.Frost@arm.com<mailto:Simon.Frost@arm.com>>; Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Subject: Re: [Rats] EAT claims needed by TEEP

On 29/10/2020, 21:07, "RATS" <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> wrote:
> On Oct 29, 2020, at 1:45 PM, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote:
>
> Hi Laurence,
>
> > My understanding is that they are always encoded as CBOR text strings,
> > so floating-point doesn't mean #7.25 or such.
>
> Correct.  In (Co)SWID software-version is just a text string and version-scheme
> is there to do some semantic polishing.  But the underlying type is always #3.
>
> Maybe I'm misunderstanding your proposal here, but I would be circumspect
> in mixing SWIDs attributes, which are scoped to software artifacts, with HW
> identifiers.
>
>
> Hi Thomas,
>
> All the SW Version stuff would fall under a single EAT claims that
> contains a full CoSWID.
>
> For HW Version, I was thinking of two EAT claims, one for the version
> text, another for the version scheme (or we could go off and define a
> full CoHWID).

OK, looks like I had misunderstood your plan :-) thanks for the
clarification!
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.