IETF Logo Mail Archive

Re: [Rats] [Teep] Class ID claim (and other HW identification)

Brendan Moran <Brendan.Moran@arm.com> Tue, 11 January 2022 09:13 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBE713A1F81; Tue, 11 Jan 2022 01:13:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=6NjdhX7A; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=6NjdhX7A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLxFxeF7urHT; Tue, 11 Jan 2022 01:13:03 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70051.outbound.protection.outlook.com [40.107.7.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57E983A1F7E; Tue, 11 Jan 2022 01:13:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NYOrA2KRHpiPnR/JCrd06hMr9amAQvYwT1ZqXowWiKI=; b=6NjdhX7Ao/UnleQPjmBDsUL5BpfB+2T50EeBq7XkNY354xwp53IxvpzNOW+ZQSg1Tb29H4OKnZ8ejOBYdSNJSxP4tY0+7pgak1qn/BlcMilpcB2ZYP5jcZHyAdImt1+m2ax4P1/cnuBci4PfmAJ9Magy1CiX8bW5PaYcjJ+iij0=
Received: from AS8PR04CA0196.eurprd04.prod.outlook.com (2603:10a6:20b:2f3::21) by AM0PR08MB3762.eurprd08.prod.outlook.com (2603:10a6:208:100::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.7; Tue, 11 Jan 2022 09:12:58 +0000
Received: from AM5EUR03FT003.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:2f3:cafe::59) by AS8PR04CA0196.outlook.office365.com (2603:10a6:20b:2f3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9 via Frontend Transport; Tue, 11 Jan 2022 09:12:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT003.mail.protection.outlook.com (10.152.16.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.10 via Frontend Transport; Tue, 11 Jan 2022 09:12:57 +0000
Received: ("Tessian outbound a33f292be81b:v110"); Tue, 11 Jan 2022 09:12:57 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: c4e18c9887e4d65d
X-CR-MTA-TID: 64aa7808
Received: from 7668baa31891.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 88350D34-A0F6-4E19-8BB4-37B4B60A1E84.1; Tue, 11 Jan 2022 09:12:49 +0000
Received: from EUR03-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7668baa31891.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 11 Jan 2022 09:12:49 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=McImjFCncJP1n2dzuACCPlkmRRaZFPHwJzCY5aPGLkUyE0kbOMxB6r/ZmSFRJ3iX3RP9lOH/3iuF+ncbPHBwz+cC5POA45Xh/OjLQYrCRHKpY1mKNx4OC+JC/QjQj/2xA4fbImb5CiwA5CSSAv1cZ/qJX/GAtx3USBydhQByFExUUhTA9Dx7NEKNLFwvPvcoDhfvtBir5Gt9CLkKxyEsGmXZJL3HE8apRlCWS6LKQ9ZTcohnQneWxQyaz9HL8kUBj1+29GJmjeZj6QmEL+A4rKIjJbLY8ltYryufgwVhhA1R9sLSM+Z29mwysaKs6Jl2tFY9Y5MtgYqGIwiqde96vA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NYOrA2KRHpiPnR/JCrd06hMr9amAQvYwT1ZqXowWiKI=; b=daGyoDuJWz0l4DWuA2vojuNLol3ux+9tlQvoZ1TsyXD6qL/hf5IpK2hvBL/W0lab9IX9dNooxnHRZEGH4D1zOzqnBs1vDUe/cGYWqChogwmEr2peFBXt9vEm0v2ewCGX53Htm7ggw6IL2WBDLsDXWAvBeaRYLgxt4EBAG9DrgWwf2QDa1rWVjZVUbBxAuF7G4fF7jzK0f+8jMp5EyFjK1TOBguxsfgIzlMmrqedY1CwFcfmLzu0AS4sPVbfJCFRB7Mis+0GbwgYg1wS//ERBbh3G5G3SfO8Tv70WQ9iXPLULNaRmqzzPWWnfR5B6ZVKeYtxTa9zVCcl2/GvwRAugeQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NYOrA2KRHpiPnR/JCrd06hMr9amAQvYwT1ZqXowWiKI=; b=6NjdhX7Ao/UnleQPjmBDsUL5BpfB+2T50EeBq7XkNY354xwp53IxvpzNOW+ZQSg1Tb29H4OKnZ8ejOBYdSNJSxP4tY0+7pgak1qn/BlcMilpcB2ZYP5jcZHyAdImt1+m2ax4P1/cnuBci4PfmAJ9Magy1CiX8bW5PaYcjJ+iij0=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB6PR0802MB2183.eurprd08.prod.outlook.com (2603:10a6:4:84::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.9; Tue, 11 Jan 2022 09:12:48 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::fd4a:977c:9338:5139]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::fd4a:977c:9338:5139%4]) with mapi id 15.20.4867.012; Tue, 11 Jan 2022 09:12:47 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, rats <rats@ietf.org>, teep <teep@ietf.org>
Thread-Topic: [Teep] [Rats] Class ID claim (and other HW identification)
Thread-Index: AQHYAOUGouUkDy+rI0mTtLLYj5LA6KxStIYAgAWOBoCABIk3AIAAeykAgABOFQA=
Date: Tue, 11 Jan 2022 09:12:47 +0000
Message-ID: <E127B6FB-D326-4A1E-B233-7604596A3C3E@arm.com>
References: <392AEEF5-C182-490A-92CA-F7D9B365C217@island-resort.com> <CH2PR21MB14646CC2BE8E496F0F3859DDA3499@CH2PR21MB1464.namprd21.prod.outlook.com> <8466B6E2-C335-4173-A2A2-3CCA555D28CA@arm.com> <62743D24-49F4-4480-9561-F00DA513C9FF@island-resort.com> <17B0A124-1BDF-41A1-8680-B44C2A540941@arm.com> <2440B689-1943-4227-B96F-F9ABD046D252@island-resort.com>
In-Reply-To: <2440B689-1943-4227-B96F-F9ABD046D252@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: f9b2cb4a-767d-4247-2ebf-08d9d4e28efb
x-ms-traffictypediagnostic: DB6PR0802MB2183:EE_|AM5EUR03FT003:EE_|AM0PR08MB3762:EE_
X-Microsoft-Antispam-PRVS: <AM0PR08MB3762D1DAFDE57EDC7AF29CF3EA519@AM0PR08MB3762.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:5797;OLM:5797;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 22Yc7tdhnvmWwMnOy7Jva0ElySWRjba7Hp2gZNprGUwQkdw3qjBW3hyxLxx0WhCehnXbtvOkjdBdzd94cGlgWOggOiGPHpvuCZVpvyY+Yl+lb9vEgpVhVX6xwx0oHdOl3kOEHoj62mQBs6AyJSeRXJEahCjSlhpdXWUszfvWcsr9p42aflTImvZuNWVm2nwKby4QT1ZkTDnAY5564SEuEIgRFkREe6UK1c+vg/Il2TSVk1ALuKSGGm/ysiiFP0IeB185vcqpJp/qLJ0OB71t2vu3Q2kyaakZSaroUAxAHMLetfhx9VgGjrJukoH4oBMNk+WtBkKKNIepu4YL+txvVQAf6pp7+PF+I6njdVeID5bW4zxgVa3/qyMpPRxfv+ngE9mv/YsWq5ZITzzlWbvqO5HL9EHw8Xht0gkwKI+WfHf8+m2wyAo7kS2Q/REe39LUuiigNJ/lULNP6rraATH1AcfPd+2FyJdEjDx4ELUOpXzbdxT4eHTr1kCp+Sp+kLm0zJmuRMpTyMKVLqW1fE65MA4ET04mytKHHLXX7E/1Ys4lMAIAo7rxTAhH/ZBc6fIlsq64B5d7iZQVa1gvBvzKCfR7g5k/G97N06Qe1+RwcTmsU0Wlgu7mMXeLPfUgxtntHMpwJFEBdla6rvd/STly39uVYVO9HznAyFrEkN5bEylJDOZehSba5IZPjn/yIAY3BZaLnyoaHL8PsEQuMxpvRJhesvgWomDruDQSN729dIdLdlRmvyYFDASVIOpzheR7Frh3jDYsaXWxi94YSD3fbSHLhHbsLC9zmoEy8GbqDW69wBvHpRGs9rOY7oLERSkM
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(91956017)(2616005)(45080400002)(86362001)(66946007)(8936002)(316002)(76116006)(508600001)(36756003)(54906003)(4326008)(71200400001)(6916009)(5660300002)(66446008)(64756008)(66556008)(66476007)(122000001)(38100700002)(8676002)(966005)(6512007)(33656002)(166002)(38070700005)(83380400001)(2906002)(186003)(26005)(6506007)(6486002)(53546011)(45980500001); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_E127B6FBD3264A1EB2337604596A3C3Earmcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2183
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT003.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: b6fe3207-30c0-4d97-14ef-08d9d4e28928
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: CZrrpB71IZLZdEVxOCOKvv31jh52fcNPcuGDPM93QO08v3DXA30TouSN3TvU6GfL2LNMMXA4H2pzeZ5AHeDF/+L6v2fJFoCmqKHsA8EPof5VceGZ0R01Zs6B+548gjgB/RteC0pb/BCAsfDiJWOr9YB3w0AUluaUnFaMivdc4kzfpxfqCg7V22wcyEBrqvAI7Sy/g5ZqYjKvzjvP6g/Mt7qqE6l18So06UwT6hhfjGRh4HRJv68RT/OR9XlrFg0AFwYpe7CkBJ+Xk/DffAkJsjDfKAmYNzP+ltPsOiF1ihiEbC7pfFwSyylJd+qNk9jRStxQBJYc2x2HTw19waAcCW7Vadn7NxENxjy89BI82qVq7MPiXq7RqMN8QpJsiN2CQtxutgF3F3xFe7LlFPpDTpa/NeZw+KfyyB8ueMhTTb3jYyJ7I1EQf0PkwiKfR9SMKNO1LCQInKj3cV7JikcXRzmpOij/p7Nit8NBFxx6Khhx+abuWJABKSwBdBcRN9uyK6sW5TfCuF+nPIg7Vew9MAoM3lkq4XoErCeCr/D2MQ4vQkO2BH4GmCu+RCJ6dcniqLEQBas2SrWivf/L0LsoNwUSb3g/F5a6F9mqa44H+HoibQnepAAZC7ErCG4XyOPLe3Jz5GQFonLMtyjHswXTb6fwCTkaMFAKXiiPFgHCMliovlDsZfss7gJ2uNr+tGuKQ+TFMVMA3IFW6+aYZLzCeC5JeGkYKQJ67YAljI1Js4suAHWi3nMBCnyuTH7goNtFS78CHwxmFjIe+8afOHuZPi36AELcYeYfnv89vbKMOV6MtDQxcEM39Aurnaa1lHYGpioWhlKKW+R2k9nzpBppz7GZQsq8CSeQ+h3UyBCBdMI=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(36840700001)(40470700002)(46966006)(166002)(2616005)(6862004)(316002)(336012)(54906003)(186003)(40460700001)(6486002)(8676002)(33964004)(356005)(53546011)(6506007)(5660300002)(81166007)(33656002)(8936002)(70206006)(83380400001)(82310400004)(36756003)(26005)(86362001)(6512007)(70586007)(30864003)(450100002)(966005)(2906002)(47076005)(36860700001)(508600001)(4326008)(45080400002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2022 09:12:57.5221 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f9b2cb4a-767d-4247-2ebf-08d9d4e28efb
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT003.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3762
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/MSTcYFMbOCvgcV1kqxx5kHv3f-o>
Subject: Re: [Rats] [Teep] Class ID claim (and other HW identification)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2022 09:13:09 -0000

Hi Lawrence,

I don’t think I was clear. I was saying that class IDs are important, but that there’s no need to differentiate between /types of classes/. When class IDs are opaque blobs, a lookup of some sort is implied. Since a lookup is being done, the /type of class/ should be extracted in the lookup. There’s no need to differentiate between types of classes in EAT itself since it’s for transporting information that will later have a lookup done.

Best Regards,
Brendan

On 11 Jan 2022, at 04:33, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

Hey Brendan,

I made the HW-IP PR as an educated guess, from talking to Dave, and from a some text in section 7 of TEEP Architecture. I don’t have any agenda here but to make EAT work well for SUIT and TEEP.

Obviously, I’m missing the mark, so I’m graciously bowing out. So no class ID in the EAT draft.

LL


P.S. I do appreciate the discussion as is resulted in adding the HW Model ID claim to EAT, something that was missing.


On Jan 10, 2022, at 1:12 PM, Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>> wrote:

IMO, adding a new claim like this is counterproductive. It presupposes that we can predict all classes that a device may belong to. Sure, we can make a registry of different kinds of classes that a device can belong to, but why? Frankly, the naive approach is better than this: you have a database that maps OEM + model + revision into an application-specific taxonomy. Of course, now someone has to actually maintain that database. Have fun.

Why not take the easy route? It’s far simpler for a device to be the intersection of ANY properties that make it distinct. The entity consuming an EAT needs those anyway. And as to why I don’t want a taxonomy? Because it’s unnecessary. To use any of these identifiers, you have to use a database to convert the identifier into whatever it is that you actually care about. That database can just as easily contain any taxonomy you like.

We’re talking about adding more complexity to a specification in order to distinguish between:

SELECT * FROM hw_ip_identifiers WHERE id=${ID}
Vs
SELECT * FROM hw_identifiers WHERE id=${ID} AND taxonomy=“hwip"

Why would we complicate the spec to add taxonomies in order to simplify a database in such a trivial way?

In my opinion, we should look at a single physical device as the intersection of several sets:
* the OEM’s model identifier (incl. HW revision)
* the SoC identifier (incl. SoC revision)
* the processor’s type/version/revision
* the trusted OS’s version/revision
* the boot loader (especially if it’s in ROM) version/revision.

All of these matter (I think) to TEEP. We need to report them all. But is the list exhaustive? Probably not. While a registry for the different taxonomies may be relevant, I doubt it matters in EAT itself. That only matters when looking up an identifier.

What is the concrete value of specifying the taxonomy of an opaque blob in an interchange document?

Thanks,
Brendan





On 7 Jan 2022, at 23:56, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

So rather than a HW Class, how about a HW IP claim? It would reuse the same triple for identifying HW, OEM, Model, Version. It could occur along side the HW OEM, model and version. This seems better than my current PR and lines up better with Brendan’s examples and with the reality that HW IP comes from a vendor, has models and versions. I’ll write up a PR for it if I receive some positive feedback here.


The distinction between chip and device is intended to be handled by submodules in EAT. Submodules can express arbitrarily complex architectures and device compositions.

I think it’s cleaner to keep the HW-identifying claims separate from the SW-identify claims. Would really like the identification of the Trusted OS Vendor be handled by CoSWID and friends. Trying to make some claim suitable for identifying both SW and HW for all of attestation seems over-ambitious.

I also think it’s fine to define some claims better suited to the TEE world in TEEP if we can’t find enough common ground between TEEP and the very broadly applicable stuff that goes into EAT.

LL


Note: I find the use of the word “class” here confusing. If I were putting TV’s into classes I’d uses classes like smart/dumb, display type (LCD, CRT, OLED) and such that identify characteristics of TVs independent of vendor and model. "Sony Bravia" is not a class IMO. Nor is “Microsoft Windows” (an OS the runs on lots of HW platforms). I’d like to move away from the word.



On Jan 4, 2022, at 3:06 AM, Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>> wrote:

I think devices will need to report multiple vendor/class pairs.

For example, A mobile device could potentially contain:
1. A Mobile Device OEM Vendor ID
2. A Silicon vendor’s Vendor ID
3. An IP vendor’s Vendor ID

This is not an exhaustive list.

For Arm Trust Zone TEEs, I would expect to see:
1. The Arm Vendor ID + the processor core’s Class ID
2. The Trusted OS Vendor ID + the Trusted OS Class ID
3. The Silicon vendor’s Vendor ID + the processor Class ID
4. The Device OEM’s Vendor ID + the device Class ID

Cheers,
Brendan

On 3 Jan 2022, at 21:00, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org<mailto:dthaler=40microsoft.com@dmarc.ietf.org>> wrote:

Laurence Lundblade wrote:
I talked to Dave which resulted in reorientation of my understanding of Class ID in TEEP.

Class ID basically identifies HW IP from a HW designer like Arm or Synopsis that is integrated into chips made by various HW OEMs like Qualcomm, Samsung and Apple. The term used frequently for this is "IP" (I know this well from my days working on HW at Qualcomm).

I've created a PR for HW Class.

Since what is identified spans OEMs, this must be a globally unique identifier. We need to be explicit about that.

I know of four ways to have a global identifier:
- Use OIDs
- Use DNS / URI
- Probabilistically using a big enough byte string
- A new registry, perhaps IANA (but we probably don't want this)

The PR allows all but the last, but this could be reduced to just one or two of the above.

PR looks great to me, except that would I agree with reducing it to one or two.
Since the ability to take a value and resolve it to something meaningful is useful in many cases (logging, wireshark analysis, etc.), I would remove the third option.

OIDs, encoded as int arrays, probably compress the best so if only one, then I'd pick that one.  URIs are convenient though also so if two, then that's my second pick.

I don't see this claim as essential for EAT, but I committed to working through this with TEEP. I'm fine with this PR going into a TEEP document rather than EAT.

The notion of HW class ID is not specific to TEEs, hence the request to put it in EAT rather than in anything that would imply use is limited to TEEs (hence not in a TEEP document).

-Dave

_______________________________________________
TEEP mailing list
TEEP@ietf.org<mailto:TEEP@ietf.org>
https://www.ietf.org/mailman/listinfo/teep

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email