IETF Logo Mail Archive

Re: [Rats] [sacm] CoSWID and EAT and CWT

Adrian Shaw <Adrian.Shaw@arm.com> Thu, 28 November 2019 11:39 UTC

Return-Path: <Adrian.Shaw@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3375212081D for <rats@ietfa.amsl.com>; Thu, 28 Nov 2019 03:39:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ItGczFWP; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=fWbbp61j
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilee4np93IAJ for <rats@ietfa.amsl.com>; Thu, 28 Nov 2019 03:39:52 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30044.outbound.protection.outlook.com [40.107.3.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11F0612081C for <rats@ietf.org>; Thu, 28 Nov 2019 03:39:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WvNc6kvdxN5VMhyWdxMTJXDCO5f88yz5E5otm4WPspo=; b=ItGczFWPnMgVSpAps8wU986nN0a5atunJ/Us1wvsQtDtVZqvTU19gAFAMky0CdQoqRK1XRBeJgRWUYf+0Lz+YgqPyPQdKmOLuHQYp7+8nP6N4zvcXR9U6rz+q2yawGZvfmaLdDOnfd4doJuEVMFmJlM8GMdu1huUk2KFCKMa0Vs=
Received: from VI1PR0802CA0008.eurprd08.prod.outlook.com (2603:10a6:800:aa::18) by AM4PR0802MB2194.eurprd08.prod.outlook.com (2603:10a6:200:5c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.20; Thu, 28 Nov 2019 11:39:49 +0000
Received: from DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::208) by VI1PR0802CA0008.outlook.office365.com (2603:10a6:800:aa::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.20 via Frontend Transport; Thu, 28 Nov 2019 11:39:49 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT010.mail.protection.outlook.com (10.152.20.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.18 via Frontend Transport; Thu, 28 Nov 2019 11:39:49 +0000
Received: ("Tessian outbound 691822eda51f:v37"); Thu, 28 Nov 2019 11:39:47 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 63561a7239c916e7
X-CR-MTA-TID: 64aa7808
Received: from 9c0f7d720d6b.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 770604CA-26F4-4BE4-86C9-8CE93072BDAF.1; Thu, 28 Nov 2019 11:39:42 +0000
Received: from FRA01-MR2-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9c0f7d720d6b.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 28 Nov 2019 11:39:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fszz/JEm1S8M8hyTykO0AI9KxQ2utcw5+SURx86yqZeVijjNEszUX86z67pXWElqAV2UeqaBg6Wn8vURyQHh1Wj7T4Gp48GRoyb/XanMaZupimE3ve0UzBuZDWznb10ls7x5GRXES+SktdDYblTdDLZZ9fe2VOEmvs0NJ/x/n1GJnzzbl32BfkIPufPM8wptVcmJCyKzkR4hXn/2QYHpJFrjVj6RiorrViRlEzgY2x7y4gqD3QUWEVNEzuhthAUR+18m/gDQo7tC5EJBaLNx/1eQucT8lWOWDx+Lfp0n41Eqn9n7Z+2rEsFnT6I5OFoS4tcp6gajJ2Re6WY1MiQUBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rPBfAmAjkve/fo/kUolispg+4mTFJquZgtGmGkBp4fU=; b=gjkKHl05qQ3GFptxXiKuBOSgRrlOPzvIxCP1QAhY+C/E0Cp0q7/S5YO6wpXnKmRVbBugIubOWkHY/yNfiDsW7fbpOHg0AGPXeNME2waiDcONfuKN1BSFZ94d46GdXMs/7TKCdMEdVvqRZfukJsWVLUfKbvj3kcRzY92kUaub9rPKe8Iaf9OvyV7tpyX+u1jmqu2k8K3INv8B100x9q6i/kVbJP8qVMqb4nGvm/VK4Skj8VvNTAqT4B5aaOJqdJWD/Gta3amX6kyEsbBM55F0OgvxcLLxwQ/Ce+1kohZOMdJkea1YLPeu7dPF3RzHq/nAW9rz3f8zDZfNgXF7XZI3Sw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rPBfAmAjkve/fo/kUolispg+4mTFJquZgtGmGkBp4fU=; b=fWbbp61jBQHSV8tekjEVHgMURqQjk/TEZSSrmFkxAUry87gjIPy2DwcbX2fgbZ9+taxhjKgenX6ZIorwII0b/AtU+ffFyGvJbfm8vdTKnBctQCf92ggxvA6U95QsF9w1Cn4xs9ZGR+2xpmi7MmOdu6h/R8FENJAtGtnnCl3ipw8=
Received: from PR2PR08MB4811.eurprd08.prod.outlook.com (52.133.109.146) by PR2PR08MB4731.eurprd08.prod.outlook.com (52.133.107.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.21; Thu, 28 Nov 2019 11:39:41 +0000
Received: from PR2PR08MB4811.eurprd08.prod.outlook.com ([fe80::f0c1:35ae:f450:eaac]) by PR2PR08MB4811.eurprd08.prod.outlook.com ([fe80::f0c1:35ae:f450:eaac%6]) with mapi id 15.20.2495.014; Thu, 28 Nov 2019 11:39:41 +0000
From: Adrian Shaw <Adrian.Shaw@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] [sacm] CoSWID and EAT and CWT
Thread-Index: AQHVpUfzYnlAwjFBhkKNCvXBGCo3WKegP68AgAAEtACAADIYgA==
Date: Thu, 28 Nov 2019 11:39:41 +0000
Message-ID: <516500FB-3176-4527-B686-0FB7FCE62086@arm.com>
References: <2A12D8A3-722A-44D1-8011-218C89C8B50B@island-resort.com> <VI1PR08MB5360236E3583EBD3A78085EDFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <60C4E362-02FD-4DDF-BFB4-D09D358282D4@arm.com> <b5bca8a7-7e7c-4432-a1be-6cf1fc21c352@sit.fraunhofer.de> <05D67FD7-B95E-4716-B844-2F2F3A09030F@arm.com> <BB362412-1C0B-4BF6-99FF-6BE210C939B5@arm.com> <2bc157dd-deb6-9fb8-40b4-7e10722545e6@sit.fraunhofer.de> <20047.1574929414@dooku.sandelman.ca> <0d31154b-e85c-f352-2c59-08d4a0070bb6@sit.fraunhofer.de>
In-Reply-To: <0d31154b-e85c-f352-2c59-08d4a0070bb6@sit.fraunhofer.de>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Adrian.Shaw@arm.com;
x-originating-ip: [217.140.106.52]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: aa140428-f4a3-46a3-7e75-08d773f7acdf
X-MS-TrafficTypeDiagnostic: PR2PR08MB4731:|AM4PR0802MB2194:
x-ms-exchange-purlcount: 1
X-Microsoft-Antispam-PRVS: <AM4PR0802MB2194C274C1C3FFAF5E52832EF9470@AM4PR0802MB2194.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:6108;OLM:6108;
x-forefront-prvs: 0235CBE7D0
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(346002)(366004)(136003)(39860400002)(51444003)(199004)(189003)(316002)(229853002)(6486002)(102836004)(71190400001)(66446008)(66476007)(7736002)(71200400001)(76176011)(66556008)(64756008)(36756003)(99286004)(6306002)(14454004)(478600001)(91956017)(76116006)(966005)(53546011)(8676002)(6506007)(3846002)(6512007)(25786009)(11346002)(14444005)(6246003)(2616005)(446003)(256004)(186003)(81166006)(8936002)(4326008)(26005)(6436002)(6116002)(305945005)(81156014)(66946007)(6916009)(86362001)(2906002)(33656002)(66066001)(5660300002)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:PR2PR08MB4731; H:PR2PR08MB4811.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: yNdOnQovEhhvXrSvr6n8mh6VFXzw9VyUcgheyZAz2A5s9CU3WK/Pal8yFA+KZYUY/b8v0O/H3PzwFe7fdmjQejEdPWWTzQ6n2X6P9Sxg6toKdZbAQjcHFOiE9P+kAsHzA384aCe7EYqTpUt2XWNZls87JwDe0jhKmSizbunHgjBDDcwLP4J2kpe58aK/LTxkKeLLWuhaWgrBLmOtlGCEmQ1vFrb1woNQv1eO+M5HaDRWrh/wSVR1k4E73fwlfCIJCSJSMNbO0QTBiErQc2SAFkGlBJXGyB+BcTnLPL7Nz3cQ5nk4N/NND8oKAOfMc3Cq6HGuR6aW5pse70albmcjrTjyhP+vBZA8vF5cQg6q+oI3UcVF9Cu3ZvZ9dP73A+qMwGkgVMcE69a63OI+u2Lhb2fZyjikFgwjJLPOrqyxe+2NwwqQlu2MJXV3cSiKt0hsdliig9Es9ZkNzLLZ2NSAk4AOLrpu4Skg+k4VE+nyIfU=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <561622AC7532934F9ED64B04FE449A72@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2PR08MB4731
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Adrian.Shaw@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(396003)(136003)(40434004)(189003)(199004)(51444003)(4326008)(8676002)(8936002)(99286004)(356004)(14444005)(6486002)(316002)(6116002)(81156014)(25786009)(6862004)(5024004)(81166006)(6246003)(36756003)(26826003)(14454004)(966005)(47776003)(2906002)(66066001)(478600001)(229853002)(2616005)(446003)(102836004)(436003)(76130400001)(50466002)(6506007)(7736002)(33656002)(305945005)(186003)(11346002)(53546011)(70206006)(336012)(54906003)(70586007)(6306002)(26005)(76176011)(6512007)(3846002)(22756006)(2486003)(23676004)(5660300002)(106002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0802MB2194; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 512c3f5d-4447-4705-8780-08d773f7a85c
X-Forefront-PRVS: 0235CBE7D0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HuXzTXffIQzc3pGYcJK6zpqt/InEUVCqZd0L6csgSijbxPe7LXGTf7/pF2Xqc9hD+MiI5I2d2aNp8qGG3UtQMS3NJKplxhhOj+LCjqpOjnAaNn50ner16uOobW41opH3bLzZmUo7Mme6ak3r53ZPbsBTogire7F9nUEduwJ+9fepIrJiyUT5ihfDOVvNGe6hTwp1evGRgraTaTYBY+i+Ab0lut4DTUWAyDelidQejORsVDKUZjPhPRj3lcH5K+b7Q5Xc5Ww4sHnxWXqAMvPRtGOBKRnmynUbBW/e3veYVzS//Cksh0TSt2XquKpbHed1I99Wd+H+Sd29qb4Owww2+PoYLGwb6+cR9QcH0www6kyYcj83/DpIZ7kEBhttrUB0ezPpDgmVpnH2O7eC9Y6T7c6DjpAysPLJ6PydLjnFOWRIfpkhDMCAeFY8FBg0RY4YyHPTTw9/hni1cRdCJ7xAuKUTwXKDEYPk902icGc9Kwc=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Nov 2019 11:39:49.0118 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: aa140428-f4a3-46a3-7e75-08d773f7acdf
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2194
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/WqBWuAc_zkjCgl10EzFjivKF0lc>
Subject: Re: [Rats] [sacm] CoSWID and EAT and CWT
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 11:39:55 -0000

Hi Henk,

The scenario that Michael described was one I had in mind. It is much easier to update a TA or a TEE to support EAT on an existing system than it is to update the early stage boot loaders and the image signing systems in order to support SUIT.

Glad that you somewhat agree :-)

Adrian

> On 28 Nov 2019, at 08:40, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>
> I am not convinced that the gap is as big as illustrated.
>
> Maybe because I need a use case description why the "boot/recovery roms" are already creating EAT and not a software component running in the TEE.
>
> Creating Measurements & Creating EAT are not tightly coupled time-wise, is my assumption today, for example in a cell-phone, I'd assume today.
>
> I am in full agreement, that the entire SUIT Manifest would be over-kill in the stages "boot/recovery roms". Although, I know of recovery roms that do exactly that: retrieving a SUTI Manifest including firmware to do... well recovery.
>
> Viele Grüße,
>
> Henk
>
> On 28.11.19 09:23, Michael Richardson wrote:
>> Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>>     > to your first point: I am not sure what legacy systems that would be able to
>>     > create/process EAT would not be able to process a SUIT manifest. Could you
>>     > elaborate on that?
>> I think that an example is in your hand, a smartphone.
>> I think that their boot/recovery roms do not process SUIT today, but it would
>> be possible to generate measurements in EAT format as to what is running
>> if the measurements are available.
>>     > I'd maybe not call that a dependency, but rather synergy
>>     > in data models, but I am under the suspicion that I simply don't understand
>>     > the scenario that you are talking about.
>> I think that the synnergy makes sense to me.
>> Just because we describe what is running using SUIT terminology and
>> constructs does not mean that we have use the entire Manifest.
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>>  -= IPv6 IoT consulting =-
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email