IETF Logo Mail Archive

Re: [Rats] use case document updates on Roots of Trust

Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Mon, 16 September 2019 09:03 UTC

Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D2212002E for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 02:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Se8nEnDUvDcd for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 02:03:03 -0700 (PDT)
Received: from alexa-out-ams-02.qualcomm.com (alexa-out-ams-02.qualcomm.com [185.23.61.163]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E7A1120826 for <rats@ietf.org>; Mon, 16 Sep 2019 02:03:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1568624582; x=1600160582; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=d+VEiz/XtR8djML7O6nXfyNuvB/5ZydS3SJxL+kxZGY=; b=DeAFEhzkYDZk/xLxAAqilV/r1wMrTeJxOMi/BdPKlGabXx+JCMwlGKS7 NNt9XHq5SFC5asebP/YEdmZDEHFdXqbAxzdCbPj83DxeehMo0MqFNcsG0 GWqZ/tt9189Bpg5sEaTDPSDnlB4djrll60veXXtKb9ieLw77lyxi5Y5Y+ M=;
Received: from ironmsg02-ams.qualcomm.com ([10.251.56.3]) by alexa-out-ams-02.qualcomm.com with ESMTP; 16 Sep 2019 11:03:00 +0200
Received: from euamsexm01e.eu.qualcomm.com ([10.251.127.42]) by ironmsg02-ams.qualcomm.com with ESMTP/TLS/AES256-SHA; 16 Sep 2019 11:02:55 +0200
Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01e.eu.qualcomm.com (10.251.127.42) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Sep 2019 11:02:53 +0200
Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1473.005; Mon, 16 Sep 2019 11:02:53 +0200
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: "Salz, Rich" <rsalz@akamai.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] use case document updates on Roots of Trust
Thread-Index: AQHVZkiAbD/a9kul70WouINjRrUgiqcjs+qAgAAfeQCAAAi6AIAABZUAgARrVICAADiRgIAEmqqAgADMsoA=
Date: Mon, 16 Sep 2019 09:02:53 +0000
Message-ID: <1F82A2FE-69FA-44E1-B8F9-A07BBFB0C6D4@qti.qualcomm.com>
References: <4155.1567948986@dooku.sandelman.ca> <64BD12AA-951A-468A-9F08-D442054605AD@island-resort.com> <de6ff852-062d-805d-3eed-10aca60502b2@sit.fraunhofer.de> <CAN40gStH5jUCJeVggREr3ABoFw7K97F=KtoJOSR_X+LWNLB+JA@mail.gmail.com> <CAN40gSu13DKkyahHA3_Cbt5j7Gsh=uGh5ic7fS3AvDGP3K1cug@mail.gmail.com> <5276.1568315351@dooku.sandelman.ca> <92137679-7DEA-42AD-B8D1-F3B909C77459@akamai.com> <BAA4C3C3-C98B-4BA7-8C89-A169DD99EF86@island-resort.com>
In-Reply-To: <BAA4C3C3-C98B-4BA7-8C89-A169DD99EF86@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.251.52.12]
Content-Type: multipart/alternative; boundary="_000_1F82A2FE69FA44E1B8F9A07BBFB0C6D4qtiqualcommcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/YdPmyh6zzIegccEuipv_z5Q2edc>
Subject: Re: [Rats] use case document updates on Roots of Trust
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 09:03:05 -0000

+1

A Root of Trust not data. The GlobalPlatform definition[1] is explicit that a Root of Trust has a computing engine and executable code that exist within a security boundary. Keys are optional as there are RoT use-cases that do not necessarily require keys (keys and/or other RoT data also exist inside the security boundary if they are present).

I’m not sure that the TCG Glossary[2] calls this requirement out quite so explicitly as GlobalPlatform, but the definition of RoT in the glossary is clear that an RoT performs functions - something that implies a computing engine.

A Root of Trust can perform other tasks than verification (and need not be capable of verification). This applies to all of the definitions I know (NIST, GlobalPlatform, TCG)

Best regards
Jeremy

[1] GlobalPlatform Root of Trust Definitions and Requirements, v1.1<https://globalplatform.org/wp-content/uploads/2018/07/GP_RoT_Definitions_and_Requirements_v1.1_PublicRelease-2018-06-28.pdf> (NB - unlike some GlobalPlatform specifications, this is not behind a click-through)
[2] TCG Glossary V1.1, Rev 1.0<https://trustedcomputinggroup.org/wp-content/uploads/TCG-Glossary-V1.1-Rev-1.0.pdf>

---
Jeremy O’Donoghue                            email: jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>
Director, Engineering                        tel:   +44 1252 363189
NFC & Secure Software and Systems


On 15 Sep 2019, at 21:50, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

-------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization.
-------------------------------------------------------------------------

On Sep 12, 2019, at 3:31 PM, Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> wrote:

I do not see a meaningful difference between "trust anchor" and "trust root" and "root(s) of trust."  All of them:
- Are pieces of data (certificate or key is not meaningful)
- Used to verify something such as a certificate or signature
- Are trusted by the application, based on actions that are "out of band" of the application itself

This is not how I understand a root of trust, nor how I think it is generally used in the TCG or TEE worlds. I think a root of trust involves a CPU, memory and SW that actively does something like boot and measure a device. There is usually a boundary around it so that other software on the device, like the high-level OS, can’t corrupt it. When it is doing reporting as in RATS it will have a private key that can do some signing. When it is doing trusted/secure boot, it will also have a public key to verify the software it loads.

LL


_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email