Re: [Rats] do not address yang warnings by making nodes writable

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 05 March 2021 18:30 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5ADB3A299B for <rats@ietfa.amsl.com>; Fri, 5 Mar 2021 10:30:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NamKBrnt; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=u57TwXOr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QANfByIKEBOE for <rats@ietfa.amsl.com>; Fri, 5 Mar 2021 10:30:13 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E2953A2999 for <rats@ietf.org>; Fri, 5 Mar 2021 10:30:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12712; q=dns/txt; s=iport; t=1614969013; x=1616178613; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=uHSuQv0jViwMjHN2biqaxdbLTDhhSrTUvmzsGqJwOQ4=; b=NamKBrnt31D4syH67d4BWHxExnWCBsqgnVFZMhLIo9ubUUmwWBf+ToxP pGYgF4/fFzZYFRwwqTPf4QO6Xy3ibFFDZwVMv/xvbZyj9T/ObGUTGeD6n dILYlxiSIFd03s+mk74mYhW1UD+Pkalqf11G6pqAzDW1z/GVBo0LWdV77 8=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3APj0rlhTtHZnUZ4mF27x6M/U4etpsv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESQBtWJ6ftPjODN9r3mWHIN+42ArGFEfJEfHx?= =?us-ascii?q?MGiMBDmQsmDYbFDEDgN/flYmQ8G9gKT15q+Xy3cC03UMbzblHfuDu+uDgVHB?= =?us-ascii?q?isNwN+Ie7uX5PUjtq6zfuz54yVbwgbzDa4aKl5eROxqwiZv8IKgIxkf6A2zB?= =?us-ascii?q?aswDNIdu1ayHkuK0iUmkP359y7+9ho9CEDtg=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CiCgBFd0Jg/5JdJa1fA4EJgyIjLgd?= =?us-ascii?q?2LC42MQqHfwOFOYhXA5kjglMDVAQHAQEBCgMBAR0LCgIEAQGETQKBegIlOBM?= =?us-ascii?q?CAwEBCwEBBQEBAQIBBgRxhWENhkQBAQEDAQEBJRkBASkDCwEECQICAQgOAgU?= =?us-ascii?q?DLgIZDAslAgQOBQgGgmOBflcDDhEQAQ6iXwKKJXSBATODBAEBBoUkGIIMBwM?= =?us-ascii?q?GBYE0gVOBI4pMJhyBSUKBEUOCKS4+glwBAYE4EBoVChcCDYMDgiuBWRAuLQc?= =?us-ascii?q?BBjYqDQc/F0QgXigCFTMskFWLAIEfgXWaZQqCfoEbg1CCbJRxo2yyThWEJgI?= =?us-ascii?q?EAgQFAg4BAQaBayOBV3AVO4JpUBcCDY4qF4NNM4RhhUVzOAIGCgEBAwl8i2e?= =?us-ascii?q?BNAGBDgEB?=
X-IronPort-AV: E=Sophos;i="5.81,225,1610409600"; d="p7s'?scan'208";a="856181457"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Mar 2021 18:30:12 +0000
Received: from mail.cisco.com (xbe-rcd-001.cisco.com [173.37.102.16]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 125IUBx4014065 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 5 Mar 2021 18:30:12 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xbe-rcd-001.cisco.com (173.37.102.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 5 Mar 2021 12:30:11 -0600
Received: from xfe-aln-004.cisco.com (173.37.135.124) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 5 Mar 2021 12:30:11 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-004.cisco.com (173.37.135.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Fri, 5 Mar 2021 12:30:11 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R58+pgBQ3d4RXov3Mr4by3lRbez5Vj9KNWYeqhweuuODUkeeYLRfrS0pvpPaAWp5048xlHvhRNWhMxLsuMuA7BSjPRORA/Aw/6VLzYe/mi9r9/kj1afdydxaoT0123ZGcq/fB20sIOpwRB5KHMLmMLkajuWV203ZKSNlbElTU1AM++bQECPPrBPl/TU+tA4th9uOKXQAaP04jxjQztIjHlQxffw2LUyrQQN+aH/hyUpzy62FyCc4Emby/9PnxWNXp6XCcTFb8WIhxIPcvymbhf5CGJbQKK1dUgG44XyCREHhI3pAVUNou+SV62TF0XwcsRCeYWcWC4vJcDdzVu4ufg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QxKDhFQ+VfigpTPbB7q8/vyM4qtrEQnviy94POglp+k=; b=ZigXnw5GGqj/pgXclpP4Dty1bPCZrm8WmShZNSc5Zdaf6Kv9GAOzkOXqTeqxzOKc8EtK9OZgEnNyxq2LfhWD3vJHyXCXo5SR7ioDdHuW/F8Aig52ILyL9Fi0XOHdjPSQ7C7E9KLGJNoLosssPmxda/zE2qReiNJQPbhOy/h8Pjd+TDdL/4sDy6ZE4dXMIg0a2k2FDMEDd7Cot7lrgVNVyPsz6AOJZQbAqg+fFgyAlu+SrJtFiyWr2H+P8iVc49RKYcXt2mPLJmHjv8EA7LQSQ05ExPI4HMrIEGemXEyeDdOJG1noXRSQ4FepKJBpk3Z2VvbtkYHyxymQDHBiiyttdg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QxKDhFQ+VfigpTPbB7q8/vyM4qtrEQnviy94POglp+k=; b=u57TwXOrgzm7s8EtcFK2IfQX/UqwN6DajCEFmU82KwWWS/ZtzM8h1k9/lnS4BN4JYUSO/oyXaRPOZuiDUm00idOBm0lefp4xwmWs+fJpJ4N9KWLpiXTKlPJWo1qWAvsmoFoHgg7EGroHKkHwtTXMhCkHj9c4W5M6IC5rEpCJh6s=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by BL1PR11MB5495.namprd11.prod.outlook.com (2603:10b6:208:317::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.8; Fri, 5 Mar 2021 18:30:10 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::88f5:c7e1:3338:cecf]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::88f5:c7e1:3338:cecf%3]) with mapi id 15.20.3890.032; Fri, 5 Mar 2021 18:30:10 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] do not address yang warnings by making nodes writable
Thread-Index: AQHXBtiPzfKDgDt1JUWIk0bm075RU6pfpH2QgBWueACAAEVAsIAACUSAgAADmXCAAA7ogIAADdng
Date: Fri, 5 Mar 2021 18:30:10 +0000
Message-ID: <BL0PR11MB31229018322B4AE74C48751FA1969@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <20210219131122.4b3qt7kgapmgv3ax@anna.jacobs.jacobs-university.de> <17694.1613745400@localhost> <20210219160103.26mds5wtenqtfbct@anna.jacobs.jacobs-university.de> <BL0PR11MB312290AB0F53053548E1D43DA1849@BL0PR11MB3122.namprd11.prod.outlook.com> <20210305111144.ptkqpler3rjmgx6i@anna.jacobs.jacobs-university.de> <BL0PR11MB3122D8926C5143368F4C77C5A1969@BL0PR11MB3122.namprd11.prod.outlook.com> <20210305155245.p23ab4isvpn2vxdo@anna.jacobs.jacobs-university.de> <BL0PR11MB31227B686A7EE19225F91EB7A1969@BL0PR11MB3122.namprd11.prod.outlook.com> <20210305165859.evgne3amtovj635u@anna.jacobs.jacobs-university.de>
In-Reply-To: <20210305165859.evgne3amtovj635u@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: jacobs-university.de; dkim=none (message not signed) header.d=none;jacobs-university.de; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [108.18.141.61]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 38c4e981-21ad-4cfb-f175-08d8e004b59a
x-ms-traffictypediagnostic: BL1PR11MB5495:
x-microsoft-antispam-prvs: <BL1PR11MB5495DA789A4956CB44D5FF68A1969@BL1PR11MB5495.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: f6fV+GCfTXpAedVqzrv95mrrajTFOtRGMyq4mG26G71gsRXXyoV/Dj+t2DKVaRyLm2cfMIbCOth+ECheX0J0h7UwCupknQA12u4DLGQkIryu7Ykjtf6rJGbLMNGWCBQCUmLlj3YZ7sd2bRN+LnaR32KYDUD/b1npMXLKI8kIwrKp1Wwv9BHAWhOZSUaa4ieDxVW0p85XwjTXK0raJmOMeTQZgNTaZyKVNULzsB4h5aNSTPqM0+sPOy83RjYNgk2PH5b/1tpvcjTuzMn2OwBWwoGvUertVJIVkcNk9dXWmHWx2V6EkbGtuft8cdDTAtEwovBMmU5Nms4S5cDjp1IOAuhaYMPF/9KPvFhQTWnhMQEAmZ6/B7JunBQ9rk55K6UarqAC8MNUWYEGthUj8TLhUx8s3fFwLwN0W5lssRohQRwciIwyaQLRtk++tbkwwHPHb3uTKqCym8knTPv6bKwJV00WNxOBKhIFbIBTKAipjdtXB3l2d7tOSapG2R/j7Rf/CsGjh39kpKJYDmSYDZZ0ddO4X87x00M0wAyfguNtKVVzYfvizaDMoNp1g13j4ior6XE6gddEC5icQvMhOr55Xo1GL7u+OF8WJ3JF/boG2G4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(366004)(346002)(376002)(396003)(39860400002)(966005)(7696005)(66556008)(64756008)(478600001)(76116006)(66476007)(66946007)(83380400001)(316002)(66616009)(66446008)(86362001)(54906003)(99936003)(5660300002)(186003)(8676002)(33656002)(6916009)(2906002)(26005)(55016002)(71200400001)(6506007)(52536014)(9686003)(4326008)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?jS96NWIDD/f1KH8XZTB6wLA4VdkwnYoXsqM8gqc1YTuvfdyEl+lNTJo2x/yT?= =?us-ascii?Q?RBccav8oayleKzcdQonXdQMxgHcChFV3AxG0lO4qiySXmN6BhpQlHcIcSLsu?= =?us-ascii?Q?UaePL+QD4wouU7oNrJKDkLbHS2WkN+3oo3RYqVa5Ff6WpJ4bBEJ9l2qzJMeM?= =?us-ascii?Q?rbQFzpWnP2XrUuF3YhzTv0PLvpjsEzfevWqUaVsiPL7NFm+L3EpZxSybeIVw?= =?us-ascii?Q?ksOZvtMc8kkbcP7b51G4KamvISS2vJX9XjBEZ7Q/P0EuaduU4guxg3tzwwm7?= =?us-ascii?Q?psdIctGamxvJ5SrJE3hsJMgD7eu3uCitrx/RZjRNYW96ek19tQkmHIUBVEsS?= =?us-ascii?Q?4XOStC+q8HqqOUmWCO0ItcDXvwIduIc/JYWDUKB78c45VJB2t9v6VrVV0sqa?= =?us-ascii?Q?gYmZfo+/K/X/Y6l/F/ue2WKfn9n8YvYGcz8s9dpseGm7rrZGNvBWUkgaDzo5?= =?us-ascii?Q?R//ok03j6UZizENKkum6s/E4bu6ZYwUE3d99qzluwwCsnArikcUggMr1dFR3?= =?us-ascii?Q?VGC2p6ACQmSDvJIUtaw5d0X8JpdZrqYpPSAXnPDkZUm205pnUJBrbQKL0+rT?= =?us-ascii?Q?jkmMubGwQYBEljsYNLbpLHI33SpSEqEH5vc/S1PxuH9zrX4+MVTUzTdpucl+?= =?us-ascii?Q?T87qps+Q5bsH1oXsbsqSd9qgxd3damJXvkaRzCVTVTu7VeNp2l8QCpsJlORJ?= =?us-ascii?Q?jCJTp4spHUXXUdQpjim2hUIvG3c8pxAgTGahlhdmScixkElQWO2dlOEuVXgk?= =?us-ascii?Q?VzRONn/Olz8FAdmO4XAdVKFFV2DGPWIIuZDXkTIEIT4qWg4dMl3Zr+gDfz35?= =?us-ascii?Q?5HmWAO++Wu/WzmcQiWegjE1H9QRfuGiyMbQyPhLs9k8PxEuMyUEtQIaHH2rx?= =?us-ascii?Q?KeUD11H7l37vbCM7zpC1LZ3L6L9P5Rhqcs+d7hcjbbjIVx3ABLNPrdclELNJ?= =?us-ascii?Q?lLmNYu/wqsmKbCxAFA6hblcFZa6PN3rOQ14LY2OHrfAlDuyVnxNNsw711pb1?= =?us-ascii?Q?WZVU4sNugwq9Hq9CB1lCUNZy5jCmk69uWG+PWGAQRuqiUoJ+FVvzp3i6Ag+n?= =?us-ascii?Q?epnWgRPNHZIJa6ZmfESTjj/0BLhTPs1cjRxf8d6E/fSmbHJJrYqEmOF6HY7Z?= =?us-ascii?Q?KpBtWzuRxOlaUSco9y306ZCpwZ6BbMlEcwLasm8WuMqV9fNLl+qEnnD2iNz8?= =?us-ascii?Q?EjE1VZ6gXoTXHlnDgM9ZmMZGuF1Xz/V+Ff3Ty2/Hr7Rb8SlSiSK1JF8JeaAj?= =?us-ascii?Q?1lUgbtydi9hS13XUfC/fQesalAca8tR2bUz3WOsGMmayK/oEo2zLN/QBs9KY?= =?us-ascii?Q?2jqYKppIeDHZTy4oZlRmTMZp?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_047E_01D711C3.A826F7E0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 38c4e981-21ad-4cfb-f175-08d8e004b59a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2021 18:30:10.2657 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: U0qzEmy26HU5iw+rwWF16M5fXvqr1rnQTERNL6+tQt2Watw3ovKTo9NJpkHuBXgl
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5495
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xbe-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bmxqhUvPYg-nxy5xP1H1ja6aPB8>
Subject: Re: [Rats] do not address yang warnings by making nodes writable
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 18:30:16 -0000

> From: Juergen Schoenwaelder, March 5, 2021 11:59 AM
> 
> On Fri, Mar 05, 2021 at 04:23:27PM +0000, Eric Voit (evoit) wrote:
> > Hi Juergen,
> >
> > > On Fri, Mar 05, 2021 at 03:42:54PM +0000, Eric Voit (evoit) wrote:
> > > > Hi Juergen,
> > > >
> > > > Where you say "this config applies to TPMs version X", we are
> > > > accomplishing a similar function via when statements,  E.g.:
> > > >
> > > >         uses TPM12-hash-algo {
> > > >           when "tpm-firmware-version = 'taa:tpm12'";
> > > >
> > > > It is possible to place what is currently within these 'when'
> > > > statement to instead be within the descriptions.  But using 'when'
> > > > statements seemed a more robust approach.
> > >
> > > Except you had a broken config true node.
> > >
> > > > Based on our discussion, I can adjust that description of "leaf
> > > > tpm-firmware-version" to:     "Identifies the cryptoprocessor API
set
> > > > supported.  This is automatically configured by the device and
> > > > should
> > not be
> > > > changed."   This will eliminate the earlier text about a YANG
warning
> > and
> > > > NMDA.  Is this a reasonable approach?
> > >
> > > Overwriting YANG semantics is not what you want. Perhaps you
> > > actually want
> > to
> > > use a YANG feature to make parts of the model conditional to a
> > > feature indicating different TPM versions. Of, you already have an
> > > if-feature. It
> > might
> > > well be that I do not understand what you are trying to achieve.
> >
> > Unfortunately using an if-feature does not provide sufficient
granularity.
> > A device can concurrently support multiple TPMs, each potentially
> > having either TPM1.2 or TPM2 firmware.  The model is trying to ensure
> > that a specific instance of a TPM can only be configured to use a valid
subset
> of
> > the allowable algorithms permitted by the type of firmware available.
> >
> 
> But then the config needs to say to which TPM and TPM type (version) it
applies.
> And in case there is a mismatch, the config does not get applied or even
> rejected. 

I believe the current model accomplishes this, without the need for placing
the constraining information in the description.  More below.

> From the interfaces YANG model:
> 
>          leaf type {
>            type identityref {
>              base interface-type;
>            }
>            mandatory true;
>            description
>              "The type of the interface.
> 
> 	      [...]
> 
>               If a client tries to set the type of an interface to a
>               value that can never be used by the system, e.g., if the
>               type is not supported or if the type does not match the
>               name of the interface, the server MUST reject the request.
>               A NETCONF server MUST reply with an rpc-error with the
>               error-tag 'invalid-value' in this case.";
>            reference
>              "RFC 2863: The Interfaces Group MIB - ifType";
>          }
> 
> The point here is that the config explicitly says what is
required/expected and
> the server reacts to it. I configure
> 
> <tpms>
>   <tpm-name>tpm42</tpm-name>
>   <tpm-firmware-version>taa:tpm12</tpm-firmware-version>
>   <TPM12-hash-algo>taa:TPM_ALG_SHA1</TPM12-hash-algo>
>   <!-- -->
> </tpms>
> 
> and this gets applied if there is a tpm42 which supports taa:tpm12.

I agree there are lots of similarities to the interface model.  In the
interface model, you have:

     +--rw interfaces
        +--rw interface* [name]
           +--rw name                        string
           +--rw type                        identityref 

And in this model we have:

   +--rw tpms
      +--rw tpm* [tpm-name]
         +--rw tpm-name                        string
         +--rw tpm-firmware-version    identityref

In both cases above the device itself should recognize the hardware
instances and configure those objects appropriately.   Now looking at the
other object in the tree above "TPM12-hash-algo", i.e.,

   +--rw tpms
      +--rw tpm* [tpm-name]
        +--rw TPM12-hash-algo?        identityref

This object can only be provisioned if that identityref also exists in
container "attester-supported-algos".  This container identifies which TCG
algorithms are available for use the platform.  This allows container also
has the benefit of allowing an operator to limit algorithms available for
use by RPCs to just a  desired set from the universe of all allowed by the
firmware.  To see more, check the descriptions of:

   +--rw attester-supported-algos
      +--rw tpm12-hash*                 identityref {taa:TPM12}?
 
> /js
> 
> PS: The example writing also revealed that there is little consistency
>     in the naming, sometimes you prefix leaf names, sometimes you
>     don't, sometimes you use capital letters, sometimes you use
>     underscores then again hyphens etc.

There are two YANG models within the draft.   

"taa"  which contains a list of algorithm types maintained by the TCG.

"tpm" which allows RPCs to be made to TPMs

To my recollection, the prefixes are only used when referring to an outside
model except when there are xpath constraints involved.  I claim no special
expertise on XPATH, and would love to get help in this space in fact.  If
you know someone who could help with the XPATH in "leaf-list pcr-index",
that would be superb.

On the capitalization and underscoring, we always use lower case and dashes
except when the model explicitly names objects which are equivalent to
objects defined by the TCG.  By using the exact TCG syntax, there is less
chance of people thinking things are not equivalent.
 
>     If you prefix leaf names with the module prefix, you end up with
>     tpm:tpm-name and now that I write this it seems odd to call the
>     prefix tpm since this is not really about configuring TPMs but
>     remote attestations using TPMs. (I would rather leave the tpm
>     prefix to a YANG module dealing with TPMs in general. Well,
>     perhaps there is the beginning of a generic TPM module hidden in
>     here, but then it might be useful to actually factor this out.

TPMs themselves are not really configured, except when people are attempting
to do keystore stuff.  And much of that is contained in Kent's keystore
drafts over in the NETCONF WG.  I don't think there will be needed
standardization here for a while.

Thanks,
Eric

> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats