IETF Logo Mail Archive

Re: [Rats] Android comments on EAT draft

Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Mon, 20 May 2019 08:51 UTC

Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A46120106 for <rats@ietfa.amsl.com>; Mon, 20 May 2019 01:51:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7vEzofWIs2YI for <rats@ietfa.amsl.com>; Mon, 20 May 2019 01:51:12 -0700 (PDT)
Received: from alexa-out-sd-02.qualcomm.com (alexa-out-sd-02.qualcomm.com [199.106.114.39]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA404120041 for <rats@ietf.org>; Mon, 20 May 2019 01:51:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1558342272; x=1589878272; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=a7ZsyO8CBd9QkMKS4IjuvFG7ug3taZzzIWihu1bAvFQ=; b=l4OLgc39R6GATZtpXr0IZWaJkt77wrKB3D3+EUech3myWH1XZ1Bwf0fL uxOUCdwbL1q77uXmneGu6cHfQDh+2plp+cdcQPJnWMfpOgcj/bbxvWzX0 0+FzhIoxBwg+TmLkskKKHbP3PGrGBBJ3uR3he4HGv8DaWq9owpplCwaSN 8=;
Received: from unknown (HELO ironmsg04-sd.qualcomm.com) ([10.53.140.144]) by alexa-out-sd-02.qualcomm.com with ESMTP; 20 May 2019 01:51:12 -0700
X-IronPort-AV: E=McAfee;i="5900,7806,9262"; a="257396427"
Received: from nasanexm01d.na.qualcomm.com ([10.85.0.84]) by ironmsg04-sd.qualcomm.com with ESMTP/TLS/AES256-SHA; 20 May 2019 01:51:12 -0700
Received: from eusanexr01e.eu.qualcomm.com (10.85.0.100) by NASANEXM01D.na.qualcomm.com (10.85.0.84) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 20 May 2019 01:51:11 -0700
Received: from eusanexr01a.eu.qualcomm.com (10.85.0.97) by eusanexr01e.eu.qualcomm.com (10.85.0.100) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 20 May 2019 01:51:10 -0700
Received: from eusanexr01a.eu.qualcomm.com ([10.85.0.97]) by eusanexr01a.eu.qualcomm.com ([10.85.0.97]) with mapi id 15.00.1395.000; Mon, 20 May 2019 01:51:10 -0700
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Thomas Fossati <Thomas.Fossati@arm.com>, Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>, Simon Frost <Simon.Frost@arm.com>
Thread-Topic: [Rats] Android comments on EAT draft
Thread-Index: AQHVC4B9pNHWJdcAQkKTElalgfWFNqZs5PyAgACT9wCAAKZ4gIAAAOWAgACyVICAABUCAIAAJSYAgADIhYCABFtWAA==
Date: Mon, 20 May 2019 08:51:09 +0000
Message-ID: <749BB2F5-1BE0-4637-8B08-05BACB0EE285@qti.qualcomm.com>
References: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com> <35459D73-3D08-4E0B-814B-780AD60DD600@island-resort.com> <HE1PR0801MB1643AA2E129098E2C65F9163EF0A0@HE1PR0801MB1643.eurprd08.prod.outlook.com> <CAFyqnhX9f5s21roZvz_VcfR+sd3E89SYmunZKX-2JMC4Rqy_cw@mail.gmail.com> <CAFyqnhXzoo9+2pu1qboPSiHr7YTzfRjOcJj3oEpOX_uFWbRyKA@mail.gmail.com> <E5AEF90D-D0A4-4F64-AA60-090167A31725@qti.qualcomm.com> <EAEFEF91-D04A-474C-9048-C9DA5B98EC9C@arm.com> <B1A69042-5A07-44F6-8BE1-6D28D32EAD38@qti.qualcomm.com> <F790F39E-5B66-4F9D-90D1-94794FA387F8@island-resort.com>
In-Reply-To: <F790F39E-5B66-4F9D-90D1-94794FA387F8@island-resort.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.251.52.12]
Content-Type: multipart/alternative; boundary="_000_749BB2F51BE046378B0805BACB0EE285qtiqualcommcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/fBlnX9AU5yzo0Vt6r8FJ7P5bJQ8>
Subject: Re: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 08:51:15 -0000

On 18 May 2019, at 00:19, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:


CAUTION: This email originated from outside of the organization.

On May 17, 2019, at 4:21 AM, Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>> wrote:

Today the "platform" is a unique identifier, normally chosen by the manufacturer, that identifies the hardware and any software relevant to the Target of Evaluation described in a Security Target document - in GlobalPlatform terms this is the TEE or SE, but it is really dependent on the chosen Protection Profile.

There is nothing inherently preventing this from being an entire device although there are, to my knowledge, few certifications that operate at the device level. I do expect this to change.

Can you give some examples?

I will see if I can get some real examples - may take a week or so.

Is a platform identifier unique by being a 128-bit random number, or it is a combination of OEM ID, HW and SW versions?

It is a string. It is something like a combination of OEM ID, HW and SW versions. It is not intended to be cryptographically unique.

The platform identifier in DLOA is only trustworthy if you have first verified the entity to which it applies.

How does it relate to OEM ID, HW Version and SW Version?

As far as I am aware, it is chosen by the platform vendor as a mechanism to uniquely identify the combination of the above that was certified. It probably could be a concatenation of the above, but I believe it is generally shorter for convenience. Best way to describe it is as a hardware and meta-build identifier. Some strong identifying an exact HW platform and some combination of SW images.

Jeremy


LL

v2.23.0 | Report a Bug | By Email