[Suit] draft-ietf-suit-firmware-encryption-01

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 12 July 2021 15:21 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B113A1D89 for <suit@ietfa.amsl.com>; Mon, 12 Jul 2021 08:21:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Wds0CP7L; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Wds0CP7L
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q9qWwDKw9lE0 for <suit@ietfa.amsl.com>; Mon, 12 Jul 2021 08:21:20 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2044.outbound.protection.outlook.com [40.107.22.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63733A1D9F for <suit@ietf.org>; Mon, 12 Jul 2021 08:21:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j2wB/zNmOeQBAwlgStR7lFO9nuMNP7Km9WxDU6GQFr4=; b=Wds0CP7Ly2W3OgqP5s2ixbDccaXnQIRiUJpPOVnweZo2XWkEyt2NhJniZfo2Bj02p5cQBXtPdBu/vJOCZ/XKyv1wWxIt+DCF/W5C56xdvBURsFXJ5uOj/xuHof7u26s4OXw6jgIsPhjoFmTunvAvYja5jLclahB9B8GfB3fYWyY=
Received: from DB7PR05CA0005.eurprd05.prod.outlook.com (2603:10a6:10:36::18) by AM6PR08MB3991.eurprd08.prod.outlook.com (2603:10a6:20b:a8::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Mon, 12 Jul 2021 15:21:17 +0000
Received: from DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:36:cafe::b4) by DB7PR05CA0005.outlook.office365.com (2603:10a6:10:36::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Mon, 12 Jul 2021 15:21:17 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT038.mail.protection.outlook.com (10.152.21.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Mon, 12 Jul 2021 15:21:17 +0000
Received: ("Tessian outbound 329e6475aa72:v98"); Mon, 12 Jul 2021 15:21:17 +0000
X-CR-MTA-TID: 64aa7808
Received: from cd35a4c4adc6.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id A1FA93FD-DA04-4DE2-8F03-186321623C43.1; Mon, 12 Jul 2021 15:21:11 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id cd35a4c4adc6.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 12 Jul 2021 15:21:11 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PNywlWMPdPWcLXcMCMNhDjKpoU3A/TGD3Mk6beXSHazbBa2fXKSrdh7fOfa7MIhSY74pCM4bMPYkwHJW6J8B+aJAAE2g0drd0E2z+EZcwxFQehZmbmNDH2UzzvoWkDrA2Pdywq5tT4+VnlciP6VbUkKDZN1mBssCIbxC27fRa3003HcrY0DhdvgX8zwZ1LjXJiVb3p9cdR9ZhrfloFc6YCTqd38+dYANKpRv70yk4PWFM6Aa8EAYlzRFS0lXsgKgE/ehJ8IcefJEXizdytjhyCe3K9vDvjOZos1vbK4wzaOQS17aS9xos99nsb8oPcTbvyDa76BaVdRSy+YLZk13lg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j2wB/zNmOeQBAwlgStR7lFO9nuMNP7Km9WxDU6GQFr4=; b=eITXOgGzEcrlLwQQ3SH7BLL2AK+OKDSMFdaxe2puwm9DLCYgAcOZQGAic/5OINEoDMZdEKXa4BS2en3FPOVrTSwKU+U3QRb+ih9GDgBQWiVkjM3v74U9g1ihVaOgQlvOHyEFnv4Z0WdaqD50fmb7RCLMRyQwm6exrnzUhXzuvtdcIw1ImgNdVJ9Smomiolz6rxunUF0dOch1E0MvXrFiDDZMnZU5u/Zyv1xxJ9JaU7elJNmvbQEtN8gBInnCY4IhekoxPXN8hE71+va0GGpYZaMLA0xDOe9GTaz80O8TOetCB+SDGv8WN6Qfl1jrtHJP627nAsttiEMkTrZu/Xwx9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j2wB/zNmOeQBAwlgStR7lFO9nuMNP7Km9WxDU6GQFr4=; b=Wds0CP7Ly2W3OgqP5s2ixbDccaXnQIRiUJpPOVnweZo2XWkEyt2NhJniZfo2Bj02p5cQBXtPdBu/vJOCZ/XKyv1wWxIt+DCF/W5C56xdvBURsFXJ5uOj/xuHof7u26s4OXw6jgIsPhjoFmTunvAvYja5jLclahB9B8GfB3fYWyY=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DB8PR08MB5290.eurprd08.prod.outlook.com (2603:10a6:10:a5::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Mon, 12 Jul 2021 15:21:09 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::55c7:8f34:351:9518]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::55c7:8f34:351:9518%4]) with mapi id 15.20.4308.026; Mon, 12 Jul 2021 15:21:09 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: draft-ietf-suit-firmware-encryption-01
Thread-Index: Add3MJ7hWa8oZCWnS1ypIgMoV3eVbw==
Date: Mon, 12 Jul 2021 15:21:09 +0000
Message-ID: <DBBPR08MB5915D058B2FDE712794FA100FA159@DBBPR08MB5915.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 53A24A5AAEE955479BF55A61A5DE145D.0
x-checkrecipientchecked: true
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: a1a080a6-66ef-49ad-264e-08d94548b1e1
x-ms-traffictypediagnostic: DB8PR08MB5290:|AM6PR08MB3991:
X-Microsoft-Antispam-PRVS: <AM6PR08MB39918851E3F441AE44B23B89FA159@AM6PR08MB3991.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: MBsrxGGt90AeiLIJlUKXQF2tEIoperZERXJx2YPFhIrICHWNY+BJtP9tQ/XoVhfLfJZC6yEfuSUHP6rm6qkcGHYttKSYH1gVDDJQvIp7pCVgZc9VdPCHNHR0CVdDno9Eslv2p5AD9wd29aQsh5JTWVQKM2pj95LsUG5gjAdmeCmK1uHAvSpodJgGkPilks0LEfGVvvfOCGKKlTug7+6pxht1ciD0rzZwLGiW79ju0qcNkmVdM6XtugiiUoSEXqtTE+AfkUpKOEz0P69HlxVW57VcuHBKUG4XTq4U/tdIOD+a6yFRzB1sxHgva1RT5gZ4UZp+5pq50pzBN9m/CcnHFzar6l8u9AUbGuWS89tJ2hMt731l0FA0k98xA0S82M+VNTGhjLB8/pVqFcDD0/eyLrXbEwZePG/IbWswRYfpXv9n08/pQwCe8pEjwVn9Jczh9fNg4mCcDaNPUCwasNLL+O+/8LeLqhVRwroz4XypdkVWMspf3TVWsekqTMbVBk4W6RTRW2M2nisSXB4m2iUNh+2QfscHz0pmgAgN5ezGuoHK7nJXTHMYOO4ecYNZcSFCQEkrVnrbJD/2MhTxJKWmRAhzzbavv6FCjrgIHAuHbRjulDQgXT8FqHR7Tcrc9tHWzi3l7BsbB8cbz3nsv6YJbXXp5H6Vw9RL0fXYS9d9UqgSfqnhFQPB2TPR8BjPAU3qQcM/TBXFv8azEAgNLJNFVJ+St6oRjDJgcatsbxLDORMRy3OKr6IfEoseChXkclPfqEXckLCXaoVUW8GPby8uOw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(366004)(39860400002)(136003)(396003)(55016002)(6506007)(86362001)(9686003)(6916009)(2906002)(7696005)(8676002)(8936002)(966005)(316002)(478600001)(71200400001)(26005)(33656002)(66946007)(66446008)(76116006)(166002)(186003)(52536014)(122000001)(5660300002)(64756008)(38100700002)(66476007)(66556008)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LoKdisvkOdWQ+VKn4sf6U1hCYDtqTGm86KeAeoq9fkc9GLnS7HO2o76qr8oQ1d1HT07QOELRqNqx7Rtdw1MtL+QENOUBVdillIBNvUkCJGUWlFEWYDgecqhogwLhzeEmF6CDAu/gBA3yde2LqE/aPcVmLGy0+ouvYAr7Rm3A6J0/YWsXOdyD1DGldIk/MUsgshx+diqJAw4H5IbpFlFtaGVbtqfpEftOaWOaBggD6SXZhcta2GI2qGY5LWZr6093HEw30R8PTrkDJ6xNJUg9Ck3/AhMbhdr9oQ9saL5GFENLwcBphiyF4G1XW6qUZ6TrYVZwWIEelr3kaX3THud/TS/doOOaKF76AVaSPHwwUf3zz8wJZA/V4P+Aq/k7lDhYbwN28sNq2C9BwBwmdpudA65Ibg26jiIMA0qBXFww3bx/r4Y45i16Y9de2dRVQ0nJL7DECEmkufq4PKGt8sYh9J8lL1eD9N24herr51peCdYUqUNCZA8F5byHc/ebUYJ+CebR/RRG4q5+MfoA4M09tRYKpccWCSktnNeYN5xEtTUGmsBY6CG/Zu0PNtEy7tGNMMbsEsckTvZqE7brulZt8UrHq+pZJGh1ZKh+LVHGyKAL85lmeXSkoTthUvI2R+2wZJ4uJhChlFUBZQIHVuX0jcdRqPHgZzoPXJBtjZG5MkRA+BoixMrf2XNGsaKQuP7P7BMQVL8KFPsNGkw64UwPhkzKRKoPKa13k42ZuJoLLHLqTfeXIRB9KIcgra3P66K45MJG02Bm2dzhudipV9Uw1dJFbliqg4k3gQiGgfJEmZpvU3cr9Jr9fJD1NgSz37XDPHHS7IaX3eLwEX97+nY/M26f0NYw3PTGAXqPzB7yEhCEBmyqL1CNra7+D5djIqmFxZ10JR2UfuM74ub56uSUCGm2GrnTa2kUFcCrYbmZqRrcmMzLL8uIOQCdd6Q64qGqYLXPsp+tGG+EHo5vcfbt/giCd8SJ6M6C3N9nTQpLBvqtqtKm1fj1hl4DX4G/OkBZnSow7BVPhg8b+uqQI+mEDQWjAg+AlpP03DrKOounhVM7UV3b2deQN+dP/2hsm4GFxUdmgLnOXvwFb7wBBxiUGVmR+/r/hrgIKXJElw/nZjcA5eNpyaVa+YeodHYZn4Kh8y5vj30izqBYMU+VrNzdUDPj/roQzrEMyetlGNPDpWRx+jOJThY3DjTU51kqzK9X42t/Lu+DQizSXDknRErWWBoAFbakQb76PtziPaXeqR9i2Oir8872VT2Nzgzpn5L6oVl1kyWIRQFpvzFoApFjsIdNoeX4RIiuFPR4YbhJsf18lJUzqfhXussYrRTkoiF4
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915D058B2FDE712794FA100FA159DBBPR08MB5915eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5290
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 11de99c3-6b99-4643-f31b-08d94548ad50
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Vu0alHqKc/+Bsgnvw+p6XhiJ3yWsYgczcxw/oymjo8r11NA4VGn0eIK2Qrbrvl85gDNAdEdN0M0HYYbrUyGH0WnJWuaf/NJzys2Qz4dy4gMcwDRyxdCaJfk0bfU3S/7SAqzEiBN4AKIhQOjFx6348zEjQ3OqbzVwn6wcPriDw2jinEBHSMfB4hwnmKzol8hIPIKU8d6oUpVhZQD9+eBykdK0YlOUPBkudBhCLPv4KtXNemY/9L1iZqxsYITpJs2OA8x+vIyyBqn7IXPUNlIlCp8SahgN6/JjuMKWYBmDrUP7tGI3JT3Ke0AFc1GIVJmfO+2RFkq4O1pAucYeTZ0+n+1YZyIsSsQmTR/M169JORqiqzlpJkc2KYG6X2OCBEg8Fnj+9bSjdSnQbKaGkV0YS/ePz6AbYSQ3MfvG2ApwR3XxedOZpHOgiW9RsTfLauZzDm3ri7X5/nZHy8U1DISVXT8oEjcAvnX9gtZPdmp63D3je4adY6zC9cYDxmSuppA5Nc/w8FrofzVDnn+2AfdHRY7DEnSaPhV9sw3QQqRMwLkWPkWLTcLxjwynUUVlz+TkIsxXriiYeD2vT3HX1F7wLwPXof0lDWNb9v1l5SCoFQGgOvW5csiNLdrMepKfIXEpX8TRZV3ItGQ9YfaB7S1KAGBFhXwCdzTeKu24aeq/jspfDteo+kY+/bMCkP+6L1/KDX6zF1y57GWQo0WljaAsI7sDHvkbZX8yH57NVM4WCx6ukl/fMiPmlGS278eqK7u1nqrNOhGv/bS47Ukw3bR3pmFTXb+h2KU3W9s8LQF8jvnEp9zwJuvYd/Q/k6GWUFK44iVny5crVdV3rKOcRrbufQ==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(376002)(346002)(136003)(39850400004)(396003)(46966006)(36840700001)(55016002)(6506007)(86362001)(9686003)(6916009)(2906002)(47076005)(7696005)(8676002)(36860700001)(478600001)(966005)(8936002)(316002)(82310400003)(166002)(336012)(33656002)(70586007)(70206006)(356005)(82740400003)(52536014)(186003)(81166007)(83380400001)(26005)(5660300002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2021 15:21:17.3840 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a1a080a6-66ef-49ad-264e-08d94548b1e1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3991
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/13UpktI3TSU6ogupwB1pu-hxNn4>
Subject: [Suit] draft-ietf-suit-firmware-encryption-01
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 15:21:32 -0000

Hi all,

I have just submitted version -01 of the firmware encryption draft.

In addition to various editorial changes, there is

  *   Text describing the challenges with encrypted firmware (started with this discussion: https://mailarchive.ietf.org/arch/msg/suit/0Q0x1ahn4t0Q7eSLOsTyMe-7y9o/),
  *   An architecture diagram (related to this discussion: https://mailarchive.ietf.org/arch/msg/suit/FIV-TeC3M7EjKEWhDmuJthpMsE8/)
  *   Review comments from Michael (see https://mailarchive.ietf.org/arch/msg/suit/nNSmHBgRPjtks5CM8cGohi1o1h0/; some of the comments have been covered in -00 already).

The diff is here:

https://www.ietf.org/rfcdiff?url2=draft-ietf-suit-firmware-encryption-01

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.