IETF Logo Mail Archive

Re: [Suit] Boot vs. Invocation

Brendan Moran <Brendan.Moran@arm.com> Mon, 03 August 2020 12:38 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2359C3A07DB for <suit@ietfa.amsl.com>; Mon, 3 Aug 2020 05:38:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=onaKHeEI; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=onaKHeEI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H8ffUNi8tPBO for <suit@ietfa.amsl.com>; Mon, 3 Aug 2020 05:38:26 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40064.outbound.protection.outlook.com [40.107.4.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 892CC3A07D4 for <suit@ietf.org>; Mon, 3 Aug 2020 05:38:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uP0oAuNjJ2tpBmRpP9TtWHe7LsIKYUZGogiAn9PeNto=; b=onaKHeEIYvm+I3lICbxpG398zj17gXdhZVe+cPTi8e9Hv5how/aErexwAk5Su5G0YiahcyjImZ9grfGVQB4HM+hGkjgdl5ids8WFYQ1hkpGZaJ9SGv7DjeiatrtLR+G6n7wY0riSRsOSDIypp29AGGznxb4M2QLvP8vMXd9a0ME=
Received: from DB6P18901CA0003.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:16::13) by VE1PR08MB5805.eurprd08.prod.outlook.com (2603:10a6:800:1aa::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.21; Mon, 3 Aug 2020 12:38:22 +0000
Received: from DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:16:cafe::8e) by DB6P18901CA0003.outlook.office365.com (2603:10a6:4:16::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.16 via Frontend Transport; Mon, 3 Aug 2020 12:38:22 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT042.mail.protection.outlook.com (10.152.21.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.20 via Frontend Transport; Mon, 3 Aug 2020 12:38:22 +0000
Received: ("Tessian outbound d778af23b2f9:v63"); Mon, 03 Aug 2020 12:38:22 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: d5701d5965013e79
X-CR-MTA-TID: 64aa7808
Received: from 3bca53f72680.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3FD6C0EB-4E3E-4EE0-90F2-EFBDC1FBDB4D.1; Mon, 03 Aug 2020 12:38:17 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 3bca53f72680.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 03 Aug 2020 12:38:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a3CZHXeelQobTTwCKwI4NHWMIIEL3y33vnwzR5XJEL2gJQ5rMnfAwDqWF1zmnG8lest1TaWHw72+zu3YpLDgZF5oLaNSKv/SJyM0n2XOE0J8auEiUOFd2FQGt7nNPB1F1PR/xso+1atLbXa/oiZW8zVlKNAyl8Pv8r2esvoHSscFyt6h7FUUg/i3K9ccJPLmQ0rnH1Nz2zddiE//5X01yQmx2lMb38yeei23Xu+SZFlqnez/Pm66tIwv2WmHpAQ6JdaMWsFX77MYMAqtNO0DRqfhY8IWLUuuUllXe78BYvwkDYm3ag9CKNuXcBfA+QAQulgEG/f/b//9qxZe7H4lDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uP0oAuNjJ2tpBmRpP9TtWHe7LsIKYUZGogiAn9PeNto=; b=C0KQQ94f9g/r+1LrC3wQ/0TnsEHBYmh+WpXUoibLe6jgSblgNeBJE+cm09YGqpJgq64AANvoUAnhuQpHS4gMA+geTGiguNehWgZ4ATsZKulKmLn3M8X2xwdYaLoplfvb9eKkcYY0bWytgpYxRrEWoIbhutF+W138JaaQSFmhawEDd7VEhZdPnJuwMgedlG+KOOfexsXAd9hznnYJwPdH5QSK6WqSKDwYwXFJ7XouExROpqkzdhC73zUg4jnWgxaOlRcnq/v6U1JysUrBIEgYR6ghYdXRzwqvmh0oRik1miYR9/ngc58uPpWFnGv6KxTD9NCkrVJ7123foM57a1NHog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uP0oAuNjJ2tpBmRpP9TtWHe7LsIKYUZGogiAn9PeNto=; b=onaKHeEIYvm+I3lICbxpG398zj17gXdhZVe+cPTi8e9Hv5how/aErexwAk5Su5G0YiahcyjImZ9grfGVQB4HM+hGkjgdl5ids8WFYQ1hkpGZaJ9SGv7DjeiatrtLR+G6n7wY0riSRsOSDIypp29AGGznxb4M2QLvP8vMXd9a0ME=
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com (2603:10a6:20b:cf::10) by AM7PR08MB5528.eurprd08.prod.outlook.com (2603:10a6:20b:dd::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.20; Mon, 3 Aug 2020 12:38:16 +0000
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::a98d:5ebe:dc1d:ea56]) by AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::a98d:5ebe:dc1d:ea56%3]) with mapi id 15.20.3239.021; Mon, 3 Aug 2020 12:38:16 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Boot vs. Invocation
Thread-Index: AQHWaYV5gHBlv0r4bkaadpuZshyF5KkmOSOAgAAZu4A=
Date: Mon, 03 Aug 2020 12:38:16 +0000
Message-ID: <9CBF239B-32B1-4CAE-B680-C94AE7CD88B0@arm.com>
References: <9CA92962-0D40-47CF-BB62-DE325D1D0869@arm.com> <ad349362-a54f-477d-e4f8-46eb1f3dff68@sit.fraunhofer.de>
In-Reply-To: <ad349362-a54f-477d-e4f8-46eb1f3dff68@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
Authentication-Results-Original: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.20.19.206]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 6f8008bf-3e74-4678-4e48-08d837aa1bd0
x-ms-traffictypediagnostic: AM7PR08MB5528:|VE1PR08MB5805:
X-Microsoft-Antispam-PRVS: <VE1PR08MB580502AA2175547B2B5E8686EA4D0@VE1PR08MB5805.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: hK7GZi9+lUvP2Ex4s2uXLVosQGFdbEu7AYjwKleBZRXW2ME8RccZ7FrkwjH9FrD6ZjmOV1rFzV4l6ISkDMz/mHX7kVkVxN22+1kXzHHpwR/SblifcObbbCS87OCdV5OdCQzCM7j6qvDlA6xHPgfgQom3NaGHBMdtB9LpKSEtJ79siTrb6OqcA3CrVFoRBjonoj9K8echNR3h0Pxx1xa9gChbYi259EqzxxHMATG4Lx61emMvPXd8be4SjJRn/aJKVf1RRp+YNE6Un6DxO6hap24Tgc6jIy1g/3+b6MGnVJmXG+XocpHUr8erDw127qN1z+y4KGUgPTpYKqZVBZWbkAatAVFRV8GC4rf52R7Po+tbN3ISehgoENa/mg2nCz6xjwnlT+U8BG1t3EdPZMFoMw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4738.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(376002)(346002)(366004)(39860400002)(396003)(6506007)(53546011)(83380400001)(64756008)(8676002)(66556008)(66946007)(66476007)(66446008)(91956017)(76116006)(2616005)(71200400001)(33656002)(186003)(26005)(966005)(478600001)(6486002)(316002)(36756003)(5660300002)(6916009)(86362001)(2906002)(8936002)(4326008)(6512007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: bAKtHknoVdk1B33ni5n7auzkWchBveGiNlSOI5qtgGc12fubwxVKWX4Lt4dfssg7EJ/QqEV1Rk22QEpFYypGG2JdypYO4g+EEQwMkGfydGNvDqxNPYjWdWqCSa26lruAPRnuQDguHRIoHp79joH3ot3gqb5EaUocRybsopvR0bhW5T13ya9uFInD6LQw32Cvf9asa46G2LsoT6NFJG+JV8tvFCDChX1soPTpj/lQM6/paFfZty5Cksrvcu62tqMgmJkw1+19QfASsAHFHa+Jmi4/PJWOxnkBRx7D0sWbK13XCNvD8g/tdiFziSZO1Xyd+C7uq8pe8ivL4UlATvfNWkt4bmsEpXqlNxfDK1H5kSULjuMwbg2CLQyDYbwQlwdT5KtLE+qiE9ACIQOgfHpVNQvMyiYsCHjhFL6qDLg3klJenblESnuYVDc7ckSvipLDB3c/T2/ObtzwdyNMcuWeJj7sC4rTlHfbUWVMf7CDfkiGRXebzCbpfPcUoYozhsPJB2qnH29+RV77br/Z7fOOSo/6+CjO7y3GoIaX3pNtwy7QPDCw1uqA/xxjJ0Zs+5115Hc/q6jh/1b4kLCm7/uXN91Rdt1hDTnLFQ71AT/hqHjwrqLGea1N7WBZSFq1UeKdmWhpfKZpa0SXAVqJo1vGiw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F09A1F5076EED345B41BACE96B181462@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR08MB5528
Original-Authentication-Results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2e90b344-3b9a-4e26-5d23-08d837aa1825
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 2CQ/Nma7cjvxM5dvPwkVjQz12kt1978fEiucvJ/qB/smigvqtVPJ1XYKnLaeqRVBFcZhxwSs7SzO+ptOZD5UxP3B9nlR9xNL3kfiuSajEmHp+MZR2azbvj358meRkVY8GwLm6Q3dmy6IN6DXXYrtDgU33kALQJH3NzMZqbF7N7BGClAh+4HkQTfmUmMERF00+dV78CObDwmQIW6VMSfDDoeyBjigLwPmSGDARKZyqrIQCS93pKY79XZMF1HCjknkCYmKIMqHboKes884S+fcKXpPCpXCeAYgJS5ZPmC5jaZODP/3Ji3LnZJpsssxlNUbDGVnPEYVAXLeGa50uAvCaL+zAMX5lwikdW7DKD0bFus3o7l3n2uQAx5Fr8Mm7Q/F10Y4YNNJCAF3a6nJ+go6X/itpYhBPqOB/JsL5/pl1MV1URkZ+iRVn97XXAVhbaklI2cxoAAMrrmc8T843B81/3fIVETuhCtxEnVMhDddWcA=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(376002)(396003)(346002)(46966005)(336012)(70206006)(70586007)(81166007)(36756003)(86362001)(6506007)(356005)(6862004)(2616005)(8936002)(4326008)(82310400002)(53546011)(6486002)(2906002)(186003)(8676002)(478600001)(316002)(82740400003)(26005)(966005)(6512007)(33656002)(83380400001)(5660300002)(47076004); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2020 12:38:22.3469 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f8008bf-3e74-4678-4e48-08d837aa1bd0
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5805
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/A2TFeHvzvxhOUY7u7H_Zl66PM5A>
Subject: Re: [Suit] Boot vs. Invocation
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 12:38:28 -0000

Hi Henk,

As it happens, there was already a definition for “trusted execution,” unused in the specification, that defines itself as a superset of boot & run. I could replace it with Trusted Invocation, and that would provide the definition you would like.

Brendan

> On 3 Aug 2020, at 12:06, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>
> Hi Brendan,
>
> sounds like a quite targeted way forward (you all know what comes next...). We just have to make sure that this tweak is captured well prominently in the text, as a definition, so it can be referenced in a meaningful manner and reflects the superset of "authenticated boot" and "authenticated TA invocation" well.
>
> Cheers,
>
> Henk
>
> On 03.08.20 13:01, Brendan Moran wrote:
>> In response to some of Dave T’s comments (specifically, [DT32]) I would like to propose replacing instances of “boot” with “invocation” so that "secure boot" becomes “secure invocation.” This is to make it clearer that SUIT manifests are appropriate for invoking TAs for TEEP. Booting an IoT device securely and running a TA securely are both classes of secure invocation and Dave has raised that it is not obvious that SUIT manifests are appropriate for both.
>> Best Regards,
>> Brendan
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email