Re: [Suit] How are firmware and firmware versions expressed in manifest?

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 04 June 2020 16:44 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F24AF3A0AEC for <suit@ietfa.amsl.com>; Thu, 4 Jun 2020 09:44:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=4t84pEXO; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=4t84pEXO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLMwl0CRWxIr for <suit@ietfa.amsl.com>; Thu, 4 Jun 2020 09:44:54 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2058.outbound.protection.outlook.com [40.107.20.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC0493A0ADF for <suit@ietf.org>; Thu, 4 Jun 2020 09:44:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JEzAJHTLj+/RR5IVY+ZVEg5j6hVcCOd9pM/HXk8LdSo=; b=4t84pEXOUjkmQvn4+OXgmdnFfkoW7pB2TofIzOfCyknsu5H1vFkZX/qwPyru0Zjp1RWx9h39uOSanMH38McJURrnJUCS62pUxQ2GveBiPpdWlr9BbLWTOAA4YeXGCzG5RhjcW3TV6wt1abiw0sDpX7wTqajVk4sTg87LV1jJops=
Received: from AM4PR0202CA0011.eurprd02.prod.outlook.com (2603:10a6:200:89::21) by AM0PR08MB3586.eurprd08.prod.outlook.com (2603:10a6:208:e1::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.20; Thu, 4 Jun 2020 16:44:50 +0000
Received: from AM5EUR03FT020.eop-EUR03.prod.protection.outlook.com (2603:10a6:200:89:cafe::4d) by AM4PR0202CA0011.outlook.office365.com (2603:10a6:200:89::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Thu, 4 Jun 2020 16:44:50 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT020.mail.protection.outlook.com (10.152.16.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Thu, 4 Jun 2020 16:44:50 +0000
Received: ("Tessian outbound 1145f7a293ca:v59"); Thu, 04 Jun 2020 16:44:50 +0000
X-CR-MTA-TID: 64aa7808
Received: from 956c0f7b64a1.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id FFC3EA18-8750-4E99-A33D-3AED205BA15E.1; Thu, 04 Jun 2020 16:44:45 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 956c0f7b64a1.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 04 Jun 2020 16:44:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f9oweWs07pTzIfUiJwaMy6DFLrFqYgeWhZkkU5Bg5fUTjoEtXFPFBTL1cn3yKpsjP/o/8kUYCHhm8Bnh9eACemzdqNT3OkMt4aeovwva8kLlry+K8LKmysFh0J57zOOp2mpS8lnPBsiH1Y8rPow69mnZbx2pNYnN+2MVGol5vNJP+fdU+E1mYa1Da7VfglP4ZR7TBSSSNgVcr3Fw1/pUfI0RpXXa2aLQ9/fTWSLJ0yMawyV447l0xCJgL0V1mjDXYAJysndQIeT4SxXTeIuj1COklkdbrBKe1q56Mkh3P+OJgxpDMkCyV0KyhsrhhyRI3Bg32A1A+XPXCQm8SpNviQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JEzAJHTLj+/RR5IVY+ZVEg5j6hVcCOd9pM/HXk8LdSo=; b=L15jWB1O4Y+yWPoJ9cfdmqtBNrogQg89fVPBAHJ7cmuDDl0zuV14nmLNDitAEyN4Pf0fJ2ya/5T9DcHyesiUeMtji4B9CeKPzrXdfL/Kf3/XGaYyo0ivVbhxDnZ3YITHNRhUFT9JqqW2lUWJOS8k52hSiJRAwIeCSgG1MgXTflK7f+YCxBE/HdaaZlvcT2Z3ODyv6jojtFIotxJHARIWNh4tuzin3hBqcknJic2PcbUd9W0BqFclvIxWgwiN8+FMexmOWEoS7+qgdjUTpeDBrPQzOQnZA7qHQgDdWXOV+lBJWu1e7RuxbTUPJj9BHomX8bpCNF2Q73Nkfe+BRI5dqA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JEzAJHTLj+/RR5IVY+ZVEg5j6hVcCOd9pM/HXk8LdSo=; b=4t84pEXOUjkmQvn4+OXgmdnFfkoW7pB2TofIzOfCyknsu5H1vFkZX/qwPyru0Zjp1RWx9h39uOSanMH38McJURrnJUCS62pUxQ2GveBiPpdWlr9BbLWTOAA4YeXGCzG5RhjcW3TV6wt1abiw0sDpX7wTqajVk4sTg87LV1jJops=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3108.eurprd08.prod.outlook.com (2603:10a6:208:5c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.19; Thu, 4 Jun 2020 16:44:44 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3066.018; Thu, 4 Jun 2020 16:44:44 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Dick Brooks <dick@reliableenergyanalytics.com>, "suit@ietf.org" <suit@ietf.org>
CC: 'Saad EL JAOUHARI' <saadeljaou@gmail.com>
Thread-Topic: [Suit] How are firmware and firmware versions expressed in manifest?
Thread-Index: AdY5iIX3N33NtGULTtOAukxF+Y4+yAAR9vKAAC3Wx2A=
Date: Thu, 4 Jun 2020 16:44:43 +0000
Message-ID: <AM0PR08MB37166AD36B5AA36EA7D7CA9BFA890@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB371631B7C1E6B50DCA29049AFA880@AM0PR08MB3716.eurprd08.prod.outlook.com> <8b6d01d639d0$62614150$2723c3f0$@reliableenergyanalytics.com>
In-Reply-To: <8b6d01d639d0$62614150$2723c3f0$@reliableenergyanalytics.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: b8c30720-d764-44d8-a689-b5d3b6c4858d.0
x-checkrecipientchecked: true
Authentication-Results-Original: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.196.137]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 4b96987a-348b-4bad-b55a-08d808a69988
x-ms-traffictypediagnostic: AM0PR08MB3108:|AM0PR08MB3586:
X-Microsoft-Antispam-PRVS: <AM0PR08MB3586C238AF8B6DC360632D46FA890@AM0PR08MB3586.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 04244E0DC5
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: jMIkcim2hKCQQqbW2udAAg//PgLxe4NaWWLhb5CusXoGWrwPERSkcvPB2WsOlQWW+2ieZhyJ7fpCaB0vYQ2wXYX81EzlfWy+W+qTZwB+jbzN20Hs3YCGs8rJjfsZ2c4LQtusWDe2p6j40BvVG1yKAEdi/aQzQl6N2PuLeOX0tEzo3xSot7W0ofToxeU9itv1pFWWyfGICFIhJxsqyJoToAi6wcRsSnNum9+iP3hPzAXuNIHxaL7a+jQd9iZq8Ap1d/8AJjj0IdkTqqsG8xUfloO6IhN41v7vN2RFMGNHD3aBQMwTEEjnX9UsUnIhK3s+miHNvKXYptakwlMGhKwwDQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(396003)(346002)(136003)(366004)(5660300002)(64756008)(66476007)(478600001)(2906002)(66556008)(66446008)(76116006)(52536014)(26005)(4326008)(66946007)(71200400001)(186003)(110136005)(83380400001)(8676002)(316002)(86362001)(9326002)(9686003)(7696005)(55016002)(33656002)(6506007)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: XQgB2F/NaJR2F5nqHphLP7nV6sMVhkgJGy0IZ+Ul/Lfd0oUYi4NeSKb0pnF56e2uVk3m2IVCgRalYFRVI6tdhhoxRz+YwlzMWEcJluipKK50t+eL//TqRZItfeJz+jJC90f/RtURSUYiZeioyji2tCPz5ya/qUqlVdAsfvidOnsaf5mxXAcdNQclxC/mFHMiTvgKqutJpPh+fuXv+7L5gU/89UY0Ac0/nw++ZcsUNuVuAbvuEGV57hcVFZm4vMJWpsti9/2FeKI5Q8bwh8GQB2S7Hdb1MFJ6pQ9Ys/VnTFjmtMTG9N+983cA6gGhmo0wfEhez0EkGM91AV/sIb4jR8SBdb7VXLHf2KynllTA4agtpdZc1FHs9NqKM7GwID7YisHmsnNuepiz2W1Km1ccYUux7l/vkaPJThVb6+pAMPUiHGjozSvHIoHp0Zn/Rt/YTugXKk2fm5091y9QdNUKnbNcXBrQXV284vuetvns0n29wSu5W2rxnjjNSkAfBzo0
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB37166AD36B5AA36EA7D7CA9BFA890AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3108
Original-Authentication-Results: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT020.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(376002)(346002)(39860400002)(136003)(46966005)(55016002)(478600001)(83380400001)(186003)(6506007)(82740400003)(47076004)(86362001)(82310400002)(7696005)(356005)(70206006)(81166007)(4326008)(70586007)(26005)(107886003)(8936002)(9326002)(5660300002)(9686003)(30864003)(52536014)(2906002)(36906005)(110136005)(336012)(33656002)(8676002)(316002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 850dedf4-a12f-41c1-9d31-08d808a695a3
X-Forefront-PRVS: 04244E0DC5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: d4HHSUDW/cSorRsvUNTZCWfDhd3eKDGfN18wSSvug93ZmErQlNEb791PmumjpptKxvMxgQaCUVeAlGBH1RBMc7i/cjb+dDn2QwdR5APFwFq5vANnT4yW9RvQ01JnNWrg1JFuTmvcVPP8AzT8TLchOnNLgxCpJuXLU+SCXOInIltnINWSxftP80vQv1Xq5wcDjzp+hyWb2NaegtTOYFa9BW2chCk4dERXSAG/V235xIx8gj59Tczpk/ARX1+5ePjNwZW/GIEle+KUPpmH8uvjvjB03+/PkbC5y/uI18oJAdlmPqGkuocIU6c8SYGhVCUZy/e1/D0vukVRXDC4/h54NfUSsDt4eZX3QXbBUF3goP6kx9Ojjr5WmhA3r8UkX3kp6Pi92egCDES8IVrXdttXKA==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2020 16:44:50.5652 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b96987a-348b-4bad-b55a-08d808a69988
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3586
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/j2RZad82syKa5zWfRlcoVw-WQ4k>
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2020 16:44:57 -0000

Hi Dick,

Thanks for the review comments and for the pointer to NERC CIP-010-3.

Please see my comments below:

~~ snip~~

Hi all,

in his review of the recent manifest draft Saad (on CC) pointed out that it is not clear how the firmware version is identified in the manifest. This is a good question and I thought I bring up to the group. It turns out that there are different use cases that require identification of different pieces of software and here is a list of what I consider relevant:


DB>> Risk assessments for NERC CIP-010-3 R1, Part 1.6 require corroborating evidence to establish trust in a software object. It's important that the identification marks within a software object be consistent across domains. The data in the installation file must match data in the digital signature and metadata within vulnerability databases so that we can get accurate risk assessments.

[Hannes] Looking at Part 1.6 I see two requirements, namely: 1.6.1. Verify the identity of the software source; and 1.6.2. Verify the integrity of the software obtained from the software source.

This is certainly met by the digital signature covering the manifest (provided by the COSE wrapper) and the manifest also includes the digest of the firmware/software, which ensures the integrity of it.

Part 1.6 then goes on and says: "An example of evidence may include, but is not limited to a change request record that demonstrates the verification of identity of the software source and integrity of the software was performed prior to the baseline change or a process which documents the mechanisms in place that would automatically ensure the identity of the software source and integrity of the software."

I am not sure about this part and whether it there is something needed in addition to what we already have in the previously mentioned security wrapper.



* The manifest needs to point to a location where to obtain the firmware. This is accomplished with a URL. Section 7.3 describes an example (look for the uri parameters directive).


DB>> The "Trusted Source Location URL" where the "real/trusted" software object is available is vitally important for an effective NERC CIP-010-3 risk assessment. This is part of the corroborating evidence that's needed.

[Hannes] The URL is included in the manifest and, while there is a way to override it (assuming proper authorization). Since the software/firmware is, as mentioned above, also integrity protected there is another layer of defense provided.

* There is the digest of the firmware, which is used for security purposes, and there is an example in Section 7.3 (look for the image digest parameters directive).

* Then, there is also the component id, which indicates where to store the software / image. We discussed this recently in the context of TEEP where the binaries of trusted applications are protected with the manifest and those binaries will typically end up on a file system. In the OP-TEE secure world OS those binaries are stored with the UUIDs in their file name. In a low end IoT device, like a Cortex M class processor, there is typically no file system and hence the firmware image ends up in a flash memory slot.

* There is also the case with a differential update where the manifest needs to indicate to what firmware images the differential update can be applied to. This is accomplished with the image match condition.

DB>>Patches/Updates must contain clear metadata that can be correlated with a specific software object that represents the original installation, and other patch dependencies that must be in place for a successful deployment. A  "Trusted Source Location URL" is also required, for CIP-010-3 software integrity and authenticity risk assessments.

[Hannes] This is indeed provided and I think we are good there. We should probably add an example.


* Finally, there is also a version condition. This allows to express that a manifest is applicable to one or multiple versions of the firmware. As described in the information model draft, this situation occurs when you upload an application that relies on existing software to be present on the device. (Think of it as an API version.)

It is important to note that the manifest is not meant to be used to describe the software running on the device. This is the job of other tools, such as COSWID. The manifest instead provides instructions on how to update firmware and to accomplish secure boot.

DB>> I'm hoping to use the manifest as a virtual SBOM. Will let you know if I'm successful in this regard.

[Hannes] Thanks, feedback would be highly appreciated.


Is this a topic that needs to be better described in the draft?

DB>> I believe so.

[Hannes] I will give it a try and post text for a new section to the list.

Thanks for the feedback.

Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.