Re: [Suit] How are firmware and firmware versions expressed in manifest?

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 08 June 2020 11:27 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0070D3A0971 for <suit@ietfa.amsl.com>; Mon, 8 Jun 2020 04:27:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=DS3P6Fa+; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=DS3P6Fa+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMCg0qDm2QAz for <suit@ietfa.amsl.com>; Mon, 8 Jun 2020 04:27:47 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70042.outbound.protection.outlook.com [40.107.7.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A9C3A0847 for <suit@ietf.org>; Mon, 8 Jun 2020 04:27:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o2/9Vq4J3pXjUYg9dX/tjZVqnSETHwp/fRsQJm0ajVA=; b=DS3P6Fa+fzkLzP6zsJHHqLJuJbMtkrywjIP+nYiLoLsee/FJcjUnO22jsVmcJW32WuOLVnZbhW6yDbx+/FyL2k4pW8nwBXpffJBBLMhuIzMUHmy0wdOzzh9AdMOi4JRFqAjIrVldoDPmtGDz/9MgM7PhaEIx08mSB1ODLgjfV9M=
Received: from MR2P264CA0121.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:30::13) by DB7PR08MB2987.eurprd08.prod.outlook.com (2603:10a6:5:1c::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18; Mon, 8 Jun 2020 11:27:44 +0000
Received: from VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:30:cafe::9b) by MR2P264CA0121.outlook.office365.com (2603:10a6:500:30::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Mon, 8 Jun 2020 11:27:44 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT048.mail.protection.outlook.com (10.152.19.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Mon, 8 Jun 2020 11:27:44 +0000
Received: ("Tessian outbound fb809da9b456:v59"); Mon, 08 Jun 2020 11:27:44 +0000
X-CR-MTA-TID: 64aa7808
Received: from f77c852bb9ad.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 0AAEC250-3A7E-4DF1-89F5-C1815DA239F6.1; Mon, 08 Jun 2020 11:27:39 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f77c852bb9ad.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 08 Jun 2020 11:27:39 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XvKcQQN9dLUAJlYfdfUc3V+pApkVHWSGKs5HwngJ28+zyRsSoaToV1Da+TShQbEr3+iH6Cl9fi+ptRbkqUAnAXetKMU+NLeW+x25wr4c8x4e1OuqjVb7wm3T8NsTImWGoLEtrdV7EMECg89zbHwycWLfEk6iIPHcjzR5Az7dlOgtw0DvaqcRRBDrHRQSfZfrv8wgVL1BnuU9F36WqyHPv/Z9QlQRRJgxT4W19Vo3oR3g4bdsjVnSVRarWgJF9lSiO3VnuN/AYub2r4YXilHl42tKVz0yKActiv6JgO0/yX23kZXXwC6EnvuQwKqAox6eLu0a/r2MVGgXXtwqHY6Xhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o2/9Vq4J3pXjUYg9dX/tjZVqnSETHwp/fRsQJm0ajVA=; b=Vc8vFFh7PDSEJ5cgi2A83pcYuxbmmuKg2wP15pxZjwrjRWFK/rnwNz2hzylA1teDfQLpDLzO8fN2B3jW3UbwWGTHSQEK8yL1Hc1TDUF9cTidik09+P97o3ARbJoTvjo3bH76TXy7ClV2jO3a7TEXvZpkF3Zn7sbvQipVdCOjrxawUppV2+48WVOF6CLzBrzwFEbptTa1HLDn4rvZ5T4jGxbQ8OKxevsis9aeSZcWv5nmLjf3OA2ec4tJo+f+W0/n3JEF8eKKOZIZQ1Vs9MfrtPCzJbZpuyKwoO6c2sB27hdGOVHQHYjRf0yKKSAferuP82QHexhRC8tS2/7tFbASOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o2/9Vq4J3pXjUYg9dX/tjZVqnSETHwp/fRsQJm0ajVA=; b=DS3P6Fa+fzkLzP6zsJHHqLJuJbMtkrywjIP+nYiLoLsee/FJcjUnO22jsVmcJW32WuOLVnZbhW6yDbx+/FyL2k4pW8nwBXpffJBBLMhuIzMUHmy0wdOzzh9AdMOi4JRFqAjIrVldoDPmtGDz/9MgM7PhaEIx08mSB1ODLgjfV9M=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3873.eurprd08.prod.outlook.com (2603:10a6:208:10c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.20; Mon, 8 Jun 2020 11:27:38 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3066.023; Mon, 8 Jun 2020 11:27:38 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] How are firmware and firmware versions expressed in manifest?
Thread-Index: AdY5iIX3N33NtGULTtOAukxF+Y4+yAAR9vKAAC3Wx2AAEkCYgAAahNIAAAZpzwAAAp+aoAAIpk6AABYvlVAAHvLyAAAcNwsg
Date: Mon, 8 Jun 2020 11:27:38 +0000
Message-ID: <AM0PR08MB3716D94B177DA76F0512D824FA850@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB371631B7C1E6B50DCA29049AFA880@AM0PR08MB3716.eurprd08.prod.outlook.com> <8b6d01d639d0$62614150$2723c3f0$@reliableenergyanalytics.com> <AM0PR08MB37166AD36B5AA36EA7D7CA9BFA890@AM0PR08MB3716.eurprd08.prod.outlook.com> <20437.1591317129@localhost> <1076601d63b3a$d53f5d90$7fbe18b0$@reliableenergyanalytics.com> <BF5D5E46-4A7C-44A7-8554-5DE1E03A3F21@cisco.com> <AM0PR08MB3716C555048993639B14D76FFA860@AM0PR08MB3716.eurprd08.prod.outlook.com> <5820.1591393073@localhost> <AM0PR08MB3716939E832E5483CB8575EBFA870@AM0PR08MB3716.eurprd08.prod.outlook.com> <5789.1591484358@localhost>
In-Reply-To: <5789.1591484358@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 6873c31b-1b89-43d9-bb70-227b051f5ef4.1
x-checkrecipientchecked: true
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.194.193]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 2d213d43-a747-4ca1-8921-08d80b9ef6ab
x-ms-traffictypediagnostic: AM0PR08MB3873:|DB7PR08MB2987:
X-Microsoft-Antispam-PRVS: <DB7PR08MB2987D902C4145D7797C22B8DFA850@DB7PR08MB2987.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:9508;
x-forefront-prvs: 042857DBB5
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: xZgE4ardxY7j7NTfJOmMbNxn1v8MTHwUTEs8WwnUra4jrtzukSCMCA7rSA71za8Y6qNjgyoQJplO3TH9YFbLMs1WWld1NkW/LQrti8azFY7f88UeS4jTmpZmAmB4BxUoySGUWnY+oh2wVqENDf238emkkSxHAYOdAvYarfoVL6Y4eSxfv0oVCRVQWVrtrcj6adv/gYEmDTSLv1QKRhDvPZjJoL6+Y3nUuGHUPq9AagtO1ePwGKeZ9k989LZcatblMylnAYh5GOHy1fScrhHvC0vAD2W0Kkr53DYqQ4DN2oAP83Z4zojBoaVgm4KFFS+HlCYLelc+xUwyW8Yu6cL0Cg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(366004)(376002)(39860400002)(346002)(110136005)(316002)(9686003)(33656002)(5660300002)(66556008)(66446008)(71200400001)(66946007)(76116006)(53546011)(6506007)(2906002)(55016002)(7696005)(66476007)(64756008)(8676002)(8936002)(52536014)(186003)(26005)(478600001)(83380400001)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: FlxoeZTvvITyDmziiSvU47TENaV1uC7fIzaWxg/ga+ioRIaOCxoRM2kKRA6BjB4nXRiYQkNAjJE5bHv7AlGjYVNtBJZAvffBSjhHjWM960N7u75mN8jZ7rRrz7O2Tb6XUOTPDSlHLyeOKSy8d5w7Nh8qbDs9bjgMv9TxejNQYZVdIMKVvM6z2FfwuSkO3f96fZz+KnUW5LHvoP3/gn1cf6wOHadYJqVHNtj7cEAbQcq8d39Vo/HDsGdnmyWlQvG8znPDCH+3dMY6+9hTzTzzQvevT0FKYo8t1ALzUixI9tVOdNSKcH0hHHCj9lllKbIOJX1p+G93FGQbyJ/tI33awSuRTn5Rcl3jA5MfpqXSmg1+OLwW+LJJ4T+ditcR13vyRjFHuiZnCWlgmSXfod6oa9RRoD3APTlt8Ququ4AZcJ5SX4gOgXtSbonKUcExPwwsbfMiIJdHvtfrsWR2OJvGKODX/HaVeC2TZUu9u145/uGwFRXaiFbzDwHZRCY6cQ/3
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3873
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(136003)(396003)(346002)(39860400002)(376002)(46966005)(81166007)(356005)(47076004)(478600001)(36906005)(110136005)(86362001)(2906002)(336012)(82310400002)(82740400003)(316002)(83380400001)(55016002)(5660300002)(70206006)(70586007)(26005)(186003)(7696005)(6506007)(53546011)(9686003)(52536014)(8676002)(8936002)(33656002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 8879bcd8-1a92-46f7-da63-08d80b9ef30d
X-Forefront-PRVS: 042857DBB5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 1CHaiTYQbb1TLPmz9Q4YAd7F2T+1fRgLG//I3meggUDU+6pk8pFumtDg6F0C7RDWZA5tItNwqniW9PVqSG9kfgWQYPrYYs+kw+/RuIO26btuow2F/QThI06brJNLI+k8vuGVFcQUG6q7NpWcS+xGsL4cU4Mz8Ft8Uh40suTSCu8lxCIT8abVzxC6edMf1rafu7jwP87kJTcuj2zLu2wlG9Z/Qy+vTQOr82G/laL7ezIHwWatyfuRxOs7Gg2c3afY4+q5KBHbQHcQPMIJp9irm8G1Fuba7G80jWm7a7QIdPsWJK4LNCLBjFFeV27PlQ0BASUFem9lH67aAOOgXzWjVGIdcjoSZ7MO38D+PI7NpW8QPLLZ1eutLgvojY5fWKUdBaqVlUpybKNfCH8rZHjbOQ==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2020 11:27:44.3070 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d213d43-a747-4ca1-8921-08d80b9ef6ab
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB2987
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/2cYesjD1gz2iICmfrBcWimVFlx8>
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 11:27:50 -0000

Hi Michael,

Of course it depends a bit on the type of devices you look at. Many IoT devices are purpose built and they cannot be extended or the extension possibilities are extremely limited. It is not like a PC where you plug in PCI cards, add more DRAM chips, or swap out the processor. This is why an IoT product developed for precision farming will not become your smart vacuum cleaner the next day. RFC 7228 was written to explain that there are many IoT devices that are different to general purpose computing devices. We are mixing the properties of general purpose computing devices with the billions of low end IoT devices out there. Not only is the hardware different but also the software running on those devices. FWIW the software development process is also different.

I have to look at the links Eliot shared but I hope that people are not overly excited about the value of having information about what software version is on their devices for the purpose of drawing security conclusions. You have been at many hackathons where we created firmware for Cortex M-class devices and we used, for example, Mbed TLS in many instances. Does this tell you anything about the security? Can you draw conclusions when you hear that version X has a security vulnerability? Should you be concerned when a security researcher was able to mount a fault injection attack against a specific MCU with a specific version of Mbed TLS running on it? No, not really because you have to know what compile-time configurations were used to build the firmware, what hardware it is running on and what run-time configuration is present.

I understand that people want to have some easy way to find out whether their devices are secure but the story is obviously more complex. Not a surprise to you, for sure, but maybe for others who are not following the embedded development space.

Ciao
Hannes

PS: We are drifting a bit away from the actual manifest work done in this group ...

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Sunday, June 7, 2020 12:59 AM
To: suit@ietf.org
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > I think the BOM terminology is misleading because hardware is not
    > software. The bill of material to produce an IoT product typically does
    > not change (unless you desolder parts) while the software and
    > configuration will regularly change.

This thinking is really a serious part of the problem that I think SBOM is trying to address.

We think that the hardware does not change, because it's hardware, but it does change, because it's a device with an MCU with code baked in by the manufacturer.
*AND* hardware *DOES* change because there are line cards, expansion slots, USB connectors that provide PCIe connectivity...

But, a TPM is good example of something one might call hardware, but it's got a whole SoC in there with software.  That software could have bugs.

    > Leaving that aside, I believe someone active in COSWID needs to clarify
    > what COSWID does. My understanding was that it documents the software

Agreed.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works  -= IPv6 IoT consulting =-
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.