Re: [Suit] Parameters and Commands

Brendan Moran <Brendan.Moran@arm.com> Fri, 06 March 2020 13:32 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82C0E3A0F61 for <suit@ietfa.amsl.com>; Fri, 6 Mar 2020 05:32:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=HRd7JyZ2; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=HRd7JyZ2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPsLJ8XIlZUh for <suit@ietfa.amsl.com>; Fri, 6 Mar 2020 05:32:51 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70042.outbound.protection.outlook.com [40.107.7.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C25653A0EB2 for <suit@ietf.org>; Fri, 6 Mar 2020 05:32:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMe?= =?utf-8?q?ssage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCh?= =?utf-8?q?eck=3B_bh=3Dp8FTgrCULgaaRZGQuHAIWmjL0rOQrvHfdRO3wmh4wzI=3D=3B_b?= =?utf-8?q?=3DHRd7JyZ2jPZPYfUQgQ25MIpe+CrIOoLqeD7JDE2MI/PgoABFTRSWcGSMQEW41D?= =?utf-8?q?AmN0O2WUETlVbQc4J1ck0WfxDqSK/BG2WcUKhr816MbXFUnDlGaFt/wyvDGsGvpe4?= =?utf-8?q?287huDDrYsGEjGYWTNH/vK16ETlV62vc9Z5uyDZ2Yhlw=3D?=
Received: from DB6PR1001CA0024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:4:b7::34) by AM6PR08MB4328.eurprd08.prod.outlook.com (2603:10a6:20b:74::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15; Fri, 6 Mar 2020 13:32:47 +0000
Received: from DB5EUR03FT025.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:b7:cafe::f5) by DB6PR1001CA0024.outlook.office365.com (2603:10a6:4:b7::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.16 via Frontend Transport; Fri, 6 Mar 2020 13:32:47 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT025.mail.protection.outlook.com (10.152.20.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Fri, 6 Mar 2020 13:32:47 +0000
Received: ("Tessian outbound 846b976b3941:v42"); Fri, 06 Mar 2020 13:32:47 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 3095175c0ba0fcfd
X-CR-MTA-TID: 64aa7808
Received: from d63258858ba0.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id F93EF98B-1557-49BC-A0FA-D8BF539C615C.1; Fri, 06 Mar 2020 13:32:42 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d63258858ba0.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 06 Mar 2020 13:32:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DXdMDBvWi0Fb59ai14kxFOMn5uIUot7+NmKTHYCHJ3z86l0IT4WzybmqybKuFy?= =?utf-8?q?AFcGUXvGT+rCDrIbPyWzmHscCkErJpHo3A4V3wsKxWwNoilDiu4zJ3TDsUJqiZRJu?= =?utf-8?q?AN8xJ9QpfJWm1zS1Nz6fXYscpxxenrDCdKYpNgN0VKNoooEjtCaaIYjUv3KhN/18b?= =?utf-8?q?yjlmQi2jS4YW8c+9ub4NCTqSI1z+ijbT7evTPXIC5tIjjoJOPUgp1LEBe/itYZeVJ?= =?utf-8?q?g8VnruULaVbEakPB46T4XeI2O4KHrhcXE3To2381Z09JgNs927Tc+s6mY6qvFEqwX?= =?utf-8?q?Hh+pV0K+R4cm+uaneoRvg=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3Dp8FTgrCULgaaRZGQuHAIWmjL0rOQrvHfdRO3wmh4wzI=3D=3B_b=3DPYej7e?= =?utf-8?q?lDhob0ZY4denMovKv5PW/zsSOVEXA04p+TogF8mH8H0d2uz9bpR2Uq7FFrTeypmWI?= =?utf-8?q?XaG6KqjUGBi31gcMXg/Ea4Ap1moPqsBP+9fErPBNOUBHMOTrZgOTolrzUUuvpNZr7?= =?utf-8?q?nd//b6QZCMleglzmpOE29kyO/Qqp6DeRS30HZadGmIEmYmuJVRzFTLXgtAEcbdWOe?= =?utf-8?q?S0It46vrw+tc8Q057qcoUj/TW5RTElVMtQVWmYQHN5H6AKvIAnq+Ow7GDhjBeCrS9?= =?utf-8?q?5BfQ5zPteDcsfHiKhfCCH+fLnQw6KKoOnNqe9ZZRhQ2UBIWQ8qSxrN00ViRCotfgj?= =?utf-8?q?log3rmV/SVw=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMe?= =?utf-8?q?ssage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCh?= =?utf-8?q?eck=3B_bh=3Dp8FTgrCULgaaRZGQuHAIWmjL0rOQrvHfdRO3wmh4wzI=3D=3B_b?= =?utf-8?q?=3DHRd7JyZ2jPZPYfUQgQ25MIpe+CrIOoLqeD7JDE2MI/PgoABFTRSWcGSMQEW41D?= =?utf-8?q?AmN0O2WUETlVbQc4J1ck0WfxDqSK/BG2WcUKhr816MbXFUnDlGaFt/wyvDGsGvpe4?= =?utf-8?q?287huDDrYsGEjGYWTNH/vK16ETlV62vc9Z5uyDZ2Yhlw=3D?=
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com (10.255.99.138) by AM6PR08MB5094.eurprd08.prod.outlook.com (10.255.120.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.16; Fri, 6 Mar 2020 13:32:40 +0000
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::7960:8949:a754:4288]) by AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::7960:8949:a754:4288%7]) with mapi id 15.20.2772.019; Fri, 6 Mar 2020 13:32:40 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Koen Zandberg <koen.zandberg@inria.fr>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Parameters and Commands
Thread-Index: AQHV7XQQ5gRwvIJ0lUyjBRqJJXWLg6gwsM2AgATGE4CABiWggA==
Date: Fri, 6 Mar 2020 13:32:40 +0000
Message-ID: <E3D0849F-7325-45E5-A549-EC870BA3BBBE@arm.com>
References: <27913A6B-F42C-4AA9-8A7A-64B1D546C13C@arm.com> <cd1d3e93-b094-e274-c07c-c400b9475b16@inria.fr> <70A85240-AF15-4F8C-AC18-F10AECCAC989@arm.com>
In-Reply-To: <70A85240-AF15-4F8C-AC18-F10AECCAC989@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.60.0.2.5)
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-originating-ip: [217.140.106.54]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 99c26e3e-512c-4583-f5d6-08d7c1d2dc02
X-MS-TrafficTypeDiagnostic: AM6PR08MB5094:|AM6PR08MB4328:
X-Microsoft-Antispam-PRVS: =?utf-8?q?=3CAM6PR08MB43284CA0DBE224E7A2E62AD6EAE?= =?utf-8?q?30=40AM6PR08MB4328=2Eeurprd08=2Eprod=2Eoutlook=2Ecom=3E?=
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0334223192
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020?= =?utf-8?b?KSg0NjM2MDA5KSgxMzYwMDMpKDM5ODYwNDAwMDAyKSgzNjYwMDQpKDM5NjAwMyko?= =?utf-8?b?Mzc2MDAyKSgzNDYwMDIpKDE5OTAwNCkoMTg5MDAzKSg2NTA2MDA3KSg4OTM2?= =?utf-8?b?MDAyKSg4NjM2MjAwMSkoNTM1NDYwMTEpKDgxMTY2MDA2KSg4MTE1NjAxNCko?= =?utf-8?q?8676002=29=286916009=29=2864756008=29=282616005=29=2866446008=29?= =?utf-8?q?=2866556008=29=2866946007=29=2866476007=29=2876116006=29=28336560?= =?utf-8?b?MDIpKDY0ODYwMDIpKDI2MDA1KSgxODYwMDMpKDkxOTU2MDE3KSg0MzI2MDA4KSg2?= =?utf-8?q?512007=29=28966005=29=282906002=29=2836756003=29=28478600001=29?= =?utf-8?q?=28316002=29=285660300002=29=2871200400001=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB5094; H:AM6PR08MB4738.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?utf-8?q?z8RNHC37xCQFO+hanOhfRT?= =?utf-8?q?FatE/hLDFTK9vUyYq8OuPFSTK4cG/7Z9r0xu9kJG22B7i+dT7ICgCMi08BInrr+Zc?= =?utf-8?q?0MoHkbbUlr5Yyw2UJlDBWa4qVn6tzZG0xFh/b85GOU1ulhJOD7TB9JkfAsZOMJGq8?= =?utf-8?q?LhjSf7xYN3YT0l+xJQ3WoIQzATf/i95joMSCn6HKRDG8JMM/CYg9GRyAAdF33hWkM?= =?utf-8?q?7tuwCZvDlQnafKko4HHXa9hhi3HLDL8ZFCkXtEEw8CS2vaK1czPxc0Z7tOvkViRML?= =?utf-8?q?R1vpgaQYzTQlfa8tPsKc0BvRwvZcC72Ui3xGLmVxiqQbaRpir3QdXT9bLBh/Z6BaH?= =?utf-8?q?vLmKQ6GS/a+oLPyqQebHk+fdNnqOCIiBVOTRLbvz0SM9S9AeGToT3S8m+Kg5m2w9g?= =?utf-8?q?VppoIEAIRQ3RSpnxH2XTHwqVaTU/UD5OYiCuI9xnDr4VlNLJTR7uyFZxGynW/yPuN?= =?utf-8?q?e07lYDqSoBzzUjj0Kmylf4E1oYUrUmkbcNj0wZufC0Ub/C9kZd8LXDoCg=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?9ZWHxNolDnv8DwTBS32Vg90agORcJR?= =?utf-8?q?KO+j164GzWpkx3Q6ZeJQsCgeQRU2h6T2bm/5p6cCPX6DW9+Ra12YhLwvfSEUACp2b?= =?utf-8?q?nWF4JzYIm+Do2d0EnIP/cckDUtUmgqgJAVjOiYz4G1BFLImV1QshLYw=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_E3D0849F732545E5A549EC870BA3BBBEarmcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5094
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT025.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; =?utf-8?b?U0ZTOigxMDAwOTAyMCkoNDYzNjAwOSkoMzk2MDAzKSgx?= =?utf-8?b?MzYwMDMpKDM5ODYwNDAwMDAyKSgzNDYwMDIpKDM3NjAwMikoMTg5MDAzKSgx?= =?utf-8?b?OTkwMDQpKDI5MDYwMDIpKDk2NjAwNSkoMzM5NjQwMDQpKDMxNjAwMikoNjUw?= =?utf-8?q?6007=29=2830864003=29=2886362001=29=2853546011=29=2833656002=29?= =?utf-8?b?KDU2NjAzMDAwMDIpKDI2MDA1KSgzNTYwMDQpKDQzMjYwMDgpKDI2ODI2MDAzKSgz?= =?utf-8?q?6756003=29=286512007=29=286862004=29=2845080400002=29=28336012=29?= =?utf-8?q?=288676002=29=282616005=29=2881156014=29=286486002=29=28478600001?= =?utf-8?b?KSg3MDIwNjAwNikoODkzNjAwMikoNzA1ODYwMDcpKDgxMTY2MDA2KSgxODYwMDMp?= =?utf-8?q?=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4328; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: ce79d9cb-721f-4eaa-eb02-08d7c1d2d7b4
X-Forefront-PRVS: 0334223192
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?TdIMJHfvrUBepr9mroJEYmCzmIUkOBo?= =?utf-8?q?iffIERYuO1g0nBPPlR+sYKSfhJtCCfLEvyMfAb3qX42xDOo1AP4x2JkeMJEnXgtCT?= =?utf-8?q?HWFrNbSzfgw7skjpfUTQAwA5gAdVvU70Ji2hmCvuw9lquh7h9Ymv6n70YB5kiaV6W?= =?utf-8?q?KEbDVS9EkAB01DPOlJfe36biN+otlsqVfttXEzD2iVso2vfnXytHDHzxsTPhvmofM?= =?utf-8?q?u/DrE1dRfdxtD234Zo6kDCsI0+LlgkJhTAvmlPiAlVId/9ZHuPFLaiT3b8zb0kz1F?= =?utf-8?q?syFPQvX+TvubkMHgdFpJKD3H6czVjB57WJPvvBmoKS4ca1KcjD9dk8hEfxSImiX4A?= =?utf-8?q?5T8q42CyhXTPM96jYs1t4eqAfK//eBVJ8VuGhP2pMnd5HRsoXfNktL4j7AYEeNpmH?= =?utf-8?q?5mwsPdil040Wu3b2ADJ9pf2ua5nEPPbmH8PIrUYHaD99cp+4VPvYO46pJjYfW2+DJ?= =?utf-8?q?J61SuX550L48bYLsRh20A20Mthz0NcuT9tsxcMrEBluQXBjw=3D=3D?=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2020 13:32:47.4598 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 99c26e3e-512c-4583-f5d6-08d7c1d2dc02
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4328
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FERsYn8ccpX6ZY70ruzQYQBsJkU>
Subject: Re: [Suit] Parameters and Commands
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 13:32:55 -0000

To clarify, I don’t think that this approach is ready to be included in the manifest just yet. I think it needs a little more work to define it properly. I’m not planning to add this for v04, which I plan to publish on Monday.

Best Regards,
Brendan

On 2 Mar 2020, at 15:40, Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>> wrote:

Hi Koen,

I haven’t heard any complaints about harmonising condition handling to parameter-only, so I will take that as a consensus.

You’re absolutely right about my plan for measurement encoding. I anticipate that there are only 3 possible values for the measurement policy:

  1.  Do not record measurement (Leave as null)
  2.  Record measurement on success (typical)
  3.  Always record measurement (Full trace)

I’m open to suggestions for encoding of 2 and 3. I would ideally like to use simple values, rather than integers here, however that leaves only:

  *   False
  *   True
  *   Undefined

This doesn’t really seem to map into reporting policy well. The only semi-logical approach with simple values I can see is:
Should_report = report_arg || condition_result

This maps “record measurement on success” to “False" and "always record” to “True”

This seems quite opaque, so I think using integers would be a better choice. This has the advantage that we could cover more policies that we haven’t thought of yet without change to the encoding.


I see what you mean about trading one inconsistency for another. I’m not sure if it’s a blocker for this approach or not. If we decide to separate reporting policy from SUIT, then there are a few approaches we could use to prune the NULLs, but then I’m not sure how to tie RATS and SUIT together.

Effectively my idea is to enable reporting of any measurements that are done (conditions). That’s almost enough, however there’s one point that is missing from this: Run should be measurable since an argument could be passed to Run—c.f. Linux kernel command line, or argc/argv to main(). I’ve already floated the idea of making Run imply an image condition. This would justify the reporting of a measurement for Run. I could see an argument for making the same requirement for Fetch and Copy, since they should probably be followed immediately by an image condition anyway. All parameters are either invariant or set based on conditions, so with a copy of the manifest, you can determine what they were.


What would you think of:

  1.  All conditions take a measurement policy argument.
  2.  Run implies an image pre-condition before the activation
  3.  Fetch implies an image post-condition
  4.  Copy implies an image post-condition
  5.  Run, Fetch, Copy take a measurement policy argument.

That seems fairly consistent.

Brendan


On 28 Feb 2020, at 14:46, Koen Zandberg <koen.zandberg@inria.fr<mailto:koen.zandberg@inria.fr>> wrote:

Hi Brendan,

I also support the idea of aligning all conditionals to use parameters. From an implementation point of view I see a small downside in that the parameter location has to be stored to be retrieved later during the parsing of the conditional (this matches with your argument no. 2). For the low number of parameters used this increase is probably negligible and I don't expect any serious concerns here.

Concerning encoding the attestation policy within the unused arguments, I have slightly more doubts. I assume that this would replace all nil arguments in the commands with the attestation policy (a single cbor uint?). If this is the case I don't have any strong concerns, but it looks a bit like swapping one inconsistency for another, mixing arguments and policy specifications.

I will implement the changes you've proposed here in our current ietf-v3 implementation (https://github.com/RIOT-OS/RIOT/pull/13486<https://github.com/RIOT-OS/RIOT/pull/13486)>)<https://github.com/RIOT-OS/RIOT/pull/13486)> to get some hard numbers on the impact of this change, and get back to you on the list.

Cheers

On 27/02/2020 14.44, Brendan Moran wrote:
During the hackathon, I discovered that my examples and my manifest generator tool are generating incorrect sequences for testing vendor ID and class ID.

There are currently two ways to handle commands (conditions or directives):

  1.  The command consumes an argument (that is the value that follows the command's key)
  2.  The command consumes a parameter (that is a value set by the “set-parameters” or “override-parameters” commands)

This duality led to my error in setting up the Vendor and Class ID tests in the demo code.

The reasons for each mode are:

  1.  Command consumes an argument
     *   Encoding is more compact (encoding via parameters takes 2-3 more bytes, depending on the situation).
     *   Less storage needed (the argument is consumed immediately)
     *   Does not require matching parameter key
     *   More explicit association between command and argument
  2.  Command consumes a parameter
     *   More compact when the parameter is used more than once (e.g. image digest)
     *   Allows override by dependencies, when set-parameters is used


We’ve talked before about “only one way to do things” and I think I can see a path to making that the case here. Here is my proposal:

Commands consuming a parameter are absolutely necessary due to override and deduplication concerns. Conditions testing against an argument are convenient and more explicit. Therefore, harmonising around a single option probably means that we have to select parameters instead of arguments:


  1.  Eliminate arguments from most commands (see below)
  2.  Match most parameter keys with command keys to simplify the association, make “arguments” more explicit

Only these commands require arguments, since they either deal with setting parameters, setting parameter scope, or with flow control, which requires nested command sequences.


  *   Set Component Index
  *   Set Dependency Index
  *   Set Parameters
  *   Override Parameters
  *   Try-each
  *   Run Sequence
  *   For Each Component

This leaves the majority of commands with NUL arguments. This is actually quite useful for another feature.

We have also discussed the possibility of defining attestation policy within SUIT. This would mean that we need flags to indicate to the parser which measurements should be reported. For example, a Vendor ID, an image digest, or a component offset might need to be reported in the attestation report. Each of these is checked by a condition. Each of those conditions will consume a parameter under this model. Then, the argument can indicate: report a measurement, do not report a measurement, report a measurement only if comparison is successful, or perhaps other attestation-related policies. Bear in mind that attesting a failed condition may be helpful for attesting why a manifest has failed, as we discussed in the hackathon and virtual interim meeting.

If we are making the majority of commands are using parameters instead of arguments, this becomes trivial: the arguments are replaced with attestation policy arguments. This allows us to tell the attestation engine explicitly what to report from the manifest, which allows secure, dynamically updatable attestation policy.

This doesn’t introduce a substantial change to either the parser or the format. If there is some appetite for simplifying the correlation between commands and parameters, I think it might make sense to spend some effort aligning parameter keys with command keys. This could simplify the parser by allowing a generic parameter lookup to be done in one place, rather than by each handler.

Best Regards,
Brendan
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit


_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.