IETF Logo Mail Archive

Re: [Suit] draft-ietf-suit-trust-domains: proposal of new command sequence

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 22 December 2023 14:48 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B29AC14F5F8 for <suit@ietfa.amsl.com>; Fri, 22 Dec 2023 06:48:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id myksleWri06m for <suit@ietfa.amsl.com>; Fri, 22 Dec 2023 06:48:21 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38E10C14F5F7 for <suit@ietf.org>; Fri, 22 Dec 2023 06:48:20 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 4DC1C1800F; Fri, 22 Dec 2023 09:48:19 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zSaTe-pyF2IB; Fri, 22 Dec 2023 09:48:18 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id A8D111800C; Fri, 22 Dec 2023 09:48:18 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1703256498; bh=luUP2i/2sELQvFhZ18g2ct0vtYyX/shNBYlxAW9UVeo=; h=From:To:Subject:In-Reply-To:References:Date:From; b=CquSRDpUW9hIz5hD7FLML/F0vDrS0kIf0YXo1x7lWr1Ot9nc8kfCzzf2T27CgPwh5 pmYww44HmGOW/u8I+AYxfPPKQ4OdvkIbUs/pBtj2IecGk6dHoZYSC1JXpaETHnb4Ur i0xKfy/WMGs2bWaNWb1BjkWbElVGerPgLz89ZWw5YCTr4830MLXUxVdB3As2xKxkNf ugd1HmZY8098d70xmH7i7yG8NipZK6gpH+j+Yc5dH1jpjIWsR2saPSiAnaqJgNb2xE HAsTIu9Nz/JLHUwuDBOI+bMEmHrwKn2WJFBk6i+FYDO/2cDH5FbnjwczFTp7cyIwMp jp3UW4v2u+KAw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A3D5F16E; Fri, 22 Dec 2023 09:48:18 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>
In-Reply-To: <DBAPR08MB5576FEBEC9ADFCEFFA5C9F51EA96A@DBAPR08MB5576.eurprd08.prod.outlook.com>
References: <DU0PR05MB1007598D80C708EF5E31D6C1FF196A@DU0PR05MB10075.eurprd05.prod.outlook.com> <DBAPR08MB5576FEBEC9ADFCEFFA5C9F51EA96A@DBAPR08MB5576.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Fri, 22 Dec 2023 09:48:18 -0500
Message-ID: <12426.1703256498@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/H84Qt5L6HWzdglvCBUaQ02lsnDc>
Subject: Re: [Suit] draft-ietf-suit-trust-domains: proposal of new command sequence
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Dec 2023 14:48:26 -0000

Brendan Moran <Brendan.Moran@arm.com> wrote:
    > 7. The system does not have enough slots for a rollback in
    > case of a broken install. ("update procedure crashes in the middle of
    > ‘suit-install’ sequence executed on another dependency manifest,
    > leaving the device in incoherent state.")

I think, but I'm not certain, that it does not matter if it has enough slots
or not, if it doesn't know it should rollback.

The situation I'm thinking about is Android phones that have a RADIO ROM.
It used to be that upgrading that ROM without also updating the kernel to
match results in being offline (at best), or crashes (at worst).

So I think that the problem is that the different trust-domains might succeed
and fail independantly of each other, and that a failure in one implies a
need to roll-back the other.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email