[Suit] Combine the best of moran and pagel drafts
Martin Pagel <Martin.Pagel@microsoft.com> Wed, 13 February 2019 22:58 UTC
Return-Path: <Martin.Pagel@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95FAA130DC2 for <suit@ietfa.amsl.com>; Wed, 13 Feb 2019 14:58:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PitX1r3QDYr4 for <suit@ietfa.amsl.com>; Wed, 13 Feb 2019 14:58:26 -0800 (PST)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700093.outbound.protection.outlook.com [40.107.70.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5599112F1A6 for <suit@ietf.org>; Wed, 13 Feb 2019 14:58:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cTnS+skkzlJGcD+nfHMQKDvqEy+fqvakaYd1FCmLjfI=; b=jjlHbTLc2sfxk3t0FvQVZ4kQnvf6J3pcCwz6KlM4to8Pd8T9kcsiqDwKcJmyBUJ7PqKoui8U8VBc5HIF2KLCQsLTe+YJnGk7uoGKsbLeNcePb2dSKwWbC1QhliTIyz0WkvrpByURNXgXMnTqi5X4CrIbomw/VV/S/yPWWR6eQqw=
Received: from BYAPR21MB1317.namprd21.prod.outlook.com (20.179.60.199) by BYAPR21MB1175.namprd21.prod.outlook.com (20.179.56.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.5; Wed, 13 Feb 2019 22:58:24 +0000
Received: from BYAPR21MB1317.namprd21.prod.outlook.com ([fe80::50ac:a450:32d1:a3ba]) by BYAPR21MB1317.namprd21.prod.outlook.com ([fe80::50ac:a450:32d1:a3ba%6]) with mapi id 15.20.1622.006; Wed, 13 Feb 2019 22:58:24 +0000
From: Martin Pagel <Martin.Pagel@microsoft.com>
To: Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>, David Brown <david.brown@linaro.org>, "Kvamtrø, Frank Audun" <frank.kvamtro@nordicsemi.no>
CC: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: Combine the best of moran and pagel drafts
Thread-Index: AdTD755uR7+WFR6/QGevzay+DyVouA==
Date: Wed, 13 Feb 2019 22:58:23 +0000
Message-ID: <BYAPR21MB131794CEF08A1B508CA051B39D660@BYAPR21MB1317.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mapagel@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-02-13T22:58:22.5452696Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=1bcba47b-4bd8-484b-aab4-9a66953d4859; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
x-originating-ip: [2001:4898:80e8:a:f69e:f49b:19ce:1b28]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b5d5c53d-fbd7-4a54-85b3-08d69206c1ec
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605077)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BYAPR21MB1175;
x-ms-traffictypediagnostic: BYAPR21MB1175:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: 1;BYAPR21MB1175;23:5Ne0ZsPKbSjEVjQDr3ScAZC1QQ6CiAQlaUpNq7Pw0qyfrGcbXorleKWYc3ZX/S8CNju/SGGxksZyVqL70kqCYDTWv9BO8mBUViEVRIgUGRYkNY4JlSi+bRi6XgtslHpjwTiE03aI278OJ1MLGievpmo5x0/E/dwTkb9Cjmw/+iYikpAowZPtoCjSMWXMczF9sCSXyZ6XXCTXJhiUEWOiqnPFZGCVLJ2l8NZO1M6pWIHXp0+6oHqUUXvqsr9l6Nl3DEo9JmyMBZ5N8HCGOV+qJsv85wEgtgYJFkBs+oMmbR06z0WS0qa6a3X59D/tg+p76FGnU7/C/EJiT/0XBtKwrJAwq054zzo3Le/PvG3sjJM0f0dIlzbK95jR4BbfkBtqV5G+3DFVHfevzxmxJqxKDL0X2P+Z6Ul/Qc59VIboiukzPuNyFfk4IY8LRzAXFi+KW+i4WP2InbLPa/mmeL8armi7EVtC/osR0go3pK0CYiUeR27oteDtC5o2ddGu1X1sFjonNUzRK7HBWnGZqGijNB6ShE3SvptwVxdu69q4X4fcvPqi0qHq5EfQlcE0n5Ilunst3mBbC8jc4lgyLeuI1RrCwhfiQbfOhYlSpS8TI10/3i9jbu0b9XopQp5UuzXesMFBsHXsro8PNZ9m3rf7gn4FbQG8XmZSa4F/9voQ1oUh99RGD1eJDGlJPLkp8MiBAS//bEEjMYfpbWhVzho4XHzznq480JbB3usARR3xibS/qHzwfK+M9ik/oTO4evpZRF/T9u6xjsJQi2ciKUa+lRIlPEcS0CXvmWevLxLREzz0pxEq6o4dmksUZbKURUuNsSnngULorpqH6WDVWvQdp8gM0Gcx2+NxBIZ4Ua9X46UizOoIQkDu/N8UkOlg3k9ClNnBV+ebsK+Tp4tcuaRo02nyzqT1rz+mYou6IkWkvflNcB7t94mOf3TElehx6oNpTk+nHeoES2z7F+9STPLQ4xfI1GWo1Wr2lI7B6mFmjg4e1Zox5vLHtGxLpw24n1XR/Pgnuo9TgJAsxHdEC+8iDqg3z5yMWQfvJXyCwIwYFMskLY9fP2hJBGdJmhKC1QQdg+gv983YDE+JTTOJfhWjsFS+y9Vp9mOXoVETSi6czBL6u903Tuvqg9DmwJSqbOYBDUS2dwS1TDF9TDxEB0Cc4kBnFcoQxw27ejlcpZ8ES082H/oaQJiJr126g9qznodOdIKsuJVR9KnXjhZBHtUxxFD+ZhcEC4fehMe21nTqiYSKNgAgck8zTjvhMDm8zcUJFUBksLqdz4DrZp2CBvHG4EJsrdFqHweviDCeDLRC75uc4l0td9bYlikwPk10808w+vXo2L/Q32g7uX7rkcxdOFJzHclmvEMrc822QpS5meAggVvcgeu0QoR7HbQeb9/I
x-microsoft-antispam-prvs: <BYAPR21MB11752AD4A0BB7BF438042A989D660@BYAPR21MB1175.namprd21.prod.outlook.com>
x-forefront-prvs: 094700CA91
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(396003)(366004)(346002)(376002)(199004)(189003)(40434004)(13464003)(54906003)(106356001)(305945005)(6306002)(81166006)(102836004)(110136005)(8676002)(53546011)(6436002)(55016002)(2906002)(81156014)(6506007)(2501003)(10090500001)(9686003)(8936002)(7736002)(99286004)(8990500004)(6346003)(186003)(71200400001)(71190400001)(966005)(72206003)(476003)(46003)(478600001)(6116002)(486006)(7696005)(4326008)(25786009)(74316002)(86612001)(256004)(5024004)(14444005)(33656002)(22452003)(316002)(97736004)(86362001)(10290500003)(53936002)(561944003)(68736007)(105586002)(14454004)(290074003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR21MB1175; H:BYAPR21MB1317.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Martin.Pagel@microsoft.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: aqPFsXoVeMTHp9rdULnZ6dMUYwgSSiOIVPGUHlsH89HKb7QucgtLGhYUxrBELvP5N19tI2l53iN1e0lO0MOae/SyWZsd9GFmoF8QQV2JpxOxQxkH65aSX+xtiM1SzGhdIEdB2Yiq5Ki6CbV2OrjD7Xo1jIG4LAto3aJadnTaHE7n+TFX05A8KMDkNLbrVGVArK+4wsS9gIYCvznr/ILcBxtkSDxEJjhm2yPrnbpBbd5ko5xmhfvsza+pLFnZbtkiUIo0Znl0XjZdgy35H4XvJbE8C8J5xToU6oM/xJFJg8EjC1w3xJDNv9H+QvPg9f8xSVlBT2bDQ0K1kgoNwMclQOyqdJftKJ+PO8mV8XTh1vOg1RtsZHqZtBqWX3n2TyHaZFpA8GpbYPVRwOrKzVGBc7Ckg1p9eETMfK61j8nEfbQ=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b5d5c53d-fbd7-4a54-85b3-08d69206c1ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2019 22:58:23.8853 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR21MB1175
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/CYfP26RNwr3EFtH2uyfFpzw0DQU>
Subject: [Suit] Combine the best of moran and pagel drafts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 22:58:30 -0000
Brendan, I really like your attempts to simplify the draft further and your proposal of a minimal manifest and parser and David and Frank, I also like your efforts to make sure the manifest can also be used for secure boot. In fact I'm thinking that we might be able to incorporate some of the concepts from the binary format draft into your next draft to effective merge the approaches. If we can tighten the manifest format, then binary vs CBOR becomes a minor difference not worth pursuing. Here are a few thoughts on that: Cloud vs Broadcast I believe the current draft is optimized towards the broadcast of many manifests and the device may have to check many manifests in order to determine whether it needs to apply an update while a lot of the manifests would be irrelevant to the device. If however the device could provide its configuration information (vendor and class and version for each of its components) to an Update Server cloud service, the cloud service could just respond with a confirmation that the device is running the proper software or provide a new manifest of the software it should be running. That way the cloud would have the burden of selecting the correct manifest rather than the device. The service may even provide the payload, too, and use channel encryption for privacy. I think it would be beneficial to define a subset which would be simpler and optimized for this scenario, I have no problem if the extra fields (like PreInstallationInfo, DependencyInfo...) would be included for the broadcast scenario. Severable: I like the concept of severable elements. But if elements are severable, my question is whether they can be eliminated in the first place. There are a lot of strings which the device software won't be able to act on anyways. If it is just meta data, could that meta data just be provided by the cloud service? For example human readable names may be useful for debugging, but could be provided by the cloud service separately if requested. Both the device installation component and the boot loader would rather act on pay load type ids etc PreDirective: I'm not sure the PreDirective should be part of the manifest. Often update timing can be configured per device depending on the environment the device was set up in and independently from the manifest. InstallationInfo: I think the device installer should know how to install a particular component or deal with a particular payload type and deal with PostInstallationInfo. I don't think this process will change over time and therefore only adds complexity and size. Martin -----Original Message----- From: Suit <suit-bounces@ietf.org> On Behalf Of Brendan Moran Sent: Thursday, January 31, 2019 5:28 AM To: suit@ietf.org Cc: hannes.tschofenig@gmx.net; Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Subject: [Suit] Improvements to draft-moran-suit-manifest-03 Following IETF103, I have been collecting more use cases and user stories to influence the development of the manifest. Three points have become very clear: First, the processing tree is too complicated. There are many possible configurations that would never be used. There is plenty of room for error. In reality, the configurations that seem to be usable are all the combinations of these three operations: * decrypt * decompress * unpack (delta, relocate, hex, etc.) I have yet to find a use-case where these operations do not appear in this order, or where there is another operation that is missing from this list. That being the case, a processing tree, while very general-purpose is extra overhead that is not needed. With that in mind, I would like to propose changing the payload model back to something more conventional. The payload-installation-info structure contains information about * where to store the firmware image (install-component), * where to retrieve it (uris), * whether the firmware image is encrypted and with what algorithm (encrypt-info), * whether a compression algorithm has been applied to the firmware image and what algorithm has been used (compression-algorithm), * whether the image is a binary diff or requires relocation (unpack), and * an indication whether these fields may be overridden by an authorized party (allow-override). Here is a proposed CDDL snippet for draft-moran-suit-manifest-04: payload-installation-info = { install-component => component-identifier, ? allow-override => bool, ? uris => uri-list, ? encrypt-info => COSE_Encrypt0 / COSE_Encrypt, ? compression-algorithm => compression-algorithm-ids, ? unpack => [ unpack-algorithm : unpack-algorithm-ids, ; binary diff, or relocation, or binary-to-text algorithm identifier ? unpack-arguments : bytes ; private config for the unpack algorithm selected ] } This should be much easier to understand and implement. The second point is that regen-info is frequently misunderstood and misused. After some discussion with suit participants, it’s become clear that the regen-info block should be represented as a dedicated “digest algorithm” which solves the same problem as the regen-info block currently does. When incorporated with the changes recommended by Jim Schaad, the result is that we replace COSE_Digest with SUIT_Digest and we remove regen-info. Here is a CDDL snippet that represents SUIT_Digest: SUIT_Digest = [ digest-algorithm-id: int, digest: bytes, ? digest-extra-info: bytes ] Any needed regen-info can then be contained in the digest-extra-info section with an appropriate algorithm identifier. The third point of clarity is that we need to do some work in making the manifest easier to parse and process in a constrained environment. I don’t have a simple change to enable that, but we’re working on it. Best Regards, Brendan IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Suit mailing list Suit@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cmartin.pagel%40microsoft.com%7Cc506a9c9363f4b35824f08d6877fe695%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636845380738061367&sdata=%2Fzo99eTfIFnNctuWmDDN7zng3kJiHQz9xitdFbNvRks%3D&reserved=0
- [Suit] Combine the best of moran and pagel drafts Martin Pagel