IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Brendan Moran <Brendan.Moran@arm.com> Wed, 02 June 2021 14:05 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60DA53A4408 for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 07:05:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O2InbKMB; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O2InbKMB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnChJgh6FZuh for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 07:05:01 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70040.outbound.protection.outlook.com [40.107.7.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 082503A4406 for <suit@ietf.org>; Wed, 2 Jun 2021 07:05:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vcz0VjkOw6vluwisWvwi6zsCC1ceT0eNUnnIdIc8K2Q=; b=O2InbKMBsDHviJHl+O524RAkhUv1vxyBCDfHnVvWujPD7ucNMglkoAw2jj+qHcpFjypTbPebUZggi5MAqdY2mfODhH5MAPot29hcQ+o7xclKSmk4BzJAXGVptHslvtlOxMRNpz+GQ1casLwb0/0tyNgPJa/faklti66ueo5PuSQ=
Received: from DB6PR0402CA0002.eurprd04.prod.outlook.com (2603:10a6:4:91::12) by VI1PR08MB5488.eurprd08.prod.outlook.com (2603:10a6:803:137::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22; Wed, 2 Jun 2021 14:04:57 +0000
Received: from DB5EUR03FT007.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:91:cafe::fc) by DB6PR0402CA0002.outlook.office365.com (2603:10a6:4:91::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.15 via Frontend Transport; Wed, 2 Jun 2021 14:04:56 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT007.mail.protection.outlook.com (10.152.20.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.30 via Frontend Transport; Wed, 2 Jun 2021 14:04:56 +0000
Received: ("Tessian outbound a5ae8c02e74f:v93"); Wed, 02 Jun 2021 14:04:56 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 0087157f37f86e92
X-CR-MTA-TID: 64aa7808
Received: from 9c51ec6ee4c4.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id BAAB58B4-1A07-4949-8C26-E911FD0D7BA9.1; Wed, 02 Jun 2021 14:04:48 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9c51ec6ee4c4.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 02 Jun 2021 14:04:48 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mc+abfANekW31fczsSBoLLzXGE60imj+3VquodTAnj3RdDJ+igMmmeKK/82hLIwvdlJSlKW95YaHBuoZ6rvIUoSnbRMZdn20dqGUO9bQqT1WLQYI5YDmR6QW+FS7PKDc3JPBHz/VJjZxM6XDtHOiLOxGUl7QKKjltHcmBSuJyBVSO+sPRXB/3fCxaGMC+BCAPCvpEZgbyujSqc/zhOoSjh2mzgnSvdgxMrbabSO7+WLTuQaPPtD6B3fuQbS/PK5p/0uqmPPEILdVdthrD3ohgt3mNLuvoZgsiYKBDDpNyuMlfPqJ0ozvFDASPHkz3/4W/6bFxkUfvR/q9KIOExzCpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vcz0VjkOw6vluwisWvwi6zsCC1ceT0eNUnnIdIc8K2Q=; b=OGDZuoMnrA9m5UOyPyHrIGKAlcOUERR/kzezSDZ/RElCpfnYbJmvaRtDrccmgzlzLpzxJgVNGSHlEbOYLQs4qjshx7rksBuyc+9UWx+fu1GRR6vGbMvnRl7+HrO7S6+4K7+eXoWCrIgXdw0at8iUyHpKdJMUPA2vQFi5nlIHZErWo86DM7wFa7ljk4yEd/O1SPXZFd9+2mwsTXUjI+eqci4sE2JXyhQxYStA11uYS0sWZsrlQluWCeCWoZity6I7v/jC1sgOPw47CNs4LwIIob5qbjSQCPdCjSISM7a8pVUI4FfwCe3bgmqMcoWOG7K9lh0QIzvibRRq/crAaojQrA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vcz0VjkOw6vluwisWvwi6zsCC1ceT0eNUnnIdIc8K2Q=; b=O2InbKMBsDHviJHl+O524RAkhUv1vxyBCDfHnVvWujPD7ucNMglkoAw2jj+qHcpFjypTbPebUZggi5MAqdY2mfODhH5MAPot29hcQ+o7xclKSmk4BzJAXGVptHslvtlOxMRNpz+GQ1casLwb0/0tyNgPJa/faklti66ueo5PuSQ=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB8PR08MB5163.eurprd08.prod.outlook.com (2603:10a6:10:e8::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22; Wed, 2 Jun 2021 14:04:46 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::488c:be63:d9fe:b0e0]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::488c:be63:d9fe:b0e0%7]) with mapi id 15.20.4173.030; Wed, 2 Jun 2021 14:04:46 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Dick Brooks <dick@reliableenergyanalytics.com>
CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Russ Housley <housley@vigilsec.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] suit-firmware-encryption-00
Thread-Index: AQHXUy5zvx3nHIfq0kuzjZIH4a2amqr9uSuAgAAS7gCAAAUmgIAAM+0AgAACh4CAAqkygIAAAq4AgAAAo4CAAATTgIAAAnaAgAAA5YCAAARDgIAACXeA
Date: Wed, 02 Jun 2021 14:04:46 +0000
Message-ID: <357DA961-C46A-4828-9040-C59215ABA23E@arm.com>
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com> <13894.1622479289@localhost> <DBBPR08MB59153D31EE75D565A64B4F79FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <186901d75657$0ab645a0$2022d0e0$@reliableenergyanalytics.com> <1B50DDD2-2B47-4044-B812-30BE0D80B31D@arm.com> <021201d757ac$fb26bb90$f17432b0$@reliableenergyanalytics.com> <DBBPR08MB5915A61530B0A26E38B48FB7FA3D9@DBBPR08MB5915.eurprd08.prod.outlook.com> <486F2771-201F-46B6-83F9-7562300F09C1@arm.com> <039401d757b0$f0ff4200$d2fdc600$@reliableenergyanalytics.com> <504749AC-4D6E-4136-9DDB-C82E9ED1383E@arm.com> <04d901d757b3$850663f0$8f132bd0$@reliableenergyanalytics.com>
In-Reply-To: <04d901d757b3$850663f0$8f132bd0$@reliableenergyanalytics.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.7.184.196]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: b9f8570a-b2bf-45ca-78e0-08d925cf670d
x-ms-traffictypediagnostic: DB8PR08MB5163:|VI1PR08MB5488:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <VI1PR08MB5488340AF289DC8DE3573990EA3D9@VI1PR08MB5488.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: k8L4db+ckTi3Myqv9JLxInsB324c28NidkyMTeVNQjZAh44j0mtr+dLEh0hmpJ3axw6jlZw95b8m771IvUSKwINFykejeGHHXHrB0i0DxDLUq+XQS0w++xygW4RNN1wCR4eeuPQzGFm313Ch590J4vy5msVtff2Pf/LNC0nl6dXh6HjLeWhmQy8AVRZlVNCDVz9I5BKjnSu6qaz38oEIsVFPpticZvnEkdj2P6gIvEDnu7OhU51/cdxceBFmK2KUDe8kF2QAHJ878MnxCbHjDFsbJ7FgqUIf40kbHlXnLgrppnou2Fjk3O68Whvapqzqv99T9osjizkDIJAak2K91qEnz7+zke4hGYnkzcemJs6V8SrmcEMIn32pcymmfLbpRctB2fPaDtIz7BjX4Tay1zLBpdVvUkQjmkRT9GS39xi6EBoEYcsOiMdWoALAwrKPPtIndbgdqGrjTMEJfRL0TEWSDFaPz2qx/JLRZJetXQxB5Rwty56Fri36DLJOXgDnBZHnPyXM0MxtWEfHUVS5hbO2rlqn50HtPuy+b0ZlmA0+W7/3qaculzSofI36xblz8PHApUMNbGqwGiezAyu6a75yMDkOVaqfYWqM1cZcb9wURAQqnRt5UO+i0JAQqcUKKzl3JHjMjJMXPJN8LmqqFDMotlAZULUHikcKfoGHkeDFW5N57MGowcumQkfHWwRs5povwwQaoOGxfKavdb4vQ0tEBgLYT7lNTbH76CYKrEW6SsTTbsa5Q05gHAXvsPsMQGdOheV/i2d1LLY5aSo67ZJG59eyj9L+mhWkTLCIaEv8x6AolG1HUJA4ymZ0L/Kh
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(346002)(376002)(39860400002)(366004)(2616005)(6486002)(6512007)(66574015)(36756003)(5660300002)(71200400001)(122000001)(33656002)(86362001)(316002)(4326008)(8676002)(8936002)(66446008)(2906002)(66946007)(478600001)(66476007)(53546011)(64756008)(66556008)(6916009)(76116006)(54906003)(6506007)(26005)(186003)(83380400001)(966005)(91956017)(38100700002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: MnVI3FY6EjiZ6IpzyRUFh08usQ3xg0jB0KmXZaGrmCEKKWaeECh4s5AM0QTAjN8k0n4xam2xo4rIdzGRG/oMqUOg3vkNxqx/Ilk9UUCxJYMH6EwgrrhEO1XoMlZzyO4cyGscsHQF7UkRI8+R0m26544E93B1P+HjbJgU29sqb/SdZhaRzRZHYP8TdTBT7cn5L8yjGBtwnkQrFBNwIfj1+x6sJuGvIsiX8xKj+zFyCHn14jYMPHKWQSqeBLid+IdEjEAh43MHeqyzCV3ik0tzO8dnK0j2Y4+mMl8tDtDuPaZtjSrnqgjTFBp0F3dlOVGmZJYH+PUKfPaTOt5MfY6Vh97sPtroj45myuzC9A/fbzn77557mTDH464pySMpYREfwDESTwQVVkkwhJNo6Cqix0axZCJFAfXAUp4JQeRBfQbKupDhLen3+xN10vIP0rIguLSYxrFbXPRP386yeC3I8+c8rjS+Y3Zt9UEMZSMzVB5cNlOq5s18asnHUZUyRNh37x1e0H/zEY3oJ1ITm2S0X8D7zQvEqdr1N9kVhtedx/tP8Rn45f4sKxMv/cmreb3eWLDk/lrBO86jvObn9HAEQA8tHutuYc0dLp42N5Quplemm1XLW7CnD46a9zEubyux9upLMEayS6E+Iv8K0i7gA9SOiHxvhrwU6l+MiI5WkPwLj1mgf0lfkxZ/6BWaJxGbLERSm513Ai4Mjz6bad2ERa3Y7sdRba9Tv/mkGQsGz+dzmaKzBX8LwPMnrs2lyq3n7kGCis3D0Tn2VKRtaOiAkdofjHdFMN6z1TQnI4FvS2bfiqeejsGozd3tMowoAMWifugf89/EoEdqpRe5MMWBlqwCZ3r3FtDkMvPJZpHWV94rBqcnWKnYFrND3oYJKOxpMaoyJl1vyrX9P4RrPWznefzYnGimBt25i+LdR6fE8iqs06dmyjAz/ln10nrRuqAi3QLgiai11vyXkgdSxEdH022/0GhNfa41iVB9YgtsY74LBKJM243ynLfwU+tHnHszbEGt0AUwtBGcr536Y3U41T4dIFK63vnm/zgP24OmrgVZHjwkuv6lywVUABCR+Bea9sDJUbhv2BGtdcy7mamm+MpW1KDUvPcqQJYDWyTtKV8e0QZLDJpQmCQsVTKhxHdQIimF/k2gejESZT8nMP8Aeo1ePnSR8T+Z4fZ9RKsjmPQb4W3wgYQpoxdQ+/neK0Je2rtCmola9zk2kOBSau/w+4QU7dgBBHauE4OtyOOR7YRUYy7MvSQeYArLBltjg6yyLLZsCwa7LXB/dckoMYoYNfNNjll7CbqRVedcPmFmAvcNaay6PRd0AFDn8yWjVyby
Content-Type: text/plain; charset="utf-8"
Content-ID: <984E0D88D48B6241B7CA46018E3239A1@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5163
Original-Authentication-Results: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT007.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: c334608b-f4c5-40b0-6dfb-08d925cf60fa
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HO2tFNb3JXV3qSPrK8mHMVYpcucX/Eof9GNnU0pXFp1IxV5DenFrzmYiwG3obiZqvCKGe1iOUeu6+vR8mwpRPJLRyhLWLSjhDG3Zm2/DsQItY+YngWoeuQiS665kGXV/lZ+ZIOU0Gz6hULixFSprEVfpFvS7lToSM/tkQWQ47Mofu41hAnG5eSvXPp4g7OhhxKt+weldEyTw0pT6JTJCTBLzx+nHIOMwAUhKuX2mvHB5Mn9Dz81gjCJJBKdSY0W19fIPkakBtGf4iUd5yG5XPgUTT3dcOV/3D0brL+GoSlBoK9oNrK7AJslZglR9WfYGPIsy+YCRHSW1+8p2ZCUPeRliXbtBMuFHJVuDpizxJlBd/6qrD5KUbT1HRnl68gl27JXaxfamTDjMC/6HB19XtpChLjmrVsooljnqDqAHBfzvEoN+LVKvyul38Ai8JHw9yDkFIZaMretPXSzxAKTzs8xk2Xs7eXGOxUk9YXwh5d25vAlxg93j2FnZF7fbbhzlcLWDc2AgVrfXViGBT9TP0p5v1Z56Voa5mUWhjI8kN3+SQWwuKmFBMjEVPVzYBljvEVtC2Nb0R6/1eKBbv+OhgDPDAJfr/D8fLYxaLxXWJKqMyDD4dI+cq0MMGQSh//81qNFT5+gJPwC0AOZo/J7Vr3Wgu8xZi5qh1rEbCiIfgA10DjLakReVUJ3QP82cunicperbNgK5gg+JqVYtNSS767WtqHKOiP3hKkq72RN0cFELqjFkEHED/WIg821FA3yYhXh9NIfNPpNJg+KT4sKB8yq44FUhSmxCTsBFaruafHzpKL154EFFkrxTh0DXBDVQ
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(136003)(39860400002)(346002)(376002)(396003)(46966006)(36840700001)(966005)(478600001)(336012)(82740400003)(356005)(83380400001)(8676002)(86362001)(81166007)(36756003)(66574015)(30864003)(33656002)(6506007)(53546011)(5660300002)(6862004)(36860700001)(8936002)(82310400003)(47076005)(70206006)(2906002)(316002)(186003)(70586007)(54906003)(4326008)(6512007)(26005)(2616005)(6486002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jun 2021 14:04:56.6940 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b9f8570a-b2bf-45ca-78e0-08d925cf670d
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT007.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB5488
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/VtT0C2lT6KrpYHWf_FgjAELX4ug>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 14:05:08 -0000

Should we trust anything the SW vendor has to say if we’re scanning their SW for malware? Isn’t that a little like a company supplying its own safety compliance auditor?

The explicit threat here is: An adversary compromises SW Vendor (SWV). They modify SWV’s software to include malware. But, SWV is including a malware scan report. The adversary forges the malware scan report.

It would be better if they were isolated entities with isolated security infrastructure.


I’m not sure that specifics about how to encapsulate an anti-malware report belong in the SUIT Manifest specification. The SUIT Manifest is a mechanism for a variety of authorities, trusted by a device for specific operations, to tell a device *how* to obtain, install, and authenticate a software/firmware image. The malware report is an endorsement about that image, that is consumed by the device operator. This sounds to me like something that should never be delivered to the device. A signature over the manifest is an option, but that would require a mechanism to provision the device with a public key for the anti-malware vendor.

I can see an option to reserve a element identifier (key) in the manifest envelope (these are unauthenticated elements) for it to contain that report. The report itself would need to be signed by the anti-malware vendor and to reference the manifest in an unambiguous way (e.g. by digest). However, I don’t think that specification belongs in the core SUIT manifest specification. We could add an extension that just provides a container for this document if you think that’s helpful. The device operator would need to strip this document out of the manifest envelope prior to distribution.

Best Regards,
Brendan

> On 2 Jun 2021, at 14:30, Dick Brooks <dick@reliableenergyanalytics.com> wrote:
>
> Maybe I'm confused, Brendan.
>
> I'm thinking it's possible for a sw vendor to perform a malware scan and then insert the malware attestation into the manifest before signing the manifest and sw package.
>
> Is my assumption invalid?
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! ™
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Brendan Moran <Brendan.Moran@arm.com>
> Sent: Wednesday, June 2, 2021 9:16 AM
> To: Dick Brooks <dick@reliableenergyanalytics.com>
> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Russ Housley <housley@vigilsec.com>; suit <suit@ietf.org>
> Subject: Re: [Suit] suit-firmware-encryption-00
>
> Hi Dick,
>
> I’m not following how this would work. The manifest is a signed document. You can’t insert anything into it without breaking the signature. You could sign it again. Is there a specific problem with signing it again?
>
> Best Regards,
> Brendan
>
>> On 2 Jun 2021, at 14:12, Dick Brooks <dick@reliableenergyanalytics.com> wrote:
>>
>> Brendan,
>>
>>      Current SCRM risk assessment practices perform a malware scan, however this would require SW to be distributed without encryption.
>>
>>      Hannes suggested a compromise solution where the original software supplier performs the malware scan and inserts an attestation of the malware scan results into the signed manifest. SCRM vendors can use the malware attestation as a replacement for the malware scan step when software is encrypted.
>>
>> This appears to be a reasonable compromise to me - what do you think?
>>
>> Thanks,
>>
>> Dick Brooks
>>
>> Never trust software, always verify and report! ™
>> http://www.reliableenergyanalytics.com
>> Email: dick@reliableenergyanalytics.com
>> Tel: +1 978-696-1788
>>
>> -----Original Message-----
>> From: Brendan Moran <Brendan.Moran@arm.com>
>> Sent: Wednesday, June 2, 2021 9:04 AM
>> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
>> Cc: dick@reliableenergyanalytics.com; Michael Richardson
>> <mcr+ietf@sandelman.ca>; Russ Housley <housley@vigilsec.com>;
>> suit@ietf.org
>> Subject: Re: [Suit] suit-firmware-encryption-00
>>
>> Hi Hannes,
>>
>> If the anti-malware endorsement is placed within the manifest, then it is authenticated by the author, in which case the author has implicitly authorised the anti-malware endorsement. I don’t think that quite fits within the usage model that Dick is discussing. From what I understand, he wants the anti-malware scan to be done during or just before deployment. This makes sense. Who knows how long ago the author signed the manifest. The latest signatures might not have been available at that time.
>>
>> Best Regards,
>> Brendan
>>
>>> On 2 Jun 2021, at 13:46, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>>>
>>> Brendan, IMHO this should be something that could be placed into a manifest -- similarly to a COSWID.
>>>
>>> -----Original Message-----
>>> From: Dick Brooks <dick@reliableenergyanalytics.com>
>>> Sent: Wednesday, June 2, 2021 2:44 PM
>>> To: Brendan Moran <Brendan.Moran@arm.com>
>>> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; 'Michael
>>> Richardson' <mcr+ietf@sandelman.ca>; 'Russ Housley'
>>> <housley@vigilsec.com>; suit@ietf.org
>>> Subject: RE: [Suit] suit-firmware-encryption-00
>>>
>>> Thanks for your insights Brendan.
>>>
>>> I believe Hannes addressed this concern by suggesting an extension attesting to the results of a malware scan, performed by the original software source supplier prior to encryption, that a SW consumer can trust.
>>> This would provide the end use customer with the information they need to assess trustworthiness for an encrypted object, with regard to the presence of malware, as part of a software supply chain risk assessment.
>>>
>>> Do you agree that this is an acceptable compromise?
>>>
>>>
>>> Thanks,
>>>
>>> Dick Brooks
>>>
>>> Never trust software, always verify and report! ™
>>> http://www.reliableenergyanalytics.com
>>> Email: dick@reliableenergyanalytics.com
>>> Tel: +1 978-696-1788
>>>
>>> -----Original Message-----
>>> From: Brendan Moran <Brendan.Moran@arm.com>
>>> Sent: Wednesday, June 2, 2021 8:34 AM
>>> To: Dick Brooks <dick@reliableenergyanalytics.com>
>>> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Michael Richardson
>>> <mcr+ietf@sandelman.ca>; Russ Housley <housley@vigilsec.com>;
>>> suit@ietf.org
>>> Subject: Re: [Suit] suit-firmware-encryption-00
>>>
>>> Encryption support is not optional. It’s mandatory. Many organisations will not consent to their binaries being publicly available. This is easy to demonstrate: most MCUs support read-out protection. We can’t simply remove encrypted payload support because it changes the audit story. Instead, firmware authors must cooperate with auditors.
>>>
>>> Best Regards,
>>> Brendan
>>>
>>>> On 31 May 2021, at 20:56, Dick Brooks <dick@reliableenergyanalytics.com> wrote:
>>>>
>>>> I believe encryption would "get in the way of" a malware scan
>>>> performed during a software supply chain risk assessment.
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Dick Brooks
>>>>
>>>> Never trust software, always verify and report! T
>>>> http://www.reliableenergyanalytics.com
>>>> Email: dick@reliableenergyanalytics.com
>>>> Tel: +1 978-696-1788
>>>>
>>>> -----Original Message-----
>>>> From: Suit <suit-bounces@ietf.org> On Behalf Of Hannes Tschofenig
>>>> Sent: Monday, May 31, 2021 3:47 PM
>>>> To: Michael Richardson <mcr+ietf@sandelman.ca>; Russ Housley
>>>> <housley@vigilsec.com>; suit@ietf.org
>>>> Subject: Re: [Suit] suit-firmware-encryption-00
>>>>
>>>> Hi Michael,
>>>>
>>>>>> SUIT is using signature for the authentication and integrity of
>>>>>> the firmware.  If the signature remains in place, a party in the
>>>>>> middle
>>>> of
>>>>>> the distribution cannot insert any malware.
>>>>
>>>>> The encryption of the firmware keeps third parties from auditing
>>>>> the
>>>> software updates to determine if malware has been inserted at the "factory"
>>>>> Both white and black hats are currently using binary diff systems
>>>>> to look
>>>> at patches.  Black hats use this to develop exploits in the gap
>>>> between 9am EST and 9am PST!
>>>>> I am suggesting that this is a "Security Consideration"
>>>>
>>>> A description of the software is contained in the COSWID and, as
>>>> Brendan suggests, in a MUD file that is included with the manifest
>>>> (see https://datatracker.ietf.org/doc/html/draft-moran-suit-mud).
>>>> Furthermore, I can imagine that those authorized to audit the
>>>> software can do so either based on the source code or by giving them
>>>> access to the binary.
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>>> confidential and may also be privileged. If you are not the intended
>>>> recipient, please notify the sender immediately and do not disclose
>>>> the contents to any other person, use it for any purpose, or store
>>>> or copy the information in any medium. Thank you.
>>>> _______________________________________________
>>>> Suit mailing list
>>>> Suit@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/suit
>>>>
>>>> _______________________________________________
>>>> Suit mailing list
>>>> Suit@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/suit
>>>
>>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>>
>>
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email