IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Brendan Moran <Brendan.Moran@arm.com> Wed, 02 June 2021 12:32 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1755A3A4170 for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:32:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O7ZCds1/; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=O7ZCds1/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3apOoU3tzWrU for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:32:25 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70073.outbound.protection.outlook.com [40.107.7.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B023E3A416E for <suit@ietf.org>; Wed, 2 Jun 2021 05:32:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=au0M1S4OoDr50l5Dl1h3sDs66IO83HfH2z0N20IqOA8=; b=O7ZCds1/UCeFyTwsY+n/7XgWVLpQ+tq/LlAtiCQ9TG7kr3heKVY+CGC2yKHHEu90V8JoS1QhwYRbWXLuLeH+HK5BdJ/1sVZ1cz4O1Ck6yyWgbd1BdRuGKXfMZBh7XQbqoGgOJA+C9vrsom+knhw1ernMAujUusvanMLmqH7/6qk=
Received: from AM6P192CA0080.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:8d::21) by DB9PR08MB6811.eurprd08.prod.outlook.com (2603:10a6:10:2a7::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22; Wed, 2 Jun 2021 12:32:20 +0000
Received: from AM5EUR03FT061.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:8d:cafe::f1) by AM6P192CA0080.outlook.office365.com (2603:10a6:209:8d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.15 via Frontend Transport; Wed, 2 Jun 2021 12:32:20 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT061.mail.protection.outlook.com (10.152.16.247) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.30 via Frontend Transport; Wed, 2 Jun 2021 12:32:19 +0000
Received: ("Tessian outbound 5e4f56e125a9:v93"); Wed, 02 Jun 2021 12:32:19 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: d77c35bfb36b5740
X-CR-MTA-TID: 64aa7808
Received: from f4f87d2be0bb.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 16D60D47-0AFC-460A-B76C-A804C69DA8AE.1; Wed, 02 Jun 2021 12:32:03 +0000
Received: from EUR03-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f4f87d2be0bb.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 02 Jun 2021 12:32:03 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cWDN7ojdUnQvsy+PGzzprjjxgzlfVKvKxHi/y18XnOIEjMP/A+OZFekqVGWoLcLrNsh/cTfuFSf4jzCKA/CnHia3gk+X7q6Mz5Tw2wpGU7io/fsO9d7+8AQjSWQKMQM1JsadCY5giS2Y7AYckgVdCDhnJck0dvlzGlOuRQvCII3LVoCx/J1e3XmCqBmDwjPJdIdDK+ZQzO8AvoV6ryVxpbKHd8tWraxHJ1Vb6uz1sSIEO/V4O2PE69HvfR/3sr0Yj24Yo4yuSPDuXm+C1Y4TcegU1R3CJsQzLr0bNVAz1qVNCUHfWEotEEO1WJdVz63oM7ZYUfLaBQzBVdt7JSBIgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=au0M1S4OoDr50l5Dl1h3sDs66IO83HfH2z0N20IqOA8=; b=AMVXV0T9Nn/75bYu0Xi4EmGz4D6QjmXpQHPQKkJmZCa8pmC5EVKMBj+yI4HyC1WjqD3D4vrXwVUjK4BzPcXpa/R+PZ7mK/GKyb16Uhe5zo/oMxmwWgBTpFUqzYcg00fs++KOjGIXDZi4Jekzv1e4BH5V+Zb8ulUmDxenja8bY8UJS99gSmiU8uNZOdWK8PM+QQe1qQASdM9OIGSDSjST59gqZLMxk7NNcu2jCVUTYNVWyHMTx/p2YSJr4MH3GQLsuFdRmRvkd72H3HgU3cqNZVPxGlGm+nsaIcmMaBtdKcyYZ6ZRXpslAnH+i1boBxMe9JElRThAXDB6USWK3riT2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=au0M1S4OoDr50l5Dl1h3sDs66IO83HfH2z0N20IqOA8=; b=O7ZCds1/UCeFyTwsY+n/7XgWVLpQ+tq/LlAtiCQ9TG7kr3heKVY+CGC2yKHHEu90V8JoS1QhwYRbWXLuLeH+HK5BdJ/1sVZ1cz4O1Ck6yyWgbd1BdRuGKXfMZBh7XQbqoGgOJA+C9vrsom+knhw1ernMAujUusvanMLmqH7/6qk=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DBBPR08MB4919.eurprd08.prod.outlook.com (2603:10a6:10:f0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21; Wed, 2 Jun 2021 12:32:01 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::488c:be63:d9fe:b0e0]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::488c:be63:d9fe:b0e0%7]) with mapi id 15.20.4173.030; Wed, 2 Jun 2021 12:32:01 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Dick Brooks <dick@reliableenergyanalytics.com>
CC: Russ Housley <housley@vigilsec.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] suit-firmware-encryption-00
Thread-Index: AQHXUy5zvx3nHIfq0kuzjZIH4a2amqr9uSuAgAAS7gCAAAUmgIAAAfoAgAABRQCAAtu2AA==
Date: Wed, 02 Jun 2021 12:32:01 +0000
Message-ID: <EAD74612-4C5B-4922-B67C-522132DD00D4@arm.com>
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com> <13894.1622479289@localhost> <64BDF7A0-4B70-4EB3-A764-2BD6CAA3921A@vigilsec.com> <132601d7563d$7097f680$51c7e380$@reliableenergyanalytics.com>
In-Reply-To: <132601d7563d$7097f680$51c7e380$@reliableenergyanalytics.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.7.184.196]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 831e29c5-7df3-4fdc-2546-08d925c276e0
x-ms-traffictypediagnostic: DBBPR08MB4919:|DB9PR08MB6811:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB9PR08MB68112C739DE0CE2DE5BC26C8EA3D9@DB9PR08MB6811.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:5797;OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: DOlDIxbv6OrIvpH4ncQus335QCJQ8w6pDQWCO8RuczOMovEnGe5DG0Q/LwrcEgw9fg8ZTHcf6e3CTkQUmKb8Jd/gHbrwAo9aMDCogWdBgV5W/BwFcK19A4AxTiCVOfgi1F00n1QzYwif1wA47SHcs0VgftPhTcR9PXqXvURdyQxp1uJCT7c2qm33uZkKljbdPh4CC4494WLae7KmoGlfqP/0Xd3z1dsGHYnjVBatCsHYy1FUGGGMOUGOfEifK5MnKlqMcc2wQStqG8exQAiTO6LnwBW8KMFzOzM3r0ziIHRqI+A+5mEq3fOFY8BO6I0/Soah+zRBPbgFS4w/MZIP1diOWj9cVj3XMmCFilkbqqNPbhhMsZXGQ4xFQNWAPDFHd4HeUaGw+voBCFbwR4IscowsgvltdXfZ6YTMFctnoTFdQGeeFWv+soM/G0xK1Fs5PQhQcJToc1lcITUHQ67tCwWgAYSWogIwMuehxD1HweHRfvqUfZuZB1Q5qDAo09kUSATISkuCV1ynJRkisDni61atv7z3RkMybslFPcMCZVWfutxBcxhWq6eGiHlSAB9GT3acg+Zf2WuypTdPGcaoqbbSTDR3tMME/oiFPW5ECmsnHC7eIiNWQrqSKVK+NPYYevwVAfC00xbh9ggIhqIf0VTsWt58GLRVwURlQnEtIgIlXaQQl0TBbwc1RDgABfKf0JCBqM0blQ1NENALHkGVwKVAMsSXnKKmrQJC0akXt2eO6DpL6QoExbHg7+An8DztDyG+kvuWzr/CxONs+eBv4GjhTQy9gZ4+FXhqt92lzDBkelFp5G+SxSh7KDcTZG2l
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(39850400004)(366004)(346002)(396003)(136003)(4326008)(6506007)(53546011)(26005)(66556008)(478600001)(966005)(5660300002)(33656002)(71200400001)(316002)(6512007)(54906003)(76116006)(2906002)(36756003)(86362001)(83380400001)(6486002)(122000001)(6916009)(186003)(38100700002)(8936002)(2616005)(8676002)(66946007)(66476007)(91956017)(66446008)(64756008)(66574015)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Vs0WGk1oOMvCpx5lhn6AIAyZvAylCtFLZOVAR6gjbDTSOYt/Tg3S/yo4537g7TdihJ/ux0s05GlqfQZIzAsBdwb896U3aJh8RlycWI1F9fJgccecuZww/0Kzut5n9aq3dAqcccJrNcLl54/NBC/gqYW3pHzUaBlKl3RvF8b3f3afTuxMOqGhBr/+7gx/kOX06YHxCgozk2loSWBUA8KvEKE9I1Z0yODAWnuTQNv/Thd0uFLKosWzBsc2yfPVEqz4emYKtL1SeitDG9q8NxXL00GXihdfffCgt5a5RfgOIUMFAXToKtI7oKhITP4QhGZBaU0LVN2GK99Nrq90QimKojh+czjBda8PGtvF9CvYsU8NEmmlDMsXQwXb8UKVJ/qT2ehM6O8pyl2eStpFqwu/NyRgu9DzXKpWAvLVaODBS8941me2SrlYNGScveWIfaF2ob4OBUYZzw28POXBMxz2H6MKDZ+xzLjbNE/HfrG4nR73AxMVobB1XOF9X1IdXCXzMXiubErs3vcGIryArLfbxr0GNH7XuAK4EMzJSjLaoZpb3YbqsuQlwEX1m1nl/qjx3LcoCM4ZnOmYeC4Ysjx7tIcEjkrLQ8Cdu3AMFiKvNrCgOwAAFv1nGmSd7hnXZ+KMPjQj4xNsFyt/td5bqncrtUlxxAeMNrdBQC87zVg66tWuE8TS2gqgcHQWqkXaq8LWGxxhw+PAo2w7ZGmK40PWK4TjoyK9elTIxyU1kUk8a+6HUB30WgGrFHuUYTS9WbZ1hQsYR1n9NzpktJhD+4XtgCiZWuBK0sZwT2t3veaPvxdMMv5Hx1X1/D1x2hM0y3344lz9yqAKgXuw0oAgHwsU7tZKk4Neo4eOExY+qF561rC3+4J1r3yraywISaXWk1kQVKG/qwZuYLQ/GUlA47l/qUzeXq0Ct4Hyms8yy0SPXC4sAiDWhYQCh4gOzekadBq9F5yODJ60ENdJJdlEGR5ft/n49a/CoZFQ6dPeTPXJuMnpqPqctq59s1qPpStPqVOxHxDSYkFKYztU2wYdCP5JnQiJbj0iILiFIAMmW1qrryAw5bSZG1VPGB3RYoIDB3lSUt/+uGa+CXyLx7KepJelUIjWGcQuo+A8ZkonrE0kr3M0NzH+0pqVENsUup476k/5LiIsPkydXeq9ySsXqPui9/D06L3mwIUEitxvGtWC5PCOixAV/KVhWZZaZxudpctcQW9I6QDqZ+N6dYBobZJeeP4ONZjjlXf+1Pvdu6f0qD3lkWei56a64zuNb+fbKvr2SRnlbsnSFQQjDk+C0NcD6NknGnMG1Ewy2YtJjzcaDv80daskzrZB0o9qHyq6OkUV
Content-Type: text/plain; charset="utf-8"
Content-ID: <0E6DD04090145645A3ACAF2A3713D043@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4919
Original-Authentication-Results: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT061.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 8199a81a-8e8a-4f4a-c6ae-08d925c26bf0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jUYLL9c6ix3gC4eoi/wXN76nKauo1ORl12HnCYRCZppumV0lLhfd9/fOfQuQaOZXTXo3ambluE/f4ew6BnuoJdP0JX4p8aZOOJ+iDnWDjKEJ3MT4tbeey8H1zzKq7WTH4zbqMvUmDsShbZuiN/QWIrjStjkN+lMTAxmik273z3+XN4ipuwO8/7XH/enY4URpnNKqmdcLUxLuFUkGe5LMfqhVwgGb7a5++xJE0dMCTDhvxvFRW7mDMBfyBNPNkVoRwSWjWbuRZzJBYlm8xDxC/e11I+/xDgB2ttjRrJoLhOJVJ74N9sycNyqWhGdKkF7PgfbU+fhj0QT/TtZt2kGtunXULj4Dr8ND3fxOyd1dOpUpyfjnNiq/u/D7WyfuxkbDT+f+IG7HqEi43HaMh2JYEWAtbLGVEApMqsXcN0pZE5mJ1kogUJoDIj+F0kYUpdGyXTe87HBpjJU5w+mA0kH+M8dJTdA93s+qTVOHAX5WpToKk7K51pzxp63IVU3Sush9eGRyPxVrWnUHVAZiUPpFpwRpHZz+EFfRwo9CePHNVVLXRKuzAGmKL/hlvEo91YjLRUSd5VZX6Hu1iw/i5V7rdreDNM+nLV7FDF/uLDummu+l2FihX9vFfSujyMw34I82aQ5ROXVuGkimxm7/eq3eg3eKpTslDvCwceXitvVshS6EPkNvUVkRU73ga1llAS+SQm3KQOIZZ7h8yv0LQ1/GKtUkNgP4nBKs0gmo6wgfdX6thvm2MreGFtNf25HwAIJ9tsEdybmGG/5Ce0xWNOoUnRRP5yBCc6ozREpBUvegK96MFTarAfbbqRF583Jz0Kb8
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39850400004)(396003)(136003)(346002)(376002)(36840700001)(46966006)(26005)(6862004)(2616005)(966005)(70586007)(186003)(36860700001)(478600001)(54906003)(86362001)(4326008)(316002)(47076005)(8936002)(2906002)(36756003)(33656002)(82310400003)(6486002)(356005)(6512007)(81166007)(5660300002)(83380400001)(66574015)(82740400003)(53546011)(8676002)(70206006)(336012)(6506007); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jun 2021 12:32:19.7415 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 831e29c5-7df3-4fdc-2546-08d925c276e0
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT061.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6811
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ZAqN_2udxvkm28huMy0KKs3XqbQ>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 12:32:30 -0000

>
> " If a trustworthy party in the middle of the distribution path is able to
> detect a problem with cleartext (but signed) firmware, they can report a
> vulnerability and refuse to pass the update along."
>
> This is precisely the function SCRM vendors are performing today. Encrypting
> a binary object would be an impediment to software supply chain risk
> assessment functions in place today.

In this scenario, I would highly recommend simply adding the SCRM vendor to the COSE_Recipients list. This solves the auditing problem without exposing the firmware to malicious third parties. Remember, ROP compilers are a thing that exists and showing your adversary your binary makes it much easier to craft a ROP attack. I’m not arguing for security through obscurity, I’m just saying that it’s more difficult to build a ROP attack against a target when you don’t know any of its code. That fundamentally delays attacks and it also raises the bar: when you account for attacker capability modelling, what this does is reduce the number of possible adversaries.

Balancing audit and right to repair against strong security is non-trivial. However, I believe that we need to start with strong security, with hooks for audit and right-to-repair.

Best Regards,
Brendan

> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Monday, May 31, 2021 12:49 PM
> To: Michael Richardson <mcr+ietf@sandelman.ca>
> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; suit@ietf.org
> Subject: Re: [Suit] suit-firmware-encryption-00
>
> Michael:
>
>>>> I agree that there are also challenges with certification schemes
>>>> that prevent developers from seeing the source code (or from
>>>> publishing the source code). That's yet another issue.
>>
>>> SUIT is using signature for the authentication and integrity of the
>>> firmware.  If the signature remains in place, a party in the middle
>>> of the distribution cannot insert any malware.
>>
>> The encryption of the firmware keeps third parties from auditing the
>> software updates to determine if malware has been inserted at the
> "factory"
>> Both white and black hats are currently using binary diff systems to
>> look at patches.  Black hats use this to develop exploits in the gap
>> between 9am EST and 9am PST!
>> I am suggesting that this is a "Security Consideration"
>
> Yes, this is a reasonable thing to add to the Security Considerations.
>
> If a trustworthy party in the middle of the distribution path is able to
> detect a problem with cleartext (but signed) firmware, they can report a
> vulnerability and refuse to pass the update along.
>
> Russ
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email