IETF Logo Mail Archive

Re: [Suit] Parameters and Commands

Thomas Fossati <Thomas.Fossati@arm.com> Fri, 28 February 2020 17:26 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 434763A1BA9 for <suit@ietfa.amsl.com>; Fri, 28 Feb 2020 09:26:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.878
X-Spam-Level:
X-Spam-Status: No, score=-1.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_SPF_HELO_TEMPERROR=0.01, T_SPF_TEMPERROR=0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=P3fetLMz; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=P3fetLMz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ztqrev3OElLW for <suit@ietfa.amsl.com>; Fri, 28 Feb 2020 09:26:17 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150082.outbound.protection.outlook.com [40.107.15.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 404543A195F for <suit@ietf.org>; Fri, 28 Feb 2020 09:26:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gfGCHy6B979uZNc4zYUrgjKxESgjH//xcRFfmjNy+6E=; b=P3fetLMzv05ipH2qTanROQWoqCtyQ6ZoaklnGqtKYk/u1zvDl8YkcW+ZdeJcW1evUXlEpey43U6AQxjiUfSBiEwoxohxIkHVdNlL9mSrcP9XGP5ih4WPQvTRi+K0mCjIu1aPr6Ol7OgqhRt2pfvaO086j8EMLvv1EX/vT2adCdU=
Received: from VI1PR0802CA0014.eurprd08.prod.outlook.com (2603:10a6:800:aa::24) by AM0PR08MB3425.eurprd08.prod.outlook.com (2603:10a6:208:db::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.17; Fri, 28 Feb 2020 17:26:12 +0000
Received: from VE1EUR03FT037.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::207) by VI1PR0802CA0014.outlook.office365.com (2603:10a6:800:aa::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14 via Frontend Transport; Fri, 28 Feb 2020 17:26:12 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT037.mail.protection.outlook.com (10.152.19.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14 via Frontend Transport; Fri, 28 Feb 2020 17:26:12 +0000
Received: ("Tessian outbound efdea641ed36:v42"); Fri, 28 Feb 2020 17:26:11 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 6f6152995ca028ef
X-CR-MTA-TID: 64aa7808
Received: from 11bb5a649377.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2F9B2DAD-96F3-4A9A-8ECF-08933662955C.1; Fri, 28 Feb 2020 17:26:06 +0000
Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 11bb5a649377.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 28 Feb 2020 17:26:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ngAZ+cuEKUliaSq2s5npP0mZcZ/3nMg5WI3TSBDgexbi8nY4KCH1tvFTc0+uoHG/4uxOm2bAkF2zHcnsSQ6VbZXhmWHCffJ4Y/1/UStF4L1BObQQx9RL87qQk3Aw2wspuSQsujZkD04mkCP1TAhod1DgScJbffIFrBhSGj0sjvThAtS+tGpCSoH40SgR3u0GhZIX3nfIRO+Ba4xCVvjwCI2+gHairyo2K2apOc6W8ui9ZF3mlqX3qVKMr05qkC9LNiXPgDMT1xTxVFeooWPuW8rwrSQUHY7F1vfEUGORapMC6N08CScQjeX8eMYsZOjDlNvKvMQq1bNwkt0HMoeAiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gfGCHy6B979uZNc4zYUrgjKxESgjH//xcRFfmjNy+6E=; b=DBDKK1HR1jKZdgckK/D3/pr8Rx68IuXab5nKz973UKOGfG1Xp10nVQwQcSiBGWg7OVt5/hoqm2Ye1Fl1c25MNPlmphV1XG9kvVl2uaGALv+omYMnRnUFvjsU/7zcufAgX/5s9CWG/HUsK0U2tKMISsbaLdat8YjkcsAqMtBycKyhEluNVcabFSAx5nWa6muNc6L+9yzEqGb+tJpnQckf5hEEgPZhbQkG4k2laS/HmPsLLMJMnszdpEJhrhu7p+iGxNusPQnV3Vjb4q2KnaReKYDhHGMERSzlcR9d8wU7mk4+JGwOLQqZtU5xXVBIqadJC3p8uMl4Ji1S0EEauVZoyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gfGCHy6B979uZNc4zYUrgjKxESgjH//xcRFfmjNy+6E=; b=P3fetLMzv05ipH2qTanROQWoqCtyQ6ZoaklnGqtKYk/u1zvDl8YkcW+ZdeJcW1evUXlEpey43U6AQxjiUfSBiEwoxohxIkHVdNlL9mSrcP9XGP5ih4WPQvTRi+K0mCjIu1aPr6Ol7OgqhRt2pfvaO086j8EMLvv1EX/vT2adCdU=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB4550.eurprd08.prod.outlook.com (20.179.18.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.21; Fri, 28 Feb 2020 17:26:05 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f%7]) with mapi id 15.20.2772.012; Fri, 28 Feb 2020 17:26:05 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>
CC: Adrian Shaw <Adrian.Shaw@arm.com>, Koen Zandberg <koen@bergzand.net>, Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>, suit <suit@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Suit] Parameters and Commands
Thread-Index: AQHV7XQQQA0i3AEJykizdfj2dpCACagvGNGAgAAgvYCAAA9lgIABM9gAgABgmwA=
Date: Fri, 28 Feb 2020 17:26:05 +0000
Message-ID: <F4820201-B98C-470E-AB5E-59F9189D3202@arm.com>
References: <27913A6B-F42C-4AA9-8A7A-64B1D546C13C@arm.com> <5CBBCF38-5431-4BF7-891D-E4451ECDEAC5@arm.com> <D2CE89E8-BCBA-4BBF-BCAD-2A2C2A558786@arm.com> <817B5E95-C304-4AE6-A950-9514DDB2A3FD@arm.com> <798F1A9A-6B23-4999-9D1F-6BD5AB47EFF8@arm.com>
In-Reply-To: <798F1A9A-6B23-4999-9D1F-6BD5AB47EFF8@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 2f1d5af2-9fdd-47b3-eedf-08d7bc734e97
X-MS-TrafficTypeDiagnostic: AM6PR08MB4550:|AM6PR08MB4550:|AM0PR08MB3425:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB34251D04DC183F1761AB997D9CE80@AM0PR08MB3425.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 0327618309
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(39860400002)(376002)(136003)(346002)(396003)(189003)(199004)(76116006)(71200400001)(36756003)(54906003)(66556008)(478600001)(6636002)(91956017)(37006003)(2616005)(4326008)(64756008)(6506007)(186003)(66446008)(6862004)(86362001)(66476007)(2906002)(6486002)(8676002)(8936002)(33656002)(81166006)(53546011)(316002)(26005)(5660300002)(81156014)(6512007)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4550; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: o96/YeeIR99oHaiCNDjshr3B5+7vaXhMUDByBYc5DOWjACEXxQcOUTQWq0WAk+Jo+Lj4uDe7BFMZM3JrKafy/00e4ZM5pISMYQGOXhVvhy5mXHY+AgNG8NMsRxzFKBpJpYvbhvWW/hZ8klRooLlnHL6hcwH0ZzeJSnk+zPCo7CO7mzT6MltTw29pZ2VL95caMDiAssydtRrjHPlyp1KcKmYtK40jCP6q0gnIUOjwlbV8oJL7A91+/oBaybhkafAH8fQ9ktj+RpUQuBJTF+1OBVEaB1Q1n8kOSCXQmDlBQ0Zr2Nd+Os1Vpw1gXKAxAKkQWQTxBQZY1uaJAWrBA/9D1+vWw4g7vNaH0V6uZkjSS3HU3dY3W79wbLV7K59jwvVkvaSk4JZRmle+On9S3swA5gcgazAVNOXg91/CBuKwXFmXbJ848Zf7tChdVLM+RcK2
x-ms-exchange-antispam-messagedata: bugDe4MTfex7TaTk9/qh02a+Gpx4msKStHOe6BPEa0ujz4+lkh4uNTImNeSuTXy08BN6JK3DG/gxD4EegshMOP5AIeEmbLhbBMHe+odh8wbJBxL7yi8Pcwo6ihfjga11hG/QnnD0+/l3ZeSAYvjD9A==
Content-Type: text/plain; charset="utf-8"
Content-ID: <5D2FC51E1C4BE5478CCE06CB2E6688DA@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4550
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT037.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(136003)(39860400002)(396003)(199004)(189003)(81156014)(2906002)(81166006)(26005)(8936002)(8676002)(6506007)(4326008)(86362001)(53546011)(2616005)(6512007)(33656002)(6862004)(6486002)(336012)(186003)(70206006)(478600001)(37006003)(316002)(70586007)(5660300002)(36756003)(26826003)(6636002)(356004)(54906003)(36906005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3425; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: f10976c8-6cc0-4166-2d74-08d7bc734a64
X-Forefront-PRVS: 0327618309
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: gdpnbIcZr2N5YPjX68yUXqpKke/Uyci2dVE8HP72CeqdvnSvpLc/X54+Zkq4jMO2yHVkj3V7CYxxPop7Lg4b1m9dIxjQPJO3cMFU8YcB7dtVPrnHWKXSIoBcqSt6BWQH5EHp4IQVWn3pkCDI/nM2UwrPCfzBdaMMeZCjIrY+lruywTwwsFnpnBYIcp7RgY1BwcZ+/srfdI/Dcnp89/DSfvsvoeKGyBq0ZV9JzjYMlWcppPPM2S5Ry5ZetfW07FqfHeeWV4NOxdkObYUzZtdqA6i0spCFEz2NDShbdJVaGlT11OHw+0kCSRheQps2YvTQOeYzwAMFDuP2a6L9+YKRaaidbMsYgMrXsm7OO40D19mskHscvjbruw7amKXUw3nKJ1mRCuHz7jKAG2dzS5mjwgPeoV7P6LqyoIKlUj5LoniF1XyMUUHiNOGng1xrtmoQ
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2020 17:26:12.1004 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f1d5af2-9fdd-47b3-eedf-08d7bc734e97
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3425
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/_sAVdXJ5yBkOPVYuchDvZ46HIrM>
Subject: Re: [Suit] Parameters and Commands
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 17:26:27 -0000

Thanks Brendan, got it!

Cheers, t

On 28/02/2020, 11:40, "Brendan Moran" <Brendan.Moran@arm.com> wrote:




    Hi Thomas,


    I think we’re confusing the steps of validation/execution a bit here. The order is:



    1. Verify firmware author’s authorization. (Signature validation)
    2. Execute Manifest
         1. Each time a condition is encountered:
              1. If measurement is requested in manifest, record measurement
              2. If measurement is required by internal policy, record measurement
    3. Seal the measurements (e.g. signature)
    4. Execute the firmware image



    You’ve said that BL2 is only trusted after BL1 verifies it. However, this is handled in a modular way in SUIT. The manifest is verified prior to execution, so BL1 can trust
     it. When BL2 is verified, the BL2 manifest is already verified and trusted, so it can be trusted to indicate the need for a measurement to be recorded.


    I think it’s important that we strongly define the purpose of each security mechanism we have in place. Secure boot is for authority enforcement: only authorised parties can place firmware on a device. This leaves some gaps: Is the firmware authorised,
     but old? A device with no secure time source can’t know that. If a third party wants to interact with a device, knowing that the firmware is authorised isn’t good enough, they have to know it’s the expected firmware—version numbers can lie—so we need a strong
     guarantee of exact version that secure boot alone cannot provide.


    Measured boot fills these gaps. The “version” of the firmware is exposed precisely via a trusted third party: the previous execution stage.






    Let’s try and define exactly which threat could be opened by allowing the signer of the manifest to also set measurement policy. First an assumption: the holder of the private key for authorising firmware has become nefarious: change of heart,
     theft of keys, etc.



    1. The manifest author tries to hide that a version has changed by not to reporting the firmware.
         1. The verifier notices that firmware version isn’t being reported and takes corrective action.
    2. The manifest author tries to hide that a version has changed by making a measurement before an update, but not reporting after
         1. This attempt at subterfuge is visible in the manifest and its lifetime is limited. The next measurement will make it irrelevant.
    3. The manifest author tries to hide that a version has changed by recording a measurement of one offset, but executing from another.
         1. This attempt at subterfuge is visible in the manifest. It can be further exposed by requiring offset measurements in multi-image devices.




    Are there other threats here? I don’t think there’s much space for a bad actor in this.


    I would argue that we make it required for:

    1. A condition-image to specify either Record-on-success or Record-always.
    2. Run Image to specify either Record-on-success or Record-always, and to require Run Image to automatically invoke a condition-image




    I think that would remove any scope for bad actors to even attempt to hide, while still allowing flexible reporting and, more importantly, a sensible way to communicate verification policy to a verifier.


    Best Regards,
    Brendan





    On 27 Feb 2020, at 17:18, Thomas Fossati <Thomas.Fossati@arm.com> wrote:

    Hey Brendan,

    I'm having a bit of trouble parsing this bit:

    On 27/02/2020, 16:23, "Brendan Moran" <Brendan.Moran@arm.com> wrote:

    [...] For example, BL1 loads BL2. BL1 trusts the author of BL2
    (which is the basis of secure boot).  BL1 executes the policy laid out
    by BL2’s signer.



    BL1 can trust BL2 only after it has measured it, therefore "executing
    the policy laid out by BL2's signer" can only happen *after* a
    successful verification, do you agree?  If so, there is a temporal
    mismatch in the logic above.  That, or I am missing something important,
    which is what usually happens :-)

    cheers!










IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email