Re: [Suit] How are firmware and firmware versions expressed in manifest?

Dick Brooks <> Wed, 03 June 2020 17:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D03E63A0C9A for <>; Wed, 3 Jun 2020 10:57:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T-v0v-ylhhov for <>; Wed, 3 Jun 2020 10:57:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1BEB03A0C85 for <>; Wed, 3 Jun 2020 10:57:04 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 0387B5C011C; Wed, 3 Jun 2020 13:57:03 -0400 (EDT)
Received: from mailfrontend2 ([]) by compute1.internal (MEProxy); Wed, 03 Jun 2020 13:57:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=2lEFa9 JnhfSjUsQ+KsUyUTqwfartuxhpW+wgeW+DI6c=; b=kG4b1p93xffV25RBL6W3VA UmQtR6AR4R7bT13x7q+u9nKYjAkysVVDPvAL+yfSSzXtRNN47DZkVhLltVnpKK3g wUSfz5Lg/7t/6UQ8nJwTaDDb3Eaks3XkfX9A3LxYKtfR9foSUw09U9Eej7ofAwEq s5gdHpKd8Ppb/Z56xmpfWyHhcynyEsz4WQLjhqc2JClq6mUEFVtlAFuLos7LNnm1 hS2T9rKRtW49M9+zAI+m0DeW07MaCKufPpRHeahaV+IAAWMjIQjb0PbqaCQNBCc9 4Idp89TS3VfENckBZo5+0RNXVHl5Py7S90bWVrU6kWQ7GC+XZQzHkhG669f5YxpQ ==
X-ME-Sender: <xms:buTXXlj_BiO7wNOS_Z3roRQx3aV8ikqOn6KP8bcQX2EyryyHmcpOyg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudefledgleegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvfhgjufffohfkgggtofhtsehrtdhgpedvtddvnecuhfhrohhmpedfffhi tghkuceurhhoohhkshdfuceoughitghksehrvghlihgrsghlvggvnhgvrhhghigrnhgrlh ihthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpefgjeehueefveethfeiffelteev hfekkefhheelgfetffefjefhueeigeeuffeivdenucffohhmrghinheprhgvlhhirggslh gvvghnvghrghihrghnrghlhihtihgtshdrtghomhenucfkphepjeefrddvfeegrddvgedv rdduvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe guihgtkhesrhgvlhhirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:buTXXqDkeTD1VLycOarvfkK75CRdCZ3_WpaL_Y-5RldoCk4zrYeC_A> <xmx:buTXXlFwLqJE0LhV8p2bC5MBKWJ7lVy_xeiTnMtIiuICOFC8uVisDQ> <xmx:buTXXqQEPtTmuAlgpkFIwWpOr_RnC-_Bysp_g_vL85paIh3c17OPUg> <xmx:buTXXh_9hvg_nnCpCfJSYqYWpjVikJ2k-ljRzSSYe2PyB1q5aOba9w>
Received: from farpoint ( []) by (Postfix) with ESMTPA id 63A6F3061CB6; Wed, 3 Jun 2020 13:57:02 -0400 (EDT)
From: "Dick Brooks" <>
To: "'Hannes Tschofenig'" <>, <>
Cc: "'Saad EL JAOUHARI'" <>
References: <>
In-Reply-To: <>
Date: Wed, 3 Jun 2020 13:57:01 -0400
Organization: Reliable Energy Analytics
Message-ID: <8b6d01d639d0$62614150$2723c3f0$>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_8B6E_01D639AE.DB5127F0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQEpJGg3Q76y3b59AZfDOO6eGr7fRKohU+gA
Content-Language: en-us
Archived-At: <>
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Jun 2020 17:57:06 -0000

My Company provides Risk Assessment software to the US Electric Industry to
meet NERC CIP-010-3 R1, Part 1.6 software integrity and authenticity and
verification standards across the software supply chain; my comments pertain
specifically to this use case.


See responses inline: DB>>




Dick Brooks

 <> Never trust software, always
verify and report! T


Email:  <>

Tel: +1 978-696-1788


From: Suit <> On Behalf Of Hannes Tschofenig
Sent: Wednesday, June 03, 2020 5:23 AM
Subject: [Suit] How are firmware and firmware versions expressed in


Hi all, 


in his review of the recent manifest draft Saad (on CC) pointed out that it
is not clear how the firmware version is identified in the manifest. This is
a good question and I thought I bring up to the group. It turns out that
there are different use cases that require identification of different
pieces of software and here is a list of what I consider relevant: 



DB>> Risk assessments for NERC CIP-010-3 R1, Part 1.6 require corroborating
evidence to establish trust in a software object. It's important that the
identification marks within a software object be consistent across domains.
The data in the installation file must match data in the digital signature
and metadata within vulnerability databases so that we can get accurate risk


* The manifest needs to point to a location where to obtain the firmware.
This is accomplished with a URL. Section 7.3 describes an example (look for
the uri parameters directive).



DB>> The "Trusted Source Location URL" where the "real/trusted" software
object is available is vitally important for an effective NERC CIP-010-3
risk assessment. This is part of the corroborating evidence that's needed.



* There is the digest of the firmware, which is used for security purposes,
and there is an example in Section 7.3 (look for the image digest parameters


* Then, there is also the component id, which indicates where to store the
software / image. We discussed this recently in the context of TEEP where
the binaries of trusted applications are protected with the manifest and
those binaries will typically end up on a file system. In the OP-TEE secure
world OS those binaries are stored with the UUIDs in their file name. In a
low end IoT device, like a Cortex M class processor, there is typically no
file system and hence the firmware image ends up in a flash memory slot. 


* There is also the case with a differential update where the manifest needs
to indicate to what firmware images the differential update can be applied
to. This is accomplished with the image match condition.


DB>>Patches/Updates must contain clear metadata that can be correlated with
a specific software object that represents the original installation, and
other patch dependencies that must be in place for a successful deployment.
A  "Trusted Source Location URL" is also required, for CIP-010-3 software
integrity and authenticity risk assessments.


* Finally, there is also a version condition. This allows to express that a
manifest is applicable to one or multiple versions of the firmware. As
described in the information model draft, this situation occurs when you
upload an application that relies on existing software to be present on the
device. (Think of it as an API version.)


It is important to note that the manifest is not meant to be used to
describe the software running on the device. This is the job of other tools,
such as COSWID. The manifest instead provides instructions on how to update
firmware and to accomplish secure boot. 


DB>> I'm hoping to use the manifest as a virtual SBOM. Will let you know if
I'm successful in this regard. 


Is this a topic that needs to be better described in the draft? 


DB>> I believe so.




IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy the
information in any medium. Thank you.