Re: [Suit] How are firmware and firmware versions expressed in manifest?
Dick Brooks <dick@reliableenergyanalytics.com> Thu, 04 June 2020 17:24 UTC
Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C9E53A08CA for <suit@ietfa.amsl.com>; Thu, 4 Jun 2020 10:24:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C70vtk1seWuc for <suit@ietfa.amsl.com>; Thu, 4 Jun 2020 10:24:14 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E79BC3A08B7 for <suit@ietf.org>; Thu, 4 Jun 2020 10:24:13 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4EAC25C00BA; Thu, 4 Jun 2020 13:24:13 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Thu, 04 Jun 2020 13:24:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=cqGMvJ fOUabar16rW0Rg12I7jTNDj2r1w2KshemNn0A=; b=DgFZL6NExEKToTt6zD36Y+ YQyAUYqQ+957c9hXR/9vEk0qkkoEqCtJ75MT1K3MZCBXGoNhuszCAvzroXze6Ibp q7PYQyVzWqMLD4yKaGapGSPAOtu0gTNOBgcHd+JLjsFX636Hnt1sX6eXNAmlIiHg 7tWtiIOeuPJ/TOtrtLTVANg/aBJVSKK0DrsQza4f1MqHlOQ35YU9eps2rpXMcB3i IjGJDG+eo6MojOkd+mFCVZizAM/zVq8VsBl7830SKOHBkZbNO0rioZLiCHuRCwI5 TqnY4bh5/lSrzh3RzMhvHiJrsWnHuZKrBnrVwmuyTtu0r/wah36Z7erBCGuC8aew ==
X-ME-Sender: <xms:PC7ZXtSEYILs86m2hww7jOq8A755A_xUQg3IIiLKGY6EkdgSN3GBBg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudeguddguddtgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfhfjgfuffhokfggtgfothesrhdtghepvddtvdenucfhrhhomhepfdff ihgtkhcuuehrohhokhhsfdcuoeguihgtkhesrhgvlhhirggslhgvvghnvghrghihrghnrg hlhihtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepgfejheeufeevtefhieffleet vefhkeekhfehlefgtefffeejhfeuieegueffiedvnecuffhomhgrihhnpehrvghlihgrsg hlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhmnecukfhppedvudeirdduleefrddu gedvrddvvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpeguihgtkhesrhgvlhhirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:PC7ZXmwi1c36ejzNhpuDEphnqCkl1FulqZ5H4wk2TTRMxdkWQDx8YQ> <xmx:PC7ZXi0InXv8CUmaoLgEdsQTWEIhj6OTzkPl8g4cQiVrlfAFJ1rqZw> <xmx:PC7ZXlBVlIv6xQnM9AZxwbnCnWeyt5cAyYjnsQo1CKxn5eYEi67-Ew> <xmx:PS7ZXhs25SunIdLxcIs6p6XRBsSBv60vISOkq_ad6pwqspM997voHg>
Received: from farpoint (unknown [216.193.142.22]) by mail.messagingengine.com (Postfix) with ESMTPA id 9C5133061856; Thu, 4 Jun 2020 13:24:12 -0400 (EDT)
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, suit@ietf.org
Cc: 'Saad EL JAOUHARI' <saadeljaou@gmail.com>
References: <AM0PR08MB371631B7C1E6B50DCA29049AFA880@AM0PR08MB3716.eurprd08.prod.outlook.com> <8b6d01d639d0$62614150$2723c3f0$@reliableenergyanalytics.com> <AM0PR08MB37166AD36B5AA36EA7D7CA9BFA890@AM0PR08MB3716.eurprd08.prod.outlook.com>
In-Reply-To: <AM0PR08MB37166AD36B5AA36EA7D7CA9BFA890@AM0PR08MB3716.eurprd08.prod.outlook.com>
Date: Thu, 04 Jun 2020 13:24:10 -0400
Organization: Reliable Energy Analytics
Message-ID: <cf6c01d63a94$f6a94eb0$e3fbec10$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_CF6D_01D63A73.6F9ABBF0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQEpJGg3Q76y3b59AZfDOO6eGr7fRAJUo0s2Am+d4lmp/LhecA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/nPbSb6Ro4ITVz_mW9o1tEcUdoH4>
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2020 17:24:16 -0000
Thanks, Hannes - I very much appreciate your thoughts and insights; my responses are shown inline DB2>> Thanks, Dick Brooks <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: Suit <suit-bounces@ietf.org> On Behalf Of Hannes Tschofenig Sent: Thursday, June 04, 2020 12:45 PM To: Dick Brooks <dick@reliableenergyanalytics.com>; suit@ietf.org Cc: 'Saad EL JAOUHARI' <saadeljaou@gmail.com> Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest? Hi Dick, Thanks for the review comments and for the pointer to NERC CIP-010-3. Please see my comments below: ~~ snip~~ Hi all, in his review of the recent manifest draft Saad (on CC) pointed out that it is not clear how the firmware version is identified in the manifest. This is a good question and I thought I bring up to the group. It turns out that there are different use cases that require identification of different pieces of software and here is a list of what I consider relevant: DB>> Risk assessments for NERC CIP-010-3 R1, Part 1.6 require corroborating evidence to establish trust in a software object. It's important that the identification marks within a software object be consistent across domains. The data in the installation file must match data in the digital signature and metadata within vulnerability databases so that we can get accurate risk assessments. [Hannes] Looking at Part 1.6 I see two requirements, namely: 1.6.1. Verify the identity of the software source; and 1.6.2. Verify the integrity of the software obtained from the software source. This is certainly met by the digital signature covering the manifest (provided by the COSE wrapper) and the manifest also includes the digest of the firmware/software, which ensures the integrity of it. Part 1.6 then goes on and says: "An example of evidence may include, but is not limited to a change request record that demonstrates the verification of identity of the software source and integrity of the software was performed prior to the baseline change or a process which documents the mechanisms in place that would automatically ensure the identity of the software source and integrity of the software." I am not sure about this part and whether it there is something needed in addition to what we already have in the previously mentioned security wrapper. DB2>>You have to look a little deeper to understand what it means to "verify" identity and authenticity (see page 36 of CIP-010-3 technical guidelines for software verification for more detail). A digitally signed object can still carry malware, so it takes more digging to conduct an effective verification than simply relying on a digitally singed object (which could contain a contaminated library in the build process - hopefully not). * The manifest needs to point to a location where to obtain the firmware. This is accomplished with a URL. Section 7.3 describes an example (look for the uri parameters directive). DB>> The "Trusted Source Location URL" where the "real/trusted" software object is available is vitally important for an effective NERC CIP-010-3 risk assessment. This is part of the corroborating evidence that's needed. [Hannes] The URL is included in the manifest and, while there is a way to override it (assuming proper authorization). Since the software/firmware is, as mentioned above, also integrity protected there is another layer of defense provided. DB2>>Does the URL include the path+filename of the actual software object being downloaded? If yes, this would be very useful information. * There is the digest of the firmware, which is used for security purposes, and there is an example in Section 7.3 (look for the image digest parameters directive). * Then, there is also the component id, which indicates where to store the software / image. We discussed this recently in the context of TEEP where the binaries of trusted applications are protected with the manifest and those binaries will typically end up on a file system. In the OP-TEE secure world OS those binaries are stored with the UUIDs in their file name. In a low end IoT device, like a Cortex M class processor, there is typically no file system and hence the firmware image ends up in a flash memory slot. * There is also the case with a differential update where the manifest needs to indicate to what firmware images the differential update can be applied to. This is accomplished with the image match condition. DB>>Patches/Updates must contain clear metadata that can be correlated with a specific software object that represents the original installation, and other patch dependencies that must be in place for a successful deployment. A "Trusted Source Location URL" is also required, for CIP-010-3 software integrity and authenticity risk assessments. [Hannes] This is indeed provided and I think we are good there. We should probably add an example. DB2>>This is very good to know. Thanks for the insights. An example would be very helpful. * Finally, there is also a version condition. This allows to express that a manifest is applicable to one or multiple versions of the firmware. As described in the information model draft, this situation occurs when you upload an application that relies on existing software to be present on the device. (Think of it as an API version.) It is important to note that the manifest is not meant to be used to describe the software running on the device. This is the job of other tools, such as COSWID. The manifest instead provides instructions on how to update firmware and to accomplish secure boot. DB>> I'm hoping to use the manifest as a virtual SBOM. Will let you know if I'm successful in this regard. [Hannes] Thanks, feedback would be highly appreciated. Is this a topic that needs to be better described in the draft? DB>> I believe so. [Hannes] I will give it a try and post text for a new section to the list. DB2>> I'm also curious to know if SUIT will work for FPGA bitstreams - do you know? This one is turning out to be a tough nut to crack - very little info on FPGA bitstreams metadata (i.e. embedded IP could be concerning). I welcome any advice you can offer on this point. Thanks for the feedback. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Suit] How are firmware and firmware versions exp… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Michael Richardson
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Eliot Lear
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Michael Richardson
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Michael Richardson
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Eliot Lear
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Henk Birkholz
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Michael Richardson
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Henk Birkholz
- Re: [Suit] How are firmware and firmware versions… Eliot Lear
- Re: [Suit] How are firmware and firmware versions… Hannes Tschofenig
- Re: [Suit] How are firmware and firmware versions… Dick Brooks
- Re: [Suit] How are firmware and firmware versions… Michael Richardson