IETF Logo Mail Archive

Re: [Suit] Improvements to draft-moran-suit-manifest-03

David Brown <david.brown@linaro.org> Thu, 28 February 2019 20:07 UTC

Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B162E12F1AB for <suit@ietfa.amsl.com>; Thu, 28 Feb 2019 12:07:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OLpprFPfMkK for <suit@ietfa.amsl.com>; Thu, 28 Feb 2019 12:07:20 -0800 (PST)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65CA4124BF6 for <suit@ietf.org>; Thu, 28 Feb 2019 12:07:20 -0800 (PST)
Received: by mail-qt1-x82d.google.com with SMTP id j36so25057442qta.7 for <suit@ietf.org>; Thu, 28 Feb 2019 12:07:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=jsxib6XecxcXrbi3Ua7PMwElTHKO7jU35nGsEDcjvBM=; b=ShPQ0/y4ZksGWF/n6Zg53ILVNB+6Ir4XlhT07PqEcMRxlxuzA5bzvJOgaslSONasoh NZZaF+EExwC4l0d11QyDruoYiYj/kTQeNN6v3/LxKIUa+04OMIv7LL7ZYr1fRZJIryHr ul24StcRANQ5k2NP7JF+X5nrJTGDuDVe5Y1WFEl1Xdk5THCgSPuQNBD/WoLvu2r7p0MQ GpbHKPcoixEGB1ABi1RECqlb5Wj0lpW91Kj6ysBb49ypWwxCp5SbD6k5PkVPl388mjdm +d7SHHknuYZn11VpwUNgGYeGav5piCy7M1mCXLJSR+HpShSZ6nbvr6hrw1Oa1fFaNGnc g2Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=jsxib6XecxcXrbi3Ua7PMwElTHKO7jU35nGsEDcjvBM=; b=Lo+yceHaazfwMzKuOFZ0npQuEpWinhDN2mDoavBvk5kPRPwLbxN8LS6lyldbTkAOk2 oJIP3htSiirckhgCNtmo5P+BgCLlxgVN3Gf7R+6dhE5I8x4n3u7IGe3w3XyIJGtKLJDi V39+UZMHENidHQKw7MxbcsN+/7iH3f1swbMiSVT8tBBQXekuAGwetGyW8CW2TYsQcMVD hPYpB0NLJroJ/yB9EdIMSBEpAyiLbE8XCvCEQknuL8O7zvnM1bHaHMoPTbGJdR+YH6SB 5+BBUwMeJ5N3o/G//ubN+6WPPYzFXoqPKOaEWdgKCKpcD7Xe4Sm7E5tU0dlSvabsIgp5 bGJg==
X-Gm-Message-State: APjAAAV8wP5osfXI4d0fTSV+8uUUkIky9bPfJ/Y5Wia3BMtQP2+GX9GQ ZrDNRW18cOPrOc1AoabCRBtTgA==
X-Google-Smtp-Source: APXvYqzpQ6YIiuIlScdKAsXPutq6WM8K8rmnvWQxahI/wwULpi7+lL0Lo++CVCAWJelqehygwA7wBw==
X-Received: by 2002:ac8:33d7:: with SMTP id d23mr895538qtb.243.1551384439226; Thu, 28 Feb 2019 12:07:19 -0800 (PST)
Received: from davidb.org (cn-co-b07400e8c3-142422-1.tingfiber.com. [64.98.48.55]) by smtp.gmail.com with ESMTPSA id 14sm11538107qkf.23.2019.02.28.12.07.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Feb 2019 12:07:18 -0800 (PST)
Date: Thu, 28 Feb 2019 13:07:14 -0700
From: David Brown <david.brown@linaro.org>
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: "Kvamtrø, Frank Audun" <frank.kvamtro@nordicsemi.no>, "suit@ietf.org" <suit@ietf.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Amyas Phillips <amyas@ambotec.org>, Martin Pagel <Martin.Pagel@microsoft.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>
Message-ID: <20190228200714.GA2665@davidb.org>
References: <78FF2A20-1AF3-425F-B4BB-6F520E85DE46@arm.com> <CAO6t1cj7qDNA3VnkbxiPQEm6P+o=mQALYVr+JMTvVXnvV_4vNQ@mail.gmail.com> <HE1PR05MB3228C1819381A6B0630AF6DB88640@HE1PR05MB3228.eurprd05.prod.outlook.com> <BYAPR21MB1317B2E9FA61E8374C384B0A9D640@BYAPR21MB1317.namprd21.prod.outlook.com> <CAO6t1ciQd7kUq=kVGr0xsv3ngOYNm=T2FFoyf=Aq9qmg57=fpw@mail.gmail.com> <AM6PR05MB56398DC31C9EB0582AF9E30BFC650@AM6PR05MB5639.eurprd05.prod.outlook.com> <0E2EB7D0-84D7-4000-BCAD-3C012B1D2718@arm.com> <AM6PR05MB5639FC0FE54E5EB19ABDF3E8FC660@AM6PR05MB5639.eurprd05.prod.outlook.com> <4A2C5D71-1FFB-4129-A69A-100A45DF9E9A@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <4A2C5D71-1FFB-4129-A69A-100A45DF9E9A@arm.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/narNmsE9FnPN__PmLDSe9ook5C0>
Subject: Re: [Suit] Improvements to draft-moran-suit-manifest-03
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 20:07:23 -0000

On Thu, Feb 28, 2019 at 03:38:28PM +0000, Brendan Moran wrote:

>I think you’re right that there may be threat vectors that arise from shedding
>some data, but not other data. I’m trying to adapt the shedding of data so that
>it works a bit better. Data should only be shed if it’s never needed again. For
>instance, you don’t need the information used to install a payload after that
>payload is installed. So, that information should be shed as a block. Likewise,
>you don’t need text once the manifest is pushed to a device, since this is for
>machine consumption only.

MCUboot has an interesting case/configuration where this isn't quite
true, about the installation.

MCUboot can be configured to perform "swap" upgrades.  Flash is
partitioned into a primary and an upgrade slot (and there is a scratch
area to use to do the swap with recovery).  After the image swap, it
tries running the new image.  If something goes wrong, and the image
is not able to boot up and mark itself as valid, the next reboot,
MCUboot will swap the two images back.

In this case, any information on installation would still need to be
there.  Although, also in this case, the installation is very simple,
and isn't going to be large (my current prototype does not include
it).

David

v2.23.0 | Report a Bug | By Email