Re: [Suit] Parameters and Commands

Thomas Fossati <Thomas.Fossati@arm.com> Thu, 27 February 2020 17:18 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F09E3A0D75 for <suit@ietfa.amsl.com>; Thu, 27 Feb 2020 09:18:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=VE5Ku1ZU; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=VE5Ku1ZU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKUUGx2HxzKP for <suit@ietfa.amsl.com>; Thu, 27 Feb 2020 09:18:42 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10063.outbound.protection.outlook.com [40.107.1.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A2113A0D69 for <suit@ietf.org>; Thu, 27 Feb 2020 09:18:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UNYpppg2h+2eHEk5z4UBdx2YesTRYt9ouMwa0wt1fY0=; b=VE5Ku1ZUZ5Hzt5iy0u/xOIG+sAVLHR59a+jrXcQa5/vFTFSPvgCE06zFq0rLqBd3yGhOUa4OeKd18FjtA8Uv9igzxidf2rCxV/KdAz20FUGeCJkZFkKqEY1n7c1pxqqWytjzV1etav8qDQMOzuZhCpOGQacx3jjW0a8P5Pss68s=
Received: from VI1PR08CA0141.eurprd08.prod.outlook.com (2603:10a6:800:d5::19) by VE1PR08MB4718.eurprd08.prod.outlook.com (2603:10a6:802:a5::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.22; Thu, 27 Feb 2020 17:18:37 +0000
Received: from DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::206) by VI1PR08CA0141.outlook.office365.com (2603:10a6:800:d5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14 via Frontend Transport; Thu, 27 Feb 2020 17:18:37 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT006.mail.protection.outlook.com (10.152.20.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15 via Frontend Transport; Thu, 27 Feb 2020 17:18:37 +0000
Received: ("Tessian outbound 1f9bda537fdc:v42"); Thu, 27 Feb 2020 17:18:37 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 4f7f9a9d93f3690b
X-CR-MTA-TID: 64aa7808
Received: from ba9fdea3ad0a.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 618381CC-FA0D-4F28-9693-5E3E44595424.1; Thu, 27 Feb 2020 17:18:32 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ba9fdea3ad0a.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 27 Feb 2020 17:18:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ie05yMzfpZShLcqqAQFnrgSjTZxxt3PcwxD5DsOQPYRXRNl3vgY5n6QOKIziiY5mBLA4F3VleO6u+HclP0sW46AnQS7jfKiOdxree3Jfn6AxhMuXxKgh7bNsx1NPpiVHtY0ci2/MctYsLKueAyVCtiDJnVQrZFuZXtYxVSUMP81i3Y5EvITdoIkFjmwRup9nFNGUC5XBnMExUQp1fD54pHy2//Xz9y1gfITdgsPWbnx3mPE8FRHNzF4BtJYKjzhXjSCQVtxUiXlS+NcWNRnhnCSsvCECoz70u6PptJJ+T5TLokseMm8CgWYnvBHxarW3FDFi0usJpuRBUXzi4jmRXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UNYpppg2h+2eHEk5z4UBdx2YesTRYt9ouMwa0wt1fY0=; b=SsIla5by9Nm55nCIHFEo8bRHBl4M/VUJjp3WHXb8uc69tF7NeCWnlO7EEIJmgLGdvTeNLuGCh0zbGyT7zeY66UL1d84JRh6gqMOeEA+C5AFwM/rBAoQYG2q2SqdIJ6uqe2ljhZ+5GvF1d20s3IydBRRt5Y8PPGF8S+AA6L8yGUfioZMwXni8O5WmZfJcjV+BjTlN/l+vSN1S60QLeS97lbD6BHQkSWakH3stUMj2DYJITs+oed8V3Q9w3hbC7UpsDbfc+ojqIbSB4PjqPOxikD4pq3GjhfGWTqU99dqCEumcyV4vpC6c5D012MvFnq5PiydBZ9xpq1nqSeGpLMu7mg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UNYpppg2h+2eHEk5z4UBdx2YesTRYt9ouMwa0wt1fY0=; b=VE5Ku1ZUZ5Hzt5iy0u/xOIG+sAVLHR59a+jrXcQa5/vFTFSPvgCE06zFq0rLqBd3yGhOUa4OeKd18FjtA8Uv9igzxidf2rCxV/KdAz20FUGeCJkZFkKqEY1n7c1pxqqWytjzV1etav8qDQMOzuZhCpOGQacx3jjW0a8P5Pss68s=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB4801.eurprd08.prod.outlook.com (10.255.96.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.21; Thu, 27 Feb 2020 17:18:30 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::9807:78f0:434f:2b9f%7]) with mapi id 15.20.2772.012; Thu, 27 Feb 2020 17:18:30 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>, Adrian Shaw <Adrian.Shaw@arm.com>
CC: Koen Zandberg <koen@bergzand.net>, Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>, suit <suit@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Suit] Parameters and Commands
Thread-Index: AQHV7XQQQA0i3AEJykizdfj2dpCACagvGNGAgAAgvYCAAA9lgA==
Date: Thu, 27 Feb 2020 17:18:29 +0000
Message-ID: <817B5E95-C304-4AE6-A950-9514DDB2A3FD@arm.com>
References: <27913A6B-F42C-4AA9-8A7A-64B1D546C13C@arm.com> <5CBBCF38-5431-4BF7-891D-E4451ECDEAC5@arm.com> <D2CE89E8-BCBA-4BBF-BCAD-2A2C2A558786@arm.com>
In-Reply-To: <D2CE89E8-BCBA-4BBF-BCAD-2A2C2A558786@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 3022e83d-6c65-470e-6a80-08d7bba91524
X-MS-TrafficTypeDiagnostic: AM6PR08MB4801:|AM6PR08MB4801:|VE1PR08MB4718:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <VE1PR08MB47186B56FF3435E344B27B699CEB0@VE1PR08MB4718.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:3826;OLM:9508;
x-forefront-prvs: 03264AEA72
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(136003)(376002)(366004)(39860400002)(199004)(189003)(36756003)(4326008)(4744005)(33656002)(5660300002)(186003)(6506007)(86362001)(53546011)(26005)(478600001)(71200400001)(2906002)(8936002)(76116006)(6486002)(8676002)(2616005)(66946007)(66446008)(66556008)(66476007)(64756008)(6636002)(54906003)(6512007)(110136005)(91956017)(81156014)(316002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4801; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: FgCVhsyYvCwbYvRP1Q8NnDCT1JwfjwAdAZz4DE2JGa7vK39/YWqRRvVdjVvZxPLcXMSHUW54C+FMeTaTwMGfq3ve8utsFD4xZk3sfYaoBdG6Gm09NGbYw3Hlmk9T6dU+Kd4U6vFrrzMVPwNh2oOPRD84rdXko1OiasMOKLrfoK9sg8jc8Apu5sN/GkAFUcqllZdZuAXe4DjBDIVeO7pRi7dWPY5zxwvTD09nCda/t8sGC/5HC7QxzRyG/FrYPJlqWUXNHm1KUVBydxeQBhvrs0lc+XYYRSlFUCZy3ZoA6qW3ZRM4oG7BpXDmH4K3ABp+BmvbM20vy0R+e5Tkh/B/lO1/5e1zheSGLz54I6ipk/ysJuzJbvl/rwCzsHqeEH+Z+mlX/YyXJ/FG3xRblovCeYl1c+uszBDbJzgfW98WKwSAcrdmU6rnrdthQcS1iHv+
x-ms-exchange-antispam-messagedata: dgoVvyJC0fKb7DmnZXp8esRcFE5/+FjD1047o6dAo8P32fFMjEz+wiH154YladxufznTIUbDb3X3u6WJGdXf0VJVSSom5UkUUQs2mLdZb36Adn8ZG5M5lY4LYny0rQav1r++bU+Q/A/4bFgI41ck1w==
Content-Type: text/plain; charset="utf-8"
Content-ID: <09A18764483FFA4EA1F1F7E5B1A94459@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4801
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(39860400002)(396003)(376002)(189003)(199004)(6512007)(478600001)(336012)(86362001)(26005)(186003)(2906002)(356004)(6506007)(4326008)(33656002)(2616005)(26826003)(36756003)(53546011)(110136005)(70206006)(6486002)(70586007)(6636002)(54906003)(8676002)(4744005)(8936002)(81156014)(5660300002)(316002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR08MB4718; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: b8f90ba5-718e-4f04-895d-08d7bba910b0
X-Forefront-PRVS: 03264AEA72
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: KJvU73aZfGgPJrcRArCBTzsEsiA2Sf/u9lwG+w7JTVwe0E/EH4Jw/+XiD2YVc7c30Y4ioDMW47r6LxZ/Cmg0aAZtRWrFr+0bjDE+xUwB36ytgFOG6F2frY2XD+MEIKdrd8/DqPa7F9W+uk8d7USpnUYHZb3YpTeCh3fWf+ha0qwG5nZLNgY+JCRxZbtzIql4Du3q68oL4vw4mb+mSJUBXU6+P1vt5B1htaihg74oNHhUNOGObtWRaAh+qBCiHolKVg4panDPn1YMvDDY5r0ibgANi/z4S4as4shzpuLEaiRR0xoaUGBDTE0Kc0yhRwf47ixTR18fcUAUK+rfrJFGDrMD2CPjiQOrQCjzlcHXbSiJv17vUd+WvCrXnK4snj56rpN57t9QXdEujxcRDZL7A5QE+JeOCuBg8nN2Jl1Dgh5V1RyZLkhbXe4qJe3iBDWG
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2020 17:18:37.4719 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3022e83d-6c65-470e-6a80-08d7bba91524
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4718
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/pBoLh4jPJImL0v6xqTGPLxOOTUc>
Subject: Re: [Suit] Parameters and Commands
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2020 17:18:47 -0000

Hey Brendan,

I'm having a bit of trouble parsing this bit:

On 27/02/2020, 16:23, "Brendan Moran" <Brendan.Moran@arm.com> wrote:
> [...] For example, BL1 loads BL2. BL1 trusts the author of BL2
> (which is the basis of secure boot).  BL1 executes the policy laid out
> by BL2’s signer.

BL1 can trust BL2 only after it has measured it, therefore "executing
the policy laid out by BL2's signer" can only happen *after* a
successful verification, do you agree?  If so, there is a temporal
mismatch in the logic above.  That, or I am missing something important,
which is what usually happens :-)

cheers!

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.