Re: [Suit] How are firmware and firmware versions expressed in manifest?

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sat, 06 June 2020 08:19 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDBF73A0F48 for <suit@ietfa.amsl.com>; Sat, 6 Jun 2020 01:19:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=SVk1PNIr; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=SVk1PNIr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZCCYiWoWpRPh for <suit@ietfa.amsl.com>; Sat, 6 Jun 2020 01:19:48 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60070.outbound.protection.outlook.com [40.107.6.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F139C3A0F46 for <suit@ietf.org>; Sat, 6 Jun 2020 01:19:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OV9EOIi6BUF/mLKUCA+gvAtARDUfesKU9R5sw85ikBA=; b=SVk1PNIr4RTNeoBHVS0SQJK4aVqAO7t08d4HuCOUDiM9eww8wbiIqLTkwfF7aLwonAWTCRGtC6fPCdnzoXddp7YNR2AxDFTPByXIPTw6Mg+o9y3eXs553BBpwFEUTnWXdhFOHZp4Osb0JZI9XOuReVjcRzoC1zt4N3MPCO63Auo=
Received: from AM6P194CA0058.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:84::35) by VI1PR0802MB2304.eurprd08.prod.outlook.com (2603:10a6:800:9f::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.22; Sat, 6 Jun 2020 08:19:44 +0000
Received: from VE1EUR03FT057.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:84:cafe::4e) by AM6P194CA0058.outlook.office365.com (2603:10a6:209:84::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Sat, 6 Jun 2020 08:19:44 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT057.mail.protection.outlook.com (10.152.19.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Sat, 6 Jun 2020 08:19:44 +0000
Received: ("Tessian outbound fb809da9b456:v59"); Sat, 06 Jun 2020 08:19:44 +0000
X-CR-MTA-TID: 64aa7808
Received: from db6a2ef3a420.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 14F8F9E4-8DF3-4C93-BC90-1C295D9D90B8.1; Sat, 06 Jun 2020 08:19:38 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id db6a2ef3a420.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sat, 06 Jun 2020 08:19:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MaXUSScWPgl7CI71gcLoW4ltkLNeEJlpgOaK5OqnkuwI+y11I8jh1RMDwdkT0fd+RcKvbAd5EuQE/TvxxnshqcPKsH7HcNHIdRTgk33kTbEKPrIh7nZjF3bWRd0ThBtOz4GFExFn0UY/ejM+KRZpXgEiocXv9RWCgQjvJlRhmatfF+xCiNdgRG/+BvoYEIUlmPRZZF8v1DmjVqn1VAvEbil6BHOIP2ut/7DUxmgk1iIQUq6z7PTz+Itj8IOoTLnswufci6S6EeC6hjMmdWdo8uJdOvkY+c/RACg+ArJkVXOI5EsIV4u6O+ZrPyUVy1fZouzbtOtLG+37FE+zCjGEIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OV9EOIi6BUF/mLKUCA+gvAtARDUfesKU9R5sw85ikBA=; b=mSNKymAfq4DQTW97xa3DtYa3laCQJuvB8PIRDYigEbtlEE7vXfoNE23I3uAPNQHuXomOsOg+U+icKtGfRhxcmKkft7774DUUuBEW/65KuqNb2LAAdl/t/lwx0OJndJbI8IOSNDuJT6B8ZulEOMRn9K9YNzGHZ61sP1TGDKFbRw0Dg7997PvqSARfCohEO/N3Ka5dCSSyg5yTI5NhJa9p5HfMVSbm9/HHUBU3dtxuy0VlfNgeE7xIQGgqe9Qw9c0JwaPnxLtDUkJC/KqZ375tVxu6estxGd6GHUJoD6qm/06aifv01Xj9l3klHcRj6z1MlDfZBTUJl8H5tZBe69HAnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OV9EOIi6BUF/mLKUCA+gvAtARDUfesKU9R5sw85ikBA=; b=SVk1PNIr4RTNeoBHVS0SQJK4aVqAO7t08d4HuCOUDiM9eww8wbiIqLTkwfF7aLwonAWTCRGtC6fPCdnzoXddp7YNR2AxDFTPByXIPTw6Mg+o9y3eXs553BBpwFEUTnWXdhFOHZp4Osb0JZI9XOuReVjcRzoC1zt4N3MPCO63Auo=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3684.eurprd08.prod.outlook.com (2603:10a6:208:106::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18; Sat, 6 Jun 2020 08:19:37 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3066.022; Sat, 6 Jun 2020 08:19:37 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr@sandelman.ca>
CC: Eliot Lear <lear@cisco.com>, Dick Brooks <dick@reliableenergyanalytics.com>, "suit@ietf.org" <suit@ietf.org>, Saad EL JAOUHARI <saadeljaou@gmail.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: [Suit] How are firmware and firmware versions expressed in manifest?
Thread-Index: AdY5iIX3N33NtGULTtOAukxF+Y4+yAAR9vKAAC3Wx2AAEkCYgAAahNIAAAZpzwAAAp+aoAAIpk6AABYvlVA=
Date: Sat, 6 Jun 2020 08:19:37 +0000
Message-ID: <AM0PR08MB3716939E832E5483CB8575EBFA870@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB371631B7C1E6B50DCA29049AFA880@AM0PR08MB3716.eurprd08.prod.outlook.com> <8b6d01d639d0$62614150$2723c3f0$@reliableenergyanalytics.com> <AM0PR08MB37166AD36B5AA36EA7D7CA9BFA890@AM0PR08MB3716.eurprd08.prod.outlook.com> <20437.1591317129@localhost> <1076601d63b3a$d53f5d90$7fbe18b0$@reliableenergyanalytics.com> <BF5D5E46-4A7C-44A7-8554-5DE1E03A3F21@cisco.com> <AM0PR08MB3716C555048993639B14D76FFA860@AM0PR08MB3716.eurprd08.prod.outlook.com> <5820.1591393073@localhost>
In-Reply-To: <5820.1591393073@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: c1c1ee65-9aa0-4ab9-adf8-3b705455a6ee.0
x-checkrecipientchecked: true
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.194.193]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: f18e0529-aa40-4172-bf5b-08d809f25e85
x-ms-traffictypediagnostic: AM0PR08MB3684:|VI1PR0802MB2304:
X-Microsoft-Antispam-PRVS: <VI1PR0802MB2304582C20D01DEFDA752CC3FA870@VI1PR0802MB2304.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:6430;OLM:8273;
x-forefront-prvs: 04267075BD
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: wqNxmVL8ICT9mxze/e1s6APDbsCJI5936nQaSirbwnJsI5rZ6/us8oE8QFVg99yOPgDU3Ct4zP/+gIlfvwp9beDdnIunFUBe707K6dLt9jY7r/ct0jgVRHSfTwu52D62VTDo6t95YI0v222kwj9VSW5t6cQU64aGfRUHY7fpbHOwAEybqtLoVnX20Eqw6jYx3IxewTB8UZSY9Asiijp7ccEGYSYq0ZfhG0096OO+qTF9g53A5LfLJj7eP+LsGiYYJt90U8rjm5SitGEhdYwtYV0ce9f5+YN8NQ0O2NvrEHnMo3tOOLSMt1pr/U3MiLrYj+YCx0kYQ7FxQMtDYhCQR1jfrqh9cm/kTrHgekITD0pWpIniU1Oc99F3rv1ifRGQQXQa9ekzLARnqDrLr3gAbg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(346002)(366004)(39860400002)(136003)(396003)(66446008)(83380400001)(66946007)(76116006)(66556008)(86362001)(64756008)(8936002)(66476007)(6916009)(52536014)(5660300002)(71200400001)(966005)(53546011)(26005)(6506007)(8676002)(9686003)(316002)(478600001)(7696005)(4326008)(54906003)(55016002)(33656002)(186003)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 5cog91js8vuOAJWDBqKrrkP6MeXVH3+0UOa5OkG45cXm/i4SNQa0Y3gyNE1lAy+rF8nH+gEtnADOXqWTM/q1C0v9em+y8AkJzZgM0nTnvrBh4y1R4QtFHRmLve8N80BzCXTAtqHnMNb4cxf0NblB0pV1PUoWj85IoJ/mVniy7KVjnytieLUGme1vnGcqIUII+xDxCM7uUyvRUI/DdlDfb694umUm1/l2l/pfC6QIpiZ/7odt1bobCAzUQWxE5cSdizmZXQ1GHA7k4Bv2VnKcvIqfC4fP8mKYUl5Kb6K8+M38fvXN333HytGALkPr4Y4/uIjK0fWhUugGuiGxI0bvVzCJUjcmQuzPgjoz/jOYpL2ewNdHCf41Hf5UHmWv1ec3URfkDcsQ4VlpwQzKpe75POsa63yOFtWlmp+4f03cZLmve4JUwurIFoXre0LGWijYq9E55zpafEAr8Ke/54aYH66r7LQ/J7v3txZ3aPLUBFUlmtFVccHKBQwCgQKcawq/
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3684
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT057.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(346002)(39860400002)(376002)(136003)(46966005)(7696005)(86362001)(4326008)(316002)(55016002)(33656002)(82310400002)(54906003)(70586007)(966005)(107886003)(70206006)(36906005)(356005)(52536014)(83380400001)(6862004)(9686003)(5660300002)(81166007)(336012)(47076004)(26005)(186003)(478600001)(6506007)(8936002)(8676002)(53546011)(2906002)(82740400003); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 614871db-7bc5-492a-6d2d-08d809f25a21
X-Forefront-PRVS: 04267075BD
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9mt4diAniik/8/klHNFSTjhIdhuWLDqQ5dDCjJwtcmNExffpeONxqZCauRsDZLjSYqEjGKHal1ohgxR2KCB0D+A8vkco2uzY8QqDu1N86FLVQjpXUWiER+FU7X2lVNSdbBl+IYHBX5eVRiNhUnTk5+AoSbAf7EV8N6tuvHlUWf4Kv21leIEhM1aBcjcrwTGk8qJDFW4aL+qhh1CEV71PpVXE/n6dIayPZIt5uQ0Y9nbairRmrvRD8qmu8okiehwBZC0sbeSlMlNLr6/lJHiKuPRQgmqbyJMp+Z7heJOpVL+8BWM7YNy9XI3tAzJQrTsawZLSht4PZK/O050Ab98dhUQ6APlFwwoL9Zjnu8o6RjmX/w4Ra6f+RFek63tYo/75uFWbf9ki8YpTxmEjq1ZRV28k55NgZMD8dPPRLCWFHJLCbazOE3Uu29O6i2JrMHw/0gLHL+4rGtQBozh1fxOrsQ9soSlrnttJxXLJ6gf2/Q4=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jun 2020 08:19:44.4404 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f18e0529-aa40-4172-bf5b-08d809f25e85
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2304
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ei5CGOtoWSbVqm4xEg9PGI9ISjU>
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2020 08:19:51 -0000

I think the BOM terminology is misleading because hardware is not software. The bill of material to produce an IoT product typically does not change (unless you desolder parts) while the software and configuration will regularly change.

Leaving that aside, I believe someone active in COSWID needs to clarify what COSWID does. My understanding was that it documents the software libraries on devices. Whether it would be " libcurl 1.0.2" alone or all the libraries that are used to build "libcurl 1.0.2" is a granularity question that the COSWID specs should / could also answer. That's why I thought it would be useful to have it included in the manifest (as supplementary information; as a severable field).

If COSWID does not do this then someone needs to explain to me what purpose it serves.

Ciao
Hannes

-----Original Message-----
From: Michael Richardson <mcr@sandelman.ca>
Sent: Friday, June 5, 2020 11:38 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Eliot Lear <lear@cisco.com>om>; Dick Brooks <dick@reliableenergyanalytics.com>om>; suit@ietf.org; Saad EL JAOUHARI <saadeljaou@gmail.com>om>; Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Subject: Re: [Suit] How are firmware and firmware versions expressed in manifest?


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > FWIW I thought that COSWID would provide information about the software
    > libraries on a device.

No, AFAIK, it just identifies the materials. (i.e. "libcurl 1.0.2")

Assembling them into a BOM requires another process:
  "curl 1.0.2" contains "libcurl 1.0.2", "curl-main",
                        "libssl 1.1.1f", "glibc 2.19", "pcre 1.0.2"

I could mis-understand though.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.