Re: [Suit] self-describing format vs fixed/binary manifest structure

Re: [Suit] self-describing format vs fixed/binary manifest structure - boot vs update

Martin Pagel <Martin.Pagel@microsoft.com> Thu, 20 December 2018 01:46 UTC

From: Martin Pagel <Martin.Pagel@microsoft.com>
To: "Kvamtrø, Frank Audun" <frank.kvamtro@nordicsemi.no>, Carsten Bormann <cabo@tzi.org>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>, "dev-mcuboot@lists.runtime.co" <dev-mcuboot@lists.runtime.co>
Thread-Topic: [Suit] self-describing format vs fixed/binary manifest structure - boot vs update
Thread-Index: AdSYAVK0JYVOCwHMSVi0tSz1gOtoCQ==
Date: Thu, 20 Dec 2018 01:37:19 +0000
Message-ID: <DM5PR21MB069876E14E173559142747CF9DBF0@DM5PR21MB0698.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mapagel@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-12-20T01:37:17.6361866Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:8:325d:971b:ba65:d4db]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR21MB0795; 6:OnCqA1NR5nJYmcL0AIY25nEbeGU9Qc1cgFdBfEF/E1S8wBgw/QlHFmEt1r/2w9pfjmzEjXl3A+poRgXX6TF5aQnS/VQIzwvGAM2YhwMNuZ60qJ+9/gQryAmJ9odVYSKfDPsRXqcgRVrh0w3KO1+MWdqAvTj5rSP+v1Ddsxjj5T3APBtjg9qD7Czuv5YjhIyYj1/3ZCEECa0bK5IslROIKGdmkMwZN9vDWXUPX0LoAvHw/mSoJh8VnZXypk/C0EOVk7YdbmwilKYXaOaZtr7iWlg0i2/2wk9+S8PkwVJI+UcbewqSJmKjaumBva2KgUNR5si/K+mWjj0xuYuFICJU6pPxZ8npS2tSqWjxKtgIQogxXAdiFBwyyi5x/KQvaPEs8hEIKxfiQaoAF30hooPpHoLITp75jMSJByHXrX8WONgssGyuluFugbOVVc4ZqGkGe/HqF8nIjbAQ+qlebGs6ow==; 5:cNV/0Qe6824jREExNDDTQ1PtYD1RAKefXVCT34BjuLGYkZTW2O6PT7gcUAm9Lc/yhcpdHScJ5bZEgm/Oc+cMsY9cG+KrLbmdM+cLsq1l5Eb0zwgpeGhKVRF0KAj0EpbyIDdYA0zUmkuPdOVOUdDuGdiSaBmQb9utSxa/w9l8iUI=; 7:19xSKeStf5oIl5ueT9ldTk2o6r8Ku+jGR5RHSXPBSyX51a/Q1HclHaGjjBizDtPjwJGyPqQGCetp3Tj8Uk6ABqcvLszPVixrvHDuxYOhgt2xWv5MBeBsd3on0dfaGfMpZJFUYR47jgVU+aZ9QHLcuQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: bd7b7a08-408f-4723-6cbf-08d6661bae7a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DM5PR21MB0795;
x-ms-traffictypediagnostic: DM5PR21MB0795:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DM5PR21MB07953AADFD88EE4502AE54AD9DBF0@DM5PR21MB0795.namprd21.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(999002)(5005026)(6040522)(8220039)(2401047)(8121501046)(3231475)(944501520)(2018427008)(93006095)(93001095)(10201501046)(3002001)(6055026)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:DM5PR21MB0795; BCL:0; PCL:0; RULEID:; SRVR:DM5PR21MB0795;
x-forefront-prvs: 0892FA9A88
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(376002)(346002)(366004)(39860400002)(51444003)(85644002)(13464003)(199004)(189003)(575784001)(86362001)(4326008)(105586002)(71200400001)(71190400001)(2906002)(4744004)(86612001)(46003)(25786009)(14444005)(256004)(106356001)(486006)(10290500003)(6246003)(33656002)(561944003)(99286004)(5660300001)(72206003)(229853002)(478600001)(6306002)(9686003)(316002)(476003)(6506007)(53546011)(22452003)(54906003)(110136005)(74316002)(15650500001)(966005)(7736002)(6436002)(8990500004)(68736007)(55016002)(10090500001)(7696005)(53936002)(305945005)(81156014)(186003)(6116002)(14454004)(102836004)(6346003)(8676002)(81166006)(8936002)(97736004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0795; H:DM5PR21MB0698.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Martin.Pagel@microsoft.com;
x-microsoft-antispam-message-info: Fgm+MdAgt//42dkLLOxvBIJ/sw67n//Q/EvGWQsnEwkG8jcVmhaNADwHH1h+g97y8LdIihEewMYTPnTMUXrNcEJT+eDfYueJQK4LXuRGKdATnpY0kq6d1IXY/zFfyw6t4AytYOmgdFwI4oxJaiSIzbviwTV3qufj6ScZRVUqmBprvtSGD02/nRnLC0OAPTlAvDyon1Kk9MECPupjQhzy9OiIFARAVF45XL1JJbOwadbzDqRH7d+z4N2cHUMh9kAmEpT4tFvkDhavQeAzPrFfU2W3S3zXz5VKuhzq0WW8JdlcLaAHaIESxr9y3IER73mP
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bd7b7a08-408f-4723-6cbf-08d6661bae7a
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2018 01:37:19.5321 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0795
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/BfxkCaztRBtMtFRYSWFKJOfkkAw>
Subject: Re: [Suit] self-describing format vs fixed/binary manifest structure - boot vs update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 01:46:41 -0000

Frank, 
If I understand you correctly, you do support a packed binary encoding to keep boot process lean but not as an update manifest. I believe there is an advantage in using the same structure for both processes, in particular constrained devices with a hardware crypto accelerator. Both processes would benefit from lean implementation and shared code would further reduce implementation and testing efforts.

https://tools.ietf.org/html/draft-pagel-suit-manifest-00 proposes such structure. Yes, it does provide versioning to allow for future expandability. 

Again, I could see that a CBOR based manifest could be converted (and resigned) by the Update Server to generate such lean format and then made available for the device to update itself as well as for boot validation.
Martin

-----Original Message-----
From: Kvamtrø, Frank Audun <frank.kvamtro@nordicsemi.no> 
Sent: Tuesday, December 18, 2018 8:58 AM
To: Martin Pagel <Martin.Pagel@microsoft.com>; Carsten Bormann <cabo@tzi.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; suit@ietf.org; dev-mcuboot@lists.runtime.co
Subject: RE: [Suit] self-describing format vs fixed/binary manifest structure

I didn't have a specific e-mail to respond to with regards to the proposal for using packed C structs, but the discussion has gone on for quite a while and I don't believe it is very fruitful. I hear security experts have been mentioned in previous threads, and I want to point out that this is a logical fallacy called "argument from authority". If some security experts want to comment on this, then please add them to this discussions so we can discuss the issues first-hand. Or else the claims are difficult to argue against. 
The authors of this draft come from many different forums and I expect that the IETF SUIT working group is packed with security experts. A base tenet of this design process it to adhere to threat based analysis as well as using sane standardized methods of cryptography and security. Packed C structs raises a few flags for me, security wise. It is ad hoc, and I fail to see that this approach can be certified to be secure. Especially since the content will differ on many devices.

Please note that I don’t intend to be unnecessarily negative. I've used
18 of the 32 most known serialization formats (according to Wikipedia) myself.
I've even done the error of writing two proprietary serialization formats. 
The main reason for writing my own was either to be more efficient or to be more secure. I now know that I was mostly succeeding with the efficiency part.
For the most part I believe that we don't need another serialization format.

I don't think that packed C structs is a valid approach in an IETF standard. 
The formatting is not interoperable or interchangeable. I expect it to only work on one device with one configuration, which is asking too little from a firmware upgrade mechanism. I question the alleged security benefits that has been alluded to in previous e-mails when using packed structs. Simpler does not mean better, especially when you have to come up with a proprietary system for versioning to handle interchangeability, and a custom interoperability information format to ensure that the data isn't misrepresented or misused.

I want to note that I am not arguing against using multiple serialization formats in context of a complex firmware upgrade mechanisms. This may be the only way to support firmware upgrades for heterogenous systems that needs to be upgraded in unison. We have discussed this in previous e-mail threads covering payload encoding and NUMA/UMA architectures. I do take issue with an intent to describe manifest data using a non-serializing serialization format, without the exactness that I would expect when encoding and parsing data sent over any medium. That includes support for versioning and optional fields that can be skipped as well as a schema to understand how the data should look to be valid.

The method of having parts of the manifest data in a binary encoding instead of using the full IETF SUIT manifest format may make sense in context of a simplified boot validation. This is the case if you are reliant on an external security chip that only supports one format of data (e.g. ASN.1). A specialized boot validation process can even be encoded in a simpler manifest format than the full IETF SUIT, to keep the boot validation parser lean, and to ensure that there aren't any ways to hijack this sensible part of the process

> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Martin Pagel
> Sent: 14. desember 2018 17:28
> To: Carsten Bormann <cabo@tzi.org>
> Cc: Michael Richardson <mcr+ietf@sandelman.ca>; suit@ietf.org; dev- 
> mcuboot@lists.runtime.co
> Subject: Re: [Suit] self-describing format vs fixed/binary manifest 
> structure
> 
> Different MCUs support and need different image formats, crypto 
> algorithms, keys, software components etc.  The Update Server already 
> needs to understand the capabilities and needs of the MCU it wants to 
> update, there is no generic way to update any type of MCU. The 
> question is how to transfer that MCU specific data to the MCU. Two approaches have been proposed:
> 1. The Update Server generates a CBOR representation to pack the data 
> and the MCU applies some type of CBOR parser to unpack it.
> 2. The Update Server generates a packed C struct the MCU can just 
> load/map into memory.

First I want to understand what an update server means is in this context. I don't see its role clearly stated in the draft documents. Maybe this is something that we need to be more explicit about in the architecture or in the information model. I feel you are mixing a concept of manifest data generation (with signing) and the role of hosting a firmware upgrade on a server. The key reason I believe this to be the case is that you state that the CBOR/packed C struct is server-generated. I think that this is not possible if you want to support the multiple signer requirements as described the information model use-cases, as well as the broad description inside the architecture draft.

There is a similar concept described in the architecture draft that has some clearer restrictions in usage. This is the "firmware server" concept, which is described as a server that holds the generated firmware images and manifests en route to the device where they are to be applied (either through push or pull).

The use of the term update server to describe encoding mechanisms begs the question on how to allow the device operator and the network operator to authorize a firmware upgrade in a combined signing operation. If support for multiple signers is needed, I assume the full firmware upgrade instructions is either a combination of multiple manifests that are individually signed or a manifest that has multiple signers. The key here is that the signed material can't be altered or else it loses the signers authorization. This makes an "update server" with generation capabilities difficult. Changing the content on an intermediate server breaks the concept of multiple authorities. 
Limiting the capabilities of the firmware server to pure device management tasks ensures good end-to-end security in the firmware upgrade process.

Using a well-defined serialization format is beneficial to a firmware server.
The firmware server can authenticate the content, e.g. by looking at "best before" combined with signature validation to ensure the addition is not part of a denial-of-service attack. It is also possible for the firmware server to decode information about the vendor, class and device ID to ensure the correct device gets the update (in a push scenario). This is data that is described in the IETF SUIT manifest format, and if this is serialized using a standardized format it becomes much more available for any intermediary actor in the overall firmware upgrade process.

Using a well-defined serialization format is also beneficial to multiple signers, as parts of the content of the full firmware upgrade can be dealt with remotely, protecting each signers private keys. It also has clear interoperability benefits, as you only need to follow the standard to create your part of the combined firmware upgrade instruction.

Using a packed C struct approach removes these flexibilities. In some cases it even demands an additional device management information outside of the scope of what is defined in the IETF SUIT to facilitate the firmware upgrade. 
This is a very bad thing for the standard. I don't think you can even call it a standard in that case...

> 
> Yes, the first approach might be a bit easier for the Update Server as 
> it doesn't have to worry about byte alignment etc, but I would rather 
> put the burden on the server rather than the MCU in particular if the 
> MCU needs this data to boot. As the Update Server already needs to 
> understand the target MCU, it might as well understand how to pack the 
> data in a way the MCU can easily digest. If I would have to develop a 
> tight boot ROM, I would favor the second approach.

I whole-heartedly don't favor the second approach. It has been mentioned before that here be dragons. Let me try to exemplify some dragons:

-What kind of endianness have you compiled your data to be in this build?
-What are the actual type sizes you are compiling with? Can they change?
-What about alignment issues on the packed types? Will you know when you got  that wrong in a graceful manner or will you just hard-fault on unaligned  access?
-How large are the enum types in your compilation? Should you disallow enums  outright due to potential interoperability issues?
-What happens when you need to amend this format to conform to an issue you  have discovered? 
-Is there a schema to conform to and how will you deal with optional features?

If these issues aren't addressed in the format of the data then usage could very easily lead to undefined behavior and potential crashes. There is a real risk of bricking a lot of devices if you get this wrong. And it can come with a change of the compiler/linker or by setting one faulty define in your build system. I believe the minor convenience of a RAM loaded RPC format is quite easily overshadowed by how restrictive you need to be to ensure that it doesn't lead to failures without any warnings.

All compatibility and interoperability issues can be avoided by using a real serialization format. For a list of alternatives, please look at the following link:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FComparison_of_data_serialization_formats&amp;data=02%7C01%7CMartin.Pagel%40microsoft.com%7Ced6b7c5a58b3435c261b08d6650a016c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636807490989019277&amp;sdata=qaBP7Rs3ky5I27UVV42xbYuoyaB9kCMgSa4ow0O45nQ%3D&amp;reserved=0

IETF SUIT has picked CBOR as the standard and I have no problem with that (TM).
Depending on the complexity of the manifest format, it is fairly easy to create a parser generator that uses the CDDL schema as input.

If you want a fast binary encoder then you could look at https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcapnproto.org%2F&amp;data=02%7C01%7CMartin.Pagel%40microsoft.com%7Ced6b7c5a58b3435c261b08d6650a016c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636807490989019277&amp;sdata=3kK467sWHhzm0sggw9M20gvAe7IjqcfTN7pspuK2AmA%3D&amp;reserved=0
It has all you need. Like many other binary formats, It has not gone through a full security review. But at least it addresses the interoperability and interchangeability aspects. It is eons better than a simple packed C struct. 
It even conforms to a schema, which is apt in case of having multiple versions or differences in supported features.

The rest of the e-mail has been skipped as it has some invalid formatting with regards to who says what.

With regards
Frank Audun

Re: [Suit] self-describing format vs fixed/binary… Martin Pagel
Re: [Suit] self-describing format vs fixed/binary… Kvamtrø