[Suit] Reference implementation of SUIT manifest parsing
David Brown <david.brown@linaro.org> Tue, 19 June 2018 21:49 UTC
Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE400130F37 for <suit@ietfa.amsl.com>; Tue, 19 Jun 2018 14:49:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlANHjX26A5e for <suit@ietfa.amsl.com>; Tue, 19 Jun 2018 14:49:03 -0700 (PDT)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78F18130E63 for <suit@ietf.org>; Tue, 19 Jun 2018 14:49:03 -0700 (PDT)
Received: by mail-it0-x22e.google.com with SMTP id y127-v6so15930877itd.1 for <suit@ietf.org>; Tue, 19 Jun 2018 14:49:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=7LbOVIDDj3oOR2VvGxr9XDDYx09g8Q6IJcdf38NO2AY=; b=YMV7+UAgDMKTLFL+LIfIUZ1OAHjk26UVA010oOXWvzlYF12tVzPqqmjAxiaNvImntF fbsOt3Y946ri2eq3EG/TxgDinBjay2t8Ea+I4pPqL4K+iYkFVYYFIuZfVpJ0sC2ZjhmV VUsXomm8i8lJc+G9R0X1Az6EjXqh4srC/A7uY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=7LbOVIDDj3oOR2VvGxr9XDDYx09g8Q6IJcdf38NO2AY=; b=GHF0WatmiUEbiH+bp1rla9C2+ocPCXTsS5JODP+brRdVshiDg7XdB+qJ0FSYwfm+cY /hgw4S38kMtjeQJ550OHLCthDRxb89DgBEpGkks/iera5xgwfhZbBI1rxXx27WqkddYZ srRSvEsgSow7oyQxsS+AXRu5REXcbbN8qil4ez/+XgdQKvf3ypQQyCSYfLNuvSVEkMbR +2AusOsvC1ZHxg/PEVJ2Jqbhx8cp3dHRUsEZ73NcZThol0QZ18140aIrAuU1l6Hb6Rvq k7g5vWodGeXsH6Tln6oWTrS+hAyahqMfflwsv3ZW+EsknzDZ5pvJWvm2v1YF/dKb9Fv2 wiOQ==
X-Gm-Message-State: APt69E01QIYKIfuQCiAYJRDY1ycwWUeD1NAT3HGSRBNgB3FC0Sct5qU1 8Uy1PhokxyDiJkVh9ya8biNLQUfPvHc=
X-Google-Smtp-Source: ADUXVKKV1OpX+DeWWM4teImdqEdFz4U5/pRUTV6ndOHyAxGe+XomnOvBOy290MbRscKR2oqgB8oaqg==
X-Received: by 2002:a24:a089:: with SMTP id o131-v6mr14281050ite.149.1529444942444; Tue, 19 Jun 2018 14:49:02 -0700 (PDT)
Received: from davidb.org ([2601:283:4300:987c::9]) by smtp.gmail.com with ESMTPSA id p20-v6sm5305210itf.4.2018.06.19.14.49.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Jun 2018 14:49:01 -0700 (PDT)
Date: Tue, 19 Jun 2018 15:48:59 -0600
From: David Brown <david.brown@linaro.org>
To: suit <suit@ietf.org>
Cc: dev-mcuboot@lists.runtime.co
Message-ID: <20180619214859.GA4341@davidb.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/z69_IKbijYTEqHsARAVGe1bK4WM>
Subject: [Suit] Reference implementation of SUIT manifest parsing
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 21:49:06 -0000
At the last hackathon, work was done on implementations of the SUIT
manifest format. One way to describe this kind of work would be as a
reference implementation: something that could be a starting point for
anyone wishing to use SUIT to develop something.
However, I had to limit my involvement in this effort, because some of
the code being used was covered under the LGPL 2.0.
I'm wondering if it would be useful to develop equivalents of this
code under a license that would be usable by a larger audience. I'm
actually having a pretty hard time understanding how there is any
audience for bootloader code covered under the LGPL.
A few of the reasons that the LGPL doesn't work for me (and I believe
doesn't work for many of the current uses).
- The FSF considers the Apache 2.0 license to be incompatible with
the GPLv2 (including the LGPL).
- The Apache Software Foundation considers GPLv3 to be compatible in
only one direction (Apache 2.0 code can be linked into an
otherwise GPLv3 application, but GPLv3 code cannot be brought into
an Apache 2.0 project).
- The Apache Software Foundation considers the GPLv2 (including
LGPL) to be incompatible with the Apache 2.0 license.
- By Mynewt and Zephyr are licensed under the Apache 2.0 license.
Mynewt is an Apache project and would fall under their constraints
of forbidding the including of any code under a GPL license. The
Zephyr project requires included code to be under the Apache 2.0
license, and occasionally will allow other more liberal licensed
code to be included.
Regardless of the above, I see a conflict between the LGPLv2
requirement that the user be able to modify the LGPLv2 licensed code,
and the general purpose of SUIT to enforce that only authorized images
run on the device. One of the purposes of a signed manifest is to
restrict the very action that the LGPLv2 requires.
My conclusions:
- libcose (and any other LGPLv2 code) cannot be used by Zephyr,
Mynewt, due to policies by these projects. At best, it would end
up being something that end users would have to incorporate, and
SUIT support would not be able to become standard support on these
platforms.
- libcose (and any other LGPLv2 code) cannot be used by Zephyr,
Mynewt, mbed OS, and MCUboot, due to incompatibility between the
LGPLv2 and the Apache 2.0 license. (Specifically, I do not
believe the current mbed OS SUIT work is allowed).
- Very few of our end users would want to meet the LGPLv2
requirement allowing end users to replace the firmware.
Specifically, those users desiring signed manifests to ensure only
authorized images can be run are likely intending to prohibit end
users from running their own versions of the code.
I've tried to avoid even looking at the libcose code (and making sure
to look at licenses carefully) since it seems likely that I, or
someone working on Zephyr or MCUboot) will need to implement COSE
support in order to support SUIT.
David
- Re: [Suit] [dev-mcuboot] Reference implementation… David Brown
- Re: [Suit] Reference implementation of SUIT manif… Carsten Bormann
- [Suit] Reference implementation of SUIT manifest … David Brown
- Re: [Suit] [dev-mcuboot] Reference implementation… Dave Thaler