IETF Logo Mail Archive

Re: [Suit] draft-ietf-suit-trust-domains: proposal of new command sequence

Brendan Moran <Brendan.Moran@arm.com> Wed, 20 December 2023 15:14 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3243AC15108A for <suit@ietfa.amsl.com>; Wed, 20 Dec 2023 07:14:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b="yrXrkJ9g"; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b="yrXrkJ9g"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qOKq4f_MJKNr for <suit@ietfa.amsl.com>; Wed, 20 Dec 2023 07:14:21 -0800 (PST)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2065.outbound.protection.outlook.com [40.107.104.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72DF4C151089 for <suit@ietf.org>; Wed, 20 Dec 2023 07:14:18 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=Hq5toAgJyeayFVv0ypOx1w6zoNVuYGkWnMfelJIs9Yb1nAcQ0psThvs3OhgXb/8u1YtgjqPZxzK+Vnscr6z8a6z3L37LqGcrzngHxFXxQy+6arYsuqanB19FH0Lpwffwgm9u1+W3bXFhQGNRUzCg9ms7wcryvkpA/m9NOxqfDWkmimbMcKEQYVAqIU7XLrEj84GNbnwstYxvkh43eLmLAa0IkPE0QazivpyplwvUItK1EJ0hZq6dVTg7ZOpTUJpSosQEfmbXpiNozxi8Jjv/o2JEzLT68d1pDV+kKnQ9ymUIz3x0gFHPHFe8Vacx60jKNE9Y/rozeR7l2zy+JOPJ3w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8Q/WRWgLvTDO7whQxg6Fr5Q9hwZxpnamSzmjTrb+Xkw=; b=IQwAJwyb7nE/1vbN0AO6d0HpFaqdP7LBX86S7iyPHSIYGkrRWYc7X4S2aXORlXWTNkuDPQyoPlUpCg6WegC2X9WVHWyctEhQQn2nAppSvplFkkm3ZjQbvtPbEJj1QMXpDiekp7ZypYXQBUU3RigGeiCWs2p2r0mPrMPh8svFcc4v56Z3GnQt8pIij6isSejaqXtED5DNOyfxFHoeWWSj+UtdgYZNmUk4Er9oDzvM4B1V7wYzvxbJiWVEd9qHRizZXXxFoP9Sm1py04yJygyIAwPvtP/Un/PKPP726Wfs2HM0V51vg/hX+fA8ZTFZ6JHMkcL2q6TxmW4N7b/bFnZDKQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Q/WRWgLvTDO7whQxg6Fr5Q9hwZxpnamSzmjTrb+Xkw=; b=yrXrkJ9gID1Fql83cu+bQ2XiBBQCvGl/xqDFwYK3QT5HU8UQ6Yeb1Oznpkyrf8H6QCu48aYKoL4YahxoGLCrst5YeTGh9iYRgeBiox/1ZXOBs5qXPPnDpua4Ff4iDav8RgU6eLVqs3fUJzeUQAepANcz+w2jCAObrShuioJhRr4=
Received: from AM6PR05CA0031.eurprd05.prod.outlook.com (2603:10a6:20b:2e::44) by GV1PR08MB7347.eurprd08.prod.outlook.com (2603:10a6:150:22::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.18; Wed, 20 Dec 2023 15:14:15 +0000
Received: from AMS0EPF0000019E.eurprd05.prod.outlook.com (2603:10a6:20b:2e:cafe::9c) by AM6PR05CA0031.outlook.office365.com (2603:10a6:20b:2e::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.38 via Frontend Transport; Wed, 20 Dec 2023 15:14:14 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AMS0EPF0000019E.mail.protection.outlook.com (10.167.16.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.14 via Frontend Transport; Wed, 20 Dec 2023 15:14:14 +0000
Received: ("Tessian outbound e243565b0037:v228"); Wed, 20 Dec 2023 15:14:14 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 5ab9ae6f1f39eb8d
X-CR-MTA-TID: 64aa7808
Received: from afde336ad27a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id F7145532-06F5-4DF8-A1C2-F6AAB621BB07.1; Wed, 20 Dec 2023 15:14:07 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id afde336ad27a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 20 Dec 2023 15:14:07 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q+JlEZ0JVTMENwzt9zmQvsjISliJK3xXBEJylolc6FB9Bw4xTxWhxzpl+y1h8ejzLDQG72NT/tsGgNj0qgarYdzWbeDLbMCFBdyyjCbpgVA8WCrgJOBBV2dzsqA8F63m89BuHhw75GCcMS7Eij+aBgOJfh7riB4EDXV1lklZZmmI0kaXd5arX1F5/0Px2UIFN5GZsjXkFQkjiGKPSy8yhUcSel6lo+mq5QqvbdgdoFz6zx6ojTm45L8YJ1uTXGW0Sm7hW5YxsenJ6CwoRQ3U/izdGnAJxL3FH9xalLAVhqSPMD7f+yRGmBSItSQtCfvVifXkcTGgr2mptwUSxbb68g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8Q/WRWgLvTDO7whQxg6Fr5Q9hwZxpnamSzmjTrb+Xkw=; b=IRc1cKugrsJtLTnmAVyVLL3Pfe+7UTV9e9KNsd4sE8eKHtxbK6Hq5LNzGCupKkZ6t+L44vINFbPV2Z4PlhJpteExwdMtdE6mu0kas8M0vxVeXND/hr/ZDJIoBLcTG8D5W7z9aFs6Mz5qxhvO0fGzmgnHbwOKzZ9yMIBdXS101BWjoA/fVF6+4cm0N4SxYdi8aAss6BFnkaxva/ABU17NmjYxUQwF6tvGTsIJoQ+YtseIavd+gKWIFt/V4U6Rx8beZIQq/QH0dxPJ7RsFt3y6dkglJvXEn9zv+iTMb+xi5lPMcLw4lEn5dn/8l7dgdYc6zLjHrV3IpFGyziGDrdY1lQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Q/WRWgLvTDO7whQxg6Fr5Q9hwZxpnamSzmjTrb+Xkw=; b=yrXrkJ9gID1Fql83cu+bQ2XiBBQCvGl/xqDFwYK3QT5HU8UQ6Yeb1Oznpkyrf8H6QCu48aYKoL4YahxoGLCrst5YeTGh9iYRgeBiox/1ZXOBs5qXPPnDpua4Ff4iDav8RgU6eLVqs3fUJzeUQAepANcz+w2jCAObrShuioJhRr4=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB9PR08MB6363.eurprd08.prod.outlook.com (2603:10a6:10:257::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.18; Wed, 20 Dec 2023 15:14:06 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::96d8:24cc:e99b:ec17]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::96d8:24cc:e99b:ec17%4]) with mapi id 15.20.7113.016; Wed, 20 Dec 2023 15:14:05 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Kończyk, Sylwester" <sylwester.konczyk=40nordicsemi.no@dmarc.ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: draft-ietf-suit-trust-domains: proposal of new command sequence
Thread-Index: AdozF/DOyCDWPu2LSwmnIhxAAOCOKwAPuwVU
Date: Wed, 20 Dec 2023 15:14:05 +0000
Message-ID: <DBAPR08MB5576FEBEC9ADFCEFFA5C9F51EA96A@DBAPR08MB5576.eurprd08.prod.outlook.com>
References: <DU0PR05MB1007598D80C708EF5E31D6C1FF196A@DU0PR05MB10075.eurprd05.prod.outlook.com>
In-Reply-To: <DU0PR05MB1007598D80C708EF5E31D6C1FF196A@DU0PR05MB10075.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DBAPR08MB5576:EE_|DB9PR08MB6363:EE_|AMS0EPF0000019E:EE_|GV1PR08MB7347:EE_
X-MS-Office365-Filtering-Correlation-Id: b09c06e5-9df5-4257-40fc-08dc016e5416
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: q267WIJADPYe8hNFqZY6vIT1bQCRiYxwkuEYHaQInJjaZT5b0V6/2VpKmY/xhp3JCvDsJOyXj2Ex9J8yOGzEYx0IlVnDe50r/fkGdIdI32llThOYPhbB2v2blltKUNIqakvPPwkwOjjjvRz5Bjm09egdh+oldJJK4jA+vMIBqRn8+rdC50vgdheAv2VkxRnkioAAPKlu5l8lYhTjag6OYJ0ogzUSmgJI+KtmdhtDQwhbtk+3pDEq7ATLDBzAr/VYk979Zglv/xu2vWFW/Sc1MBHdOIxtkg2Wi/GuI4UdHudVXsnt3EDhRQzQQOSJpIrhjyr5aDSoLnr/1NJ7aVZk1VH7E0U6na262v5FtsRK2zUpIRvDK5C3UPJSnEBMpPR61LNSipHRQpvKSlm2KRptk7dkbywmiiyb5A97Y1z1e0uoal+f7jZ+33afWB3nJ3oWHKZb7vWgochSIZR6dOTzPS1rKGnNgnu+2fTVh6XzgdQ0rKK2ibcNlYgdgHS0tYQIvGqe3SmU9uUKxcFhrux9sP8ScebswAfAJU/+qEdaCtI3IMUPoe3WrpV0aQGJ63CUBk4Gv8eCmgL3y7F4sTvMPqO9eFWGZqajAtB2QU15Qp+7pcZ7IGJtxP6EONlgkzeGogElQ9E8l4K75xm+7jsouA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(396003)(346002)(376002)(136003)(39860400002)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(52536014)(122000001)(38100700002)(2906002)(8936002)(9326002)(166002)(8676002)(3613699003)(5660300002)(38070700009)(478600001)(26005)(41300700001)(966005)(66574015)(33656002)(71200400001)(9686003)(6506007)(53546011)(7696005)(83380400001)(55016003)(66946007)(86362001)(66446008)(66476007)(66556008)(76116006)(64756008)(316002)(110136005); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DBAPR08MB5576FEBEC9ADFCEFFA5C9F51EA96ADBAPR08MB5576eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6363
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AMS0EPF0000019E.eurprd05.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 4963748f-de9a-488e-e199-08dc016e4e6e
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 0TX1WeCMnwZZJ0qHDEVKMpxEc6QuxAbb/qLf9rk8Azn4I+2U/smAS2RMfl1G1DytJ6NDU19Lt+X9AcgwRdigg4c6GbMUAzGfh1IJY2meMUlvsg8LZ5pN4f61eMFnB0oEvU19Z65+ZIKTqS4MSlsOKLlee24vvuRsdlmA/26JbMeGOV3Yg1dvrQo4RnuMmU1la+tCrAf3TdlNsVGuS9GqTFBwX197AEolHEfZAk20sDs1bvNdl2NE0OavR8+Os2sylni5LCfbMvWaNMMEmY6saTk8AwMhQ8ULg8JOlACuT7jeaoEXt6bHW8uRy2Z/ipK67T2gZtpnif0XeXg0J4gaEo504qbLlRwIghgFNDbEmlwuThQpDJqoq53fUq5dKmTdJnrHwYGYaOO90GqxmhP338UqyRbITX0v8gPXwTqV5jNf1cYC/5NMRqpYoOfeNfaLC1j/aCHxX8dInAum15OP/AnmY0KJNOa7Ls9JbZdV1pHpWovIx3usKIcoJh9JyhCWRqHUEvJuxfFnK7592tJQ7SD+OW0MGPgZvMYvaQht0REs3U6Cb/HepVdRgvhBNhuT06ZTg7IePmkJEkyhc6POLNpJN2Oc0i0HavwB1yO0q272lmMh4L4wbl2HOuB65yeSmnKdWRm+6kDEz8B2h9oxZ68VeUEHxmjI5udO/9yCpO2lCoca9tg9cdGAZ0pExOvc2xij/TIB6Tj7wDPzPSFgoswzEqN0Pe7sZUiPUy87qGtPDxTeJevBneyeOs8+qMPD
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230031)(4636009)(376002)(39860400002)(346002)(396003)(136003)(230922051799003)(64100799003)(82310400011)(451199024)(186009)(1800799012)(36840700001)(40470700004)(46966006)(478600001)(110136005)(70206006)(70586007)(316002)(356005)(81166007)(166002)(82740400003)(41300700001)(86362001)(7696005)(53546011)(9686003)(6506007)(33656002)(5660300002)(26005)(66574015)(83380400001)(336012)(36860700001)(30864003)(8936002)(47076005)(9326002)(8676002)(2906002)(3613699003)(52536014)(55016003)(40480700001)(40460700003)(966005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Dec 2023 15:14:14.7761 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b09c06e5-9df5-4257-40fc-08dc016e5416
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AMS0EPF0000019E.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR08MB7347
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/zT2jC_PrA5EWwxuyQWQoB-UMBnM>
Subject: Re: [Suit] draft-ietf-suit-trust-domains: proposal of new command sequence
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2023 15:14:25 -0000

Hi Sylwester,

I think I understand what you're asking for. I'm not opposed to it, but I want to make sure that we're not adding extra complexity. Please tell me if I understand the scenario correctly.

1. The system is composed of multiple components in at least two trust domains.
2. At least one of the trust domains has secure memory that the other trust domains cannot access (a TEE).
3. The TEE has no network access and cannot download its own payloads. It also does not have a mechanism to stream data from the non-secure world.
4. The TEE has its own manifest processor with a component prefix as described in draft-ietf-suit-trust-domains, Section 6.4.1
5. The TEE manifest has at least *two* dependencies, each with at least one payload.
6. The TEE requires that payloads are staged in NON-secure memory (presumably encrypted).
7. The system does not have enough slots for a rollback in case of a broken install. ("update procedure crashes in the middle of ‘suit-install’ sequence executed on another dependency manifest, leaving the device in incoherent state.")
8. The expected workflow is:
8.a. The update client executes the Root Manifest's dependency resolution sequence, causing downloads of the the TEE's manifest and its dependency/dependencies.
8.b. The update client executes the Root Manifest's payload fetch sequences, causing downloads of all relevant payloads to staging areas.
8.c. When the update client's manifest processor encounters manifests matching the TEE's component prefix, these manifests are sent to the TEE's manifest processor
8.d. The nonsecure manifest processor verifies all payloads (Maybe not? It should have done this during payload-fetch.)
8.e. The TEE's update manifest processor verifies all the payloads that are staged in the non-secure memory
8.f. The Update Client executes the Root Manifest's install step. When the manifest processor encounters manifests matching the TEE's component prefix, these are sent to the TEE manifest processor, which installs them into secure memory
8.g. When the sequence is done, the system reboots, verifying each component to ensure correctness before moving on to loading and invocation.

Please can you let me know if I don't have this scenario defined correctly? If I do have it correct, then I have a few questions:

In view of point 7, how will devices implement the robustness requirements defined in Section 4 of RFC 9019?
> Devices must not fail when a disruption, such as a power failure or network interruption, occurs during the update process.

In view of point 6, How will devices mitigate the TOCTOU vulnerability that exists between 8.e and 8.f? There are many potential TOCTOU vulnerabilities in the manifest processor (one is defined in RFC9124, Section 4.2.18) but they are, largely, mitigated by secure boot and the requirement to hold manifests immutable (RFC 9124, section 4.3.21). There is also an assumption that there is some form of protection (e.g. MPU) that can be applied to mitigate some of these concerns--it's generally not great if executable code is modifiable after a digest check. This, however, is different. When the digest check is done by the TEE, the code is still sitting in the non-secure world. The TEE then returns control to the non-secure world. At that point, anything can happen.

So how do we mitigate this? Well, there's a couple of options:
1. The staging areas that contain the TEE's staged images are assigned to the TEE and remapped into the secure world.
2. The TEE can have control of the MMU/MPU and enforce that the memory is not writable.

If the second option is used, then I could see it working. If point 5., above, is not true, then well-structured manifests (image check *before* process dependency, copy *after* process dependency) should be adequate to prevent an incorrect system state.

The original idea behind multiple manifest processors was that they would each fetch their own payloads and be responsible for their correctness at the end of payload-fetch, in which case there is no need for a pre-install-validate.

If it is mandatory that one manifest processor downloads an image to a staging area and a *different* manifest processor validates it in-situ and installs it, and that the second manifest processor has a manifest with multiple dependencies that have payloads, then I can see how we could need pre-install-validate. Is this your use case?

Best Regards,
Brendan


From: Suit <suit-bounces@ietf.org> on behalf of Kończyk, Sylwester <sylwester.konczyk=40nordicsemi.no@dmarc.ietf.org>
Date: Wednesday, 20 December 2023 at 07:45
To: suit@ietf.org <suit@ietf.org>
Subject: [Suit] draft-ietf-suit-trust-domains: proposal of new command sequence
Hi,

I would like to discuss extension of suit-trust-domains, by adding optional ‘pre-install-validate’ command sequence.

$$SUIT_severable-members-extensions //= (suit- pre-install-validate’ => bstr .cbor SUIT_Command_Sequence)

$$severable-manifest-members-choice-extensions //= ( ? suit- pre-install-validate => bstr .cbor SUIT_Command_Sequence / SUIT_Digest)

Aim of that sequence, executed right before ‘suit-install’ sequence, would be to assess that all payloads required for installation are in place. This is especially important in context of suit-trust-domains, where an update may be organized as Root Manifest and several Dependency Manifests. Lack of ‘pre-install-validate’ may lead to situation where components managed by one of dependency manifests are updated, but update procedure crashes in the middle of ‘suit-install’ sequence executed on another dependency manifest, leaving the device in incoherent state.

Already defined command sequences (suit-validate and suit-payload-fetch, suit-install) cannot help here:

suit-validate – its purpose is not to evaluate coherency of payloads in envelope or 'staging' components, but rather to evaluate the state of components involved in invocation sequences.

suit-payload-fetch – here explanation is more complex. Let’s assume system composed of several security domains, where one domain is responsible for fetching payloads (effectively executing suit-dependency-resolution and suit-payload-fetch) and another (second) domain is responsible for installation (executing suit-install sequence). Let’s also assume that first domain cannot be trusted by the second domain. In that case the second domain require some methods (like ‘pre-install-validate’) to validate completeness of candidate payloads before it starts an update.

suit-install – placing checks at the begin of suit install sequence would not work on systems organized as Root and several Dependency Manifests – in such case validation instructions would be mixed with installation (validation dependency1, installation dependency1, validation dependency2, installation dependency2 and so on)

Summarising, it's not impossible to solve the stated problems by other means, but this solution is in my opinion simple, effective, and hardly increases the complexity of the spec.

Invocation procedure is expressed by three command sequences, addressing separated concerns (suit-verify, suit-load, suit-invoke). Having similar clarity (and separation of concerns) in update procedure would be even more desired.



With Regards,

Sylwester

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email