Re: [T2TRG] T2TRG interim meeting follow-ups - draft-irtf-t2trg-taxonomy-manufacturer-anchors-00
Mohit Sethi <mohit@iki.fi> Thu, 15 June 2023 10:29 UTC
Return-Path: <mohit@iki.fi>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 553DAC14CE38 for <t2trg@ietfa.amsl.com>; Thu, 15 Jun 2023 03:29:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0kqIKV3sHCe9 for <t2trg@ietfa.amsl.com>; Thu, 15 Jun 2023 03:29:18 -0700 (PDT)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [185.185.170.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4CF6C14CF15 for <t2trg@irtf.org>; Thu, 15 Jun 2023 03:29:17 -0700 (PDT)
Received: from [10.228.32.130] (85-76-141-115-nat.elisa-mobile.fi [85.76.141.115]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mohit) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4QhdnQ2kQSz49Q1g; Thu, 15 Jun 2023 13:29:14 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1686824954; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eYxZkDZfLMYaUlD18BQKinz6+qulta3FA/668dXptZI=; b=Wz4mWSXl2F0idIyazI1C98roBZ45ILNlV/1BZN/6tblLvHFYOmR72AlOKjofgcJ6IKWzAW KkXEtdjFEs/jH7Hbemc6w+2liAjRefOaU2wh3f8h7Y3mHBm8q1uRVLVl60qMo1jhaSFTPg YfmcjHeTlBv6sAMFZ6vXOzU1JuNPAjTY5XM6n1R48m9JGN2p+LwhVk0er8noOt9J8/kFvq txy7Ai+Qz15yCzvV1Z2yaVOGe4L2HBUr073APvuE2hYGWl+RpjAZEtinY61HyOWelHh3P3 /5ovWMUjTYBsB8YWYKPkdjGs2eYNUHqESu8Kf6NpxjxUSnIgAkf/4UVZKI3m8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1686824954; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eYxZkDZfLMYaUlD18BQKinz6+qulta3FA/668dXptZI=; b=XF4mKxNdRu2DWYTLScxpjsUIx7FH8XcoOIqMt8A+fuoUH/sBLFzLjMeLvmrF8SPNaruxnx ZBsmdVkQwh7wtZGKYwtePNs1du5NXDRFb9SAEHWWhvwAa0txdEiSTWisrJJn8dYiXqNww2 KomfkO1IkfXxXrV+wiVMWtjLWdZPtretC1qSaQzV/pu+OhqvYTZb9D6bgK+CfLHbxcV8p0 AOwEfnzoHhpg0TVulijKo2XzkzlXU24hnaERbTaNQA7SiLr8lHls8IvWFAYlwyiZNz/pb4 R3/52vGS+Dyg7QX7wf+UZKTiXobvg2Uy6hVLgvHGmuZD6XjxOXgiJoXSRUCqJg==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=mohit smtp.mailfrom=mohit@iki.fi
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1686824954; a=rsa-sha256; cv=none; b=PMsErtyuaDYbd6RhPkcnSDTSqssbbEia8W7kkGH7ttv+mQ29yPFQZHFyQIUcjyXDCQYTFU Oa0elUvGWulLTGJfslHZI2wlk41K/uTrgch2+BZYHJToMInZTU2PddMdp4bgAYCibeD2Kd P8Jam2M0bL0Vnp6OiFUfc0JzOBgsGbscGn7RFWS9sJ943c9t5HyPHCfSzSdSW/m3GaZSki LUJ7vgazI93rqOvrAY49M0eNsE0X8CFxbSkB6Qt0QuWrqs16pSxWSC/bSfSICwYhrbjpm5 2QbK5/wAyv0YXvYY+h8jTyC3pNUKoA18tgFYHgfeuPPJbnr/59DY/DLPtIZbNA==
Message-ID: <904fa8e3-246d-2c1e-9993-2b1b427c37da@iki.fi>
Date: Thu, 15 Jun 2023 13:29:13 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, t2trg@irtf.org
References: <f5044374-4c61-a14e-619b-e2284b79d3d9@iki.fi> <2039f4ba-4ffb-821e-a4c9-23257fa8e88c@gmx.net>
From: Mohit Sethi <mohit@iki.fi>
In-Reply-To: <2039f4ba-4ffb-821e-a4c9-23257fa8e88c@gmx.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/FukujnvQSTBcDtv8ndI4hiQuS2A>
Subject: Re: [T2TRG] T2TRG interim meeting follow-ups - draft-irtf-t2trg-taxonomy-manufacturer-anchors-00
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2023 10:29:22 -0000
Hi Hannes, On 6/15/23 12:57, Hannes Tschofenig wrote: > Hi Mohit, > > > Am 15.06.2023 um 11:34 schrieb Mohit Sethi: >> >> * Generally, reading and writing to TPM requires some minimal OS? How >> is that signed/verified/booted? >> > > A typical implementation of a TPM chip is some form of Cortex M > processor (with crypto hardware) running a firmware to support the TPM > specification functionality. > > > The code calling the TPM features is run on a separate processor. You > could call it the "application processor" since it will run the actual > application code. Typically, TPM chips are used with higher-end > processors (like Cortex A-class processors or similar) and they often > run embedded Linux or similar. This is exactly my point. How is the embedded Linux signed, installed, and trusted for interacting with the initially blank TPM in the factory assembly line. Hence, my question "TPM requires some minimal OS? How is that signed/verified/booted?" > > I have not seen TPM chips being used alongside low-end microcontrollers. > > Secure boot is also a simple concept: At every layer of the boot chain > you verify the next layer (before you hand over control to that next > layer). Since there are multiple layers in the boot process, the > hand-over happens several times. > > With secure boot the idea is that you stop the boot process when you > fail to successfully verify software/firmware. With measured boot, you > continue but report what you "measured". Measured typically means > computing a hash over the software/firmware plus some meta data. Thankfully, I understand the difference but somehow the terms are not explained or distinguished in the draft. And as you write below, manufacturers use a mixture of terminology which this draft should identify and highlight. At least I have seen some people use "Secure Boot" and "Verified Boot" interchangeably, as well as, use "Measured Boot" and "Trusted Boot" interchangeably. > > See also > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmedia.fidoalliance.org%2Fwp-content%2Fuploads%2F2022%2F12%2FFIDO-Device-Onboard-The-Device-Key-White-Paper.pdf&data=05%7C01%7Cmohit.sethi%40aalto.fi%7C1d643e061b2c4709a2ab08db6d86fcbb%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638224199461843832%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rXOcTVSx518cVbDSkVBQWiaOm70OmVzyU7dY8Krx3Vw%3D&reserved=0 > > for more discussion about measured and secure boot. > > >> * When manufacturing my IoT device, how is the primary stage >> bootloader signed and verified? > > > The concept is simple: there is a root of trust, which is used to get > started. The root of trust includes a "minimum" amount of software, > hardware, keys and configuration which everything else relies on. For > the first stage bootloader you have to assume an immutable bootloader > code (typically stored in ROM) and immutable public keys (serving as > trust anchors). From a terminology point of view you have to decide > whether you call the first stage the immutable part or the bootloader > that is started by the immutable part. When you read the data sheets of > manufacturers then you will realize that they mix the terminology (and > even invent their own terms). Hence, you have to read carefully. I think the draft does not explain the two possibilities: I give some public keys to the chip vendor which are fused and then I am responsible for signing my own bootloader. Or I give some public keys which are incorporated into the bootloader written by the chip vendor (which is then used for verifying the second stage of the boot process). Clearly you are an expert in this area. Maybe you can help the existing authors with appropriate text and even consider joining as a co-author (obliviously with the blessings of the existing authors and chairs see). --Mohit > > > Ciao > Hannes > >
- [T2TRG] T2TRG interim meeting follow-ups - draft-… Mohit Sethi
- Re: [T2TRG] T2TRG interim meeting follow-ups - dr… Hannes Tschofenig
- Re: [T2TRG] T2TRG interim meeting follow-ups - dr… Mohit Sethi
- Re: [T2TRG] T2TRG interim meeting follow-ups - dr… Hannes Tschofenig
- Re: [T2TRG] T2TRG interim meeting follow-ups - dr… Carsten Bormann
- Re: [T2TRG] T2TRG interim meeting follow-ups - dr… Behcet Sarikaya
- Re: [T2TRG] T2TRG interim meeting follow-ups - dr… Mohit Sethi