IETF Logo Mail Archive

Re: [Teep] Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06

Mingliang Pei <mingliang.pei@broadcom.com> Fri, 17 July 2020 23:44 UTC

Return-Path: <mingliang.pei@broadcom.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9376B3A0B99 for <teep@ietfa.amsl.com>; Fri, 17 Jul 2020 16:44:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yPfzij_n6hnU for <teep@ietfa.amsl.com>; Fri, 17 Jul 2020 16:44:21 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32B2B3A0B9F for <teep@ietf.org>; Fri, 17 Jul 2020 16:44:21 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id z24so14561910ljn.8 for <teep@ietf.org>; Fri, 17 Jul 2020 16:44:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YQZlZgkPaStK71ZByI/nHV6I8XYt59WjAi7IkNuKy2c=; b=HnL1Ztd5lE6DMzVWATaZsdBmRSE5Kt3JdzO8W7A7NvhdhGixskq7wTw/Lp8CXdf1w7 MyPICJJYP2q7etlRF3/9KFun82+w/zRt/iU/39T4td69czcz3d6sDF6ce1hCVFvukh5K MlDrbcjtRvKJa4oNRPC6/ulthaLkk4OBgH5Qk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YQZlZgkPaStK71ZByI/nHV6I8XYt59WjAi7IkNuKy2c=; b=b4zdWUyKARzxyWFMa6XifHS6ydrEdBrbSsyz6MlvTLwXIgM2dcAmeOqhMe4enHcr4Q AbCFsqLgqhjyfp20n4fJAQRXUfmc9b88cAARXMArrSB/f0JIHrYWgiyxlQMi3Z7rl1kX RM9aUTvzGfdMSWvQHopJItzqXQSTIJegFSgpKir4VmNmnYuQVWgPEqOG8FiVN0qmwJct /iEOmoO+VqV2Cp5a8XDmSDqp/8jaFKnxtikKe6MM2OkB7chkL5D0f9TkFpe5EOVx45kI dillnnnNuJ/Xmnfk6pcp4+VMNbvCeZWRSo2VU0b/dEaDhGEeLSNzgAHyHTtuhwbzhpG+ vfTQ==
X-Gm-Message-State: AOAM533fDYEZQVKj4dogcMLPRc7T0tEqKFwQotjYPvWuJbYJjnla5tc6 DU5Uj5V9Dd5RiFYkRLPLTgx8ikeacAVXx/2bLcKOyVKSkmw=
X-Google-Smtp-Source: ABdhPJy/vIp4GQt4yCksdfh/+ZhzvH4S1Xw3I0Z0pRfOTE1F0zt9xpTTCaGHwU1OFErRUAZWpW4/3sdABNkpLTjkHT4=
X-Received: by 2002:a05:651c:502:: with SMTP id o2mr5273287ljp.434.1595029459132; Fri, 17 Jul 2020 16:44:19 -0700 (PDT)
MIME-Version: 1.0
References: <CABDGos7q25AYrMOCtkJP3+j1oVpBm61HywY5JthkVGHiYPSMdA@mail.gmail.com> <CABDGos4T2NYLU7KL_+phVMYyOwT6iB99zHNkYAu9+jo8dXSksg@mail.gmail.com> <BL0PR2101MB102755F22E8C32200EEA7A69A37C0@BL0PR2101MB1027.namprd21.prod.outlook.com> <CABDGos7Li-W1-h66__epf4RMboigTPuZ2VEZFNB5rt_QKBMs=w@mail.gmail.com> <BL0PR2101MB10271ABD88F20FE5AA2D04AFA37C0@BL0PR2101MB1027.namprd21.prod.outlook.com>
In-Reply-To: <BL0PR2101MB10271ABD88F20FE5AA2D04AFA37C0@BL0PR2101MB1027.namprd21.prod.outlook.com>
From: Mingliang Pei <mingliang.pei@broadcom.com>
Date: Fri, 17 Jul 2020 16:44:07 -0700
Message-ID: <CABDGos4NJZ8D8vaXiM5q3DMXXz_3Y7Exn9mRktKRRuC3U43rHw@mail.gmail.com>
To: Dave Thaler <dthaler@microsoft.com>
Cc: "teep@ietf.org" <teep@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000005899ac05aaabbc39"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/-4ouULofzd_rfjjwwy0sx1F7rsA>
Subject: Re: [Teep] Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 23:44:24 -0000

Hi Dave,

Our architecture document starts with the following abstract:

"This architecture document
   motivates the design and standardization of a protocol for managing
   the lifecycle of trusted applications running inside such a TEE."

>> TEEP is for provisioning TEEs
To me, TEEP is to provision trusted applications to TEEs. This scope is
consistent with what architecture doc says.

>> whether that is creating an SD or updating OP-TEE
We have had good elaboration about SD, and decided to not include it in
TEEP. These example artifacts (SD or TEE update) are internal
implementation choices, which TEEP doesn't need to define. They are
underlying dependencies but TEEP doesn't need to cover whether and how a
TEE updates itself and whether a TEE will use SD to host a TA or not.

Agreed that this most probably needs WG consensus. This is one word simple
change but important about getting on the same page. Hope to hear
additional comments.

Thanks,

Ming


On Fri, Jul 17, 2020 at 4:15 PM Dave Thaler <dthaler@microsoft.com> wrote:

> Mingliang Pei mingliang.pei@broadcom.com wrote:
>
> > 1) Abstract section says "is used to manage code and configuration data"
>
> >
>
> > Should it just say manage "Trusted Applications" as this can
>
> > assume the context defined in TEEP architecture and TEEP protocol
>
> > document.
>
>
>
> No. TEEP can also be used to manage code that isn't a "TA" per se.
>
> For example, it could also be used to update OP-TEE (or any other TEE
> "OS").
>
>
>
> MP: Non-TA code management is out of scope for TEEP. TEEP architecture doc
> only targets to support TA management per use cases and scope sections; it
> doesn't have design to update OP-TEE or any other TEE OS. TEEP protocol
> doesn't have methods for non-TA code. It defines only two methods:
>
> TrustedAppInstall
> TrustedAppDelete
>
> The transport is to support TEEP protocol doc. I suggest that we limit the
> scope of TA management across all three docs.
>
>
>
> I disagree with the above.   TEEP is for provisioning TEEs, and TEE architectures vary.
> For example, CreateSD in OTrP manages a TEE but is not about a TA per se.
>
> And in the TEEP protocol we use a SUIT manifest which can express dependencies
> among TAs, and dependencies on system components, and install (or install updates to)
>
> such dependencies as part of SUIT manifest processing.  That means if you have
>
> TA1 that depends on TA2 that depends on having the latest version of trusted firmware
> or OP-TEE or whatever, the RATS attestation can include the current state, and the
>
> SUIT workflow can install/update it.   The fact that the TEEP protocol uses a TA
>
> as the leaf/trigger doesn’t mean it can’t also do things that it depends on,
>
> whether that is creating an SD or updating OP-TEE.   Trying to make some dependencies
>
> be out of scope and other dependencies not be out of scope would be arbitrary,
>
> complicate the protocol (by saying some SUIT manifests would be illegal, as opposed
> to just using a SUIT processor), and create discrepancies between TEE implementations
>
> (e.g., SGX vs OP-TEE/TrustZone) that in my opinion would not make sense and provide
>
> no value.
>
>
>
> This sounds like something that needs WG consensus either way but I feel strongly about this one.
>
>
>
> Dave
>
>
>
>

v2.23.0 | Report a Bug | By Email