[Teep] Uninstalling a SUIT manifest'ed component
Dave Thaler <dthaler@microsoft.com> Thu, 19 November 2020 23:59 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19E383A13C1; Thu, 19 Nov 2020 15:59:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYGVJUlSA8vP; Thu, 19 Nov 2020 15:59:17 -0800 (PST)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680138.outbound.protection.outlook.com [40.107.68.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC8FF3A13C0; Thu, 19 Nov 2020 15:59:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nYfcttjI9cw0NfWr2flcF5bHwQ05NOKr7f2rHARPMNlHE+r7ce2xKP3iDx/W/t0/2fwzeFpmJ7tDQ6/xL9qAzKZ9nMRHBovDRQW9Lkij3/YvrOM41HRF1SMyZbq64QwjZeDwbk7ykml+r55UvsWbAY7BabNk3fMEg+8l3UCSo+s3FrKpYUSo6mp9GLXAQB+QKIcSpafk7R6ZB4ev+vGcvD7QxMAH1yvV9TppWVs/1SgH1DzOhUcksHevabMjlCk7VGClQqocVVQ2+3QCek6x8O9aks8jMjJqvoXRruEi07ypbaT/9uCY6LepL+bHNfbdWfSV+qAOrAeEdeaW3cqnAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCNxtEqorFzRM9tRtyM1EVKsBufE8/tytHR+gypqmO4=; b=Jy97mnZVmDsuQyFuFpM9RjdTju1B2cTy9SPf3uH+xo4/0x6Txh8rN+YZnyqGi6zz7rOINNCAlMfwVyDB16Dh9aoptlw6q2OZMvOOgyy9+nz06TXcu8frT87QOsl8n/yAmPAh83yskYd/9BcKL7SCGEotuzVMFAF+E/SQGh8piTu4tpBsTTFBUCxa7DiEN/zsIOHHzdcQ7WXeQMUBf9WJ1Kn3i3NqCbGRsLQkH08FOATr/4gmrSN2a5640pHjt2+V7ORBK3JBK0ZxKC+Z24GEjEpa3hKV5ApFyv+I2hkYiW6UcPz1LWN+XEEk5EQlzfYmo3DYtcQUVqSJH153ysIilQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCNxtEqorFzRM9tRtyM1EVKsBufE8/tytHR+gypqmO4=; b=b6lWzwEt1mT6FgBJYT0J7Nuh0lYeyXBE/UlQkG+DQlyO8Z3LfPrTz7D5WdazEHowxLFFjD48nIfBzgey0Vgl/8BAfbCzN2tgzybmsZlPy1YgJcLPJ+DzuhS382JL10Dvs3IRvhEb8uJJz7U+hIQA2AjXyYZ5q5yMhjStkvYGUZk=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (2603:10b6:207:30::33) by MN2PR21MB1488.namprd21.prod.outlook.com (2603:10b6:208:203::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.4; Thu, 19 Nov 2020 23:59:15 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::1cf:66d1:f9b0:bfec]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::1cf:66d1:f9b0:bfec%5]) with mapi id 15.20.3611.004; Thu, 19 Nov 2020 23:59:15 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: suit <suit@ietf.org>
CC: teep <teep@ietf.org>
Thread-Topic: Uninstalling a SUIT manifest'ed component
Thread-Index: Ada+zri55ao4P5mJTqGBS3/Aq5J8eQ==
Date: Thu, 19 Nov 2020 23:59:15 +0000
Message-ID: <BL0PR2101MB1027C5748111B35E58E9B369A3E00@BL0PR2101MB1027.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-11-19T23:59:13Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=43bd9036-02fc-4abc-9bf9-09f1ede378d3; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9780:8d0:edb3:1c76:a251:8439]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d4fdb9a2-a675-45f5-d71d-08d88ce71eb3
x-ms-traffictypediagnostic: MN2PR21MB1488:
x-microsoft-antispam-prvs: <MN2PR21MB14885AE99CB57A4B00D0400EA3E00@MN2PR21MB1488.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yMDd/ykUuvwI/zwzyPuB3CVVYgsg7CU1rJXE4TncXlKsJj0lJuVSxli1jPwQ2iYYp27sNBqouPBY375+wcoopjJ6ZG3xZoHKkLGIb9Dx4/xNyDFzXwKTcFZwItSw+C/XRK61e1PxEx60iX+bl8xNTLOb6FPkWSSf4EeVo0tjMotPW0xudNpLY7p1t/hdQ7WTZ/lDhXgkR0Op+FYKOsSIQFwZt9VT7HGvfBir5nl9O4TRq7r+3X0ENmhb9JVYiPxRpEz2S+aPCVwRpRUhHmOBZiYDpdHShB9DxMnuDmfd15+lX/4MLTv7JLGocRFL0qJu
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1027.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39860400002)(136003)(376002)(366004)(396003)(8676002)(83380400001)(478600001)(5660300002)(6506007)(52536014)(6916009)(8936002)(7696005)(66446008)(66946007)(66476007)(66556008)(64756008)(76116006)(86362001)(82950400001)(82960400001)(4326008)(450100002)(10290500003)(2906002)(8990500004)(55016002)(71200400001)(9686003)(186003)(316002)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: aX8kIevhN70RXkS1rCR1tn/Lcj6FOd43DPX/P3/G0grox097icgWYadbUK7SWNkp7+/hYBav6ZjdoN/NO5CkJxjB9xt0bdhxzw6t/hStMCo7LTo9rAbaUEPbR1tb6eutoWA9fGDSzBpHMEfPbRVtZsObjI7bUFS6Frvuq09Fs7HeWaY6wTzM4/iM5f6OjkC4zUhOpchkhvwGH5VBwKpcxBvvRrywR+u5nZzqk60wyQKUcv5gQVg1ANliqTzZr86KSt8+RrSZnCs5pH6+/naqlvavflVqTAMb+vshLVHpbgZxpSkZwjrLqhMtcA3QHmGbvMt7Tj/Llq7QUhAdjx+nj2lFOIxYlxkXqw7iZScsOEBzs4syHatPIg1sKkG1sjhA3A5QBKxxO9iDqeSatYh8+WJ+9rKlVkaElWmwRM1jVoUO9Bmmp6XOpnAkQZBIyc3G28Eo4iz8VqNGU7Q3Fx6327nCpwTmxvEKNb4afXbGM+QtnNpsc6dKYCGzID+afxdNED7dKttG11tMeW4BnjMJMLjRQJTldQj+ndfQrwDXWY3ow1+NSXrJopP/EJ8H8tXP/hmrsre/+uadc1kM6TqYGxiryDKEQqHduEBVQD+xa9Si3mxH4RyxAaATOO9pRhZEqOvyN/5nMzSTek+Wx1Lu08r1PohHVwLLyuLU00UQQof3s6UnRWeFHSQXbSDFQJQ6QwoWNTnn2Hgv/8SWRimNmWDv0PpQxfcsnHx/6FERQTkgxImlOI1niMC+i5mNmA1UHVGcGN4Ue9Vx2RX57V1+vfhQrCPm9D0EDLS0kbUc4QhIMY9CY2AxMIiVXNSQHp5855p4WzijIyOvmZt8ZS19O+cBvMWII+VoWaUWR2/82WH7ZdRC+/quxyP/c1J/co4qJ/Dyi21WJsWh9OjGHDPUmcMkTvR+olg7xv7CtmUv/ZOxzVZe7QrCXQZ4TP4/f11FomlnIxOvm051tNbpr6O831GRiDD8W0BRs36bmZFAQpGt2qxp2lA0I5fZGf+b5lBegx0Y3TCRymMv3mhL1NeBxY24QgH2QkcpyY6fJ2PFSdA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR2101MB1027C5748111B35E58E9B369A3E00BL0PR2101MB1027_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1027.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d4fdb9a2-a675-45f5-d71d-08d88ce71eb3
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Nov 2020 23:59:15.2812 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FUCTJhVsBQqF4Ahj9sa2mP89GqaCd4Xpgv5pprQg+2fYoNsS4eg5d0f0LyiBffkUIR4hngWJ4CuReM4I7EPU/oWn/5UUgA1VIDSd1ACVAls=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR21MB1488
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/ApT3yDKQNMo79Zj7VEkPHFq-Ifg>
Subject: [Teep] Uninstalling a SUIT manifest'ed component
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 23:59:19 -0000
Currently the SUIT manifest spec talks about the "Update Procedure" for fetching dependencies and images, and installing them. The TEEP WG uses SUIT manifests for installing Trusted Apps, but also needs to be able to uninstall Trusted Apps on command. This begs the question of what is the correct "Uninstall" procedure for a component with a SUIT manifest. For example, is it a) Implied that one can simply delete all files referenced in the SUIT manifest and the SUIT manifest? I suspect that might be insufficient in some cases. E.g., if a SUIT manifest processor creates a Security Domain, is it always deleted if you delete the last component in it? Or should deletion be explicit? Controlling the answer to that question would require, I think, a SUIT manifest. b) Possible to create a SUIT manifest that when processed simply deletes a component? E.g., bump the manifest version number, keep the component id, and use empty payload and whatever commands are needed to clean up whatever state is needed? c) Something else? Currently the SUIT manifest draft doesn't say, and I think it should so we can reference the answer from the TEEP protocol spec. If we have time, we might discuss this in the SUIT meeting, but wanted to at least post the question to the list first. Dave
- [Teep] Uninstalling a SUIT manifest'ed component Dave Thaler