IETF Logo Mail Archive

Re: [Teep] Hardware for hackathons

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 28 November 2019 07:19 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39F9C12011A for <teep@ietfa.amsl.com>; Wed, 27 Nov 2019 23:19:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.436
X-Spam-Level: *
X-Spam-Status: No, score=1.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OoTLqTWyTO4 for <teep@ietfa.amsl.com>; Wed, 27 Nov 2019 23:18:58 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AAB212008D for <teep@ietf.org>; Wed, 27 Nov 2019 23:18:58 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [185.201.63.254]) by relay.sandelman.ca (Postfix) with ESMTPS id 24CBC1F47D for <teep@ietf.org>; Thu, 28 Nov 2019 07:18:52 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 4B5CD110C; Thu, 28 Nov 2019 15:18:27 +0800 (+08)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "teep@ietf.org" <teep@ietf.org>
In-reply-to: <CACuRN0Pz=L0vS4ek81UPyFf7SGjTWecbfugHGJ=JBNTUFvQ=VQ@mail.gmail.com>
References: <CY4PR21MB0773C2CEFF38942B2CA517C0A34C0@CY4PR21MB0773.namprd21.prod.outlook.com> <CACuRN0NQSizzuqScEQJZJJwegsdJHi8mi=Gp_kqpK4CsJ2-OSQ@mail.gmail.com> <CACuRN0Pz=L0vS4ek81UPyFf7SGjTWecbfugHGJ=JBNTUFvQ=VQ@mail.gmail.com>
Comments: In-reply-to Akira Tsukamoto <akira.tsukamoto@gmail.com> message dated "Wed, 27 Nov 2019 18:53:36 +0900."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 28 Nov 2019 08:18:27 +0100
Message-ID: <16466.1574925507@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/az17lLlw0_S0JzMKuGDR_Ah1Yeg>
Subject: Re: [Teep] Hardware for hackathons
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 07:19:00 -0000

Akira Tsukamoto <akira.tsukamoto@gmail.com> wrote:
    > For the further discussion for the future hackathon, I searched
    > information of Grapeboard and STM32MP157C-DK2 (which is STM CortexA7
    > devboard, I will abbreviate as StmA7board).

    > It is not mandatory but it would be nice to have/use unified
    > programing software stacks for the TEEP development on both TAM and
    > TEEP device.

I will admit that I'm struggling a bit to understand the value of an interop
hackathon where everyone is using the same software.  I see the point for a
tutorial on a particular stack.  (I also come at this from the RATS point of
view, of soft TPMs running in TEEs, and also TEEs attesting to relying
parties rather than other TEE applications)

I also see a point in helping people who are building other components in the
ecosystem to learn how to bring up the things that they are intending to
interoperate with.

    > *) JSON stack:
    > (1) jansson, which Dave is using
    > https://github.com/akheron/jansson
    > (2) node.js, Isobe-san`s TAM
    > (3) json parser in libwebsockets, which my prototype is using
    > https://github.com/warmcat/libwebsockets/tree/master/lib/jose

    > *) JOSE stack:
    > (1) latchset/jose, which Dave is using
    > https://github.com/latchset/jose
    > (2) node.js?, Isobe-san`s TAM
    > (3) libwebsockets

    > *) HTTP stack:
    > (1) from scratch?, In Dave`s
    > https://github.com/dthaler/OTrP/blob/master/TeepTamBrokerLib/HttpServer.cpp
    > (2) libwebsockets, In mine

    > *) Crypto-tsl stack:
    > (1) openssl, Dave`s
    > (2) mbedtls, mine
    > Other than above, might good to use smaller libs, wolfSSL or s2n on
    > the device side?

    > *) rootfs
    > (1) Ubuntu?, Dave`s
    > (2) buildroot, mine

This is a wide variety of options, and this is great!
I think that many these are TAM code though?

    > The default rootfs of dev boards introduced by Dave and Hannes.
    > *) Grapeboard
    > Ubuntu, customizable to Yocto/OE, OpenWRT and etc
    > *) StmA7board
    > Yocto/OE (OpenSTLinux)

    > Also, we have to consider the hardware requirements of SGX, ARM
    > TrustZone and RISC-V too.
    > The SGX is pretty handy since it could use simulation mode on any pc.
    > The op-tee is able to run on qemu too.

op-tee seems like it should be a default tutorial choice.

    > I honestly do not have any preference listed above. I was late on the
    > boat and did not know what others have done in the past.

    > We do not have so much engineering resources at the moment, so I
    > thought it would be good to work on similar environment as possible to
    > able to focus on teep stack.

I guess it is this last part which caused me to reply and comment above.
I think that we need to also consider that we might want to figure out the
different roles and make a table that way.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email