IETF Logo Mail Archive

[Teep] Issue #238: Uninstalling trusted components

Dave Thaler <dthaler@microsoft.com> Fri, 21 October 2022 16:44 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB68C1526E0 for <teep@ietfa.amsl.com>; Fri, 21 Oct 2022 09:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.68
X-Spam-Level:
X-Spam-Status: No, score=-7.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JP_WO5Bt54HW for <teep@ietfa.amsl.com>; Fri, 21 Oct 2022 09:44:53 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-eastusazlp170110004.outbound.protection.outlook.com [IPv6:2a01:111:f403:c100::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82BA1C15259C for <teep@ietf.org>; Fri, 21 Oct 2022 09:44:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DdIj9n0qviZVXxeDN0iKIYftPV3ZWDoL8yYvaj6fjIk9OMaYYzUuHx3n7xl7g/b4YQK4h5ePJ6omzAKes1F8OqGmGaxnEZRMf7VMk5oM4OTdEIfbE6IzyAYO21ZhoF8pttylCSGkKOMxCQcNyYuL7gTW1GBX4ALgJ2FNMHKVTUsHukqO4hh55ZFaCWVw82MgdPqQ6YOLj8cwzuOlkU55L1l8M5PNW2VSTL9Efpxl0xRB9HmRnlTd4zx/RO1qSygqYAmVt94sAI3hx4lGIScFkAeaEyusAdpb4QqIPRjKo5BAdcomTb+1YWL/NLDrJWx8jMxYtft28xTW3K3u3/egJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iWpt6VnW8b8X9VtvU6TzjWIi8ngGYdER4lWyRJRLOnI=; b=STnBDC+44ghvLa5sEJrcjO4L1QtK0FFD/cYWICB3jFwit6rm3cGRLO3V9xCddldQoBspMjRrEwcwjG04dvKmd6GdtMr4Z/vwdnUkt5MZZOoqGSbqXLNz1dPaU/Sk7kbI3ffj8gzfOPfaauGH+wUyVJnH+v6ikA2mNioymyLTf1V/LMoYr+7LCrgfYfE/h+z+fWNU4/AVaC1SEKMmkbKai4DF38xJh/hmqTd3MbwHIgi3N7ipBUzw8EXybj50Q4bhEF7lGs7OKXJ1L34G+Rmxkft7TD4D91NDAPh0HaNuYkY/+OYU3/mBuOUAwBLIVHz2U0aHQt77n/NCXwEIEL5/bw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iWpt6VnW8b8X9VtvU6TzjWIi8ngGYdER4lWyRJRLOnI=; b=f/MdY9SqF79XiKt4N90dc1pd5EU9Eo6/xhz92OiHDt1N5BQR3iZEJYyvHDqlPcl/HD12UdWKWQhM6TD2xH1IYmCCdIPXPn1GnHKciFKSzluA7QRengvsz7JdjGgtxM36h9UDmzLAb/jJr0vZKe2dln8Vcyibwy8a+MNv7A8wodg=
Received: from DM4PR21MB3440.namprd21.prod.outlook.com (2603:10b6:8:ad::14) by BL1PR21MB3091.namprd21.prod.outlook.com (2603:10b6:208:393::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.6; Fri, 21 Oct 2022 16:44:50 +0000
Received: from DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5a88:f55c:9d88:4ac2]) by DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5a88:f55c:9d88:4ac2%2]) with mapi id 15.20.5746.006; Fri, 21 Oct 2022 16:44:50 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "TEEP@ietf.org" <teep@ietf.org>
Thread-Topic: Issue #238: Uninstalling trusted components
Thread-Index: Adjla4PBy48AdmF/SdOrXsfLtvI0dw==
Date: Fri, 21 Oct 2022 16:44:50 +0000
Message-ID: <DM4PR21MB3440D8CFD16916B129243199A32D9@DM4PR21MB3440.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=60ec6e5e-2c91-4003-8e49-4edc9e8a8453; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-10-21T16:35:36Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR21MB3440:EE_|BL1PR21MB3091:EE_
x-ms-office365-filtering-correlation-id: 0aac7af4-6bf2-4894-a8c6-08dab3839233
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jYNK4is+0Cp9Djv6ZP7Rhuu+4i09O87vmyYjqzz4HV4EJwolJjuBBtGnOprwF2YYgu5zb68yjBG+PDzpfatrzfkSA12aXwwPU82XNFoyUi1X8rEjGhUhDWRj1391mgatEnvDLedJHw5df97vDUITDOqGueZolpgUKetJY3vSoDKfrLV6GeNPncU22NRfeiq6xEFSFMez/iCwI3hFKVp09ybqUOlNTuwpEvYyNhgCMPJgt1eEStwMI3ElrlHVpTP2KaqqtDt973z5fSAwcpMLW7dYJMJkV7yiEmU2Q+rD8hsgO0mvbnHjg9EZMqHAbH/NbcptF2QsHVFhhhFh5rpHzjeW70AJEZUstCbhmAvo70Il9rLNeU8LI89OWHue46SXo5f+I0HSMkMlIagcVcTuOFlXZC4CKFtB+sA7yUtckCdHWiE20GHVUUxCiAybiR6GssdzBYBROuV1m6eferB9FdrjLKVMhUap0Z7KMf8k9YsYY0YGfj86KWRWkao9nZYzcJYL4q5joU7lnkhqOUghSm+D6n0kPcxJqwRz5GMRqAiNRPBGta/3mO2FBIcCS8OoM70RkqAuKigZ69vXm6/Qx/WdysOJ59pn+D/18cUmN8JIBh3LHAG+gknUosB6ESXqwtBSOinV7ChAhDOO2QdywgFuubXgL/zvQmaabN5S1oeq8ZvPHIFWt2e6b+YmTriXPvA39dsKZuVGBr3S1BXuKxANYSxL5CAbM32mcCIRzPGKDRGqflmUk6Cyu31y2GNMiEHmTfZGF4LUmlVUFNBjmIa4gkD1BzebZCjZzwsDNluwmSPRN0Z+v2QvVFXO3Z2IrAClpcHz51dVVhntAA3vLUMtz5NQtSDq141XZqufI4QnJVyWrJenuZhIFj8Hlb15
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR21MB3440.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(39860400002)(396003)(376002)(136003)(366004)(451199015)(33656002)(82950400001)(82960400001)(10290500003)(2906002)(6916009)(166002)(38070700005)(316002)(7696005)(38100700002)(9686003)(86362001)(83380400001)(26005)(5660300002)(8676002)(966005)(186003)(71200400001)(122000001)(66446008)(55016003)(66476007)(66556008)(64756008)(8990500004)(52536014)(478600001)(6506007)(66946007)(76116006)(41300700001)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: K4N1b5fEDuVPgnye4tQ8tcZ9Y1jEYfxcvQrdpKVGpJ+x9LM6noLecfRpsRTRhVB9hm8U/SRL5a/qdg2MB65IT6ikLyR1RhG6kPHsP9ZQlZ/LtO2f0fzXXCjfRKrq4CojEs54lY3uJrGU5IZSZllYOPx3j/WaY9PZCj5lOVlLaPwcH1DYIzaT/engaZWwkPcIrort8OwrO2jv9PsIAuUmrbpNBjFPIkPXa5G8jONPMoC4yL6ESVN967fOFd6R+67as+M/HNiWBMsam4DachPirl9BXup/ckL7s6khzMq5nTjetbRgrtlZeKMRla/fbYz7jRPrsp8i1o3KWHYeq2gJn/E6mGD8w1UBTW/xSeKUM8iep9tizVRKUH6fU42XjRlG7FvXZBqaC4AujEgUJ/rnu1/U/zXWUHBrV6Az4ptnX4Az5rgLdyQZMYRJ8TIBUZLNBpIsFWIXTHQACcuYOBzqd8y4xGmJdbfH4Gb/F85STpHDYWZCBPCTTkqdI6QMQjOOe8q4ve9ivA+N+vISKIIIACeJJhg4ozn3/KyUwo1wyR7FIWX4xNlIhLeiPm3V5PSjvGbKQd4A+62FfP7nWCmOwTE+B5H2cpVG5VAJpEpCsf8Qwq6XwPJw7xisjd9CKKNjOVKAF6FTV05WzZGz0xrHgYYJpW7vQMU2Yqa3rXHkUH5f70QNUUM3tTUsTEOmfGlJgH54yn3pkJIW0iXTXYe/eOtzb8l1CFxUGCOD2+enHvUavB61QbpKRnxgeHjmyrY20ja9SUdPJmsJWH/WmZUR2cajxZ7tvWO6vqG63ZTKzYHiEbdbPv7xgUt18uPDkbsey1Vb29jyYUSY7/TjfVEZfO2hBpJiZSadUe2DlZ1TFHQwNivAdgOZcCUmoALc45qtoK8FgqIv/vyDakTMzmPv33ddaTPs1ScT53uoBXHDU0WHzIgXAXVvhoPeKOQ+ALziZfdkxcqEfvXW1HstnU5Vp+v8KxOEScVD40yob4ckEBPJAYBWHRNoUwav/kjnmflOi1igdMPgbk9hJ6hJpQbia4UbbTvIzyX+Uq2pgJRrvpnvTh4G5fyy28qjt9XIpZpf4Ax74HXel41dYshrRW9BmgK/p3SH4VGycQqelaMw70GzVgLFhToK/EeFFxcMLPFPKsRnrVX7Bs4eEtLteohqqLQNSoVTeUvsFAS5wFcQ5DmBHI289inDsyRwiq18ONH31pGMNJfvHIelVBeD+9DfIAqzWymQSx86wadik3f1K4XsIqgd2gPa0zXzlUFzq0OPTQag6k+0nZpn5VElkRJX/LIr17V93e7bGNenvfMYYo2WVKQYY6WUiBpHXbKOTlbjN+VR0JUbvDNNVbA+2Dhej3dJyqcuRiZiKz82rqdrh5zrSht/e/of3wHBlauIEaFTUAC7tUaSgxFScTyu8dTFnLkrmw73wCAxC0A+X+ViMuyGZmp2Vvemxm0+8GUmEQUJfIHv6vISU/tEBYfGe90odH/KDUrVnvmM4WPUOP3cJfFAKFUc9qWec+pxaON7KcG5RnHZ7HSx6jnvrxvLt0ElOyTw5Xu3McR1CgRUmxZO4U9j1aIkav6ge+a0i+9V6FT8zJXr3VN7MVP65i6x/hwHZg==
Content-Type: multipart/alternative; boundary="_000_DM4PR21MB3440D8CFD16916B129243199A32D9DM4PR21MB3440namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR21MB3440.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0aac7af4-6bf2-4894-a8c6-08dab3839233
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2022 16:44:50.0824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CC1Jy7MgJJRzu126sAk1NSUoUh0AVFNse/k1muQGYPa8zN37xS9nrBxDFLXXaymt7HcW1z/W/IsGtQhfycm++O4LT4IcCbreUBaxabfsBtA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR21MB3091
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/ea6lxn0RqZJMpnNmEz3me4Ksjw4>
Subject: [Teep] Issue #238: Uninstalling trusted components
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 16:44:56 -0000

Bringing recent github discussion to the mailing list...

Uninstalling trusted components * Issue #238 * ietf-teep/teep-protocol (github.com)<https://github.com/ietf-teep/teep-protocol/issues/238>
tracks issues encountered in implementation, and we had some discussion on this
during the IETF 114 meeting.


The TEEP protocol used to have a field in the Update message (in addition to any SUIT manifests) that identified which components to remove. Recently the TEEP protocol was updated to just list manifests, under an assumption that the manifest would contain deletion instructions.

The TAM (an update server) sends manifests or references to them, to a TEEP Agent (a device on which to install/update/uninstall components with SUIT manifests).
So to do a deletion, the TAM needs a way to indicate that without it being the component author. It could do that by the TAM creating the SUIT manifests themselves, and incrementing the sequence number to do a deletion but that would require generating manifests on the fly rather than having one manifest for all TEEP Agents, some of which might have the component installed and some not.

It could also do it by not using a newer SUIT manifest but having the uninstall directives included in the installation manifest as Ken proposed, in which case the original TEEP mechanism might make sense to put back in.



https://github.com/ietf-teep/teep-protocol/pull/261 proposes adding "unneeded-tc-list"
back into the Update message.



Ken writes:

> Unlinking specific component specified by SUIT_Component_Identifier in
> unneeded-tc-list may not work well because one SUIT Manifest can contain
> multiple components.
>

> If every SUIT Manifest contains only one component, it doesn't matter.

> If not, unneeded-manifest-list => [ + bstr .cbor SUIT_Envelope_Tagged ]
> or unneeded-manifest-list => [ + bstr .cbor SUIT_Digest ] (reference to
> a specific SUIT Manifest) may work well, and it will unlink all of components inside it.



Akira writes:
> I have talked on this topic with Takayama-san and I prefer the
> unneeded-manifest-list => [ + bstr .cbor SUIT_Digest ].



I also wrote:
> Are you assuming that there exists a separate SUIT manifest (not the
> one used to install the component originally) that has the unlink directives in it? And
> that that manifest is signed with the Trusted Component Developer's signing key (not
> the TAM's key) like the original component manifest was? Doesn't that introduce a
> requirement that the TAM be able to get it from the Trusted Component Developer
> when it needs? What would the manifest sequence number be? Are you proposing
> a requirement that whenever a TAM gets an installation manifest from a Trusted
> Component developer that the developer also supply the uninstall manifest at the
> same time, with some really high sequence number? How is that better than asking
> the developer to put them both in the same manifest? How would uninstall work if
> a TAM went away and the Device Administrator needed to do a local uninstall?
>
> All of the above are fine if the uninstall directives are in the installation manifest
> originally. But otherwise I don't see how this can really work in practice.

So I think there's two questions:

  1.  Which manifest are the uninstall directives in: the original installation manifest? Or some separate manifest with a high sequence number?
  2.  Which syntax do we use in the TEEP protocol to reference what to install?

Putting everything in the above together I now think argues for "in the original installation manifest" with the syntax Akira summarized.

I will update the TEEP protocol document accordingly, but wanted to share this with the list in case there are other comments on this topic.

Dave

v2.23.0 | Report a Bug | By Email