Comments (4)
How about this one? Mimicking example 2 in suit-manifest, this example allows the TAM to change the distribution uri freely.
The points are:
- severs suit-install containing distribution uri
- doesn't set the digest of the severed element (suit-install) to change the distribution uri
- clarifys that the firmware author delegates device operator to decide distribution uri by setting uri = Null in suit-common-sequence
SUIT_Envelope = {
/ manifest / 3:bstr .cbor ({
/ common / 3:bstr .cbor ({
/ components / 2:[
[h'00']
],
/ common-sequence / 4:bstr .cbor ([
/ directive-set-parameters / 19,{
/ uri / 21:Null / Points#3. Clarify the uri will be overridden below (in severed suit-install). /,
},
/ directive-override-parameters / 20,{
/ image-digest / 3:bstr .cbor ([
/ algorithm-id / 2 / "sha256" /,
/ digest-bytes / h'(digest of image)'
]),
/ image-size / 14:34768
}
])
}),
/ install / 9:[] / Points#2. The digest of severed suit-install SHOULD NOT be set in order to change the uri by TAM's will. /
}),
/ install / 9:bstr .cbor ([ / Points#1. TAM CAN change severed and not digested suit-install. /
/ directive-override-parameters / 20,{
/ uri / 21:'http://set.by.not.author.but.tam/firmware',
}
}
}
The 3rd point requires suit-manifest to change the type of suit-parameter-uri.
--- a/draft-ietf-suit-manifest.cddl
+++ b/draft-ietf-suit-manifest.cddl
@@ -215,7 +215,7 @@ SUIT_Parameters //= (suit-parameter-compression-info
SUIT_Parameters //= (suit-parameter-unpack-info
=> bstr .cbor SUIT_Unpack_Info)
-SUIT_Parameters //= (suit-parameter-uri => tstr)
+SUIT_Parameters //= (suit-parameter-uri => (tstr // Null))
SUIT_Parameters //= (suit-parameter-source-component => uint)
SUIT_Parameters //= (suit-parameter-run-args => bstr)
from teep-protocol.
@bremoran this looks like more of a comment/question on the SUIT manifest draft rather than the TEEP protocol spec
from teep-protocol.
@bremoran @dthaler let's discuss this at IETF 110 TEEP session, since this is use-cases of SUIT manifest in TEEP
from teep-protocol.
Fixed in #161
from teep-protocol.
Related Issues (20)
- Relationship between TEEP EAT profile and AR4SI HOT 4
- CDDL validation failure on system-property-claims HOT 6
- Error return for QueryResponse HOT 5
- A Compromised Agent wants to theft Attestation Results from a healthy Agent. HOT 13
- EAT media-types 1-char update HOT 1
- [hackathon] How to store Verifier's nonce in Attestation Results? HOT 2
- IETF116: Change HPKE to ECDH HOT 5
- IETF116: Change firmware-encryption to informative reference HOT 1
- Encrypted Personalization Data HOT 2
- [IESG submission] Attesting TAM from Agent in the architecture draft is not in the TEEP protocol draft HOT 2
- Hackathon 117: Returning err-code and err-msg in Update message HOT 4
- Hackathon 117: kid in EAT profile refers COSE Key Thumbprint HOT 1
- No mention about EATs and SUIT Reports created by the TAM
- Do we need to refer SUIT Report as normative? HOT 3
- No reference to each suit-cose-profiles HOT 3
- *.suit Filename HOT 5
- Evidence opaque to TAM HOT 1
- Encryption functionality incomplete HOT 2
- TEEP profile identification HOT 1
- [Hackathon] No selected-suit-cose-profile HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from teep-protocol.