draft-ietf-suit-manifest-06.txt | draft-ietf-suit-manifest-07.txt | |||
---|---|---|---|---|
SUIT B. Moran | SUIT B. Moran | |||
Internet-Draft H. Tschofenig | Internet-Draft H. Tschofenig | |||
Intended status: Standards Track Arm Limited | Intended status: Standards Track Arm Limited | |||
Expires: December 4, 2020 H. Birkholz | Expires: December 11, 2020 H. Birkholz | |||
Fraunhofer SIT | Fraunhofer SIT | |||
K. Zandberg | K. Zandberg | |||
Inria | Inria | |||
June 02, 2020 | June 09, 2020 | |||
A Concise Binary Object Representation (CBOR)-based Serialization Format | A Concise Binary Object Representation (CBOR)-based Serialization Format | |||
for the Software Updates for Internet of Things (SUIT) Manifest | for the Software Updates for Internet of Things (SUIT) Manifest | |||
draft-ietf-suit-manifest-06 | draft-ietf-suit-manifest-07 | |||
Abstract | Abstract | |||
This specification describes the format of a manifest. A manifest is | This specification describes the format of a manifest. A manifest is | |||
a bundle of metadata about the firmware for an IoT device, where to | a bundle of metadata about the firmware for an IoT device, where to | |||
find the firmware, the devices to which it applies, and cryptographic | find the firmware, the devices to which it applies, and cryptographic | |||
information protecting the manifest. Firmware updates and secure | information protecting the manifest. Firmware updates and secure | |||
boot both tend to use sequences of common operations, so the manifest | boot both tend to use sequences of common operations, so the manifest | |||
encodes those sequences of operations, rather than declaring the | encodes those sequences of operations, rather than declaring the | |||
metadata. The manifest also serves as a building block for secure | metadata. The manifest also serves as a building block for secure | |||
skipping to change at page 1, line 42 ¶ | skipping to change at page 1, line 42 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on December 4, 2020. | This Internet-Draft will expire on December 11, 2020. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
This document may contain material from IETF Documents or IETF | ||||
Contributions published or made publicly available before November | ||||
10, 2008. The person(s) controlling the copyright in some of this | ||||
material may not have granted the IETF Trust the right to allow | ||||
modifications of such material outside the IETF Standards Process. | ||||
Without obtaining an adequate license from the person(s) controlling | ||||
the copyright in such materials, this document may not be modified | ||||
outside the IETF Standards Process, and derivative works of it may | ||||
not be created outside the IETF Standards Process, except to format | ||||
it for publication as an RFC or to translate it into languages other | ||||
than English. | ||||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 6 | 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 5 | |||
3. How to use this Document . . . . . . . . . . . . . . . . . . 7 | 3. How to use this Document . . . . . . . . . . . . . . . . . . 6 | |||
4. Background . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 4. Background . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
4.1. IoT Firmware Update Constraints . . . . . . . . . . . . . 8 | 4.1. IoT Firmware Update Constraints . . . . . . . . . . . . . 7 | |||
4.2. Update Workflow Model . . . . . . . . . . . . . . . . . . 8 | 4.2. Update Workflow Model . . . . . . . . . . . . . . . . . . 8 | |||
5. Severed Fields . . . . . . . . . . . . . . . . . . . . . . . 9 | 5. Severed Fields . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
6. Interpreter Behavior . . . . . . . . . . . . . . . . . . . . 10 | 6. Interpreter Behavior . . . . . . . . . . . . . . . . . . . . 10 | |||
6.1. Interpreter Setup . . . . . . . . . . . . . . . . . . . . 10 | 6.1. Interpreter Setup . . . . . . . . . . . . . . . . . . . . 10 | |||
6.2. Required Checks . . . . . . . . . . . . . . . . . . . . . 11 | 6.2. Required Checks . . . . . . . . . . . . . . . . . . . . . 11 | |||
6.3. Interpreter Fundamental Properties . . . . . . . . . . . 12 | 6.3. Interpreter Fundamental Properties . . . . . . . . . . . 12 | |||
6.4. Abstract Machine Description . . . . . . . . . . . . . . 13 | 6.4. Abstract Machine Description . . . . . . . . . . . . . . 12 | |||
6.5. Serialized Processing Interpreter . . . . . . . . . . . . 14 | 6.5. Serialized Processing Interpreter . . . . . . . . . . . . 14 | |||
6.6. Parallel Processing Interpreter . . . . . . . . . . . . . 15 | 6.6. Parallel Processing Interpreter . . . . . . . . . . . . . 14 | |||
6.7. Processing Dependencies . . . . . . . . . . . . . . . . . 15 | 6.7. Processing Dependencies . . . . . . . . . . . . . . . . . 15 | |||
7. Creating Manifests . . . . . . . . . . . . . . . . . . . . . 16 | 7. Creating Manifests . . . . . . . . . . . . . . . . . . . . . 15 | |||
7.1. Compatibility Check Template . . . . . . . . . . . . . . 16 | 7.1. Compatibility Check Template . . . . . . . . . . . . . . 16 | |||
7.2. Secure Boot Template . . . . . . . . . . . . . . . . . . 16 | 7.2. Secure Boot Template . . . . . . . . . . . . . . . . . . 16 | |||
7.3. Firmware Download Template . . . . . . . . . . . . . . . 17 | 7.3. Firmware Download Template . . . . . . . . . . . . . . . 16 | |||
7.4. Load from External Storage Template . . . . . . . . . . . 17 | 7.4. Load from External Storage Template . . . . . . . . . . . 17 | |||
7.5. Load & Decompress from External Storage Template . . . . 18 | 7.5. Load & Decompress from External Storage Template . . . . 17 | |||
7.6. Dependency Template . . . . . . . . . . . . . . . . . . . 18 | 7.6. Dependency Template . . . . . . . . . . . . . . . . . . . 18 | |||
8. Envelope . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 8. Envelope . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
8.1. Authenticated Manifests . . . . . . . . . . . . . . . . . 19 | 8.1. Authenticated Manifests . . . . . . . . . . . . . . . . . 19 | |||
8.2. Encrypted Manifests . . . . . . . . . . . . . . . . . . . 20 | 8.2. Encrypted Manifests . . . . . . . . . . . . . . . . . . . 20 | |||
8.3. Delegation Info . . . . . . . . . . . . . . . . . . . . . 20 | 8.3. Delegation Info . . . . . . . . . . . . . . . . . . . . . 20 | |||
8.4. Severable Fields . . . . . . . . . . . . . . . . . . . . 20 | 8.4. Severable Fields . . . . . . . . . . . . . . . . . . . . 20 | |||
8.5. Human-Readable Text . . . . . . . . . . . . . . . . . . . 20 | 8.5. Human-Readable Text . . . . . . . . . . . . . . . . . . . 20 | |||
8.6. COSWID . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 8.6. COSWID . . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
8.7. Encoding Considerations . . . . . . . . . . . . . . . . . 21 | 8.7. Encoding Considerations . . . . . . . . . . . . . . . . . 21 | |||
8.8. SUIT_Envelope CDDL . . . . . . . . . . . . . . . . . . . 22 | 9. Manifest . . . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
9. Manifest . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | 9.1. suit-manifest-version . . . . . . . . . . . . . . . . . . 22 | |||
9.1. suit-manifest-version . . . . . . . . . . . . . . . . . . 24 | 9.2. suit-manifest-sequence-number . . . . . . . . . . . . . . 23 | |||
9.2. suit-manifest-sequence-number . . . . . . . . . . . . . . 24 | 9.3. suit-reference-uri . . . . . . . . . . . . . . . . . . . 23 | |||
9.3. suit-reference-uri . . . . . . . . . . . . . . . . . . . 24 | 9.4. suit-text . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
9.4. suit-text . . . . . . . . . . . . . . . . . . . . . . . . 25 | 9.5. suit-coswid . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
9.5. suit-coswid . . . . . . . . . . . . . . . . . . . . . . . 25 | 9.6. Dependencies . . . . . . . . . . . . . . . . . . . . . . 23 | |||
9.6. Dependencies . . . . . . . . . . . . . . . . . . . . . . 25 | 9.7. SUIT_Component_Reference . . . . . . . . . . . . . . . . 24 | |||
9.7. SUIT_Component_Reference . . . . . . . . . . . . . . . . 25 | 9.8. SUIT_Command_Sequence . . . . . . . . . . . . . . . . . . 24 | |||
9.8. SUIT_Command_Sequence . . . . . . . . . . . . . . . . . . 26 | 9.8.1. suit-common . . . . . . . . . . . . . . . . . . . . . 26 | |||
9.8.1. suit-common . . . . . . . . . . . . . . . . . . . . . 28 | 9.8.2. SUIT_Parameters . . . . . . . . . . . . . . . . . . . 26 | |||
9.8.2. SUIT_Parameters . . . . . . . . . . . . . . . . . . . 29 | 9.8.3. SUIT_Condition . . . . . . . . . . . . . . . . . . . 31 | |||
9.8.3. SUIT_Condition . . . . . . . . . . . . . . . . . . . 34 | 9.8.4. SUIT_Directive . . . . . . . . . . . . . . . . . . . 36 | |||
9.8.4. SUIT_Directive . . . . . . . . . . . . . . . . . . . 40 | 10. Access Control Lists . . . . . . . . . . . . . . . . . . . . 42 | |||
9.9. SUIT_Manifest CDDL . . . . . . . . . . . . . . . . . . . 50 | 11. SUIT Digest Container . . . . . . . . . . . . . . . . . . . . 43 | |||
10. Access Control Lists . . . . . . . . . . . . . . . . . . . . 50 | 12. Creating Conditional Sequences . . . . . . . . . . . . . . . 43 | |||
11. SUIT Digest Container . . . . . . . . . . . . . . . . . . . . 51 | 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 45 | |||
12. Creating Conditional Sequences . . . . . . . . . . . . . . . 52 | 13.1. SUIT Directives . . . . . . . . . . . . . . . . . . . . 45 | |||
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 | 13.2. SUIT Conditions . . . . . . . . . . . . . . . . . . . . 46 | |||
13.1. SUIT Directives . . . . . . . . . . . . . . . . . . . . 54 | 13.3. SUIT Parameters . . . . . . . . . . . . . . . . . . . . 46 | |||
13.2. SUIT Conditions . . . . . . . . . . . . . . . . . . . . 55 | 13.4. SUIT Text Values . . . . . . . . . . . . . . . . . . . . 48 | |||
13.3. SUIT Parameters . . . . . . . . . . . . . . . . . . . . 56 | 13.5. SUIT Algorithm Identifiers . . . . . . . . . . . . . . . 48 | |||
13.4. SUIT Text Values . . . . . . . . . . . . . . . . . . . . 58 | 13.5.1. Hash Algorithms . . . . . . . . . . . . . . . . . . 48 | |||
13.5. SUIT Algorithm Identifiers . . . . . . . . . . . . . . . 58 | 13.5.2. Unpack Algorithms . . . . . . . . . . . . . . . . . 49 | |||
14. Security Considerations . . . . . . . . . . . . . . . . . . . 58 | 14. Security Considerations . . . . . . . . . . . . . . . . . . . 49 | |||
15. Mailing List Information . . . . . . . . . . . . . . . . . . 58 | 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 49 | |||
16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 59 | 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 50 | |||
17. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 | 16.1. Normative References . . . . . . . . . . . . . . . . . . 50 | |||
17.1. Normative References . . . . . . . . . . . . . . . . . . 59 | 16.2. Informative References . . . . . . . . . . . . . . . . . 51 | |||
17.2. Informative References . . . . . . . . . . . . . . . . . 60 | A. Full CDDL . . . . . . . . . . . . . . . . . . . . . . . . . . 53 | |||
17.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 61 | B. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 | |||
A. Full CDDL . . . . . . . . . . . . . . . . . . . . . . . . . . 62 | B.1. Example 0: Secure Boot . . . . . . . . . . . . . . . . . 61 | |||
B. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 | ||||
B.1. Example 0: Secure Boot . . . . . . . . . . . . . . . . . 70 | ||||
B.2. Example 1: Simultaneous Download and Installation of | B.2. Example 1: Simultaneous Download and Installation of | |||
Payload . . . . . . . . . . . . . . . . . . . . . . . . . 72 | Payload . . . . . . . . . . . . . . . . . . . . . . . . . 63 | |||
B.3. Example 2: Simultaneous Download, Installation, and | B.3. Example 2: Simultaneous Download, Installation, and | |||
Secure Boot . . . . . . . . . . . . . . . . . . . . . . . 75 | Secure Boot . . . . . . . . . . . . . . . . . . . . . . . 66 | |||
B.4. Example 3: Load from External Storage . . . . . . . . . . 77 | B.4. Example 3: Load from External Storage . . . . . . . . . . 68 | |||
B.5. Example 4: Load and Decompress from External Storage . . 80 | B.5. Example 4: Load and Decompress from External Storage . . 71 | |||
B.6. Example 5: Compatibility Test, Download, Installation, | B.6. Example 5: Compatibility Test, Download, Installation, | |||
and Secure Boot . . . . . . . . . . . . . . . . . . . . . 82 | and Secure Boot . . . . . . . . . . . . . . . . . . . . . 73 | |||
B.7. Example 6: Two Images . . . . . . . . . . . . . . . . . . 76 | ||||
B.7. Example 6: Two Images . . . . . . . . . . . . . . . . . . 85 | C. Design Rational . . . . . . . . . . . . . . . . . . . . . . . 79 | |||
C. Design Rational . . . . . . . . . . . . . . . . . . . . . . . 88 | D. Implementation Conformance Matrix . . . . . . . . . . . . . . 80 | |||
D. Implementation Confirmance Matrix . . . . . . . . . . . . . . 89 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 84 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 93 | ||||
1. Introduction | 1. Introduction | |||
A firmware update mechanism is an essential security feature for IoT | A firmware update mechanism is an essential security feature for IoT | |||
devices to deal with vulnerabilities. While the transport of | devices to deal with vulnerabilities. While the transport of | |||
firmware images to the devices themselves is important there are | firmware images to the devices themselves is important there are | |||
already various techniques available. Equally important is the | already various techniques available. Equally important is the | |||
inclusion of metadata about the conveyed firmware image (in the form | inclusion of metadata about the conveyed firmware image (in the form | |||
of a manifest) and the use of a security wrapper to provide end-to- | of a manifest) and the use of a security wrapper to provide end-to- | |||
end security protection to detect modifications and (optionally) to | end security protection to detect modifications and (optionally) to | |||
skipping to change at page 22, line 13 ¶ | skipping to change at page 22, line 13 ¶ | |||
detection of several common software errors that are caused by | detection of several common software errors that are caused by | |||
uninitialised variables. Positive numbers in enumerations are | uninitialised variables. Positive numbers in enumerations are | |||
reserved for IANA registration. Negative numbers are used to | reserved for IANA registration. Negative numbers are used to | |||
identify application-specific implementations. | identify application-specific implementations. | |||
All elements of the envelope must be wrapped in a bstr to minimize | All elements of the envelope must be wrapped in a bstr to minimize | |||
the complexity of the code that evaluates the cryptographic integrity | the complexity of the code that evaluates the cryptographic integrity | |||
of the element and to ensure correct serialization for integrity and | of the element and to ensure correct serialization for integrity and | |||
authenticity checks. | authenticity checks. | |||
8.8. SUIT_Envelope CDDL | ||||
CDDL names are hyphenated and CDDL structures follow the convention | ||||
adopted in COSE [RFC8152]: SUIT_Structure_Name. | ||||
The CDDL that describes the envelope is below. | ||||
SUIT_Envelope = { | ||||
suit-delegation => bstr .cbor SUIT_Delegation | ||||
suit-authentication-wrapper | ||||
=> bstr .cbor SUIT_Authentication_Wrapper / nil, | ||||
$$SUIT_Manifest_Wrapped, | ||||
* $$SUIT_Severed_Fields, | ||||
} | ||||
SUIT_Delegation = [ + [ + CWT ] ] | ||||
SUIT_Authentication_Wrapper = [ + bstr .cbor SUIT_Authentication_Block ] | ||||
SUIT_Authentication_Block /= COSE_Mac_Tagged | ||||
SUIT_Authentication_Block /= COSE_Sign_Tagged | ||||
SUIT_Authentication_Block /= COSE_Mac0_Tagged | ||||
SUIT_Authentication_Block /= COSE_Sign1_Tagged | ||||
$$SUIT_Manifest_Wrapped //= (suit-manifest => bstr .cbor SUIT_Manifest) | ||||
$$SUIT_Manifest_Wrapped //= ( | ||||
suit-manifest-encryption-info => bstr .cbor SUIT_Encryption_Wrapper, | ||||
suit-manifest-encrypted => bstr | ||||
) | ||||
SUIT_Encryption_Wrapper = COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged | ||||
$$SUIT_Severed_Fields //= ( suit-dependency-resolution => | ||||
bstr .cbor SUIT_Command_Sequence) | ||||
$$SUIT_Severed_Fields //= (suit-payload-fetch => | ||||
bstr .cbor SUIT_Command_Sequence) | ||||
$$SUIT_Severed_Fields //= (suit-install => | ||||
bstr .cbor SUIT_Command_Sequence) | ||||
$$SUIT_Severed_Fields //= (suit-text => | ||||
bstr .cbor SUIT_Text_Map) | ||||
$$SUIT_Severed_Fields //= (suit-coswid => | ||||
bstr .cbor concise-software-identity) | ||||
9. Manifest | 9. Manifest | |||
The manifest contains: | The manifest contains: | |||
- a version number (see Section 9.1) | - a version number (see Section 9.1) | |||
- a sequence number (see Section 9.2) | - a sequence number (see Section 9.2) | |||
- a common structure with information that is shared between command | - a common structure with information that is shared between command | |||
sequences (see Section 9.8.1) | sequences (see Section 9.8.1) | |||
skipping to change at page 25, line 22 ¶ | skipping to change at page 23, line 40 ¶ | |||
suit-coswid is a digest that uniquely identifies the content of the | suit-coswid is a digest that uniquely identifies the content of the | |||
concise-software-identifier that is packaged in the SUIT_Envelope. | concise-software-identifier that is packaged in the SUIT_Envelope. | |||
suit-coswid is OPTIONAL to implement. | suit-coswid is OPTIONAL to implement. | |||
9.6. Dependencies | 9.6. Dependencies | |||
SUIT_Dependency specifies a manifest that describes a dependency of | SUIT_Dependency specifies a manifest that describes a dependency of | |||
the current manifest. | the current manifest. | |||
The following CDDL describes the SUIT_Dependency structure. | ||||
SUIT_Dependency = { | ||||
suit-dependency-digest => SUIT_Digest, | ||||
? suit-dependency-prefix => SUIT_Component_Identifier, | ||||
} | ||||
The suit-dependency-digest specifies the dependency manifest uniquely | The suit-dependency-digest specifies the dependency manifest uniquely | |||
by identifying a particular Manifest structure. The digest is | by identifying a particular Manifest structure. The digest is | |||
calculated over the Manifest structure instead of the COSE | calculated over the Manifest structure instead of the COSE | |||
Sig_structure or Mac_structure. This means that a digest may need to | Sig_structure or Mac_structure. This means that a digest may need to | |||
be calculated more than once, however this is necessary to ensure | be calculated more than once, however this is necessary to ensure | |||
that removing a signature from a manifest does not break dependencies | that removing a signature from a manifest does not break dependencies | |||
due to missing signature elements. This is also necessary to support | due to missing signature elements. This is also necessary to support | |||
the trusted intermediary use case, where an intermediary re-signs the | the trusted intermediary use case, where an intermediary re-signs the | |||
Manifest, removing the original signature, potentially with a | Manifest, removing the original signature, potentially with a | |||
different algorithm, or trading COSE_Sign for COSE_Mac. | different algorithm, or trading COSE_Sign for COSE_Mac. | |||
skipping to change at page 26, line 6 ¶ | skipping to change at page 24, line 17 ¶ | |||
without those devices needing consistent component hierarchy. This | without those devices needing consistent component hierarchy. This | |||
element is OPTIONAL. | element is OPTIONAL. | |||
9.7. SUIT_Component_Reference | 9.7. SUIT_Component_Reference | |||
The SUIT_Component_Reference describes an image that is defined by | The SUIT_Component_Reference describes an image that is defined by | |||
another manifest. This is useful for overriding the behavior of | another manifest. This is useful for overriding the behavior of | |||
another manifest, for example by directing the recipient to look at a | another manifest, for example by directing the recipient to look at a | |||
different URI for the image or by changing the expected format, such | different URI for the image or by changing the expected format, such | |||
as when a gateway performs decryption on behalf of a constrained | as when a gateway performs decryption on behalf of a constrained | |||
device. The following CDDL describes the SUIT_Component_Reference. | device. | |||
SUIT_Component_Reference = { | ||||
suit-component-identifier => SUIT_Component_Identifier, | ||||
suit-component-dependency-index => uint | ||||
} | ||||
9.8. SUIT_Command_Sequence | 9.8. SUIT_Command_Sequence | |||
A SUIT_Command_Sequence defines a series of actions that the | A SUIT_Command_Sequence defines a series of actions that the | |||
Recipient MUST take to accomplish a particular goal. These goals are | Recipient MUST take to accomplish a particular goal. These goals are | |||
defined in the manifest and include: | defined in the manifest and include: | |||
1. Dependency Resolution: suit-dependency-resolution is a | 1. Dependency Resolution: suit-dependency-resolution is a | |||
SUIT_Command_Sequence to execute in order to perform dependency | SUIT_Command_Sequence to execute in order to perform dependency | |||
resolution. Typical actions include configuring URIs of | resolution. Typical actions include configuring URIs of | |||
skipping to change at page 27, line 24 ¶ | skipping to change at page 25, line 30 ¶ | |||
Each of these follows exactly the same structure to ensure that the | Each of these follows exactly the same structure to ensure that the | |||
parser is as simple as possible. | parser is as simple as possible. | |||
Lists of commands are constructed from two kinds of element: | Lists of commands are constructed from two kinds of element: | |||
1. Conditions that MUST be true-any failure is treated as a failure | 1. Conditions that MUST be true-any failure is treated as a failure | |||
of the update/load/boot | of the update/load/boot | |||
2. Directives that MUST be executed. | 2. Directives that MUST be executed. | |||
The lists of commands are logically structured into sequences of zero | Each condition is a command code identifier, followed by Nil. | |||
or more conditions followed by zero or more directives. The | ||||
*logical* structure is described by the following CDDL: | ||||
Command_Sequence = { | ||||
conditions => [ * Condition], | ||||
directives => [ * Directive] | ||||
} | ||||
This introduces significant complexity in the parser, however, so the | ||||
structure is flattened to make parsing simpler: | ||||
SUIT_Command_Sequence = [ + (SUIT_Condition/SUIT_Directive) ] | ||||
Each condition is a command code identifier, followed by Nil. Each | Each directive is composed of: | |||
directive is composed of: | ||||
1. A command code identifier | 1. A command code identifier | |||
2. An argument block or Nil | 2. An argument block or Nil | |||
Argument blocks are defined for each type of directive. | Argument blocks are defined for each type of directive. | |||
Many conditions and directives apply to a given component, and these | Many conditions and directives apply to a given component, and these | |||
generally grouped together. Therefore, a special command to set the | generally grouped together. Therefore, a special command to set the | |||
current component index is provided with a matching command to set | current component index is provided with a matching command to set | |||
skipping to change at page 31, line 21 ¶ | skipping to change at page 29, line 7 ¶ | |||
The size of the firmware image in bytes. | The size of the firmware image in bytes. | |||
9.8.2.5. suit-parameter-use-before | 9.8.2.5. suit-parameter-use-before | |||
An expire date for the use of the manifest encoded as a POSIX | An expire date for the use of the manifest encoded as a POSIX | |||
timestamp. | timestamp. | |||
9.8.2.6. suit-parameter-component-offset | 9.8.2.6. suit-parameter-component-offset | |||
Offset of the component | This parameter sets the offset in a component. | |||
9.8.2.7. suit-parameter-encryption-info | 9.8.2.7. suit-parameter-encryption-info | |||
Encryption Info defines the mechanism that Fetch or Copy should use | Encryption Info defines the mechanism that Fetch or Copy should use | |||
to decrypt the data they transfer. SUIT_Parameter_Encryption_Info is | to decrypt the data they transfer. SUIT_Parameter_Encryption_Info is | |||
encoded as a COSE_Encrypt_Tagged or a COSE_Encrypt0_Tagged, wrapped | encoded as a COSE_Encrypt_Tagged or a COSE_Encrypt0_Tagged, wrapped | |||
in a bstr. | in a bstr. | |||
9.8.2.8. suit-parameter-compression-info | 9.8.2.8. suit-parameter-compression-info | |||
skipping to change at page 32, line 7 ¶ | skipping to change at page 29, line 39 ¶ | |||
interpret a packed format. This document defines the use of the | interpret a packed format. This document defines the use of the | |||
following binary encodings: Intel HEX [HEX], Motorola S-record | following binary encodings: Intel HEX [HEX], Motorola S-record | |||
[SREC], Executable and Linkable Format (ELF) [ELF], and Common Object | [SREC], Executable and Linkable Format (ELF) [ELF], and Common Object | |||
File Format (COFF) [COFF]. | File Format (COFF) [COFF]. | |||
Additional packing formats can be registered through the IANA- | Additional packing formats can be registered through the IANA- | |||
maintained registry. | maintained registry. | |||
9.8.2.10. suit-parameter-uri | 9.8.2.10. suit-parameter-uri | |||
A URI from which to fetch a resource | A URI from which to fetch a resource. | |||
9.8.2.11. suit-parameter-source-component | 9.8.2.11. suit-parameter-source-component | |||
A Component Index | This parameter sets the source component. | |||
9.8.2.12. suit-parameter-run-args | 9.8.2.12. suit-parameter-run-args | |||
An encoded set of arguments for Run | This parameter contains an encoded set of arguments for Run. | |||
9.8.2.13. suit-parameter-device-identifier | 9.8.2.13. suit-parameter-device-identifier | |||
A RFC4122 UUID representing the device or component | A RFC 4122 UUID representing the device or component. | |||
9.8.2.14. suit-parameter-minimum-battery | 9.8.2.14. suit-parameter-minimum-battery | |||
A minimum battery level in mWh | This parameter sets the minimum battery level in mWh. | |||
9.8.2.15. suit-parameter-update-priority | 9.8.2.15. suit-parameter-update-priority | |||
The priority of the update | This parameter sets the priority of the update. | |||
9.8.2.16. suit-parameter-version | 9.8.2.16. suit-parameter-version | |||
TBD. | Allows to indicate the version numbers of firmware to which the | |||
manifest applies, either with a list or with range matching. | ||||
9.8.2.17. suit-parameter-wait-info | 9.8.2.17. suit-parameter-wait-info | |||
TBD. | suit-directive-wait Section 9.8.4.11 directs the manifest processor | |||
to pause until a specified event occurs. The suit-parameter-wait- | ||||
info encodes the parameters needed for the directive. | ||||
9.8.2.18. suit-parameter-uri-list | 9.8.2.18. suit-parameter-uri-list | |||
TBD. | Indicates a list of URIs from which to fetch a resource. | |||
9.8.2.19. suit-parameter-strict-order | 9.8.2.19. suit-parameter-strict-order | |||
The Strict Order Parameter allows a manifest to govern when | The Strict Order Parameter allows a manifest to govern when | |||
directives can be executed out-of-order. This allows for systems | directives can be executed out-of-order. This allows for systems | |||
that have a sensitivity to order of updates to choose the order in | that have a sensitivity to order of updates to choose the order in | |||
which they are executed. It also allows for more advanced systems to | which they are executed. It also allows for more advanced systems to | |||
parallelize their handling of updates. Strict Order defaults to | parallelize their handling of updates. Strict Order defaults to | |||
True. It MAY be set to False when the order of operations does not | True. It MAY be set to False when the order of operations does not | |||
matter. When arriving at the end of a command sequence, ALL commands | matter. When arriving at the end of a command sequence, ALL commands | |||
skipping to change at page 33, line 19 ¶ | skipping to change at page 31, line 9 ¶ | |||
When executing a command sequence inside SUIT_Directive_Try_Each and | When executing a command sequence inside SUIT_Directive_Try_Each and | |||
a condition failure occurs, the manifest processor aborts the | a condition failure occurs, the manifest processor aborts the | |||
sequence. If Soft Failure is True, it returns Success. Otherwise, | sequence. If Soft Failure is True, it returns Success. Otherwise, | |||
it returns the original condition failure. | it returns the original condition failure. | |||
SUIT_Parameter_Soft_Failure is scoped to the enclosing | SUIT_Parameter_Soft_Failure is scoped to the enclosing | |||
SUIT_Command_Sequence. Its value is discarded when | SUIT_Command_Sequence. Its value is discarded when | |||
SUIT_Command_Sequence terminates. | SUIT_Command_Sequence terminates. | |||
9.8.2.21. suit-parameter-custom | 9.8.2.21. suit-parameter-custom | |||
TBD. | This parameter is an extension point for any proprietary, application | |||
specific conditions and directives. | ||||
9.8.2.22. SUIT_Parameters CDDL | ||||
The following CDDL describes all SUIT_Parameters. | ||||
SUIT_Parameters //= (suit-parameter-vendor-identifier => RFC4122_UUID) | ||||
SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID) | ||||
SUIT_Parameters //= (suit-parameter-image-digest | ||||
=> bstr .cbor SUIT_Digest) | ||||
SUIT_Parameters //= (suit-parameter-image-size => uint) | ||||
SUIT_Parameters //= (suit-parameter-use-before => uint) | ||||
SUIT_Parameters //= (suit-parameter-component-offset => uint) | ||||
SUIT_Parameters //= (suit-parameter-encryption-info | ||||
=> bstr .cbor SUIT_Encryption_Info) | ||||
SUIT_Parameters //= (suit-parameter-compression-info | ||||
=> bstr .cbor SUIT_Compression_Info) | ||||
SUIT_Parameters //= (suit-parameter-unpack-info | ||||
=> bstr .cbor SUIT_Unpack_Info) | ||||
SUIT_Parameters //= (suit-parameter-uri => tstr) | ||||
SUIT_Parameters //= (suit-parameter-source-component => uint) | ||||
SUIT_Parameters //= (suit-parameter-run-args => bstr) | ||||
SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID) | ||||
SUIT_Parameters //= (suit-parameter-minimum-battery => uint) | ||||
SUIT_Parameters //= (suit-parameter-update-priority => uint) | ||||
SUIT_Parameters //= (suit-parameter-version => | ||||
SUIT_Parameter_Version_Match) | ||||
SUIT_Parameters //= (suit-parameter-wait-info => | ||||
bstr .cbor SUIT_Wait_Events) | ||||
SUIT_Parameters //= (suit-parameter-uri-list | ||||
=> bstr .cbor SUIT_Component_URI_List) | ||||
SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr) | ||||
SUIT_Parameters //= (suit-parameter-strict-order => bool) | ||||
SUIT_Parameters //= (suit-parameter-soft-failure => bool) | ||||
RFC4122_UUID = bstr .size 16 | ||||
SUIT_Condition_Version_Comparison_Value = [+int] | ||||
SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged | ||||
SUIT_Compression_Info = { | ||||
suit-compression-algorithm => SUIT_Compression_Algorithms, | ||||
? suit-compression-parameters => bstr | ||||
} | ||||
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zlib | ||||
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_brotli | ||||
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_zstd | ||||
SUIT_Unpack_Info = { | ||||
suit-unpack-algorithm => SUIT_Unpack_Algorithms, | ||||
? suit-unpack-parameters => bstr | ||||
} | ||||
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex | ||||
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf | ||||
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Coff | ||||
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Srec | ||||
9.8.3. SUIT_Condition | 9.8.3. SUIT_Condition | |||
Conditions are used to define mandatory properties of a system in | Conditions are used to define mandatory properties of a system in | |||
order for an update to be applied. They can be pre-conditions or | order for an update to be applied. They can be pre-conditions or | |||
post-conditions of any directive or series of directives, depending | post-conditions of any directive or series of directives, depending | |||
on where they are placed in the list. Conditions never take | on where they are placed in the list. Conditions never take | |||
arguments; conditions should test using parameters instead. | arguments; conditions should test using parameters instead. | |||
Conditions include: | Conditions include: | |||
skipping to change at page 39, line 14 ¶ | skipping to change at page 36, line 14 ¶ | |||
Versions are encoded as a CBOR list of integers. Comparisons are | Versions are encoded as a CBOR list of integers. Comparisons are | |||
done on each integer in sequence. Comparison stops after all | done on each integer in sequence. Comparison stops after all | |||
integers in the list defined by the manifest have been consumed OR | integers in the list defined by the manifest have been consumed OR | |||
after a non-equal match has occurred. For example, if the manifest | after a non-equal match has occurred. For example, if the manifest | |||
defines a comparison, "Equal [1]", then this will match all version | defines a comparison, "Equal [1]", then this will match all version | |||
sequences starting with 1. If a manifest defines both "Greater or | sequences starting with 1. If a manifest defines both "Greater or | |||
Equal [1,0]" and "Lesser [1,10]", then it will match versions 1.0.x | Equal [1,0]" and "Lesser [1,10]", then it will match versions 1.0.x | |||
up to, but not including 1.10. | up to, but not including 1.10. | |||
The following CDDL describes SUIT_Condition_Version_Argument | ||||
SUIT_Condition_Version_Argument = [ | ||||
suit-condition-version-comparison-type: | ||||
SUIT_Condition_Version_Comparison_Types, | ||||
suit-condition-version-comparison-value: | ||||
SUIT_Condition_Version_Comparison_Value | ||||
] | ||||
SUIT_Condition_Version_Comparison_Types /= | ||||
suit-condition-version-comparison-greater | ||||
SUIT_Condition_Version_Comparison_Types /= | ||||
suit-condition-version-comparison-greater-equal | ||||
SUIT_Condition_Version_Comparison_Types /= | ||||
suit-condition-version-comparison-equal | ||||
SUIT_Condition_Version_Comparison_Types /= | ||||
suit-condition-version-comparison-lesser-equal | ||||
SUIT_Condition_Version_Comparison_Types /= | ||||
suit-condition-version-comparison-lesser | ||||
SUIT_Condition_Version_Comparison_Value = [+int] | ||||
While the exact encoding of versions is application-defined, semantic | While the exact encoding of versions is application-defined, semantic | |||
versions map conveniently. For example, | versions map conveniently. For example, | |||
- 1.2.3 = [1,2,3]. | - 1.2.3 = [1,2,3]. | |||
- 1.2-rc3 = [1,2,-1,3]. | - 1.2-rc3 = [1,2,-1,3]. | |||
- 1.2-beta = [1,2,-2]. | - 1.2-beta = [1,2,-2]. | |||
- 1.2-alpha = [1,2,-3]. | - 1.2-alpha = [1,2,-3]. | |||
skipping to change at page 40, line 14 ¶ | skipping to change at page 36, line 38 ¶ | |||
9.8.3.9. SUIT_Condition_Custom | 9.8.3.9. SUIT_Condition_Custom | |||
SUIT_Condition_Custom describes any proprietary, application specific | SUIT_Condition_Custom describes any proprietary, application specific | |||
condition. This is encoded as a negative integer, chosen by the | condition. This is encoded as a negative integer, chosen by the | |||
firmware developer. If additional information must be provided to | firmware developer. If additional information must be provided to | |||
the condition, it should be encoded in a custom parameter (a nint) as | the condition, it should be encoded in a custom parameter (a nint) as | |||
described in Section 9.8.2. SUIT_Condition_Custom is OPTIONAL to | described in Section 9.8.2. SUIT_Condition_Custom is OPTIONAL to | |||
implement. | implement. | |||
9.8.3.10. SUIT_Condition CDDL | ||||
The following CDDL describes SUIT_Condition: | ||||
SUIT_Condition //= (suit-condition-vendor-identifier, nil) | ||||
SUIT_Condition //= (suit-condition-class-identifier, nil) | ||||
SUIT_Condition //= (suit-condition-device-identifier, nil) | ||||
SUIT_Condition //= (suit-condition-image-match, nil) | ||||
SUIT_Condition //= (suit-condition-image-not-match, nil) | ||||
SUIT_Condition //= (suit-condition-use-before, nil) | ||||
SUIT_Condition //= (suit-condition-component-offset, nil) | ||||
SUIT_Condition //= (suit-condition-minimum-battery, nil) | ||||
SUIT_Condition //= (suit-condition-update-authorized, nil) | ||||
SUIT_Condition //= (suit-condition-version, nil) | ||||
SUIT_Condition //= (suit-condition-component-offset, nil) | ||||
9.8.4. SUIT_Directive | 9.8.4. SUIT_Directive | |||
Directives are used to define the behavior of the recipient. | Directives are used to define the behavior of the recipient. | |||
Directives include: | Directives include: | |||
+---------------+-------------------------------------+-------------+ | +---------------+-------------------------------------+-------------+ | |||
| Name | CDDL Structure | Reference | | | Name | CDDL Structure | Reference | | |||
+---------------+-------------------------------------+-------------+ | +---------------+-------------------------------------+-------------+ | |||
| Set Component | suit-directive-set-component-index | Section | | | Set Component | suit-directive-set-component-index | Section | | |||
| Index | | 9.8.4.1 | | | Index | | 9.8.4.1 | | |||
skipping to change at page 42, line 19 ¶ | skipping to change at page 38, line 19 ¶ | |||
either a boolean or an unsigned integer index into the concatenation | either a boolean or an unsigned integer index into the concatenation | |||
of suit-components and suit-dependency-components. If the following | of suit-components and suit-dependency-components. If the following | |||
directives apply to ALL components, then the boolean value "True" is | directives apply to ALL components, then the boolean value "True" is | |||
used instead of an index. True does not apply to dependency | used instead of an index. True does not apply to dependency | |||
components. If the following directives apply to NO components, then | components. If the following directives apply to NO components, then | |||
the boolean value "False" is used. When suit-directive-set- | the boolean value "False" is used. When suit-directive-set- | |||
dependency-index is used, suit-directive-set-component-index = False | dependency-index is used, suit-directive-set-component-index = False | |||
is implied. When suit-directive-set-component-index is used, suit- | is implied. When suit-directive-set-component-index is used, suit- | |||
directive-set-dependency-index = False is implied. | directive-set-dependency-index = False is implied. | |||
The following CDDL describes the argument to suit-directive-set- | ||||
component-index. | ||||
SUIT_Directive_Set_Component_Index_Argument = uint/bool | ||||
9.8.4.2. suit-directive-set-dependency-index | 9.8.4.2. suit-directive-set-dependency-index | |||
Set Dependency Index defines the manifest to which successive | Set Dependency Index defines the manifest to which successive | |||
directives and conditions will apply. The supplied argument MUST be | directives and conditions will apply. The supplied argument MUST be | |||
either a boolean or an unsigned integer index into the dependencies. | either a boolean or an unsigned integer index into the dependencies. | |||
If the following directives apply to ALL dependencies, then the | If the following directives apply to ALL dependencies, then the | |||
boolean value "True" is used instead of an index. If the following | boolean value "True" is used instead of an index. If the following | |||
directives apply to NO dependencies, then the boolean value "False" | directives apply to NO dependencies, then the boolean value "False" | |||
is used. When suit-directive-set-component-index is used, suit- | is used. When suit-directive-set-component-index is used, suit- | |||
directive-set-dependency-index = False is implied. When suit- | directive-set-dependency-index = False is implied. When suit- | |||
directive-set-dependency-index is used, suit-directive-set-component- | directive-set-dependency-index is used, suit-directive-set-component- | |||
index = False is implied. | index = False is implied. | |||
Typical operations that require suit-directive-set-dependency-index | Typical operations that require suit-directive-set-dependency-index | |||
include setting a source URI, invoking "Fetch," or invoking "Process | include setting a source URI, invoking "Fetch," or invoking "Process | |||
Dependency" for an individual dependency. | Dependency" for an individual dependency. | |||
The following CDDL describes the argument to suit-directive-set- | ||||
dependency-index. | ||||
SUIT_Directive_Set_Manifest_Index_Argument = uint/bool | ||||
9.8.4.3. suit-directive-abort | 9.8.4.3. suit-directive-abort | |||
Unconditionally fail. This operation is typically used in | Unconditionally fail. This operation is typically used in | |||
conjunction with suit-directive-try-each. | conjunction with suit-directive-try-each. | |||
9.8.4.4. suit-directive-try-each | 9.8.4.4. suit-directive-try-each | |||
This command runs several SUIT_Command_Sequence, one after another, | This command runs several SUIT_Command_Sequence, one after another, | |||
in a strict order. Use this command to implement a "try/catch-try/ | in a strict order. Use this command to implement a "try/catch-try/ | |||
catch" sequence. Manifest processors MAY implement this command. | catch" sequence. Manifest processors MAY implement this command. | |||
SUIT_Parameter_Soft_Failure is initialized to True at the beginning | SUIT_Parameter_Soft_Failure is initialized to True at the beginning | |||
of each sequence. If one sequence aborts due to a condition failure, | of each sequence. If one sequence aborts due to a condition failure, | |||
the next is started. If no sequence completes without condition | the next is started. If no sequence completes without condition | |||
failure, then suit-directive-try-each returns an error. If a | failure, then suit-directive-try-each returns an error. If a | |||
particular application calls for all sequences to fail and still | particular application calls for all sequences to fail and still | |||
continue, then an empty sequence (nil) can be added to the Try Each | continue, then an empty sequence (nil) can be added to the Try Each | |||
Argument. | Argument. | |||
The following CDDL describes the SUIT_Try_Each argument. | ||||
SUIT_Directive_Try_Each_Argument = [ | ||||
+ bstr .cbor SUIT_Command_Sequence, | ||||
nil / bstr .cbor SUIT_Command_Sequence | ||||
] | ||||
9.8.4.5. suit-directive-process-dependency | 9.8.4.5. suit-directive-process-dependency | |||
Execute the commands in the common section of the current dependency, | Execute the commands in the common section of the current dependency, | |||
followed by the commands in the equivalent section of the current | followed by the commands in the equivalent section of the current | |||
dependency. For example, if the current section is "fetch payload," | dependency. For example, if the current section is "fetch payload," | |||
this will execute "common" in the current dependency, then "fetch | this will execute "common" in the current dependency, then "fetch | |||
payload" in the current dependency. Once this is complete, the | payload" in the current dependency. Once this is complete, the | |||
command following suit-directive-process-dependency will be | command following suit-directive-process-dependency will be | |||
processed. | processed. | |||
If the current dependency is False, this directive has no effect. If | If the current dependency is False, this directive has no effect. If | |||
the current dependency is True, then this directive applies to all | the current dependency is True, then this directive applies to all | |||
dependencies. If the current section is "common," this directive | dependencies. If the current section is "common," this directive | |||
MUST have no effect. | MUST have no effect. | |||
When SUIT_Process_Dependency completes, it forwards the last status | When SUIT_Process_Dependency completes, it forwards the last status | |||
code that occurred in the dependency. | code that occurred in the dependency. | |||
The argument to suit-directive-process-dependency is defined in the | ||||
following CDDL. | ||||
SUIT_Directive_Process_Dependency_Argument = nil | ||||
9.8.4.6. suit-directive-set-parameters | 9.8.4.6. suit-directive-set-parameters | |||
suit-directive-set-parameters allows the manifest to configure | suit-directive-set-parameters allows the manifest to configure | |||
behavior of future directives by changing parameters that are read by | behavior of future directives by changing parameters that are read by | |||
those directives. When dependencies are used, suit-directive-set- | those directives. When dependencies are used, suit-directive-set- | |||
parameters also allows a manifest to modify the behavior of its | parameters also allows a manifest to modify the behavior of its | |||
dependencies. | dependencies. | |||
Available parameters are defined in Section 9.8.2. | Available parameters are defined in Section 9.8.2. | |||
If a parameter is already set, suit-directive-set-parameters will | If a parameter is already set, suit-directive-set-parameters will | |||
skip setting the parameter to its argument. This provides the core | skip setting the parameter to its argument. This provides the core | |||
of the override mechanism, allowing dependent manifests to change the | of the override mechanism, allowing dependent manifests to change the | |||
behavior of a manifest. | behavior of a manifest. | |||
The argument to suit-directive-set-parameters is defined in the | ||||
following CDDL. | ||||
SUIT_Directive_Set_Parameters_Argument = {+ SUIT_Parameters} | ||||
N.B.: A directive code is reserved for an optimization: a way to set | ||||
a parameter to the contents of another parameter, optionally with | ||||
another component ID. | ||||
9.8.4.7. suit-directive-override-parameters | 9.8.4.7. suit-directive-override-parameters | |||
suit-directive-override-parameters replaces any listed parameters | suit-directive-override-parameters replaces any listed parameters | |||
that are already set with the values that are provided in its | that are already set with the values that are provided in its | |||
argument. This allows a manifest to prevent replacement of critical | argument. This allows a manifest to prevent replacement of critical | |||
parameters. | parameters. | |||
Available parameters are defined in Section 9.8.2. | Available parameters are defined in Section 9.8.2. | |||
The argument to suit-directive-override-parameters is defined in the | ||||
following CDDL. | ||||
SUIT_Directive_Override_Parameters_Argument = {+ SUIT_Parameters} | ||||
9.8.4.8. suit-directive-fetch | 9.8.4.8. suit-directive-fetch | |||
suit-directive-fetch instructs the manifest processor to obtain one | suit-directive-fetch instructs the manifest processor to obtain one | |||
or more manifests or payloads, as specified by the manifest index and | or more manifests or payloads, as specified by the manifest index and | |||
component index, respectively. | component index, respectively. | |||
suit-directive-fetch can target one or more manifests and one or more | suit-directive-fetch can target one or more manifests and one or more | |||
payloads. suit-directive-fetch retrieves each component and each | payloads. suit-directive-fetch retrieves each component and each | |||
manifest listed in component-index and manifest-index, respectively. | manifest listed in component-index and manifest-index, respectively. | |||
If component-index or manifest-index is True, instead of an integer, | If component-index or manifest-index is True, instead of an integer, | |||
skipping to change at page 45, line 23 ¶ | skipping to change at page 40, line 34 ¶ | |||
suit-directive-fetch reads the URI or URI List parameter to find the | suit-directive-fetch reads the URI or URI List parameter to find the | |||
source of the fetch it performs. | source of the fetch it performs. | |||
The behavior of suit-directive-fetch can be modified by setting one | The behavior of suit-directive-fetch can be modified by setting one | |||
or more of SUIT_Parameter_Encryption_Info, | or more of SUIT_Parameter_Encryption_Info, | |||
SUIT_Parameter_Compression_Info, SUIT_Parameter_Unpack_Info. These | SUIT_Parameter_Compression_Info, SUIT_Parameter_Unpack_Info. These | |||
three parameters each activate and configure a processing step that | three parameters each activate and configure a processing step that | |||
can be applied to the data that is transferred during suit-directive- | can be applied to the data that is transferred during suit-directive- | |||
fetch. | fetch. | |||
The argument to suit-directive-fetch is defined in the following | ||||
CDDL. | ||||
SUIT_Directive_Fetch_Argument = nil/bstr | ||||
9.8.4.9. suit-directive-copy | 9.8.4.9. suit-directive-copy | |||
suit-directive-copy instructs the manifest processor to obtain one or | suit-directive-copy instructs the manifest processor to obtain one or | |||
more payloads, as specified by the component index. suit-directive- | more payloads, as specified by the component index. suit-directive- | |||
copy retrieves each component listed in component-index, | copy retrieves each component listed in component-index, | |||
respectively. If component-index is True, instead of an integer, | respectively. If component-index is True, instead of an integer, | |||
then all current manifest components are copied. The current | then all current manifest components are copied. The current | |||
manifest's dependent-components are not automatically copied. In | manifest's dependent-components are not automatically copied. In | |||
order to copy these, they MUST be specified in a component-index | order to copy these, they MUST be specified in a component-index | |||
integer. | integer. | |||
skipping to change at page 46, line 5 ¶ | skipping to change at page 41, line 11 ¶ | |||
three parameters each activate and configure a processing step that | three parameters each activate and configure a processing step that | |||
can be applied to the data that is transferred during suit-directive- | can be applied to the data that is transferred during suit-directive- | |||
copy. | copy. | |||
*N.B.* Fetch and Copy are very similar. Merging them into one | *N.B.* Fetch and Copy are very similar. Merging them into one | |||
command may be appropriate. | command may be appropriate. | |||
suit-directive-copy reads its source from | suit-directive-copy reads its source from | |||
SUIT_Parameter_Source_Component. | SUIT_Parameter_Source_Component. | |||
The argument to suit-directive-copy is defined in the following CDDL. | ||||
SUIT_Directive_Copy_Argument = nil | ||||
9.8.4.10. suit-directive-run | 9.8.4.10. suit-directive-run | |||
suit-directive-run directs the manifest processor to transfer | suit-directive-run directs the manifest processor to transfer | |||
execution to the current Component Index. When this is invoked, the | execution to the current Component Index. When this is invoked, the | |||
manifest processor MAY be unloaded and execution continues in the | manifest processor MAY be unloaded and execution continues in the | |||
Component Index. Arguments provided to Run are forwarded to the | Component Index. Arguments provided to Run are forwarded to the | |||
executable code located in Component Index, in an application- | executable code located in Component Index, in an application- | |||
specific way. For example, this could form the Linux Kernel Command | specific way. For example, this could form the Linux Kernel Command | |||
Line if booting a Linux device. | Line if booting a Linux device. | |||
If the executable code at Component Index is constructed in such a | If the executable code at Component Index is constructed in such a | |||
way that it does not unload the manifest processor, then the manifest | way that it does not unload the manifest processor, then the manifest | |||
processor may resume execution after the executable completes. This | processor may resume execution after the executable completes. This | |||
allows the manifest processor to invoke suitable helpers and to | allows the manifest processor to invoke suitable helpers and to | |||
verify them with image conditions. | verify them with image conditions. | |||
The argument to suit-directive-run is defined in the following CDDL. | ||||
SUIT_Directive_Run_Argument = nil/bstr | ||||
9.8.4.11. suit-directive-wait | 9.8.4.11. suit-directive-wait | |||
suit-directive-wait directs the manifest processor to pause until a | suit-directive-wait directs the manifest processor to pause until a | |||
specified event occurs. Some possible events include: | specified event occurs. Some possible events include: | |||
1. Authorization | 1. Authorization | |||
2. External Power | 2. External Power | |||
3. Network availability | 3. Network availability | |||
4. Other Device Firmware Version | 4. Other Device Firmware Version | |||
5. Time | 5. Time | |||
6. Time of Day | 6. Time of Day | |||
7. Day of Week | 7. Day of Week | |||
The following CDDL defines the encoding of these events. | ||||
SUIT_Wait_Events //= (suit-wait-event-authorization => int) | ||||
SUIT_Wait_Events //= (suit-wait-event-power => int) | ||||
SUIT_Wait_Events //= (suit-wait-event-network => int) | ||||
SUIT_Wait_Events //= (suit-wait-event-other-device-version | ||||
=> SUIT_Wait_Event_Argument_Other_Device_Version) | ||||
SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp | ||||
SUIT_Wait_Events //= (suit-wait-event-time-of-day | ||||
=> uint); Time of Day (seconds since 00:00:00) | ||||
SUIT_Wait_Events //= (suit-wait-event-day-of-week | ||||
=> uint); Days since Sunday | ||||
SUIT_Wait_Event_Argument_Authorization = int ; priority | ||||
SUIT_Wait_Event_Argument_Power = int ; Power Level | ||||
SUIT_Wait_Event_Argument_Network = int ; Network State | ||||
SUIT_Wait_Event_Argument_Other_Device_Version = [ | ||||
other-device: bstr, | ||||
other-device-version: [+int] | ||||
] | ||||
SUIT_Wait_Event_Argument_Time = uint ; Timestamp | ||||
SUIT_Wait_Event_Argument_Time_Of_Day = uint ; Time of Day | ||||
; (seconds since 00:00:00) | ||||
SUIT_Wait_Event_Argument_Day_Of_Week = uint ; Days since Sunday | ||||
9.8.4.12. suit-directive-run-sequence | 9.8.4.12. suit-directive-run-sequence | |||
To enable conditional commands, and to allow several strictly ordered | To enable conditional commands, and to allow several strictly ordered | |||
sequences to be executed out-of-order, suit-directive-run-sequence | sequences to be executed out-of-order, suit-directive-run-sequence | |||
allows the manifest processor to execute its argument as a | allows the manifest processor to execute its argument as a | |||
SUIT_Command_Sequence. The argument must be wrapped in a bstr. | SUIT_Command_Sequence. The argument must be wrapped in a bstr. | |||
When a sequence is executed, any failure of a condition causes | When a sequence is executed, any failure of a condition causes | |||
immediate termination of the sequence. | immediate termination of the sequence. | |||
The following CDDL describes the SUIT_Run_Sequence argument. | ||||
SUIT_Directive_Run_Sequence_Argument = bstr .cbor SUIT_Command_Sequence | ||||
When suit-directive-run-sequence completes, it forwards the last | When suit-directive-run-sequence completes, it forwards the last | |||
status code that occurred in the sequence. If the Soft Failure | status code that occurred in the sequence. If the Soft Failure | |||
parameter is true, then suit-directive-run-sequence only fails when a | parameter is true, then suit-directive-run-sequence only fails when a | |||
directive in the argument sequence fails. | directive in the argument sequence fails. | |||
SUIT_Parameter_Soft_Failure defaults to False when suit-directive- | SUIT_Parameter_Soft_Failure defaults to False when suit-directive- | |||
run-sequence begins. Its value is discarded when suit-directive-run- | run-sequence begins. Its value is discarded when suit-directive-run- | |||
sequence terminates. | sequence terminates. | |||
9.8.4.13. suit-directive-swap | 9.8.4.13. suit-directive-swap | |||
skipping to change at page 48, line 20 ¶ | skipping to change at page 42, line 32 ¶ | |||
directive-copy except that suit-directive-swap replaces the source | directive-copy except that suit-directive-swap replaces the source | |||
with the current contents of the destination in an application- | with the current contents of the destination in an application- | |||
defined way. If SUIT_Parameter_Compression_Info or | defined way. If SUIT_Parameter_Compression_Info or | |||
SUIT_Parameter_Encryption_Info are present, they must be handled in a | SUIT_Parameter_Encryption_Info are present, they must be handled in a | |||
symmetric way, so that the source is decompressed into the | symmetric way, so that the source is decompressed into the | |||
destination and the destination is compressed into the source. The | destination and the destination is compressed into the source. The | |||
source is decrypted into the destination and the destination is | source is decrypted into the destination and the destination is | |||
encrypted into the source. suit-directive-swap is OPTIONAL to | encrypted into the source. suit-directive-swap is OPTIONAL to | |||
implement. | implement. | |||
9.8.4.14. SUIT_Directive CDDL | ||||
The following CDDL describes SUIT_Directive: | ||||
SUIT_Directive //= (suit-directive-set-component-index, uint/bool) | ||||
SUIT_Directive //= (suit-directive-set-dependency-index, uint/bool) | ||||
SUIT_Directive //= (suit-directive-run-sequence, | ||||
bstr .cbor SUIT_Command_Sequence) | ||||
SUIT_Directive //= (suit-directive-try-each, | ||||
SUIT_Directive_Try_Each_Argument) | ||||
SUIT_Directive //= (suit-directive-process-dependency, nil) | ||||
SUIT_Directive //= (suit-directive-set-parameters, | ||||
{+ SUIT_Parameters}) | ||||
SUIT_Directive //= (suit-directive-override-parameters, | ||||
{+ SUIT_Parameters}) | ||||
SUIT_Directive //= (suit-directive-fetch, nil) | ||||
SUIT_Directive //= (suit-directive-copy, nil) | ||||
SUIT_Directive //= (suit-directive-run, nil) | ||||
SUIT_Directive //= (suit-directive-wait, | ||||
{ + SUIT_Wait_Events }) | ||||
SUIT_Directive_Try_Each_Argument = [ | ||||
+ bstr .cbor SUIT_Command_Sequence, | ||||
nil / bstr .cbor SUIT_Command_Sequence | ||||
] | ||||
SUIT_Wait_Events //= (suit-wait-event-authorization => int) | ||||
SUIT_Wait_Events //= (suit-wait-event-power => int) | ||||
SUIT_Wait_Events //= (suit-wait-event-network => int) | ||||
SUIT_Wait_Events //= (suit-wait-event-other-device-version | ||||
=> SUIT_Wait_Event_Argument_Other_Device_Version) | ||||
SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp | ||||
SUIT_Wait_Events //= (suit-wait-event-time-of-day | ||||
=> uint); Time of Day (seconds since 00:00:00) | ||||
SUIT_Wait_Events //= (suit-wait-event-day-of-week | ||||
=> uint); Days since Sunday | ||||
SUIT_Wait_Event_Argument_Authorization = int ; priority | ||||
SUIT_Wait_Event_Argument_Power = int ; Power Level | ||||
SUIT_Wait_Event_Argument_Network = int ; Network State | ||||
SUIT_Wait_Event_Argument_Other_Device_Version = [ | ||||
other-device: bstr, | ||||
other-device-version: [+int] | ||||
] | ||||
SUIT_Wait_Event_Argument_Time = uint ; Timestamp | ||||
SUIT_Wait_Event_Argument_Time_Of_Day = uint ; Time of Day | ||||
; (seconds since 00:00:00) | ||||
SUIT_Wait_Event_Argument_Day_Of_Week = uint ; Days since Sunday | ||||
9.9. SUIT_Manifest CDDL | ||||
The following CDDL fragment defines the manifest. | ||||
SUIT_Manifest = { | ||||
suit-manifest-version => 1, | ||||
suit-manifest-sequence-number => uint, | ||||
suit-common => bstr .cbor SUIT_Common, | ||||
? suit-reference-uri => #6.32(tstr), | ||||
* $$SUIT_Severable_Command_Sequences, | ||||
* $$SUIT_Command_Sequences, | ||||
* $$SUIT_Protected_Elements, | ||||
} | ||||
$$SUIT_Severable_Command_Sequences //= (suit-dependency-resolution => | ||||
SUIT_Severable_Command_Segment) | ||||
$$SUIT_Severable_Command_Segments //= (suit-payload-fetch => | ||||
SUIT_Severable_Command_Sequence) | ||||
$$SUIT_Severable_Command_Segments //= (suit-install => | ||||
SUIT_Severable_Command_Sequence) | ||||
SUIT_Severable_Command_Sequence = | ||||
SUIT_Digest / bstr .cbor SUIT_Command_Sequence | ||||
$$SUIT_Command_Sequences //= ( suit-validate => | ||||
bstr .cbor SUIT_Command_Sequence ) | ||||
$$SUIT_Command_Sequences //= ( suit-load => | ||||
bstr .cbor SUIT_Command_Sequence ) | ||||
$$SUIT_Command_Sequences //= ( suit-run => | ||||
bstr .cbor SUIT_Command_Sequence ) | ||||
$$SUIT_Protected_Elements //= ( suit-text => SUIT_Digest ) | ||||
$$SUIT_Protected_Elements //= ( suit-coswid => SUIT_Digest ) | ||||
SUIT_Common = { | ||||
? suit-dependencies => bstr .cbor SUIT_Dependencies, | ||||
? suit-components => bstr .cbor SUIT_Components, | ||||
? suit-dependency-components | ||||
=> bstr .cbor SUIT_Component_References, | ||||
? suit-common-sequence => bstr .cbor SUIT_Command_Sequence, | ||||
} | ||||
10. Access Control Lists | 10. Access Control Lists | |||
To manage permissions in the manifest, there are three models that | To manage permissions in the manifest, there are three models that | |||
can be used. | can be used. | |||
First, the simplest model requires that all manifests are | First, the simplest model requires that all manifests are | |||
authenticated by a single trusted key. This mode has the advantage | authenticated by a single trusted key. This mode has the advantage | |||
that only a root manifest needs to be authenticated, since all of its | that only a root manifest needs to be authenticated, since all of its | |||
dependencies have digests included in the root manifest. | dependencies have digests included in the root manifest. | |||
skipping to change at page 51, line 31 ¶ | skipping to change at page 43, line 16 ¶ | |||
controls: The ACL lists the component ID or component ID prefix that | controls: The ACL lists the component ID or component ID prefix that | |||
an identity may use, and also lists the commands that the identity | an identity may use, and also lists the commands that the identity | |||
may use in combination with that component ID. | may use in combination with that component ID. | |||
11. SUIT Digest Container | 11. SUIT Digest Container | |||
RFC 8152 [RFC8152] provides containers for signature, MAC, and | RFC 8152 [RFC8152] provides containers for signature, MAC, and | |||
encryption, but no basic digest container. The container needed for | encryption, but no basic digest container. The container needed for | |||
a digest requires a type identifier and a container for the raw | a digest requires a type identifier and a container for the raw | |||
digest data. Some forms of digest may require additional parameters. | digest data. Some forms of digest may require additional parameters. | |||
These can be added following the digest. This structure is described | These can be added following the digest. | |||
by the following CDDL. | ||||
The algorithms listed are sufficient for verifying integrity of | The algorithms listed are sufficient for verifying integrity of | |||
Firmware Updates as of this writing, however this may change over | Firmware Updates as of this writing, however this may change over | |||
time. | time. | |||
SUIT_Digest = [ | ||||
suit-digest-algorithm-id : $suit-digest-algorithm-ids, | ||||
suit-digest-bytes : bytes, | ||||
? suit-digest-parameters : any | ||||
] | ||||
digest-algorithm-ids /= algorithm-id-sha224 | ||||
digest-algorithm-ids /= algorithm-id-sha256 | ||||
digest-algorithm-ids /= algorithm-id-sha384 | ||||
digest-algorithm-ids /= algorithm-id-sha512 | ||||
digest-algorithm-ids /= algorithm-id-sha3-224 | ||||
digest-algorithm-ids /= algorithm-id-sha3-256 | ||||
digest-algorithm-ids /= algorithm-id-sha3-384 | ||||
digest-algorithm-ids /= algorithm-id-sha3-512 | ||||
algorithm-id-sha224 = 1 | ||||
algorithm-id-sha256 = 2 | ||||
algorithm-id-sha384 = 3 | ||||
algorithm-id-sha512 = 4 | ||||
algorithm-id-sha3-224 = 5 | ||||
algorithm-id-sha3-256 = 6 | ||||
algorithm-id-sha3-384 = 7 | ||||
algorithm-id-sha3-512 = 8 | ||||
12. Creating Conditional Sequences | 12. Creating Conditional Sequences | |||
For some use cases, it is important to provide a sequence that can | For some use cases, it is important to provide a sequence that can | |||
fail without terminating an update. For example, a dual-image XIP | fail without terminating an update. For example, a dual-image XIP | |||
MCU may require an update that can be placed at one of two offsets. | MCU may require an update that can be placed at one of two offsets. | |||
This has two implications, first, the digest of each offset will be | This has two implications, first, the digest of each offset will be | |||
different. Second, the image fetched for each offset will have a | different. Second, the image fetched for each offset will have a | |||
different URI. Conditional sequences allow this to be resolved in a | different URI. Conditional sequences allow this to be resolved in a | |||
simple way. | simple way. | |||
skipping to change at page 57, line 47 ¶ | skipping to change at page 47, line 47 ¶ | |||
| 26 | Minimum Battery | | | 26 | Minimum Battery | | |||
| | | | | | | | |||
| 27 | Update Priority | | | 27 | Update Priority | | |||
| | | | | | | | |||
| 28 | Version | | | 28 | Version | | |||
| | | | | | | | |||
| 29 | Wait Info | | | 29 | Wait Info | | |||
| | | | | | | | |||
| 30 | URI List | | | 30 | URI List | | |||
| | | | | | | | |||
| 31 | Component Index | | ||||
| | | | ||||
| nint | Custom | | | nint | Custom | | |||
+-------+------------------+ | +-------+------------------+ | |||
13.4. SUIT Text Values | 13.4. SUIT Text Values | |||
+-------+--------------------------------+ | +-------+--------------------------------+ | |||
| Label | Name | | | Label | Name | | |||
+-------+--------------------------------+ | +-------+--------------------------------+ | |||
| 1 | Manifest Description | | | 1 | Manifest Description | | |||
| | | | | | | | |||
skipping to change at page 58, line 33 ¶ | skipping to change at page 48, line 33 ¶ | |||
| | | | | | | | |||
| 8 | Manifest JSON Source | | | 8 | Manifest JSON Source | | |||
| | | | | | | | |||
| 9 | Manifest YAML Source | | | 9 | Manifest YAML Source | | |||
| | | | | | | | |||
| 10 | Component Version Dependencies | | | 10 | Component Version Dependencies | | |||
+-------+--------------------------------+ | +-------+--------------------------------+ | |||
13.5. SUIT Algorithm Identifiers | 13.5. SUIT Algorithm Identifiers | |||
TBD. | 13.5.1. Hash Algorithms | |||
+-------+----------+ | ||||
| Label | Name | | ||||
+-------+----------+ | ||||
| 1 | SHA224 | | ||||
| | | | ||||
| 2 | SHA256 | | ||||
| | | | ||||
| 3 | SHA384 | | ||||
| | | | ||||
| 4 | SHA512 | | ||||
| | | | ||||
| 5 | SHA3-224 | | ||||
| | | | ||||
| 6 | SHA3-256 | | ||||
| | | | ||||
| 7 | SHA3-384 | | ||||
| | | | ||||
| 8 | SHA3-512 | | ||||
+-------+----------+ | ||||
13.5.2. Unpack Algorithms | ||||
+-------+------+ | ||||
| Label | Name | | ||||
+-------+------+ | ||||
| 1 | HEX | | ||||
| | | | ||||
| 2 | ELF | | ||||
| | | | ||||
| 3 | COFF | | ||||
| | | | ||||
| 4 | SREC | | ||||
+-------+------+ | ||||
14. Security Considerations | 14. Security Considerations | |||
This document is about a manifest format describing and protecting | This document is about a manifest format describing and protecting | |||
firmware images and as such it is part of a larger solution for | firmware images and as such it is part of a larger solution for | |||
offering a standardized way of delivering firmware updates to IoT | offering a standardized way of delivering firmware updates to IoT | |||
devices. A detailed discussion about security can be found in the | devices. A detailed security treatment can be found in the | |||
architecture document [I-D.ietf-suit-architecture] and in | architecture [I-D.ietf-suit-architecture] and in the information | |||
[I-D.ietf-suit-information-model]. | model [I-D.ietf-suit-information-model] documents. | |||
15. Mailing List Information | ||||
RFC EDITOR: PLEASE REMOVE THIS SECTION | ||||
The discussion list for this document is located at the e-mail | ||||
address suit@ietf.org [1]. Information on the group and information | ||||
on how to subscribe to the list is at | ||||
https://www1.ietf.org/mailman/listinfo/suit [2] | ||||
Archives of the list can be found at: https://www.ietf.org/mail- | ||||
archive/web/suit/current/index.html [3] | ||||
16. Acknowledgements | 15. Acknowledgements | |||
We would like to thank the following persons for their support in | We would like to thank the following persons for their support in | |||
designing this mechanism: | designing this mechanism: | |||
- Milosch Meriac | - Milosch Meriac | |||
- Geraint Luff | - Geraint Luff | |||
- Dan Ros | - Dan Ros | |||
skipping to change at page 59, line 38 ¶ | skipping to change at page 50, line 31 ¶ | |||
- Krzysztof Chruściński | - Krzysztof Chruściński | |||
- Andrzej Puzdrowski | - Andrzej Puzdrowski | |||
- Michael Richardson | - Michael Richardson | |||
- David Brown | - David Brown | |||
- Emmanuel Baccelli | - Emmanuel Baccelli | |||
17. References | 16. References | |||
17.1. Normative References | 16.1. Normative References | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | |||
Unique IDentifier (UUID) URN Namespace", RFC 4122, | Unique IDentifier (UUID) URN Namespace", RFC 4122, | |||
DOI 10.17487/RFC4122, July 2005, | DOI 10.17487/RFC4122, July 2005, | |||
<https://www.rfc-editor.org/info/rfc4122>. | <https://www.rfc-editor.org/info/rfc4122>. | |||
[RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", | [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", | |||
RFC 8152, DOI 10.17487/RFC8152, July 2017, | RFC 8152, DOI 10.17487/RFC8152, July 2017, | |||
<https://www.rfc-editor.org/info/rfc8152>. | <https://www.rfc-editor.org/info/rfc8152>. | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
17.2. Informative References | 16.2. Informative References | |||
[COFF] Wikipedia, ., "Common Object File Format (COFF)", 2020, | [COFF] Wikipedia, ., "Common Object File Format (COFF)", 2020, | |||
<https://en.wikipedia.org/wiki/COFF>. | <https://en.wikipedia.org/wiki/COFF>. | |||
[ELF] Wikipedia, ., "Executable and Linkable Format (ELF)", | [ELF] Wikipedia, ., "Executable and Linkable Format (ELF)", | |||
2020, <https://en.wikipedia.org/wiki/ | 2020, <https://en.wikipedia.org/wiki/ | |||
Executable_and_Linkable_Format>. | Executable_and_Linkable_Format>. | |||
[HEX] Wikipedia, ., "Intel HEX", 2020, | [HEX] Wikipedia, ., "Intel HEX", 2020, | |||
<https://en.wikipedia.org/wiki/Intel_HEX>. | <https://en.wikipedia.org/wiki/Intel_HEX>. | |||
[I-D.ietf-suit-architecture] | [I-D.ietf-suit-architecture] | |||
Moran, B., Tschofenig, H., Brown, D., and M. Meriac, "A | Moran, B., Tschofenig, H., Brown, D., and M. Meriac, "A | |||
Firmware Update Architecture for Internet of Things", | Firmware Update Architecture for Internet of Things", | |||
draft-ietf-suit-architecture-11 (work in progress), May | draft-ietf-suit-architecture-11 (work in progress), May | |||
2020. | 2020. | |||
[I-D.ietf-suit-information-model] | [I-D.ietf-suit-information-model] | |||
Moran, B., Tschofenig, H., and H. Birkholz, "An | Moran, B., Tschofenig, H., and H. Birkholz, "An | |||
Information Model for Firmware Updates in IoT Devices", | Information Model for Firmware Updates in IoT Devices", | |||
draft-ietf-suit-information-model-06 (work in progress), | draft-ietf-suit-information-model-07 (work in progress), | |||
June 2020. | June 2020. | |||
[I-D.ietf-teep-architecture] | [I-D.ietf-teep-architecture] | |||
Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, | Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, | |||
"Trusted Execution Environment Provisioning (TEEP) | "Trusted Execution Environment Provisioning (TEEP) | |||
Architecture", draft-ietf-teep-architecture-08 (work in | Architecture", draft-ietf-teep-architecture-08 (work in | |||
progress), April 2020. | progress), April 2020. | |||
[I-D.kucherawy-rfc8478bis] | [I-D.kucherawy-rfc8478bis] | |||
Collet, Y. and M. Kucherawy, "Zstandard Compression and | Collet, Y. and M. Kucherawy, "Zstandard Compression and | |||
skipping to change at page 61, line 16 ¶ | skipping to change at page 53, line 5 ¶ | |||
Format", RFC 7932, DOI 10.17487/RFC7932, July 2016, | Format", RFC 7932, DOI 10.17487/RFC7932, July 2016, | |||
<https://www.rfc-editor.org/info/rfc7932>. | <https://www.rfc-editor.org/info/rfc7932>. | |||
[RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | |||
"CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | |||
May 2018, <https://www.rfc-editor.org/info/rfc8392>. | May 2018, <https://www.rfc-editor.org/info/rfc8392>. | |||
[SREC] Wikipedia, ., "SREC (file format)", 2020, | [SREC] Wikipedia, ., "SREC (file format)", 2020, | |||
<https://en.wikipedia.org/wiki/SREC_(file_format)>. | <https://en.wikipedia.org/wiki/SREC_(file_format)>. | |||
17.3. URIs | ||||
[1] mailto:suit@ietf.org | ||||
[2] https://www1.ietf.org/mailman/listinfo/suit | ||||
[3] https://www.ietf.org/mail-archive/web/suit/current/index.html | ||||
A. Full CDDL | A. Full CDDL | |||
In order to create a valid SUIT Manifest document the structure of | In order to create a valid SUIT Manifest document the structure of | |||
the corresponding CBOR message MUST adhere to the following CDDL data | the corresponding CBOR message MUST adhere to the following CDDL data | |||
definition. | definition. | |||
SUIT_Envelope = { | SUIT_Envelope = { | |||
? suit-delegation => bstr .cbor SUIT_Delegation | ? suit-delegation => bstr .cbor SUIT_Delegation | |||
? suit-authentication-wrapper | ? suit-authentication-wrapper | |||
=> bstr .cbor SUIT_Authentication_Wrapper / nil, | => bstr .cbor SUIT_Authentication_Wrapper / nil, | |||
skipping to change at page 89, line 42 ¶ | skipping to change at page 80, line 42 ¶ | |||
Capability reporting is similarly simplified. A Recipient can report | Capability reporting is similarly simplified. A Recipient can report | |||
the Commands, Parameters, Algorithms, and Component Identifiers that | the Commands, Parameters, Algorithms, and Component Identifiers that | |||
it supports. This is sufficiently precise for a manifest author to | it supports. This is sufficiently precise for a manifest author to | |||
create a manifest that the Recipient can accept. | create a manifest that the Recipient can accept. | |||
The simplicity of design in the Recipient due to all of these | The simplicity of design in the Recipient due to all of these | |||
benefits allows even a highly constrained platform to use advanced | benefits allows even a highly constrained platform to use advanced | |||
update capabilities. | update capabilities. | |||
D. Implementation Confirmance Matrix | D. Implementation Conformance Matrix | |||
This section summarizes the functionality a minimal implementation | This section summarizes the functionality a minimal implementation | |||
needs to offer to claim conformance to this specification. | needs to offer to claim conformance to this specification, in the | |||
absence of an application profile standard specifying otherwise. | ||||
The subsequent table shows the conditions. | The subsequent table shows the conditions. | |||
+-------------------+-----------------+----------------+ | +-------------------+-----------------+----------------+ | |||
| Name | Reference | Implementation | | | Name | Reference | Implementation | | |||
+-------------------+-----------------+----------------+ | +-------------------+-----------------+----------------+ | |||
| Vendor Identifier | Section 9.8.3.1 | REQUIRED | | | Vendor Identifier | Section 9.8.3.1 | REQUIRED | | |||
| | | | | | | | | | |||
| Class Identifier | Section 9.8.3.1 | REQUIRED | | | Class Identifier | Section 9.8.3.1 | REQUIRED | | |||
| | | | | | | | | | |||
skipping to change at page 91, line 48 ¶ | skipping to change at page 82, line 48 ¶ | |||
| Wait For Event | Section | OPTIONAL | | | Wait For Event | Section | OPTIONAL | | |||
| | 9.8.4.11 | | | | | 9.8.4.11 | | | |||
| | | | | | | | | | |||
| Run Sequence | Section | OPTIONAL | | | Run Sequence | Section | OPTIONAL | | |||
| | 9.8.4.12 | | | | | 9.8.4.12 | | | |||
| | | | | | | | | | |||
| Swap | Section | OPTIONAL | | | Swap | Section | OPTIONAL | | |||
| | 9.8.4.13 | | | | | 9.8.4.13 | | | |||
+-------------------+----------------+------------------------------+ | +-------------------+----------------+------------------------------+ | |||
TThe subsequent table shows the parameters | The subsequent table shows the parameters. | |||
+------------------+------------------+----------------+ | +------------------+------------------+----------------+ | |||
| Name | Reference | Implementation | | | Name | Reference | Implementation | | |||
+------------------+------------------+----------------+ | +------------------+------------------+----------------+ | |||
| Vendor ID | Section 9.8.2.1 | TBD | | | Vendor ID | Section 9.8.2.1 | REQUIRED | | |||
| | | | | | | | | | |||
| Class ID | Section 9.8.2.2 | TBD | | | Class ID | Section 9.8.2.2 | REQUIRED | | |||
| | | | | | | | | | |||
| Image Digest | Section 9.8.2.3 | TBD | | | Image Digest | Section 9.8.2.3 | REQUIRED | | |||
| | | | | | | | | | |||
| Image Size | Section 9.8.2.4 | TBD | | | Image Size | Section 9.8.2.4 | REQUIRED | | |||
| | | | | | | | | | |||
| Use Before | Section 9.8.2.5 | TBD | | | Use Before | Section 9.8.2.5 | OPTIONAL | | |||
| | | | | | | | | | |||
| Component Offset | Section 9.8.2.6 | TBD | | | Component Offset | Section 9.8.2.6 | OPTIONAL | | |||
| | | | | | | | | | |||
| Encryption Info | Section 9.8.2.7 | TBD | | | Encryption Info | Section 9.8.2.7 | OPTIONAL | | |||
| | | | | | | | | | |||
| Compression Info | Section 9.8.2.8 | TBD | | | Compression Info | Section 9.8.2.8 | OPTIONAL | | |||
| | | | | | | | | | |||
| Unpack Info | Section 9.8.2.9 | TBD | | | Unpack Info | Section 9.8.2.9 | OPTIONAL | | |||
| | | | | | | | | | |||
| URI | Section 9.8.2.10 | TBD | | | URI | Section 9.8.2.10 | OPTIONAL | | |||
| | | | | | | | | | |||
| Source Component | Section 9.8.2.11 | TBD | | | Source Component | Section 9.8.2.11 | OPTIONAL | | |||
| | | | | | | | | | |||
| Run Args | Section 9.8.2.12 | TBD | | | Run Args | Section 9.8.2.12 | OPTIONAL | | |||
| | | | | | | | | | |||
| Device ID | Section 9.8.2.13 | TBD | | | Device ID | Section 9.8.2.13 | OPTIONAL | | |||
| | | | | | | | | | |||
| Minimum Battery | Section 9.8.2.14 | TBD | | | Minimum Battery | Section 9.8.2.14 | OPTIONAL | | |||
| | | | | | | | | | |||
| Update Priority | Section 9.8.2.15 | TBD | | | Update Priority | Section 9.8.2.15 | OPTIONAL | | |||
| | | | | | | | | | |||
| Version | Section 9.8.2.16 | TBD | | | Version | Section 9.8.2.16 | OPTIONAL | | |||
| | | | | | | | | | |||
| Wait Info | Section 9.8.2.17 | TBD | | | Wait Info | Section 9.8.2.17 | OPTIONAL | | |||
| | | | | | | | | | |||
| URI List | Section 9.8.2.18 | TBD | | | URI List | Section 9.8.2.18 | OPTIONAL | | |||
| | | | | | | | | | |||
| Strict Order | Section 9.8.2.19 | TBD | | | Strict Order | Section 9.8.2.19 | OPTIONAL | | |||
| | | | | | | | | | |||
| Soft Failure | Section 9.8.2.20 | TBD | | | Soft Failure | Section 9.8.2.20 | OPTIONAL | | |||
| | | | | | | | | | |||
| Custom | Section 9.8.2.21 | TBD | | | Custom | Section 9.8.2.21 | OPTIONAL | | |||
+------------------+------------------+----------------+ | +------------------+------------------+----------------+ | |||
Authors' Addresses | Authors' Addresses | |||
Brendan Moran | Brendan Moran | |||
Arm Limited | Arm Limited | |||
EMail: Brendan.Moran@arm.com | EMail: Brendan.Moran@arm.com | |||
Hannes Tschofenig | Hannes Tschofenig | |||
End of changes. 82 change blocks. | ||||
499 lines changed or deleted | 144 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |