< draft-ietf-suit-manifest-03.txt   draft-ietf-suit-manifest-04.txt >
SUIT B. Moran SUIT B. Moran
Internet-Draft H. Tschofenig Internet-Draft H. Tschofenig
Intended status: Standards Track Arm Limited Intended status: Standards Track Arm Limited
Expires: August 10, 2020 H. Birkholz Expires: September 10, 2020 H. Birkholz
Fraunhofer SIT Fraunhofer SIT
February 07, 2020 K. Zandberg
Inria
March 09, 2020
A Concise Binary Object Representation (CBOR)-based Serialization Format A Concise Binary Object Representation (CBOR)-based Serialization Format
for the Software Updates for Internet of Things (SUIT) Manifest for the Software Updates for Internet of Things (SUIT) Manifest
draft-ietf-suit-manifest-03 draft-ietf-suit-manifest-04
Abstract Abstract
This specification describes the format of a manifest. A manifest is This specification describes the format of a manifest. A manifest is
a bundle of metadata about the firmware for an IoT device, where to a bundle of metadata about the firmware for an IoT device, where to
find the firmware, the devices to which it applies, and cryptographic find the firmware, the devices to which it applies, and cryptographic
information protecting the manifest. information protecting the manifest. Firmware updates and trusted
boot both tend to use sequences of common operations, so the manifest
encodes those sequences of operations, rather than declaring the
metadata.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 10, 2020. This Internet-Draft will expire on September 10, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 30
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 5 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 5
3. How to use this Document . . . . . . . . . . . . . . . . . . 6 3. How to use this Document . . . . . . . . . . . . . . . . . . 6
4. Background . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Background . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Landscape . . . . . . . . . . . . . . . . . . . . . . . . 6 4.1. IoT Firmware Update Constraints . . . . . . . . . . . . . 7
4.2. Update Workflow Model . . . . . . . . . . . . . . . . . . 7 4.2. Update Workflow Model . . . . . . . . . . . . . . . . . . 7
4.3. SUIT Manifest Goals . . . . . . . . . . . . . . . . . . . 8 4.2.1. Pre-Authentication Compatibility Checks . . . . . . . 9
4.4. SUIT Manifest Design Summary . . . . . . . . . . . . . . 9 4.3. SUIT Manifest Goals . . . . . . . . . . . . . . . . . . . 9
5. Interpreter Behavior . . . . . . . . . . . . . . . . . . . . 10 4.4. SUIT Manifest Design Summary . . . . . . . . . . . . . . 10
5.1. Interpreter Setup . . . . . . . . . . . . . . . . . . . . 10 5. Interpreter Behavior . . . . . . . . . . . . . . . . . . . . 11
5.2. Required Checks . . . . . . . . . . . . . . . . . . . . . 11 5.1. Interpreter Setup . . . . . . . . . . . . . . . . . . . . 11
5.3. Interpreter Fundamental Properties . . . . . . . . . . . 12 5.2. Required Checks . . . . . . . . . . . . . . . . . . . . . 12
5.4. Abstract Machine Description . . . . . . . . . . . . . . 12 5.3. Interpreter Fundamental Properties . . . . . . . . . . . 13
5.4.1. Parameters . . . . . . . . . . . . . . . . . . . . . 13 5.4. Abstract Machine Description . . . . . . . . . . . . . . 13
5.4.2. Commands . . . . . . . . . . . . . . . . . . . . . . 14 5.4.1. Parameters . . . . . . . . . . . . . . . . . . . . . 14
5.4.3. Command Behavior . . . . . . . . . . . . . . . . . . 15 5.4.2. Commands . . . . . . . . . . . . . . . . . . . . . . 15
5.5. Serialized Processing Interpreter . . . . . . . . . . . . 16 5.4.3. Command Behavior . . . . . . . . . . . . . . . . . . 16
5.6. Parallel Processing Interpreter . . . . . . . . . . . . . 16 5.5. Serialized Processing Interpreter . . . . . . . . . . . . 17
5.7. Processing Dependencies . . . . . . . . . . . . . . . . . 17 5.6. Parallel Processing Interpreter . . . . . . . . . . . . . 17
6. Creating Manifests . . . . . . . . . . . . . . . . . . . . . 17 5.7. Processing Dependencies . . . . . . . . . . . . . . . . . 18
6.1. Manifest Source Material . . . . . . . . . . . . . . . . 18 6. Creating Manifests . . . . . . . . . . . . . . . . . . . . . 18
6.2. Required Template: Compatibility Check . . . . . . . . . 18 6.1. Manifest Source Material . . . . . . . . . . . . . . . . 19
6.3. Use Case Template: XIP Secure Boot . . . . . . . . . . . 19 6.2. Required Template: Compatibility Check . . . . . . . . . 19
6.4. Use Case Template: Firmware Download . . . . . . . . . . 20 6.3. Use Case Template: XIP Secure Boot . . . . . . . . . . . 20
6.5. Use Case Template: Load from External Storage . . . . . . 20 6.4. Use Case Template: Firmware Download . . . . . . . . . . 21
6.6. Use Case Template Load & Decompress from External Storage 20 6.5. Use Case Template: Load from External Storage . . . . . . 21
6.7. Use Case Template: Dependency . . . . . . . . . . . . . . 21 6.6. Use Case Template Load & Decompress from External Storage 21
7. Manifest Structure . . . . . . . . . . . . . . . . . . . . . 21 6.7. Use Case Template: Dependency . . . . . . . . . . . . . . 22
7.1. Severable Elements . . . . . . . . . . . . . . . . . . . 22 7. Manifest Structure . . . . . . . . . . . . . . . . . . . . . 22
7.2. Outer Wrapper . . . . . . . . . . . . . . . . . . . . . . 23 7.1. Severable Elements . . . . . . . . . . . . . . . . . . . 24
7.3. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 25 7.2. Envelope . . . . . . . . . . . . . . . . . . . . . . . . 25
7.4. SUIT_Dependency . . . . . . . . . . . . . . . . . . . . . 28 7.3. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 27
7.5. SUIT_Component_Reference . . . . . . . . . . . . . . . . 29 7.4. SUIT_Dependency . . . . . . . . . . . . . . . . . . . . . 32
7.6. Manifest Parameters . . . . . . . . . . . . . . . . . . . 29 7.5. SUIT_Component_Reference . . . . . . . . . . . . . . . . 32
7.6.1. SUIT_Parameter_Strict_Order . . . . . . . . . . . . . 31 7.6. Manifest Parameters . . . . . . . . . . . . . . . . . . . 33
7.6.2. SUIT_Parameter_Soft_Failure . . . . . . . . . . . . . 32 7.6.1. SUIT_Parameter_Strict_Order . . . . . . . . . . . . . 35
7.7. SUIT_Parameter_Encryption_Info . . . . . . . . . . . . . 32 7.6.2. SUIT_Parameter_Soft_Failure . . . . . . . . . . . . . 35
7.7.1. SUIT_Parameter_Compression_Info . . . . . . . . . . . 32 7.7. SUIT_Parameter_Encryption_Info . . . . . . . . . . . . . 35
7.7.2. SUIT_Parameter_Unpack_Info . . . . . . . . . . . . . 32 7.7.1. SUIT_Parameter_Compression_Info . . . . . . . . . . . 35
7.7.3. SUIT_Parameters CDDL . . . . . . . . . . . . . . . . 33 7.7.2. SUIT_Parameter_Unpack_Info . . . . . . . . . . . . . 36
7.8. SUIT_Command_Sequence . . . . . . . . . . . . . . . . . . 35 7.7.3. SUIT_Parameters CDDL . . . . . . . . . . . . . . . . 36
7.9. SUIT_Condition . . . . . . . . . . . . . . . . . . . . . 36 7.8. SUIT_Command_Sequence . . . . . . . . . . . . . . . . . . 38
7.9.1. Identifier Conditions . . . . . . . . . . . . . . . . 37 7.9. SUIT_Condition . . . . . . . . . . . . . . . . . . . . . 39
7.9.2. suit-condition-image-match . . . . . . . . . . . . . 38 7.9.1. Identifier Conditions . . . . . . . . . . . . . . . . 40
7.9.3. suit-condition-image-not-match . . . . . . . . . . . 38 7.9.2. suit-condition-image-match . . . . . . . . . . . . . 41
7.9.4. suit-condition-use-before . . . . . . . . . . . . . . 38 7.9.3. suit-condition-image-not-match . . . . . . . . . . . 41
7.9.5. suit-condition-minimum-battery . . . . . . . . . . . 38 7.9.4. suit-condition-use-before . . . . . . . . . . . . . . 41
7.9.6. suit-condition-update-authorized . . . . . . . . . . 38 7.9.5. suit-condition-minimum-battery . . . . . . . . . . . 41
7.9.7. suit-condition-version . . . . . . . . . . . . . . . 39 7.9.6. suit-condition-update-authorized . . . . . . . . . . 42
7.9.8. SUIT_Condition_Custom . . . . . . . . . . . . . . . . 40 7.9.7. suit-condition-version . . . . . . . . . . . . . . . 42
7.9.9. Identifiers . . . . . . . . . . . . . . . . . . . . . 40 7.9.8. SUIT_Condition_Custom . . . . . . . . . . . . . . . . 43
7.9.10. SUIT_Condition CDDL . . . . . . . . . . . . . . . . . 41 7.9.9. Identifiers . . . . . . . . . . . . . . . . . . . . . 44
7.10. SUIT_Directive . . . . . . . . . . . . . . . . . . . . . 42 7.9.10. SUIT_Condition CDDL . . . . . . . . . . . . . . . . . 45
7.10.1. suit-directive-set-component-index . . . . . . . . . 43 7.10. SUIT_Directive . . . . . . . . . . . . . . . . . . . . . 45
7.10.2. suit-directive-set-dependency-index . . . . . . . . 44 7.10.1. suit-directive-set-component-index . . . . . . . . . 46
7.10.3. suit-directive-abort . . . . . . . . . . . . . . . . 44 7.10.2. suit-directive-set-dependency-index . . . . . . . . 47
7.10.4. suit-directive-run-sequence . . . . . . . . . . . . 44 7.10.3. suit-directive-abort . . . . . . . . . . . . . . . . 47
7.10.5. suit-directive-try-each . . . . . . . . . . . . . . 45 7.10.4. suit-directive-run-sequence . . . . . . . . . . . . 47
7.10.6. suit-directive-process-dependency . . . . . . . . . 45 7.10.5. suit-directive-try-each . . . . . . . . . . . . . . 48
7.10.7. suit-directive-set-parameters . . . . . . . . . . . 46 7.10.6. suit-directive-process-dependency . . . . . . . . . 48
7.10.8. suit-directive-override-parameters . . . . . . . . . 46 7.10.7. suit-directive-set-parameters . . . . . . . . . . . 49
7.10.9. suit-directive-fetch . . . . . . . . . . . . . . . . 47 7.10.8. suit-directive-override-parameters . . . . . . . . . 49
7.10.10. suit-directive-copy . . . . . . . . . . . . . . . . 47 7.10.9. suit-directive-fetch . . . . . . . . . . . . . . . . 50
7.10.11. suit-directive-swap . . . . . . . . . . . . . . . . 48 7.10.10. suit-directive-copy . . . . . . . . . . . . . . . . 50
7.10.12. suit-directive-run . . . . . . . . . . . . . . . . . 48 7.10.11. suit-directive-swap . . . . . . . . . . . . . . . . 51
7.10.13. suit-directive-wait . . . . . . . . . . . . . . . . 49 7.10.12. suit-directive-run . . . . . . . . . . . . . . . . . 51
7.10.14. SUIT_Directive CDDL . . . . . . . . . . . . . . . . 50 7.10.13. suit-directive-wait . . . . . . . . . . . . . . . . 52
7.11. SUIT_Text_Map . . . . . . . . . . . . . . . . . . . . . . 52 7.10.14. SUIT_Directive CDDL . . . . . . . . . . . . . . . . 53
8. Access Control Lists . . . . . . . . . . . . . . . . . . . . 52 7.11. SUIT_Text_Map . . . . . . . . . . . . . . . . . . . . . . 55
9. SUIT digest container . . . . . . . . . . . . . . . . . . . . 53 8. Access Control Lists . . . . . . . . . . . . . . . . . . . . 55
10. Creating Conditional Sequences . . . . . . . . . . . . . . . 54 9. SUIT digest container . . . . . . . . . . . . . . . . . . . . 56
11. Full CDDL . . . . . . . . . . . . . . . . . . . . . . . . . . 56 10. Creating Conditional Sequences . . . . . . . . . . . . . . . 57
12. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 63 11. Full CDDL . . . . . . . . . . . . . . . . . . . . . . . . . . 59
12.1. Example 0: Secure Boot . . . . . . . . . . . . . . . . . 64 12. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 67
12.1. Example 0: Secure Boot . . . . . . . . . . . . . . . . . 68
12.2. Example 1: Simultaneous Download and Installation of 12.2. Example 1: Simultaneous Download and Installation of
Payload . . . . . . . . . . . . . . . . . . . . . . . . 66 Payload . . . . . . . . . . . . . . . . . . . . . . . . 69
12.3. Example 2: Simultaneous Download, Installation, and 12.3. Example 2: Simultaneous Download, Installation, and
Secure Boot . . . . . . . . . . . . . . . . . . . . . . 68 Secure Boot . . . . . . . . . . . . . . . . . . . . . . 72
12.4. Example 3: Load from External Storage . . . . . . . . . 69 12.4. Example 3: Load from External Storage . . . . . . . . . 74
12.5. Example 4: Load and Decompress from External Storage . . 72 12.5. Example 4: Load and Decompress from External Storage . . 76
12.6. Example 5: Compatibility Test, Download, Installation, 12.6. Example 5: Compatibility Test, Download, Installation,
and Secure Boot . . . . . . . . . . . . . . . . . . . . 75 and Secure Boot . . . . . . . . . . . . . . . . . . . . 79
12.7. Example 6: Two Images . . . . . . . . . . . . . . . . . 77 12.7. Example 6: Two Images . . . . . . . . . . . . . . . . . 81
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 84
14. Security Considerations . . . . . . . . . . . . . . . . . . . 80 14. Security Considerations . . . . . . . . . . . . . . . . . . . 85
15. Mailing List Information . . . . . . . . . . . . . . . . . . 81 15. Mailing List Information . . . . . . . . . . . . . . . . . . 85
16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 81 16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 85
17. References . . . . . . . . . . . . . . . . . . . . . . . . . 81 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 86
17.1. Normative References . . . . . . . . . . . . . . . . . . 81 17.1. Normative References . . . . . . . . . . . . . . . . . . 86
17.2. Informative References . . . . . . . . . . . . . . . . . 82 17.2. Informative References . . . . . . . . . . . . . . . . . 86
17.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 82 17.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 87
1. Introduction 1. Introduction
A firmware update mechanism is an essential security feature for IoT A firmware update mechanism is an essential security feature for IoT
devices to deal with vulnerabilities. While the transport of devices to deal with vulnerabilities. While the transport of
firmware images to the devices themselves is important there are firmware images to the devices themselves is important there are
already various techniques available, such as the Lightweight already various techniques available, such as the Lightweight
Machine-to-Machine (LwM2M) protocol offering device management of IoT Machine-to-Machine (LwM2M) protocol offering device management of IoT
devices. Equally important is the inclusion of meta-data about the devices. Equally important is the inclusion of meta-data about the
conveyed firmware image (in the form of a manifest) and the use of conveyed firmware image (in the form of a manifest) and the use of
skipping to change at page 4, line 46 skipping to change at page 5, line 5
images it is additionally required to install either one or multiple images it is additionally required to install either one or multiple
symmetric or asymmetric keys on the IoT device. Starting security symmetric or asymmetric keys on the IoT device. Starting security
protection at the author is a risk mitigation technique so firmware protection at the author is a risk mitigation technique so firmware
images and manifests can be stored on untrusted repositories; it also images and manifests can be stored on untrusted repositories; it also
reduces the scope of a compromise of any repository or intermediate reduces the scope of a compromise of any repository or intermediate
system to be no worse than a denial of service. system to be no worse than a denial of service.
It is assumed that the reader is familiar with the high-level It is assumed that the reader is familiar with the high-level
firmware update architecture [I-D.ietf-suit-architecture]. firmware update architecture [I-D.ietf-suit-architecture].
The SUIT manifest is heavily optimized for consumption by constrained Most Update and Trusted Execution operations are composed of the same
devices. This means that it is not constructed as a conventional small set of fundamental operations, such as copying a firmware image
descriptive document. Instead, of describing what an update IS, it from one place to another, checking that a firmware image is correct,
describes what a recipient should DO. verifying that the specified firmware is the correct firmware for the
device, or unpacking a firmware. By using these fundamental
operations in different orders and changing the parameters they use,
a great many use cases can be supported by the same encoding. The
SUIT manifest uses this observation to heavily optimize update
metadata for consumption by constrained devices.
While the SUIT manifest is informed by and optimized for firmware While the SUIT manifest is informed by and optimized for firmware
update use cases, there is nothing in the update use cases, there is nothing in the
[I-D.ietf-suit-information-model] that restricts its use to only [I-D.ietf-suit-information-model] that restricts its use to only
firmware use cases. Software update and delivery of arbitrary data firmware use cases. Software update and delivery of arbitrary data
can equally be managed by SUIT-based metadata. can equally be managed by SUIT-based metadata.
2. Conventions and Terminology 2. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 6, line 9 skipping to change at page 6, line 19
- Command: A Condition or a Directive. - Command: A Condition or a Directive.
- Trusted Execution: A process by which a system ensures that only - Trusted Execution: A process by which a system ensures that only
trusted code is executed, for example secure boot. trusted code is executed, for example secure boot.
- A/B images: Dividing a device's storage into two or more bootable - A/B images: Dividing a device's storage into two or more bootable
images, at different offsets, such that the active image can write images, at different offsets, such that the active image can write
to the inactive image(s). to the inactive image(s).
The map indices in this encoding are reset to 1 for each map within 3. How to use this Document
the structure. This is to keep the indices as small as possible.
The goal is to keep the index objects to single bytes (CBOR positive
integers 1-23).
Wherever enumerations are used, they are started at 1. This allows This specification covers four aspects of firmware update: the
detection of several common software errors that are caused by background that has informed this specification, the behavior of a
uninitialised variables. Positive numbers in enumerations are device consuming a manifest, the process of creating a manifest, and
reserved for IANA registration. Negative numbers are used to the structure of the manifest itself.
identify application-specific implementations.
CDDL names are hyphenated and CDDL structures follow the convention - Section 4 describes the device constraints, use cases, and design
adopted in COSE [RFC8152]: SUIT_Structure_Name. principles that informed the structure of the manifest.
3. How to use this Document - Section 5 describes what actions a manifest processor should take.
- Section 6 describes the process of creating a manifest.
- Section 7 specifies the content of the manifest.
For information about firmware update in general and the background For information about firmware update in general and the background
of the suit manifest, see Section 4. To implement an updatable of the suit manifest, see Section 4. To implement an updatable
device, see Section 5 and Section 7. To implement a tool that device, see Section 5 and Section 7. To implement a tool that
generates updates, see Section 6 and Section 7. generates updates, see Section 6 and Section 7.
4. Background 4. Background
This section describes the logistical challenges, device constraints,
use cases, and design principles that informed the structure of the
manifest. For the security considerations of the manifest, see
[I-D.ietf-suit-information-model].
Distributing firmware updates to diverse devices with diverse trust Distributing firmware updates to diverse devices with diverse trust
anchors in a coordinated system presents unique challenges. Devices anchors in a coordinated system presents unique challenges. Devices
have a broad set of constraints, requiring different metadata to make have a broad set of constraints, requiring different metadata to make
appropriate decisions. There may be many actors in production IoT appropriate decisions. There may be many actors in production IoT
systems, each of whom has some authority. Distributing firmware in systems, each of whom has some authority. Distributing firmware in
such a multi-party environment presents additional challenges. Each such a multi-party environment presents additional challenges. Each
party requires a different subset of data. Some data may not be party requires a different subset of data. Some data may not be
accessible to all parties. Multiple signatures may be required from accessible to all parties. Multiple signatures may be required from
parties with different authorities. This topic is covered in more parties with different authorities. This topic is covered in more
depth in [I-D.ietf-suit-architecture]. depth in [I-D.ietf-suit-architecture].
4.1. Landscape 4.1. IoT Firmware Update Constraints
The various constraints on IoT devices creates a broad set of use- The various constraints on IoT devices create a broad set of use-case
case requirements. For example, devices with: requirements. For example, devices with:
- limited processing power and storage may require a simple - limited processing power and storage may require a simple
representation of metadata. representation of metadata.
- bandwidth constraints may require firmware compression or partial - bandwidth constraints may require firmware compression or partial
update support. update support.
- bootloader complexity constraints may require simple selection - bootloader complexity constraints may require simple selection
between two bootable images. between two bootable images.
skipping to change at page 8, line 22 skipping to change at page 8, line 39
When installation is complete, similar information can be used for When installation is complete, similar information can be used for
validating and running images in a further 3 steps: validating and running images in a further 3 steps:
1. Verify image(s). 1. Verify image(s).
2. Load image(s). 2. Load image(s).
3. Run image(s). 3. Run image(s).
If verification and running is implemented in bootloader, then the If verification and running is implemented in a bootloader, then the
bootloader MUST also verify the signature of the manifest and the
applicability of the manifest in order to implement secure boot
workflows. The bootloader MAY add its own authentication, e.g. a
MAC, to the manifest in order to prevent further verifications.
When multiple manifests are used for an update, each manifest's steps When multiple manifests are used for an update, each manifest's steps
occur in a lockstep fashion; all manifests have dependency resolution occur in a lockstep fashion; all manifests have dependency resolution
performed before any manifest performs a payload fetch, etc. performed before any manifest performs a payload fetch, etc.
4.2.1. Pre-Authentication Compatibility Checks
The RECOMMENDED process is to verify the signature of the manifest
prior to parsing/executing any section of the manifest. This guards
the parser against arbitrary input by unauthenticated third parties,
but it costs extra energy when a device receives an incompatible
manifest.
If a device:
1. expects to receive many incompatible manifests.
2. expects to receive few manifests with failing signatures-for
example if it is behind a gateway that checks signatures.
3. has a power budget that makes signature verification undesirable.
Then, the device MAY choose to parse and execute only the SUIT_Common
section of the manifest prior to signature verification. The
guidelines in Creating Manifests (Section 6) require that the common
section contain the applicability checks, so this section is
sufficient for applicability verification. The manifest parser MUST
NOT execute any command with side-effects outside the parser (for
example, Run, Copy, Swap, or Fetch commands) prior to authentication
and any such command MUST result in an error.
4.3. SUIT Manifest Goals 4.3. SUIT Manifest Goals
The manifest described in this document is intended to meet several The manifest described in this document is intended to meet several
goals, as described below. goals, as described below.
1. Meet the requirements defined in - Meet the requirements defined in
[I-D.ietf-suit-information-model]. [I-D.ietf-suit-information-model].
2. Simple to parse on a constrained node - Simple to parse on a constrained node
3. Simple to process on a constrained node - Simple to process on a constrained node
4. Compact encoding - Compact encoding
5. Comprehensible by an intermediate system - Comprehensible by an intermediate system
6. Expressive enough to enable advanced use cases on advanced nodes - Expressive enough to enable advanced use cases on advanced nodes
7. Extensible - Extensible
The SUIT manifest can be used for a variety of purposes throughout The SUIT manifest can be used for a variety of purposes throughout
its lifecycle. The manifest allows: its lifecycle. The manifest allows:
1. the Firmware Author to reason about releasing a firmware. - the Firmware Author to reason about releasing a firmware.
2. the Network Operator to reason about compatibility of a firmware. - the Network Operator to reason about compatibility of a firmware.
3. the Device Operator to reason about the impact of a firmware. - the Device Operator to reason about the impact of a firmware.
4. the Device Operator to manage distribution of firmware to - the Device Operator to manage distribution of firmware to devices.
devices.
5. the Plant Manager to reason about timing and acceptance of - the Plant Manager to reason about timing and acceptance of
firmware updates. firmware updates.
6. the device to reason about the authority & authenticity of a - the device to reason about the authority & authenticity of a
firmware prior to installation. firmware prior to installation.
7. the device to reason about the applicability of a firmware. - the device to reason about the applicability of a firmware.
8. the device to reason about the installation of a firmware. - the device to reason about the installation of a firmware.
9. the device to reason about the authenticity & encoding of a - the device to reason about the authenticity & encoding of a
firmware at boot. firmware at boot.
Each of these uses happens at a different stage of the manifest Each of these uses happens at a different stage of the manifest
lifecycle, so each has different requirements. lifecycle, so each has different requirements.
4.4. SUIT Manifest Design Summary 4.4. SUIT Manifest Design Summary
In order to provide flexible behavior to constrained devices, while In order to provide flexible behavior to constrained devices, while
still allowing more powerful devices to use their full capabilities, still allowing more powerful devices to use their full capabilities,
the SUIT manifest encodes the required behavior of a Recipient the SUIT manifest encodes the required behavior of a Recipient
device. Behavior is encoded as a specialized byte code, contained in device. Behavior is encoded as a specialized byte code, contained in
skipping to change at page 9, line 46 skipping to change at page 10, line 47
the operations that a device will perform, which promotes ease of the operations that a device will perform, which promotes ease of
processing. The core operations used by most update and trusted processing. The core operations used by most update and trusted
execution operations are represented in the byte code. The byte code execution operations are represented in the byte code. The byte code
can be extended by registering new operations. can be extended by registering new operations.
The specialized byte code approach gives benefits equivalent to those The specialized byte code approach gives benefits equivalent to those
provided by a scripting language or conventional byte code, with two provided by a scripting language or conventional byte code, with two
substantial differences. First, the language is extremely high substantial differences. First, the language is extremely high
level, consisting of only the operations that a device may perform level, consisting of only the operations that a device may perform
during update and trusted execution of a firmware image. Second, the during update and trusted execution of a firmware image. Second, the
language specifies behaviors in a linearized form, without reverse language specifies linear behavior, without reverse branches.
branches. Conditional processing is supported, and parallel and out- Conditional processing is supported, and parallel and out-of-order
of-order processing may be performed by sufficiently capable devices. processing may be performed by sufficiently capable devices.
By structuring the data in this way, the manifest processor becomes a By structuring the data in this way, the manifest processor becomes a
very simple engine that uses a pull parser to interpret the manifest. very simple engine that uses a pull parser to interpret the manifest.
This pull parser invokes a series of command handlers that evaluate a This pull parser invokes a series of command handlers that evaluate a
Condition or execute a Directive. Most data is structured in a Condition or execute a Directive. Most data is structured in a
highly regular pattern, which simplifies the parser. highly regular pattern, which simplifies the parser.
The results of this allow a Recipient to implement a very small The results of this allow a Recipient to implement a very small
parser for constrained applications. If needed, such a parser also parser for constrained applications. If needed, such a parser also
allows the Recipient to perform complex updates with reduced allows the Recipient to perform complex updates with reduced
overhead. Conditional execution of commands allows a simple device overhead. Conditional execution of commands allows a simple device
to perform important decisions at validation-time. to perform important decisions at validation-time.
Dependency handling is vastly simplified as well. Dependencies Dependency handling is vastly simplified as well. Dependencies
function like subroutines of the language. When a manifest has a function like subroutines of the language. When a manifest has a
dependency, it can invoke that dependency's commands and modify their dependency, it can invoke that dependency's commands and modify their
behavior by setting parameters. Because some parameters come with behavior by setting parameters. Because some parameters come with
security implications, the dependencies also have a mechanism to security implications, the dependencies also have a mechanism to
reject modifications to parameters on a fine-grained level. reject modifications to parameters on a fine-grained level.
Developing a robust permissions system works in this model too. The Developing a robust permissions system works in this model too. The
Recipient can use a simple ACL that is a table of Identities and Recipient can use a simple ACL that is a table of Identities and
Component Identifier permissions to ensure that only manifests Component Identifier permissions to ensure that operations on
authenticated by the appropriate identity have access to operate on a components fail unless they are permitted by the ACL. This table can
component. be further refined with individual parameters and commands.
Capability reporting is similarly simplified. A Recipient can report Capability reporting is similarly simplified. A Recipient can report
the Commands, Parameters, Algorithms, and Component Identifiers that the Commands, Parameters, Algorithms, and Component Identifiers that
it supports. This is sufficiently precise for a manifest author to it supports. This is sufficiently precise for a manifest author to
create a manifest that the Recipient can accept. create a manifest that the Recipient can accept.
The simplicity of design in the Recipient due to all of these The simplicity of design in the Recipient due to all of these
benefits allows even a highly constrained platform to use advanced benefits allows even a highly constrained platform to use advanced
update capabilities. update capabilities.
5. Interpreter Behavior 5. Interpreter Behavior
This section describes the behavior of the manifest interpreter. This section describes the behavior of the manifest interpreter.
This section focuses primarily on interpreting commands in the This section focuses primarily on interpreting commands in the
manifest. However, there are several other important behaviors of manifest. However, there are several other important behaviors of
the interpreter: encoding version detection, rollback protection, and the interpreter: encoding version detection , rollback protection,
authenticity verification are chief among these. and authenticity verification are chief among these (see
Section 5.1).
5.1. Interpreter Setup 5.1. Interpreter Setup
Prior to executing any command sequence, the interpreter or its host Prior to executing any command sequence, the interpreter or its host
application MUST inspect the manifest version field and fail when it application MUST inspect the manifest version field and fail when it
encounters an unsupported encoding version. Next, the interpreter or encounters an unsupported encoding version. Next, the interpreter or
its host application MUST extract the manifest sequence number and its host application MUST extract the manifest sequence number and
perform a rollback check using this sequence number. The exact logic perform a rollback check using this sequence number. The exact logic
of rollback protection may vary by application, but it has the of rollback protection may vary by application, but it has the
following properties: following properties:
skipping to change at page 21, line 39 skipping to change at page 22, line 39
o Process Dependency. o Process Dependency.
For any other section that the dependency has, the dependent MUST For any other section that the dependency has, the dependent MUST
invoke Process Dependency. invoke Process Dependency.
NOTE: Any changes made to parameters in a dependency persist in the NOTE: Any changes made to parameters in a dependency persist in the
dependent. dependent.
7. Manifest Structure 7. Manifest Structure
The manifest is divided into several sections in a hierarchy as The manifest is enveloped in a CBOR map containing:
follows:
1. The outer wrapper 1. Authentication delegation chain(s)
1. Authentication delegation chain(s) 2. The authentication wrapper (a list of COSE sign/MAC objects)
2. The authentication wrapper 3. The manifest (a map)
3. The manifest 1. Critical Information
1. Critical Information 2. Information shared by all command sequences
2. Information shared by all command sequences 1. List of dependencies
1. List of dependencies 2. List of payloads
2. List of payloads 3. List of payloads in dependencies
3. List of payloads in dependencies 4. Common list of conditions, directives
4. Common list of conditions, directives 3. Reference URI
3. Dependency resolution Reference or list of conditions, 4. Dependency resolution Reference or conditions/directives
directives
4. Payload fetch Reference or list of conditions, 5. Payload fetch Reference or conditions/directives
directives
5. Installation Reference or list of conditions, 6. Installation Reference or conditions/directives
directives
6. Verification conditions/directives 7. Verification conditions/directives
7. Load conditions/directives 8. Load conditions/directives
8. Run conditions/directives 9. Run conditions/directives
9. Text / Reference 10. Text / Reference
10. COSWID / Reference 11. COSWID / Reference
4. Dependency resolution conditions/directives 4. Dependency resolution conditions/directives
5. Payload fetch conditions/directives 5. Payload fetch conditions/directives
6. Installation conditions/directives 6. Installation conditions/directives
7. Text 7. Text
8. COSWID / Reference 8. COSWID
9. Intermediate Certificate(s) / CWTs 9. Inline Payload(s)
10. Inline Payload(s) All elements in the outer map are wrapped in bstr.
+--------------------+
| Manifest Envelope |
+--------------------+
| Delegation CWTs |
| COSE Envelopes |
| Manifest --------------------> +-----------------------+
| Severable Elements | | Manifest (bstr) |
+--------------------+ +-----------------------+
| Structure Version |
| Sequence Number |
+-----------------------+ <------- Common Info |
| Common Info (bstr) | | Reference URI |
+-----------------------+ | Installation Commands ---+
| Dependencies | | Invocation Commands -----+
| Components IDs | | Protected Elements | |
| Component References | +-----------------------+ |
| Common Commands --------+ |
+-----------------------+ | |
+-> +-----------------------+ <---+
| Commands (bstr) |
+-----------------------+
| List of ( pairs of ( |
| * command ID code |
| * argument |
| )) |
+-----------------------+
The map indices in this encoding are reset to 1 for each map within
the structure. This is to keep the indices as small as possible.
The goal is to keep the index objects to single bytes (CBOR positive
integers 1-23).
Wherever enumerations are used, they are started at 1. This allows
detection of several common software errors that are caused by
uninitialised variables. Positive numbers in enumerations are
reserved for IANA registration. Negative numbers are used to
identify application-specific implementations.
CDDL names are hyphenated and CDDL structures follow the convention
adopted in COSE [RFC8152]: SUIT_Structure_Name.
7.1. Severable Elements 7.1. Severable Elements
Because the manifest can be used by different actors at different Because the manifest can be used by different actors at different
times, some parts of the manifest can be removed without affecting times, some parts of the manifest can be removed without affecting
later stages of the lifecycle. This is called "Severing." Severing later stages of the lifecycle. This is called "Severing." Severing
of information is achieved by separating that information from the of information is achieved by separating that information from the
signed container so that removing it does not affect the signature. signed container so that removing it does not affect the signature.
This means that ensuring authenticity of severable parts of the This means that ensuring authenticity of severable parts of the
skipping to change at page 23, line 26 skipping to change at page 25, line 26
typically consumes 4 bytes more than the size of the raw digest, typically consumes 4 bytes more than the size of the raw digest,
therefore elements smaller than (Digest Bits)/8 + 4 SHOULD never be therefore elements smaller than (Digest Bits)/8 + 4 SHOULD never be
severable. Elements larger than (Digest Bits)/8 + 4 MAY be severable. Elements larger than (Digest Bits)/8 + 4 MAY be
severable, while elements that are much larger than (Digest Bits)/8 + severable, while elements that are much larger than (Digest Bits)/8 +
4 SHOULD be severable. 4 SHOULD be severable.
Because of this, all command sequences in the manifest are encoded in Because of this, all command sequences in the manifest are encoded in
a bstr so that there is a single code path needed for all command a bstr so that there is a single code path needed for all command
sequences sequences
7.2. Outer Wrapper 7.2. Envelope
This object is a container for the other pieces of the manifest to This object is a container for the other pieces of the manifest to
provide a common mechanism to find each of the parts. All elements provide a common mechanism to find each of the parts. All elements
of the outer wrapper are contained in bstr objects. Wherever the of the envelope are contained in bstr objects. Wherever the manifest
manifest references an object in the outer wrapper, the bstr is references an object in the envelope, the bstr is included in the
included in the digest calculation. digest calculation.
The CDDL that describes the wrapper is below The CDDL that describes the envelope is below
SUIT_Outer_Wrapper = { SUIT_Envelope = {
suit-delegation => bstr .cbor SUIT_Delegation suit-delegation => bstr .cbor SUIT_Delegation
suit-authentication-wrapper => bstr .cbor suit-authentication-wrapper
SUIT_Authentication_Wrapper / nil, => bstr .cbor SUIT_Authentication_Wrapper / nil,
$SUIT_Manifest_Wrapped, $$SUIT_Manifest_Wrapped,
? suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence, * $$SUIT_Severed_Fields,
? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
? suit-install => bstr .cbor SUIT_Command_Sequence,
? suit-text => bstr .cbor SUIT_Text_Map,
? suit-coswid => bstr .cbor COSWID
} }
SUIT_Delegation = [ + [ + CWT ] ] SUIT_Delegation = [ + [ + CWT ] ]
SUIT_Authentication_Wrapper = [ + (COSE_Mac_Tagged / COSE_Sign_Tagged / SUIT_Authentication_Wrapper = [ + bstr .cbor SUIT_Authentication_Block ]
COSE_Mac0_Tagged / COSE_Sign1_Tagged)]
SUIT_Encryption_Wrapper = COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged
SUIT_Manifest_Wrapped //= (suit-manifest => bstr .cbor SUIT_Manifest) SUIT_Authentication_Block /= COSE_Mac_Tagged
SUIT_Manifest_Wrapped //= ( SUIT_Authentication_Block /= COSE_Sign_Tagged
SUIT_Authentication_Block /= COSE_Mac0_Tagged
SUIT_Authentication_Block /= COSE_Sign1_Tagged
$$SUIT_Manifest_Wrapped //= (suit-manifest => bstr .cbor SUIT_Manifest)
$$SUIT_Manifest_Wrapped //= (
suit-manifest-encryption-info => bstr .cbor SUIT_Encryption_Wrapper, suit-manifest-encryption-info => bstr .cbor SUIT_Encryption_Wrapper,
suit-manifest-encrypted => bstr suit-manifest-encrypted => bstr
) )
All elements of the outer wrapper must be wrapped in a bstr to SUIT_Encryption_Wrapper = COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged
minimize the complexity of the code that evaluates the cryptographic
integrity of the element and to ensure correct serialization for $$SUIT_Severed_Fields //= ( suit-dependency-resolution =>
integrity and authenticity checks. bstr .cbor SUIT_Command_Sequence)
$$SUIT_Severed_Fields //= (suit-payload-fetch =>
bstr .cbor SUIT_Command_Sequence)
$$SUIT_Severed_Fields //= (suit-install =>
bstr .cbor SUIT_Command_Sequence)
$$SUIT_Severed_Fields //= (suit-text =>
bstr .cbor SUIT_Text_Map)
$$SUIT_Severed_Fields //= (suit-coswid =>
bstr .cbor concise-software-identity)
All elements of the envelope must be wrapped in a bstr to minimize
the complexity of the code that evaluates the cryptographic integrity
of the element and to ensure correct serialization for integrity and
authenticity checks.
The suit-authentication-wrapper contains a list of 1 or more The suit-authentication-wrapper contains a list of 1 or more
cryptographic authentication wrappers for the core part of the cryptographic authentication wrappers for the core part of the
manifest. These are implemented as COSE_Mac_Tagged or manifest. These are implemented as COSE_Mac_Tagged or
COSE_Sign_Tagged blocks. The Manifest is authenticated by these COSE_Sign_Tagged blocks. Each of these blocks contains a SUIT_Digest
blocks in "detached payload" mode. The COSE_Mac_Tagged and of the manifest. This enables modular processing of the manifest.
COSE_Sign_Tagged blocks are described in RFC 8152 [RFC8152] and are The COSE_Mac_Tagged and COSE_Sign_Tagged blocks are described in RFC
beyond the scope of this document. The suit-authentication-wrapper 8152 [RFC8152] and are beyond the scope of this document. The suit-
MUST come first in the SUIT_Outer_Wrapper, regardless of canonical authentication-wrapper MUST come before any element in the
encoding of CBOR. All validators MUST reject any SUIT_Outer_Wrapper SUIT_Envelope, except for the OPTIONAL suit-delegation, regardless of
that begins with any element other than a suit-authentication- canonical encoding of CBOR. All validators MUST reject any
wrapper. SUIT_Envelope that begins with any element other than a suit-
authentication-wrapper or suit-delegation.
A manifest that has not had authentication information added MUST A SUIT_Envelope that has not had authentication information added
still contain the suit-authentication-wrapper element, but the MUST still contain the suit-authentication-wrapper element, but the
content MUST be nil. content MUST be nil.
The outer wrapper MUST contain only one of The envelope MUST contain only one of
- a plaintext manifest: SUIT_Manifest. - a plaintext manifest: SUIT_Manifest.
- an encrypted manifest: both a SUIT_Encryption_Wrapper and the - an encrypted manifest: both a SUIT_Encryption_Wrapper and the
ciphertext of a manifest. ciphertext of a manifest.
When the outer wrapper contains SUIT_Encryption_Wrapper, the suit- When the envelope contains SUIT_Encryption_Wrapper, the suit-
authentication-wrapper MUST authenticate the plaintext of suit- authentication-wrapper MUST authenticate the plaintext of suit-
manifest-encrypted. manifest-encrypted. This ensures that the manifest can be stored
decrypted and that a recipient MAY convert the suit-manifest-
encrypted element to a suit-manifest element.
suit-manifest contains a SUIT_Manifest structure, which describes the suit-manifest contains a SUIT_Manifest structure, which describes the
payload(s) to be installed and any dependencies on other manifests. payload(s) to be installed and any dependencies on other manifests.
suit-manifest-encryption-info contains a SUIT_Encryption_Wrapper, a suit-manifest-encryption-info contains a SUIT_Encryption_Wrapper, a
COSE object that describes the information required to decrypt a COSE object that describes the information required to decrypt a
ciphertext manifest. ciphertext manifest.
suit-manifest-encrypted contains a ciphertext manifest. suit-manifest-encrypted contains a ciphertext manifest.
skipping to change at page 26, line 5 skipping to change at page 29, line 5
4. a list of components affected 4. a list of components affected
5. a list of components affected by dependencies 5. a list of components affected by dependencies
6. a reference for each of the severable blocks. 6. a reference for each of the severable blocks.
7. a list of actions that the Recipient should perform. 7. a list of actions that the Recipient should perform.
The following CDDL fragment defines the manifest. The following CDDL fragment defines the manifest.
SUIT_Manifest = { SUIT_Manifest = {
suit-manifest-version suit-manifest-version => 1,
=> 1, suit-manifest-sequence-number => uint,
suit-manifest-sequence-number suit-common => bstr .cbor SUIT_Common,
=> uint, ? suit-reference-uri => #6.32(tstr),
suit-common * $$SUIT_Severable_Command_Sequences,
=> bstr .cbor SUIT_Common, * $$SUIT_Command_Sequences,
? suit-dependency-resolution * $$SUIT_Protected_Elements,
=> Digest / bstr .cbor SUIT_Command_Sequence, }
? suit-payload-fetch
=> Digest / bstr .cbor SUIT_Command_Sequence,
? suit-install
=> Digest / bstr .cbor SUIT_Command_Sequence,
? suit-validate
=> bstr .cbor SUIT_Command_Sequence,
? suit-load
=> bstr .cbor SUIT_Command_Sequence,
? suit-run
=> bstr .cbor SUIT_Command_Sequence,
? suit-text
=> Digest,
? suit-coswid
=> Digest / bstr .cbor concise-software-identity,
}
SUIT_Common = { $$SUIT_Severable_Command_Sequences //= (suit-dependency-resolution =>
? suit-dependencies SUIT_Severable_Command_Segment)
=> bstr .cbor [ + SUIT_Dependency ], $$SUIT_Severable_Command_Segments //= (suit-payload-fetch =>
? suit-components SUIT_Severable_Command_Sequence)
=> bstr .cbor [ + SUIT_Component_Identifier ], $$SUIT_Severable_Command_Segments //= (suit-install =>
? suit-dependency-components SUIT_Severable_Command_Sequence)
=> bstr .cbor [ + SUIT_Component_Reference ],
? suit-common-sequence SUIT_Severable_Command_Sequence =
=> bstr .cbor SUIT_Command_Sequence, SUIT_Digest / bstr .cbor SUIT_Command_Sequence
}
$$SUIT_Command_Sequences //= ( suit-validate =>
bstr .cbor SUIT_Command_Sequence )
$$SUIT_Command_Sequences //= ( suit-load =>
bstr .cbor SUIT_Command_Sequence )
$$SUIT_Command_Sequences //= ( suit-run =>
bstr .cbor SUIT_Command_Sequence )
$$SUIT_Protected_Elements //= ( suit-text => SUIT_Digest )
$$SUIT_Protected_Elements //= ( suit-coswid => SUIT_Digest )
SUIT_Common = {
? suit-dependencies => bstr .cbor SUIT_Dependencies,
? suit-components => bstr .cbor SUIT_Components,
? suit-dependency-components
=> bstr .cbor SUIT_Component_References,
? suit-common-sequence => bstr .cbor SUIT_Command_Sequence,
}
Several fields in the Manifest can be either a CBOR structure or a Several fields in the Manifest can be either a CBOR structure or a
SUIT_Digest. In each of these cases, the SUIT_Digest provides for a SUIT_Digest. In each of these cases, the SUIT_Digest provides for a
severable field. Severable fields are RECOMMENDED to implement. In severable field. Severable fields are RECOMMENDED to implement. In
particular, text SHOULD be severable, since most useful text elements particular, text SHOULD be severable, since most useful text elements
occupy more space than a SUIT_Digest, but are not needed by the occupy more space than a SUIT_Digest, but are not needed by the
Recipient. Because SUIT_Digest is a CBOR Array and each severable Recipient. Because SUIT_Digest is a CBOR Array and each severable
element is a CBOR bstr, it is straight-forward for a Recipient to element is a CBOR bstr, it is straight-forward for a Recipient to
determine whether an element is been severable. The key used for a determine whether an element is been severable. The key used for a
severable element is the same in the SUIT_Manifest and in the severable element is the same in the SUIT_Manifest and in the
SUIT_Outer_Wrapper so that a Recipient can easily identify the SUIT_Envelope so that a Recipient can easily identify the correct
correct data in the outer wrapper. data in the envelope.
The suit-manifest-version indicates the version of serialization used The suit-manifest-version indicates the version of serialization used
to encode the manifest. Version 1 is the version described in this to encode the manifest. Version 1 is the version described in this
document. suit-manifest-version is REQUIRED. document. suit-manifest-version is REQUIRED.
The suit-manifest-sequence-number is a monotonically increasing anti- The suit-manifest-sequence-number is a monotonically increasing anti-
rollback counter. It also helps devices to determine which in a set rollback counter. It also helps devices to determine which in a set
of manifests is the "root" manifest in a given update. Each manifest of manifests is the "root" manifest in a given update. Each manifest
MUST have a sequence number higher than each of its dependencies. MUST have a sequence number higher than each of its dependencies.
Each Recipient MUST reject any manifest that has a sequence number Each Recipient MUST reject any manifest that has a sequence number
skipping to change at page 27, line 51 skipping to change at page 31, line 5
the content of a dependency of the current manifest. suit-dependency- the content of a dependency of the current manifest. suit-dependency-
components is OPTIONAL. components is OPTIONAL.
suit-common-sequence is a SUIT_Command_Sequence to execute prior to suit-common-sequence is a SUIT_Command_Sequence to execute prior to
executing any other command sequence. Typical actions in suit- executing any other command sequence. Typical actions in suit-
common-sequence include setting expected device identity and image common-sequence include setting expected device identity and image
digests when they are conditional (see Section 10 for more digests when they are conditional (see Section 10 for more
information on conditional sequences). suit-common-sequence is information on conditional sequences). suit-common-sequence is
RECOMMENDED. RECOMMENDED.
suit-reference-uri is a text string that encodes a URI where a full
version of this manifest can be found. This is convenient for
allowing management systems to show the severed elements of a
manifest when this URI is reported by a device after installation.
suit-dependency-resolution is a SUIT_Command_Sequence to execute in suit-dependency-resolution is a SUIT_Command_Sequence to execute in
order to perform dependency resolution. Typical actions include order to perform dependency resolution. Typical actions include
configuring URIs of dependency manifests, fetching dependency configuring URIs of dependency manifests, fetching dependency
manifests, and validating dependency manifests' contents. suit- manifests, and validating dependency manifests' contents. suit-
dependency-resolution is REQUIRED when suit-dependencies is present. dependency-resolution is REQUIRED when suit-dependencies is present.
suit-payload-fetch is a SUIT_Command_Sequence to execute in order to suit-payload-fetch is a SUIT_Command_Sequence to execute in order to
obtain a payload. Some manifests may include these actions in the obtain a payload. Some manifests may include these actions in the
suit-install section instead if they operate in a streaming suit-install section instead if they operate in a streaming
installation mode. This is particularly relevant for constrained installation mode. This is particularly relevant for constrained
skipping to change at page 28, line 41 skipping to change at page 31, line 49
decryption or decompression. suit-load is OPTIONAL. decryption or decompression. suit-load is OPTIONAL.
suit-run is a SUIT_Command_Sequence to execute in order to run an suit-run is a SUIT_Command_Sequence to execute in order to run an
image. suit-run typically contains a single instruction: either the image. suit-run typically contains a single instruction: either the
"run" directive for the bootable manifest or the "process "run" directive for the bootable manifest or the "process
dependencies" directive for any dependents of the bootable manifest. dependencies" directive for any dependents of the bootable manifest.
suit-run is OPTIONAL. Only one manifest in an update may contain the suit-run is OPTIONAL. Only one manifest in an update may contain the
"run" directive. "run" directive.
suit-text is a digest that uniquely identifies the content of the suit-text is a digest that uniquely identifies the content of the
Text that is packaged in the OuterWrapper. text is OPTIONAL. Text that is packaged in the SUIT_Envelope. text is OPTIONAL.
suit-coswid is a digest that uniquely identifies the content of the suit-coswid is a digest that uniquely identifies the content of the
concise-software-identifier that is packaged in the OuterWrapper. concise-software-identifier that is packaged in the SUIT_Envelope.
coswid is OPTIONAL. coswid is OPTIONAL.
7.4. SUIT_Dependency 7.4. SUIT_Dependency
SUIT_Dependency specifies a manifest that describes a dependency of SUIT_Dependency specifies a manifest that describes a dependency of
the current manifest. the current manifest.
The following CDDL describes the SUIT_Dependency structure. The following CDDL describes the SUIT_Dependency structure.
SUIT_Dependency = { SUIT_Dependency = {
skipping to change at page 30, line 5 skipping to change at page 33, line 14
7.6. Manifest Parameters 7.6. Manifest Parameters
Many conditions and directives require additional information. That Many conditions and directives require additional information. That
information is contained within parameters that can be set in a information is contained within parameters that can be set in a
consistent way. This allows reduction of manifest size and consistent way. This allows reduction of manifest size and
replacement of parameters from one manifest to the next. replacement of parameters from one manifest to the next.
The defined manifest parameters are described below. The defined manifest parameters are described below.
+-----+--------+-------------------+------------+-------------------+ +------+---------+------------+-------------+-----------------------+
| ID | CBOR | Scope | Name | Description | | ID | CBOR | Scope | Name | Description |
| | Type | | | | | | Type | | | |
+-----+--------+-------------------+------------+-------------------+ +------+---------+------------+-------------+-----------------------+
| 1 | boolea | Global | Strict | Requires that the | | 1 | bstr | Component | Vendor ID | A RFC4122 UUID |
| | n | | Order | manifest is | | | | / Global | | representing the |
| | | | | processed in a | | | | | | vendor of the device |
| | | | | strictly linear | | | | | | or component |
| | | | | fashion. Set to 0 | | | | | | |
| | | | | to enable | | 2 | bstr | Component | Class ID | A RFC4122 UUID |
| | | | | parallel handling | | | | / Global | | representing the |
| | | | | of manifest | | | | | | class of the device |
| | | | | directives. | | | | | | or component |
| | | | | | | | | | | |
| 2 | boolea | Command Segment | Soft | Condition | | 3 | bstr | Component | Image | A SUIT_Digest |
| | n | | Failure | failures only | | | | / | Digest | |
| | | | | terminate the | | | | Dependency | | |
| | | | | current command | | | | | | |
| | | | | segment. | | 4 | uint | Component | Use Before | POSIX timestamp |
| | | | | | | | | / Global | | |
| 3 | bstr | Component/Global | Vendor ID | A RFC4122 UUID | | | | | | |
| | | | | representing the | | 5 | uint | Component | Component | Offset of the |
| | | | | vendor of the | | | | | Offset | component |
| | | | | device or | | | | | | |
| | | | | component | | 12 | boolean | Global | Strict | Requires that the |
| | | | | | | | | | Order | manifest is processed |
| 4 | bstr | Component/Global | Class ID | A RFC4122 UUID | | | | | | in a strictly linear |
| | | | | representing the | | | | | | fashion. Set to 0 to |
| | | | | class of the | | | | | | enable parallel |
| | | | | device or | | | | | | handling of manifest |
| | | | | component | | | | | | directives. |
| | | | | | | | | | | |
| 5 | bstr | Component/Global | Device ID | A RFC4122 UUID | | 13 | boolean | Command | Soft | Condition failures |
| | | | | representing the | | | | Segment | Failure | only terminate the |
| | | | | device or | | | | | | current command |
| | | | | component | | | | | | segment. |
| | | | | | | | | | | |
| 6 | tstr | Component/Depende | URI | A URI from which | | 14 | uint | Component | Image Size | Integer size |
| | | ncy | | to fetch a | | | | / | | |
| | | | | resource | | | | Dependency | | |
| | | | | | | | | | | |
| 7 | bstr | Component/Depende | Encryption | A COSE object | | 18 | bstr | Component | Encryption | A COSE object |
| | | ncy | Info | defining the | | | | / | Info | defining the |
| | | | | encryption mode | | | | Dependency | | encryption mode of a |
| | | | | of a resource | | | | | | resource |
| | | | | | | | | | | |
| 8 | bstr | Component | Compressio | The information | | 19 | bstr | Component | Compression | The information |
| | | | n Info | required to | | | | | Info | required to |
| | | | | decompress the | | | | | | decompress the image |
| | | | | image | | | | | | |
| | | | | | | 20 | bstr | Component | Unpack Info | The information |
| 9 | bstr | Component | Unpack | The information | | | | | | required to unpack |
| | | | Info | required to | | | | | | the image |
| | | | | unpack the image | | | | | | |
| | | | | | | 21 | tstr | Component | URI | A URI from which to |
| 10 | uint | Component | Source | A Component Index | | | | / | | fetch a resource |
| | | | Component | | | | | Dependency | | |
| | | | | | | | | | | |
| 11 | bstr | Component/Depende | Image | A SUIT_Digest | | 22 | uint | Component | Source | A Component Index |
| | | ncy | Digest | | | | | | Component | |
| | | | | | | | | | | |
| 12 | uint | Component/Depende | Image Size | Integer size | | 23 | bstr / | Component | Run | An encoded set of |
| | | ncy | | | | | nil | | Arguments | arguments for Run |
| | | | | | | | | | | |
| 24 | bstr | Component/Depende | URI List | A CBOR encoded | | 24 | bstr | Component | Device ID | A RFC4122 UUID |
| | | ncy | | list of ranked | | | | / Global | | representing the |
| | | | | URIs | | | | | | device or component |
| | | | | | | | | | | |
| 25 | boolea | Component/Depende | URI List | A CBOR encoded | | 25 | uint | Global | Minimum | A minimum battery |
| | n | ncy | Append | list of ranked | | | | | Battery | level in mWh |
| | | | | URIs | | | | | | |
| | | | | | | 26 | int | Component | Priority | The priority of the |
| nin | int/bs | Custom | Custom | Application- | | | | / Global | | update |
| t | tr | | Parameter | defined parameter | | | | | | |
+-----+--------+-------------------+------------+-------------------+ | nint | int / | Custom | Custom | Application-defined |
| | bstr / | | Parameter | parameter |
| | tstr | | | |
+------+---------+------------+-------------+-----------------------+
CBOR-encoded object parameters are still wrapped in a bstr. This is CBOR-encoded object parameters are still wrapped in a bstr. This is
because it allows a parser that is aggregating parameters to because it allows a parser that is aggregating parameters to
reference the object with a single pointer and traverse it without reference the object with a single pointer and traverse it without
understanding the contents. This is important for modularization and understanding the contents. This is important for modularization and
division of responsibility within a pull parser. The same division of responsibility within a pull parser. The same
consideration does not apply to Conditions and Directives because consideration does not apply to Directives because those elements are
those elements are invoked with their arguments immediately invoked with their arguments immediately
7.6.1. SUIT_Parameter_Strict_Order 7.6.1. SUIT_Parameter_Strict_Order
The Strict Order Parameter allows a manifest to govern when The Strict Order Parameter allows a manifest to govern when
directives can be executed out-of-order. This allows for systems directives can be executed out-of-order. This allows for systems
that have a sensitivity to order of updates to choose the order in that have a sensitivity to order of updates to choose the order in
which they are executed. It also allows for more advanced systems to which they are executed. It also allows for more advanced systems to
parallelize their handling of updates. Strict Order defaults to parallelize their handling of updates. Strict Order defaults to
True. It MAY be set to False when the order of operations does not True. It MAY be set to False when the order of operations does not
matter. When arriving at the end of a command sequence, ALL commands matter. When arriving at the end of a command sequence, ALL commands
skipping to change at page 34, line 5 skipping to change at page 36, line 35
} }
SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Delta SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Delta
SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Hex SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Hex
SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Elf SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Elf
7.7.3. SUIT_Parameters CDDL 7.7.3. SUIT_Parameters CDDL
The following CDDL describes all SUIT_Parameters. The following CDDL describes all SUIT_Parameters.
SUIT_Parameters //= (suit-parameter-strict-order => bool) SUIT_Parameters //= (suit-parameter-vendor-identifier => RFC4122_UUID)
SUIT_Parameters //= (suit-parameter-soft-failure => bool) SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
SUIT_Parameters //= (suit-parameter-vendor-id => bstr) SUIT_Parameters //= (suit-parameter-image-digest
SUIT_Parameters //= (suit-parameter-class-id => bstr) => bstr .cbor SUIT_Digest)
SUIT_Parameters //= (suit-parameter-device-id => bstr) SUIT_Parameters //= (suit-parameter-image-size => uint)
SUIT_Parameters //= (suit-parameter-uri => tstr) SUIT_Parameters //= (suit-parameter-use-before => uint)
SUIT_Parameters //= (suit-parameter-encryption-info SUIT_Parameters //= (suit-parameter-component-offset => uint)
=> bstr .cbor SUIT_Encryption_Info)
SUIT_Parameters //= (suit-parameter-compression-info
=> bstr .cbor SUIT_Compression_Info)
SUIT_Parameters //= (suit-parameter-unpack-info
=> bstr .cbor SUIT_Unpack_Info)
SUIT_Parameters //= (suit-parameter-source-component
=> uint)
SUIT_Parameters //= (suit-parameter-image-digest
=> bstr .cbor SUIT_Digest)
SUIT_Parameters //= (suit-parameter-image-size => uint)
SUIT_Parameters //= (suit-parameter-uri-list
=> bstr .cbor SUIT_Component_URI_List)
SUIT_Parameters //= (suit-parameter-custom
=> int/bool/tstr/bstr)
SUIT_Component_URI_List = [ + [priority: int, uri: tstr] ] SUIT_Parameters //= (suit-parameter-encryption-info
=> bstr .cbor SUIT_Encryption_Info)
SUIT_Parameters //= (suit-parameter-compression-info
=> bstr .cbor SUIT_Compression_Info)
SUIT_Parameters //= (suit-parameter-unpack-info
=> bstr .cbor SUIT_Unpack_Info)
SUIT_Encryption_Info= COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged SUIT_Parameters //= (suit-parameter-uri => tstr)
SUIT_Compression_Info = { SUIT_Parameters //= (suit-parameter-source-component => uint)
suit-compression-algorithm => SUIT_Compression_Algorithms SUIT_Parameters //= (suit-parameter-run-args => bstr)
? suit-compression-parameters => bstr
}
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_gzip SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID)
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_bzip2 SUIT_Parameters //= (suit-parameter-minimum-battery => uint)
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_deflate SUIT_Parameters //= (suit-parameter-update-priority => uint)
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_LZ4 SUIT_Parameters //= (suit-parameter-version =>
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lzma SUIT_Parameter_Version_Match)
SUIT_Parameters //= (suit-parameter-wait-info =>
bstr .cbor SUIT_Wait_Events)
SUIT_Unpack_Info = { SUIT_Parameters //= (suit-parameter-uri-list
suit-unpack-algorithm => SUIT_Unpack_Algorithms => bstr .cbor SUIT_Component_URI_List)
? suit-unpack-parameters => bstr SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
}
SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Delta SUIT_Parameters //= (suit-parameter-strict-order => bool)
SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Hex SUIT_Parameters //= (suit-parameter-soft-failure => bool)
SUIT_Unpack_Algorithms //= SUIT_Unpack_Algorithm_Elf
RFC4122_UUID = bstr .size 16
SUIT_Condition_Version_Comparison_Value = [+int]
SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
SUIT_Compression_Info = {
suit-compression-algorithm => SUIT_Compression_Algorithms,
? suit-compression-parameters => bstr
}
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_gzip
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_bzip2
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lz4
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lzma
SUIT_Unpack_Info = {
suit-unpack-algorithm => SUIT_Unpack_Algorithms,
? suit-unpack-parameters => bstr
}
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Delta
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
7.8. SUIT_Command_Sequence 7.8. SUIT_Command_Sequence
A SUIT_Command_Sequence defines a series of actions that the A SUIT_Command_Sequence defines a series of actions that the
Recipient MUST take to accomplish a particular goal. These goals are Recipient MUST take to accomplish a particular goal. These goals are
defined in the manifest and include: defined in the manifest and include:
1. Dependency Resolution 1. Dependency Resolution
2. Payload Fetch 2. Payload Fetch
skipping to change at page 35, line 47 skipping to change at page 38, line 47
Command_Sequence = { Command_Sequence = {
conditions => [ * Condition], conditions => [ * Condition],
directives => [ * Directive] directives => [ * Directive]
} }
This introduces significant complexity in the parser, however, so the This introduces significant complexity in the parser, however, so the
structure is flattened to make parsing simpler: structure is flattened to make parsing simpler:
SUIT_Command_Sequence = [ + (SUIT_Condition/SUIT_Directive) ] SUIT_Command_Sequence = [ + (SUIT_Condition/SUIT_Directive) ]
Each condition and directive is composed of: Each condition is a command code identifier, followed by Nil. Each
directive is composed of:
1. A command code identifier 1. A command code identifier
2. An argument block 2. An argument block or Nil
Argument blocks are defined for each type of command. Argument blocks are defined for each type of directive.
Many conditions and directives apply to a given component, and these Many conditions and directives apply to a given component, and these
generally grouped together. Therefore, a special command to set the generally grouped together. Therefore, a special command to set the
current component index is provided with a matching command to set current component index is provided with a matching command to set
the current dependency index. This index is a numeric index into the the current dependency index. This index is a numeric index into the
component ID tables defined at the beginning of the document. For component ID tables defined at the beginning of the document. For
the purpose of setting the index, the two component ID tables are the purpose of setting the index, the two component ID tables are
considered to be concatenated together. considered to be concatenated together.
To facilitate optional conditions, a special directive is provided. To facilitate optional conditions, a special directive is provided.
skipping to change at page 36, line 26 skipping to change at page 39, line 26
another, that are contained as an argument to the directive. By another, that are contained as an argument to the directive. By
default, it assumes that a failure of a condition should not indicate default, it assumes that a failure of a condition should not indicate
a failure of the update/boot, but a parameter is provided to override a failure of the update/boot, but a parameter is provided to override
this behavior. this behavior.
7.9. SUIT_Condition 7.9. SUIT_Condition
Conditions are used to define mandatory properties of a system in Conditions are used to define mandatory properties of a system in
order for an update to be applied. They can be pre-conditions or order for an update to be applied. They can be pre-conditions or
post-conditions of any directive or series of directives, depending post-conditions of any directive or series of directives, depending
on where they are placed in the list. Conditions include: on where they are placed in the list. Conditions never take
arguments; conditions should test using parameters instead.
Conditions include:
+----------------+-------------------+----------------------------+ +----------------+-------------------+----------------+
| Condition Code | Condition Name | Argument Type | | Condition Code | Condition Name | Implementation |
+----------------+-------------------+----------------------------+ +----------------+-------------------+----------------+
| 1 | Vendor Identifier | nil | | 1 | Vendor Identifier | REQUIRED |
| | | | | | | |
| 2 | Class Identifier | nil | | 2 | Class Identifier | REQUIRED |
| | | | | | | |
| 3 | Image Match | nil | | 3 | Image Match | REQUIRED |
| | | | | | | |
| 4 | Use Before | Unsigned Integer timestamp | | 4 | Use Before | OPTIONAL |
| | | | | | | |
| 5 | Component Offset | Unsigned Integer | | 5 | Component Offset | OPTIONAL |
| | | | | | | |
| 24 | Device Identifier | nil | | 24 | Device Identifier | OPTIONAL |
| | | | | | | |
| 25 | Image Not Match | nil | | 25 | Image Not Match | OPTIONAL |
| | | | | | | |
| 26 | Minimum Battery | Unsigned Integer | | 26 | Minimum Battery | OPTIONAL |
| | | | | | | |
| 27 | Update Authorized | Integer | | 27 | Update Authorized | OPTIONAL |
| | | | | | | |
| 28 | Version | List of Integers | | 28 | Version | OPTIONAL |
| | | | | | | |
| nint | Custom Condition | bstr | | nint | Custom Condition | OPTIONAL |
+----------------+-------------------+----------------------------+ +----------------+-------------------+----------------+
Each condition MUST report a success code on completion. If a Each condition MUST report a success code on completion. If a
condition reports failure, then the current sequence of commands MUST condition reports failure, then the current sequence of commands MUST
terminate. If a Recipient encounters an unknown Condition Code, it terminate. If a condition requires additional information, this MUST
MUST report a failure. be specified in one or more parameters before the condition is
executed. If a Recipient attempts to process a condition that
expects additional information and that information has not been set,
it MUST report a failure. If a Recipient encounters an unknown
Condition Code, it MUST report a failure.
Positive Condition numbers are reserved for IANA registration. Positive Condition numbers are reserved for IANA registration.
Negative numbers are reserved for proprietary, application-specific Negative numbers are reserved for proprietary, application-specific
directives. directives.
7.9.1. Identifier Conditions 7.9.1. Identifier Conditions
There are three identifier-based conditions: suit-condition-vendor- There are three identifier-based conditions: suit-condition-vendor-
identifier, suit-condition-class-identifier, and suit-condition- identifier, suit-condition-class-identifier, and suit-condition-
device-identifier. Each of these conditions match a RFC 4122 device-identifier. Each of these conditions match a RFC 4122
skipping to change at page 38, line 19 skipping to change at page 41, line 23
Verify that the current component matches the digest parameter for Verify that the current component matches the digest parameter for
the current component. The digest is verified against the digest the current component. The digest is verified against the digest
specified in the Component's parameters list. If no digest is specified in the Component's parameters list. If no digest is
specified, the condition fails. suit-condition-image-match is specified, the condition fails. suit-condition-image-match is
REQUIRED to implement. REQUIRED to implement.
7.9.3. suit-condition-image-not-match 7.9.3. suit-condition-image-not-match
Verify that the current component does not match the supplied digest. Verify that the current component does not match the supplied digest.
If no digest is specified, then the digest is compared against the If no digest is specified, then the digest is compared against the
digest specified in the Components list. If no digest is specified digest specified in the Component's parameters list. If no digest is
and the component is not present in the Components list, the specified, the condition fails. suit-condition-image-not-match is
condition fails. suit-condition-image-not-match is OPTIONAL to OPTIONAL to implement.
implement.
7.9.4. suit-condition-use-before 7.9.4. suit-condition-use-before
Verify that the current time is BEFORE the specified time. suit- Verify that the current time is BEFORE the specified time. suit-
condition-use-before is used to specify the last time at which an condition-use-before is used to specify the last time at which an
update should be installed. One argument is required, encoded as a update should be installed. The recipient evaluates the current time
POSIX timestamp, that is seconds after 1970-01-01 00:00:00. against the suit-parameter-use-before parameter, which must have
Timestamp conditions MUST be evaluated in 64 bits, regardless of already been set as a parameter, encoded as a POSIX timestamp, that
encoded CBOR size. suit-condition-use-before is OPTIONAL to is seconds after 1970-01-01 00:00:00. Timestamp conditions MUST be
implement. evaluated in 64 bits, regardless of encoded CBOR size. suit-
condition-use-before is OPTIONAL to implement.
7.9.5. suit-condition-minimum-battery 7.9.5. suit-condition-minimum-battery
suit-condition-minimum-battery provides a mechanism to test a suit-condition-minimum-battery provides a mechanism to test a
device's battery level before installing an update. This condition device's battery level before installing an update. This condition
is for use in primary-cell applications, where the battery is only is for use in primary-cell applications, where the battery is only
ever discharged. For batteries that are charged, suit-directive-wait ever discharged. For batteries that are charged, suit-directive-wait
is more appropriate, since it defines a "wait" until the battery is more appropriate, since it defines a "wait" until the battery
level is sufficient to install the update. suit-condition-minimum- level is sufficient to install the update. suit-condition-minimum-
battery is specified in mWh. suit-condition-minimum-battery is battery is specified in mWh. suit-condition-minimum-battery is
skipping to change at page 40, line 4 skipping to change at page 43, line 23
SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater-equal suit-condition-version-comparison-greater-equal
SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-equal suit-condition-version-comparison-equal
SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser-equal suit-condition-version-comparison-lesser-equal
SUIT_Condition_Version_Comparison_Types /= SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser suit-condition-version-comparison-lesser
SUIT_Condition_Version_Comparison_Value = [+int] SUIT_Condition_Version_Comparison_Value = [+int]
While the exact encoding of versions is application-defined, semantic While the exact encoding of versions is application-defined, semantic
versions map conveniently. For example, versions map conveniently. For example,
- 1.2.3 = [1,2,3]. - 1.2.3 = [1,2,3].
- 1.2-rc3 = [1,2,-1,3]. - 1.2-rc3 = [1,2,-1,3].
- 1.2-beta = [1,2,-2]. - 1.2-beta = [1,2,-2].
- 1.2-alpha = [1,2,-3]. - 1.2-alpha = [1,2,-3].
- 1.2-alpha4 = [1,2,-3,4]. - 1.2-alpha4 = [1,2,-3,4].
suit-condition-version is OPTIONAL to implement. suit-condition-version is OPTIONAL to implement.
7.9.8. SUIT_Condition_Custom 7.9.8. SUIT_Condition_Custom
SUIT_Condition_Custom describes any proprietary, application specific SUIT_Condition_Custom describes any proprietary, application specific
condition. This is encoded as a negative integer, chosen by the condition. This is encoded as a negative integer, chosen by the
firmware developer, and a bstr that encodes the parameters passed to firmware developer. If additional information must be provided to
the system that evaluates the condition matching that integer. the condition, it should be encoded in a custom parameter (a nint) as
SUIT_Condition_Custom is OPTIONAL to implement. described in Section 7.6. SUIT_Condition_Custom is OPTIONAL to
implement.
7.9.9. Identifiers 7.9.9. Identifiers
Many conditions use identifiers to determine whether a manifest Many conditions use identifiers to determine whether a manifest
matches a given Recipient or not. These identifiers are defined to matches a given Recipient or not. These identifiers are defined to
be RFC 4122 [RFC4122] UUIDs. These UUIDs are explicitly NOT human- be RFC 4122 [RFC4122] UUIDs. These UUIDs are explicitly NOT human-
readable. They are for machine-based matching only. readable. They are for machine-based matching only.
A device may match any number of UUIDs for vendor or class A device may match any number of UUIDs for vendor or class
identifier. This may be relevant to physical or software modules. identifier. This may be relevant to physical or software modules.
skipping to change at page 42, line 10 skipping to change at page 45, line 29
7.9.10. SUIT_Condition CDDL 7.9.10. SUIT_Condition CDDL
The following CDDL describes SUIT_Condition: The following CDDL describes SUIT_Condition:
SUIT_Condition //= (suit-condition-vendor-identifier, nil) SUIT_Condition //= (suit-condition-vendor-identifier, nil)
SUIT_Condition //= (suit-condition-class-identifier, nil) SUIT_Condition //= (suit-condition-class-identifier, nil)
SUIT_Condition //= (suit-condition-device-identifier, nil) SUIT_Condition //= (suit-condition-device-identifier, nil)
SUIT_Condition //= (suit-condition-image-match, nil) SUIT_Condition //= (suit-condition-image-match, nil)
SUIT_Condition //= (suit-condition-image-not-match, nil) SUIT_Condition //= (suit-condition-image-not-match, nil)
SUIT_Condition //= (suit-condition-use-before, uint) SUIT_Condition //= (suit-condition-use-before, nil)
SUIT_Condition //= (suit-condition-minimum-battery, uint) SUIT_Condition //= (suit-condition-minimum-battery, nil)
SUIT_Condition //= (suit-condition-update-authorized, int) SUIT_Condition //= (suit-condition-update-authorized, nil)
SUIT_Condition //= (suit-condition-version, SUIT_Condition //= (suit-condition-version, nil)
SUIT_Condition_Version_Argument) SUIT_Condition //= (suit-condition-component-offset, nil)
SUIT_Condition //= (suit-condition-component-offset, uint)
SUIT_Condition //= (suit-condition-custom, bstr)
SUIT_Condition_Version_Argument = [
suit-condition-version-comparison-type:
SUIT_Condition_Version_Comparison_Types,
suit-condition-version-comparison-value:
SUIT_Condition_Version_Comparison_Value
]
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser
SUIT_Condition_Version_Comparison_Value = [+int]
7.10. SUIT_Directive 7.10. SUIT_Directive
Directives are used to define the behavior of the recipient. Directives are used to define the behavior of the recipient.
Directives include: Directives include:
+----------------+----------------------+ +--------------+--------------------+-------------------------------+
| Directive Code | Directive Name | | Directive | Directive Name | Implementation |
+----------------+----------------------+ | Code | | |
| 12 | Set Component Index | +--------------+--------------------+-------------------------------+
| | | | 12 | Set Component | REQUIRED if more than one |
| 13 | Set Dependency Index | | | Index | component |
| | | | | | |
| 14 | Abort | | 13 | Set Dependency | REQUIRED if dependencies used |
| | | | | Index | |
| 15 | Try Each | | | | |
| | | | 14 | Abort | OPTIONAL |
| 16 | Reserved | | | | |
| | | | 15 | Try Each | OPTIONAL |
| 17 | Reserved | | | | |
| | | | 16 | Reserved | N/A |
| 18 | Process Dependency | | | | |
| | | | 17 | Reserved | N/A |
| 19 | Set Parameters | | | | |
| | | | 18 | Process Dependency | OPTIONAL |
| 20 | Override Parameters | | | | |
| | | | 19 | Set Parameters | OPTIONAL |
| 21 | Fetch | | | | |
| | | | 20 | Override | REQUIRED |
| 22 | Copy | | | Parameters | |
| | | | | | |
| 23 | Run | | 21 | Fetch | REQUIRED for Updater |
| | | | | | |
| 29 | Wait | | 22 | Copy | OPTIONAL |
| | | | | | |
| 30 | Run Sequence | | 23 | Run | REQUIRED for Bootloader |
| | | | | | |
| 31 | Run with Arguments | | 29 | Wait | OPTIONAL |
| | | | | | |
| 32 | Swap | | 30 | Run Sequence | OPTIONAL |
+----------------+----------------------+ | | | |
| 32 | Swap | OPTIONAL |
+--------------+--------------------+-------------------------------+
When a Recipient executes a Directive, it MUST report a success code. When a Recipient executes a Directive, it MUST report a success code.
If the Directive reports failure, then the current Command Sequence If the Directive reports failure, then the current Command Sequence
MUST terminate. MUST terminate.
7.10.1. suit-directive-set-component-index 7.10.1. suit-directive-set-component-index
Set Component Index defines the component to which successive Set Component Index defines the component to which successive
directives and conditions will apply. The supplied argument MUST be directives and conditions will apply. The supplied argument MUST be
either a boolean or an unsigned integer index into the concatenation either a boolean or an unsigned integer index into the concatenation
skipping to change at page 51, line 21 skipping to change at page 54, line 21
SUIT_Directive //= (suit-directive-process-dependency, nil) SUIT_Directive //= (suit-directive-process-dependency, nil)
SUIT_Directive //= (suit-directive-set-parameters, SUIT_Directive //= (suit-directive-set-parameters,
{+ SUIT_Parameters}) {+ SUIT_Parameters})
SUIT_Directive //= (suit-directive-override-parameters, SUIT_Directive //= (suit-directive-override-parameters,
{+ SUIT_Parameters}) {+ SUIT_Parameters})
SUIT_Directive //= (suit-directive-fetch, nil) SUIT_Directive //= (suit-directive-fetch, nil)
SUIT_Directive //= (suit-directive-copy, nil) SUIT_Directive //= (suit-directive-copy, nil)
SUIT_Directive //= (suit-directive-run, nil) SUIT_Directive //= (suit-directive-run, nil)
SUIT_Directive //= (suit-directive-wait, SUIT_Directive //= (suit-directive-wait,
{ + SUIT_Wait_Events }) { + SUIT_Wait_Events })
SUIT_Directive //= (suit-directive-run-with-arguments, bstr)
SUIT_Directive_Try_Each_Argument = [ SUIT_Directive_Try_Each_Argument = [
+ bstr .cbor SUIT_Command_Sequence, + bstr .cbor SUIT_Command_Sequence,
nil / bstr .cbor SUIT_Command_Sequence nil / bstr .cbor SUIT_Command_Sequence
] ]
SUIT_Wait_Events //= (suit-wait-event-authorization => int) SUIT_Wait_Events //= (suit-wait-event-authorization => int)
SUIT_Wait_Events //= (suit-wait-event-power => int) SUIT_Wait_Events //= (suit-wait-event-power => int)
SUIT_Wait_Events //= (suit-wait-event-network => int) SUIT_Wait_Events //= (suit-wait-event-network => int)
SUIT_Wait_Events //= (suit-wait-event-other-device-version SUIT_Wait_Events //= (suit-wait-event-other-device-version
skipping to change at page 56, line 16 skipping to change at page 59, line 16
"fetch" : null "fetch" : null
] ]
} }
11. Full CDDL 11. Full CDDL
In order to create a valid SUIT Manifest document the structure of In order to create a valid SUIT Manifest document the structure of
the corresponding CBOR message MUST adhere to the following CDDL data the corresponding CBOR message MUST adhere to the following CDDL data
definition. definition.
SUIT_Outer_Wrapper = { SUIT_Envelope = {
suit-delegation => bstr .cbor SUIT_Delegation suit-delegation => bstr .cbor SUIT_Delegation
suit-authentication-wrapper suit-authentication-wrapper
=> bstr .cbor SUIT_Authentication_Wrapper / nil, => bstr .cbor SUIT_Authentication_Wrapper / nil,
$$SUIT_Manifest_Wrapped, $$SUIT_Manifest_Wrapped,
suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence, * $$SUIT_Severed_Fields,
suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
suit-install => bstr .cbor SUIT_Command_Sequence,
suit-text => bstr .cbor SUIT_Text_Map,
suit-coswid => bstr .cbor concise-software-identity
} }
SUIT_Authentication_Wrapper = [ + ( SUIT_Delegation = [ + [ + CWT ] ]
COSE_Mac_Tagged /
COSE_Sign_Tagged /
COSE_Mac0_Tagged /
COSE_Sign1_Tagged)
]
SUIT_Encryption_Wrapper = COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged CWT = SUIT_Authentication_Block
SUIT_Authentication_Wrapper = [ + bstr .cbor SUIT_Authentication_Block ]
SUIT_Authentication_Block /= COSE_Mac_Tagged
SUIT_Authentication_Block /= COSE_Sign_Tagged
SUIT_Authentication_Block /= COSE_Mac0_Tagged
SUIT_Authentication_Block /= COSE_Sign1_Tagged
$$SUIT_Manifest_Wrapped //= (suit-manifest => bstr .cbor SUIT_Manifest) $$SUIT_Manifest_Wrapped //= (suit-manifest => bstr .cbor SUIT_Manifest)
$$SUIT_Manifest_Wrapped //= ( $$SUIT_Manifest_Wrapped //= (
suit-manifest-encryption-info => bstr .cbor SUIT_Encryption_Wrapper, suit-manifest-encryption-info => bstr .cbor SUIT_Encryption_Wrapper,
suit-manifest-encrypted => bstr suit-manifest-encrypted => bstr
) )
SUIT_Encryption_Wrapper = COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged
$$SUIT_Severed_Fields //= ( suit-dependency-resolution =>
bstr .cbor SUIT_Command_Sequence)
$$SUIT_Severed_Fields //= (suit-payload-fetch =>
bstr .cbor SUIT_Command_Sequence)
$$SUIT_Severed_Fields //= (suit-install =>
bstr .cbor SUIT_Command_Sequence)
$$SUIT_Severed_Fields //= (suit-text =>
bstr .cbor SUIT_Text_Map)
$$SUIT_Severed_Fields //= (suit-coswid =>
bstr .cbor concise-software-identity)
COSE_Mac_Tagged = any COSE_Mac_Tagged = any
COSE_Sign_Tagged = any COSE_Sign_Tagged = any
COSE_Mac0_Tagged = any COSE_Mac0_Tagged = any
COSE_Sign1_Tagged = any COSE_Sign1_Tagged = any
COSE_Encrypt_Tagged = any COSE_Encrypt_Tagged = any
COSE_Encrypt0_Tagged = any COSE_Encrypt0_Tagged = any
SUIT_Digest = [ SUIT_Digest = [
suit-digest-algorithm-id : $suit-digest-algorithm-ids, suit-digest-algorithm-id : suit-digest-algorithm-ids,
suit-digest-bytes : bstr, suit-digest-bytes : bstr,
? suit-digest-parameters : any ? suit-digest-parameters : any
] ]
; Named Information Hash Algorithm Identifiers ; Named Information Hash Algorithm Identifiers
suit-digest-algorithm-ids /= algorithm-id-sha224 suit-digest-algorithm-ids /= algorithm-id-sha224
suit-digest-algorithm-ids /= algorithm-id-sha256 suit-digest-algorithm-ids /= algorithm-id-sha256
suit-digest-algorithm-ids /= algorithm-id-sha384 suit-digest-algorithm-ids /= algorithm-id-sha384
suit-digest-algorithm-ids /= algorithm-id-sha512 suit-digest-algorithm-ids /= algorithm-id-sha512
suit-digest-algorithm-ids /= algorithm-id-sha3-224 suit-digest-algorithm-ids /= algorithm-id-sha3-224
skipping to change at page 57, line 29 skipping to change at page 60, line 40
algorithm-id-sha384 = 3 algorithm-id-sha384 = 3
algorithm-id-sha512 = 4 algorithm-id-sha512 = 4
algorithm-id-sha3-224 = 5 algorithm-id-sha3-224 = 5
algorithm-id-sha3-256 = 6 algorithm-id-sha3-256 = 6
algorithm-id-sha3-384 = 7 algorithm-id-sha3-384 = 7
algorithm-id-sha3-512 = 8 algorithm-id-sha3-512 = 8
SUIT_Manifest = { SUIT_Manifest = {
suit-manifest-version => 1, suit-manifest-version => 1,
suit-manifest-sequence-number => uint, suit-manifest-sequence-number => uint,
? suit-common => bstr .cbor SUIT_Common, suit-common => bstr .cbor SUIT_Common,
? suit-dependency-resolution ? suit-reference-uri => #6.32(tstr),
=> SUIT_Digest / bstr .cbor SUIT_Command_Sequence, * $$SUIT_Severable_Command_Sequences,
? suit-payload-fetch * $$SUIT_Command_Sequences,
=> SUIT_Digest / bstr .cbor SUIT_Command_Sequence, * $$SUIT_Protected_Elements,
? suit-install
=> SUIT_Digest / bstr .cbor SUIT_Command_Sequence,
? suit-validate => bstr .cbor SUIT_Command_Sequence,
? suit-load => bstr .cbor SUIT_Command_Sequence,
? suit-run => bstr .cbor SUIT_Command_Sequence,
? suit-text => SUIT_Digest,
? suit-coswid
=> SUIT_Digest / bstr .cbor concise-software-identity,
} }
$$SUIT_Severable_Command_Sequences //= (suit-dependency-resolution =>
SUIT_Severable_Command_Sequence)
$$SUIT_Severable_Command_Sequences //= (suit-payload-fetch =>
SUIT_Severable_Command_Sequence)
$$SUIT_Severable_Command_Sequences //= (suit-install =>
SUIT_Severable_Command_Sequence)
SUIT_Severable_Command_Sequence =
SUIT_Digest / bstr .cbor SUIT_Command_Sequence
$$SUIT_Command_Sequences //= ( suit-validate =>
bstr .cbor SUIT_Command_Sequence )
$$SUIT_Command_Sequences //= ( suit-load =>
bstr .cbor SUIT_Command_Sequence )
$$SUIT_Command_Sequences //= ( suit-run =>
bstr .cbor SUIT_Command_Sequence )
$$SUIT_Protected_Elements //= ( suit-text => SUIT_Digest )
$$SUIT_Protected_Elements //= ( suit-coswid => SUIT_Digest )
SUIT_Common = { SUIT_Common = {
? suit-dependencies => bstr .cbor SUIT_Dependencies, ? suit-dependencies => bstr .cbor SUIT_Dependencies,
? suit-components => bstr .cbor SUIT_Components, ? suit-components => bstr .cbor SUIT_Components,
? suit-dependency-components ? suit-dependency-components
=> bstr .cbor SUIT_Component_References, => bstr .cbor SUIT_Component_References,
? suit-common-sequence => bstr .cbor SUIT_Command_Sequence, ? suit-common-sequence => bstr .cbor SUIT_Command_Sequence,
} }
SUIT_Dependencies = [ + SUIT_Dependency ] SUIT_Dependencies = [ + SUIT_Dependency ]
SUIT_Components = [ + SUIT_Component_Identifier ] SUIT_Components = [ + SUIT_Component_Identifier ]
SUIT_Component_References = [ + SUIT_Component_Reference ] SUIT_Component_References = [ + SUIT_Component_Reference ]
concise-software-identity = any concise-software-identity = any
SUIT_Dependency = { SUIT_Dependency = {
suit-dependency-digest => SUIT_Digest, suit-dependency-digest => SUIT_Digest,
suit-dependency-prefix => SUIT_Component_Identifier, suit-dependency-prefix => SUIT_Component_Identifier,
} }
skipping to change at page 58, line 26 skipping to change at page 61, line 48
SUIT_Component_Reference = { SUIT_Component_Reference = {
suit-component-identifier => SUIT_Component_Identifier, suit-component-identifier => SUIT_Component_Identifier,
suit-component-dependency-index => uint suit-component-dependency-index => uint
} }
SUIT_Command_Sequence = [ + ( SUIT_Command_Sequence = [ + (
SUIT_Condition // SUIT_Directive // SUIT_Command_Custom SUIT_Condition // SUIT_Directive // SUIT_Command_Custom
) ] ) ]
SUIT_Command_Custom = (nint, bstr) SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil)
SUIT_Condition //= (suit-condition-vendor-identifier, nil) SUIT_Condition //= (suit-condition-vendor-identifier, nil)
SUIT_Condition //= (suit-condition-class-identifier, nil) SUIT_Condition //= (suit-condition-class-identifier, nil)
SUIT_Condition //= (suit-condition-device-identifier, nil) SUIT_Condition //= (suit-condition-device-identifier, nil)
SUIT_Condition //= (suit-condition-image-match, nil) SUIT_Condition //= (suit-condition-image-match, nil)
SUIT_Condition //= (suit-condition-image-not-match, nil) SUIT_Condition //= (suit-condition-image-not-match, nil)
SUIT_Condition //= (suit-condition-use-before, uint) SUIT_Condition //= (suit-condition-use-before, nil)
SUIT_Condition //= (suit-condition-minimum-battery, uint) SUIT_Condition //= (suit-condition-minimum-battery, nil)
SUIT_Condition //= (suit-condition-update-authorized, int) SUIT_Condition //= (suit-condition-update-authorized, nil)
SUIT_Condition //= (suit-condition-version, SUIT_Condition //= (suit-condition-version, nil)
SUIT_Condition_Version_Argument) SUIT_Condition //= (suit-condition-component-offset, nil)
SUIT_Condition //= (suit-condition-component-offset, uint)
SUIT_Condition //= (suit-condition-custom, bstr)
RFC4122_UUID = bstr .size 16
SUIT_Condition_Version_Argument = [
suit-condition-version-comparison-type:
SUIT_Condition_Version_Comparison_Types,
suit-condition-version-comparison-value:
SUIT_Condition_Version_Comparison_Value
]
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser
suit-condition-version-comparison-greater = 1
suit-condition-version-comparison-greater-equal = 2
suit-condition-version-comparison-equal = 3
suit-condition-version-comparison-lesser-equal = 4
suit-condition-version-comparison-lesser = 5
SUIT_Condition_Version_Comparison_Value = [+int]
SUIT_Directive //= (suit-directive-set-component-index, uint/bool) SUIT_Directive //= (suit-directive-set-component-index, uint/bool)
SUIT_Directive //= (suit-directive-set-dependency-index, uint/bool) SUIT_Directive //= (suit-directive-set-dependency-index, uint/bool)
SUIT_Directive //= (suit-directive-run-sequence, SUIT_Directive //= (suit-directive-run-sequence,
bstr .cbor SUIT_Command_Sequence) bstr .cbor SUIT_Command_Sequence)
SUIT_Directive //= (suit-directive-try-each, SUIT_Directive //= (suit-directive-try-each,
SUIT_Directive_Try_Each_Argument) SUIT_Directive_Try_Each_Argument)
SUIT_Directive //= (suit-directive-process-dependency, nil) SUIT_Directive //= (suit-directive-process-dependency, nil)
SUIT_Directive //= (suit-directive-set-parameters, SUIT_Directive //= (suit-directive-set-parameters,
{+ SUIT_Parameters}) {+ SUIT_Parameters})
SUIT_Directive //= (suit-directive-override-parameters, SUIT_Directive //= (suit-directive-override-parameters,
{+ SUIT_Parameters}) {+ SUIT_Parameters})
SUIT_Directive //= (suit-directive-fetch, nil) SUIT_Directive //= (suit-directive-fetch, nil)
SUIT_Directive //= (suit-directive-copy, nil) SUIT_Directive //= (suit-directive-copy, nil)
SUIT_Directive //= (suit-directive-swap, nil) SUIT_Directive //= (suit-directive-swap, nil)
SUIT_Directive //= (suit-directive-run, nil) SUIT_Directive //= (suit-directive-run, nil)
SUIT_Directive //= (suit-directive-wait, SUIT_Directive //= (suit-directive-wait, nil)
{ + SUIT_Wait_Events }) SUIT_Directive //= (suit-directive-abort, nil)
SUIT_Directive //= (suit-directive-run-with-arguments, bstr)
SUIT_Directive_Try_Each_Argument = [ SUIT_Directive_Try_Each_Argument = [
+ bstr .cbor SUIT_Command_Sequence, + bstr .cbor SUIT_Command_Sequence,
nil / bstr .cbor SUIT_Command_Sequence nil / bstr .cbor SUIT_Command_Sequence
] ]
SUIT_Wait_Event = { + SUIT_Wait_Events }
SUIT_Wait_Events //= (suit-wait-event-authorization => int) SUIT_Wait_Events //= (suit-wait-event-authorization => int)
SUIT_Wait_Events //= (suit-wait-event-power => int) SUIT_Wait_Events //= (suit-wait-event-power => int)
SUIT_Wait_Events //= (suit-wait-event-network => int) SUIT_Wait_Events //= (suit-wait-event-network => int)
SUIT_Wait_Events //= (suit-wait-event-other-device-version SUIT_Wait_Events //= (suit-wait-event-other-device-version
=> SUIT_Wait_Event_Argument_Other_Device_Version) => SUIT_Wait_Event_Argument_Other_Device_Version)
SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp SUIT_Wait_Events //= (suit-wait-event-time => uint); Timestamp
SUIT_Wait_Events //= (suit-wait-event-time-of-day SUIT_Wait_Events //= (suit-wait-event-time-of-day
=> uint); Time of Day (seconds since 00:00:00) => uint); Time of Day (seconds since 00:00:00)
SUIT_Wait_Events //= (suit-wait-event-day-of-week SUIT_Wait_Events //= (suit-wait-event-day-of-week
=> uint); Days since Sunday => uint); Days since Sunday
SUIT_Wait_Event_Argument_Authorization = int ; priority
SUIT_Wait_Event_Argument_Power = int ; Power Level
SUIT_Wait_Event_Argument_Network = int ; Network State
SUIT_Wait_Event_Argument_Other_Device_Version = [ SUIT_Wait_Event_Argument_Other_Device_Version = [
other-device: bstr, other-device: bstr,
other-device-version: [+int] other-device-version: [+int]
] ]
SUIT_Wait_Event_Argument_Time = uint ; Timestamp SUIT_Parameters //= (suit-parameter-vendor-identifier => RFC4122_UUID)
SUIT_Wait_Event_Argument_Time_Of_Day = uint ; Time of Day SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
; (seconds since 00:00:00) SUIT_Parameters //= (suit-parameter-image-digest
SUIT_Wait_Event_Argument_Day_Of_Week = uint ; Days since Sunday => bstr .cbor SUIT_Digest)
SUIT_Parameters //= (suit-parameter-image-size => uint)
SUIT_Parameters //= (suit-parameter-use-before => uint)
SUIT_Parameters //= (suit-parameter-component-offset => uint)
SUIT_Parameters //= (suit-parameter-strict-order => bool)
SUIT_Parameters //= (suit-parameter-soft-failure => bool)
SUIT_Parameters //= (suit-parameter-vendor-id => bstr)
SUIT_Parameters //= (suit-parameter-class-id => bstr)
SUIT_Parameters //= (suit-parameter-device-id => bstr)
SUIT_Parameters //= (suit-parameter-uri => tstr)
SUIT_Parameters //= (suit-parameter-encryption-info SUIT_Parameters //= (suit-parameter-encryption-info
=> bstr .cbor SUIT_Encryption_Info) => bstr .cbor SUIT_Encryption_Info)
SUIT_Parameters //= (suit-parameter-compression-info SUIT_Parameters //= (suit-parameter-compression-info
=> bstr .cbor SUIT_Compression_Info) => bstr .cbor SUIT_Compression_Info)
SUIT_Parameters //= (suit-parameter-unpack-info SUIT_Parameters //= (suit-parameter-unpack-info
=> bstr .cbor SUIT_Unpack_Info) => bstr .cbor SUIT_Unpack_Info)
SUIT_Parameters //= (suit-parameter-uri => tstr)
SUIT_Parameters //= (suit-parameter-source-component => uint) SUIT_Parameters //= (suit-parameter-source-component => uint)
SUIT_Parameters //= (suit-parameter-image-digest SUIT_Parameters //= (suit-parameter-run-args => bstr)
=> bstr .cbor SUIT_Digest)
SUIT_Parameters //= (suit-parameter-image-size => uint) SUIT_Parameters //= (suit-parameter-device-identifier => RFC4122_UUID)
SUIT_Parameters //= (suit-parameter-uri-list SUIT_Parameters //= (suit-parameter-minimum-battery => uint)
=> bstr .cbor SUIT_Component_URI_List) SUIT_Parameters //= (suit-parameter-update-priority => uint)
SUIT_Parameters //= (suit-parameter-version =>
SUIT_Parameter_Version_Match)
SUIT_Parameters //= (suit-parameter-wait-info =>
bstr .cbor SUIT_Wait_Event)
SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr) SUIT_Parameters //= (suit-parameter-custom => int/bool/tstr/bstr)
SUIT_Component_URI_List = [ + [priority: int, uri: tstr] ] SUIT_Parameters //= (suit-parameter-strict-order => bool)
SUIT_Parameters //= (suit-parameter-soft-failure => bool)
RFC4122_UUID = bstr .size 16
SUIT_Parameter_Version_Match = [
suit-condition-version-comparison-type:
SUIT_Condition_Version_Comparison_Types,
suit-condition-version-comparison-value:
SUIT_Condition_Version_Comparison_Value
]
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-greater-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser-equal
SUIT_Condition_Version_Comparison_Types /=
suit-condition-version-comparison-lesser
suit-condition-version-comparison-greater = 1
suit-condition-version-comparison-greater-equal = 2
suit-condition-version-comparison-equal = 3
suit-condition-version-comparison-lesser-equal = 4
suit-condition-version-comparison-lesser = 5
SUIT_Condition_Version_Comparison_Value = [+int]
SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged SUIT_Encryption_Info = COSE_Encrypt_Tagged/COSE_Encrypt0_Tagged
SUIT_Compression_Info = { SUIT_Compression_Info = {
suit-compression-algorithm => SUIT_Compression_Algorithms, suit-compression-algorithm => SUIT_Compression_Algorithms,
? suit-compression-parameters => bstr ? suit-compression-parameters => bstr
} }
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_gzip SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_gzip
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_bzip2 SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_bzip2
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_deflate
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lz4 SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lz4
SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lzma SUIT_Compression_Algorithms /= SUIT_Compression_Algorithm_lzma
SUIT_Compression_Algorithm_gzip = 1 SUIT_Compression_Algorithm_gzip = 1
SUIT_Compression_Algorithm_bzip2 = 2 SUIT_Compression_Algorithm_bzip2 = 2
SUIT_Compression_Algorithm_deflate = 3 SUIT_Compression_Algorithm_deflate = 3
SUIT_Compression_Algorithm_lz4 = 4 SUIT_Compression_Algorithm_lz4 = 4
SUIT_Compression_Algorithm_lzma = 7 SUIT_Compression_Algorithm_lzma = 7
SUIT_Unpack_Info = { SUIT_Unpack_Info = {
skipping to change at page 61, line 25 skipping to change at page 64, line 47
} }
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Delta SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Delta
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
SUIT_Unpack_Algorithm_Delta = 1 SUIT_Unpack_Algorithm_Delta = 1
SUIT_Unpack_Algorithm_Hex = 2 SUIT_Unpack_Algorithm_Hex = 2
SUIT_Unpack_Algorithm_Elf = 3 SUIT_Unpack_Algorithm_Elf = 3
SUIT_Text_Map = {int => tstr} SUIT_Text_Map = {SUIT_Text_Keys => tstr}
suit-authentication-wrapper = 1 SUIT_Text_Keys /= suit-text-manifest-description
suit-manifest = 2 SUIT_Text_Keys /= suit-text-update-description
SUIT_Text_Keys /= suit-text-vendor-name
SUIT_Text_Keys /= suit-text-model-name
SUIT_Text_Keys /= suit-text-vendor-domain
SUIT_Text_Keys /= suit-text-model-info
SUIT_Text_Keys /= suit-text-component-description
SUIT_Text_Keys /= suit-text-manifest-json-source
SUIT_Text_Keys /= suit-text-manifest-yaml-source
SUIT_Text_Keys /= suit-text-version-dependencies
suit-manifest-encryption-info = 3 suit-delegation = 1
suit-manifest-encrypted = 4 suit-authentication-wrapper = 2
suit-manifest = 3
suit-manifest-encryption-info = 4
suit-manifest-encrypted = 5
suit-manifest-version = 1 suit-manifest-version = 1
suit-manifest-sequence-number = 2 suit-manifest-sequence-number = 2
suit-common = 3 suit-common = 3
suit-reference-uri = 4
suit-dependency-resolution = 7 suit-dependency-resolution = 7
suit-payload-fetch = 8 suit-payload-fetch = 8
suit-install = 9 suit-install = 9
suit-validate = 10 suit-validate = 10
suit-load = 11 suit-load = 11
suit-run = 12 suit-run = 12
suit-text = 13 suit-text = 13
suit-coswid = 14 suit-coswid = 14
suit-dependencies = 1 suit-dependencies = 1
skipping to change at page 62, line 4 skipping to change at page 65, line 38
suit-text = 13 suit-text = 13
suit-coswid = 14 suit-coswid = 14
suit-dependencies = 1 suit-dependencies = 1
suit-components = 2 suit-components = 2
suit-dependency-components = 3 suit-dependency-components = 3
suit-common-sequence = 4 suit-common-sequence = 4
suit-dependency-digest = 1 suit-dependency-digest = 1
suit-dependency-prefix = 2 suit-dependency-prefix = 2
suit-component-identifier = 1 suit-component-identifier = 1
suit-component-dependency-index = 2 suit-component-dependency-index = 2
suit-command-custom = nint suit-command-custom = nint
suit-condition-vendor-identifier = 1 suit-condition-vendor-identifier = 1
suit-condition-class-identifier = 2 suit-condition-class-identifier = 2
suit-condition-image-match = 3 suit-condition-image-match = 3
suit-condition-use-before = 4 suit-condition-use-before = 4
suit-condition-component-offset = 5 suit-condition-component-offset = 5
suit-condition-custom = 6
suit-condition-device-identifier = 24 suit-condition-device-identifier = 24
suit-condition-image-not-match = 25 suit-condition-image-not-match = 25
suit-condition-minimum-battery = 26 suit-condition-minimum-battery = 26
suit-condition-update-authorized = 27 suit-condition-update-authorized = 27
suit-condition-version = 28 suit-condition-version = 28
suit-directive-set-component-index = 12 suit-directive-set-component-index = 12
suit-directive-set-dependency-index = 13 suit-directive-set-dependency-index = 13
suit-directive-abort = 14 suit-directive-abort = 14
skipping to change at page 62, line 37 skipping to change at page 66, line 23
;suit-directive-map-filter = 17 ; TBD ;suit-directive-map-filter = 17 ; TBD
suit-directive-process-dependency = 18 suit-directive-process-dependency = 18
suit-directive-set-parameters = 19 suit-directive-set-parameters = 19
suit-directive-override-parameters = 20 suit-directive-override-parameters = 20
suit-directive-fetch = 21 suit-directive-fetch = 21
suit-directive-copy = 22 suit-directive-copy = 22
suit-directive-run = 23 suit-directive-run = 23
suit-directive-wait = 29 suit-directive-wait = 29
suit-directive-run-sequence = 30 suit-directive-run-sequence = 30
suit-directive-run-with-arguments = 31
suit-directive-swap = 32 suit-directive-swap = 32
suit-wait-event-argument-authorization = 1 suit-wait-event-authorization = 1
suit-wait-event-power = 2 suit-wait-event-power = 2
suit-wait-event-network = 3 suit-wait-event-network = 3
suit-wait-event-other-device-version = 4 suit-wait-event-other-device-version = 4
suit-wait-event-time = 5 suit-wait-event-time = 5
suit-wait-event-time-of-day = 6 suit-wait-event-time-of-day = 6
suit-wait-event-day-of-week = 7 suit-wait-event-day-of-week = 7
suit-wait-event-authorization = 8
suit-parameter-strict-order = 1 suit-parameter-vendor-identifier = 1
suit-parameter-soft-failure = 2 suit-parameter-class-identifier = 2
suit-parameter-vendor-id = 3 suit-parameter-image-digest = 3
suit-parameter-class-id = 4 suit-parameter-use-before = 4
suit-parameter-device-id = 5 suit-parameter-component-offset = 5
suit-parameter-uri = 6
suit-parameter-encryption-info = 7
suit-parameter-compression-info = 8
suit-parameter-unpack-info = 9
suit-parameter-source-component = 10
suit-parameter-image-digest = 11
suit-parameter-image-size = 12
suit-parameter-uri-list = 24 suit-parameter-strict-order = 12
suit-parameter-uri-list-append = 25 suit-parameter-soft-failure = 13
suit-parameter-prioritized-parameters = 26 suit-parameter-image-size = 14
suit-parameter-encryption-info = 18
suit-parameter-compression-info = 19
suit-parameter-unpack-info = 20
suit-parameter-uri = 21
suit-parameter-source-component = 22
suit-parameter-run-args = 23
suit-parameter-device-identifier = 24
suit-parameter-minimum-battery = 26
suit-parameter-update-priority = 27
suit-parameter-version = 28
suit-parameter-wait-info = 29
suit-parameter-custom = nint suit-parameter-custom = nint
suit-compression-algorithm = 1 suit-compression-algorithm = 1
suit-compression-parameters = 2 suit-compression-parameters = 2
suit-unpack-algorithm = 1 suit-unpack-algorithm = 1
suit-unpack-parameters = 2 suit-unpack-parameters = 2
suit-text-manifest-description = 1 suit-text-manifest-description = 1
skipping to change at page 64, line 10 skipping to change at page 67, line 48
P+bitWWchdvArTsfKktsCYExwKNtrNHXi9OB3N+wnAUtszmR23M4tKiW P+bitWWchdvArTsfKktsCYExwKNtrNHXi9OB3N+wnAUtszmR23M4tKiW
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
The corresponding public key can be used to verify these examples: The corresponding public key can be used to verify these examples:
-----BEGIN PUBLIC KEY----- -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhJaBGq4LqqvSYVcYnuzaJr6qi/Eb MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhJaBGq4LqqvSYVcYnuzaJr6qi/Eb
bz/m4rVlnIXbwK07HypLbAmBMcCjbazR14vTgdzfsJwFLbM5kdtzOLSolg== bz/m4rVlnIXbwK07HypLbAmBMcCjbazR14vTgdzfsJwFLbM5kdtzOLSolg==
-----END PUBLIC KEY----- -----END PUBLIC KEY-----
Each example uses SHA256 as the digest function.
12.1. Example 0: Secure Boot 12.1. Example 0: Secure Boot
Secure boot and compatibility check. Secure boot and compatibility check.
{ {
/ authentication-wrapper / 2:h'81d28443a10126a058248202582073054c8 / authentication-wrapper / 2:h'81d28443a10126a058248202582064d8094
cc42e3e76c974ad0bed685d88b0b99df40fbaf72f58cd0b97dcd03285584057bc22b81 da3ef71c5971b7b84e7f4be1f56452c32fdde7bc1c70889112f1d5d9958407d637397e
43137abb3e8dc180a74348b58905d36ac16c199443cd1d09214a68bd4acdbbde78a521 12abdd41bc026a8e8a22f0f902a5b972e7786d570a37ac43c370b64a6946b0311f059c
7768faa00627a0a92da30f36bd2187f77ba14b16b0637c618' / [ a01d40f74d88d6fd7193baa36f5cf20aa57c46a0411a6b704' / [
18([ 18([
/ protected / h'a10126' / { / protected / h'a10126' / {
/ alg / 1:-7 / ES256 /, / alg / 1:-7 / ES256 /,
} /, } /,
/ unprotected / { / unprotected / {
}, },
/ payload / h'8202582073054c8cc42e3e76c974ad0bed685d88 / payload / h'8202582064d8094da3ef71c5971b7b84e7f4be1f
b0b99df40fbaf72f58cd0b97dcd03285' / [ 56452c32fdde7bc1c70889112f1d5d99' / [
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'73054c8cc42e3e76c974ad0bed685d88b0b99df40fbaf72f58cd0b97dcd03285' h'64d8094da3ef71c5971b7b84e7f4be1f56452c32fdde7bc1c70889112f1d5d99'
] /, ] /,
/ signature / h'57bc22b8143137abb3e8dc180a74348b58905d / signature / h'7d637397e12abdd41bc026a8e8a22f0f902a5b
36ac16c199443cd1d09214a68bd4acdbbde78a5217768faa00627a0a92da30f36bd218 972e7786d570a37ac43c370b64a6946b0311f059ca01d40f74d88d6fd7193baa36f5cf
7f77ba14b16b0637c618' 20aa57c46a0411a6b704'
]) ])
] /, ] /,
/ manifest / 3:h'a50101020103585aa2024481814100045850860150fa6b4a5 / manifest / 3:h'a50101020103585ea20244818141000458548614a40150fa6
3d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b820 b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820
2582000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100 2582000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100
c1987d00a438203f60c438217f6' / { e1987d001f602f60a438203f60c438217f6' / {
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:1, / manifest-sequence-number / 2:1,
/ common / 3:h'a2024481814100045850860150fa6b4a53d5ad5fdfbe9de / common / 3:h'a20244818141000458548614a40150fa6b4a53d5ad5fdfb
663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b82025820001122334 e9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450382025820001122334
45566778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / { 45566778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f
6' / {
/ components / 2:h'81814100' / [ / components / 2:h'81814100' / [
[h'00'] [h'00']
] /, ] /,
/ common-sequence / 4:h'860150fa6b4a53d5ad5fdfbe9de663e4d4 / common-sequence / 4:h'8614a40150fa6b4a53d5ad5fdfbe9de663
1ffe02501492af1425695e48bf429b2d51f2ab4514a20b820258200011223344556677 e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820258200011223344556677
8899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / [ 8899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f6' / [
/ condition-vendor-identifier /
1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe / ,
/ condition-class-identifier /
2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ image-digest / 11:[ / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
], ],
/ image-size / 12:34768, / image-size / 14:34768,
} } ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /, ] /,
} /, } /,
/ validate / 10:h'8203f6' / [ / validate / 10:h'8203f6' / [
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ run / 12:h'8217f6' / [ / run / 12:h'8217f6' / [
/ directive-run / 23,None / directive-run / 23,F6 / nil /
] /, ] /,
} /, } /,
} }
Total size of manifest without COSE authentication object: 112 Total size of manifest without COSE authentication object: 116
Manifest: Manifest:
a103586ca50101020103585aa2024481814100045850860150fa6b4a53d5 a1035870a50101020103585ea20244818141000458548614a40150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 45038202582000112233445566778899aabbccddeeff0123456789abcdef
fedcba98765432100c1987d00a438203f60c438217f6 fedcba98765432100e1987d001f602f60a438203f60c438217f6
Total size of manifest with COSE authentication object: 227 Total size of manifest with COSE authentication object: 231
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a058248202582073054c8cc42e3e76c974ad0b a202587081d28443a10126a058248202582064d8094da3ef71c5971b7b84
ed685d88b0b99df40fbaf72f58cd0b97dcd03285584057bc22b8143137ab e7f4be1f56452c32fdde7bc1c70889112f1d5d9958407d637397e12abdd4
b3e8dc180a74348b58905d36ac16c199443cd1d09214a68bd4acdbbde78a 1bc026a8e8a22f0f902a5b972e7786d570a37ac43c370b64a6946b0311f0
5217768faa00627a0a92da30f36bd2187f77ba14b16b0637c61803586ca5 59ca01d40f74d88d6fd7193baa36f5cf20aa57c46a0411a6b704035870a5
0101020103585aa2024481814100045850860150fa6b4a53d5ad5fdfbe9d 0101020103585ea20244818141000458548614a40150fa6b4a53d5ad5fdf
e663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b820258 be9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820258
2000112233445566778899aabbccddeeff0123456789abcdeffedcba9876 2000112233445566778899aabbccddeeff0123456789abcdeffedcba9876
5432100c1987d00a438203f60c438217f6 5432100e1987d001f602f60a438203f60c438217f6
12.2. Example 1: Simultaneous Download and Installation of Payload 12.2. Example 1: Simultaneous Download and Installation of Payload
Simultaneous download and installation of payload. Simultaneous download and installation of payload.
{ {
/ authentication-wrapper / 2:h'81d28443a10126a0582482025820be9d3da / authentication-wrapper / 2:h'81d28443a10126a0582482025820666b83f
5d45b780bcaeb84a909b54913302a358d9d7dc6b94c7fbb1f56dbf5f95840d89fb4194
4231adb3920bdae14a4965699771b50e062c28ffef93400a9b63150902bc65929e8066 f51628190387170489535aa9441656d8a24401de6458595c42cb0165d58405cb310acb
e1a0eb45be50ee96db0435e5c141ae8fb94cbf2b37205ba6b' / [ 34f7ebb42acfffce430dbda94faa412900ce8e76650445e2c37e4cc132d8bb5f30ecf5
f8130270bbf8d159f6d36e1cdf97b64229910fdb447538af1' / [
18([ 18([
/ protected / h'a10126' / { / protected / h'a10126' / {
/ alg / 1:-7 / ES256 /, / alg / 1:-7 / ES256 /,
} /, } /,
/ unprotected / { / unprotected / {
}, },
/ payload / h'82025820be9d3da5d45b780bcaeb84a909b54913 / payload / h'82025820666b83ff51628190387170489535aa94
302a358d9d7dc6b94c7fbb1f56dbf5f9' / [ 41656d8a24401de6458595c42cb0165d' / [
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'be9d3da5d45b780bcaeb84a909b54913302a358d9d7dc6b94c7fbb1f56dbf5f9' h'666b83ff51628190387170489535aa9441656d8a24401de6458595c42cb0165d'
] /, ] /,
/ signature / h'd89fb41944231adb3920bdae14a4965699771b / signature / h'5cb310acb34f7ebb42acfffce430dbda94faa4
50e062c28ffef93400a9b63150902bc65929e8066e1a0eb45be50ee96db0435e5c141a 12900ce8e76650445e2c37e4cc132d8bb5f30ecf5f8130270bbf8d159f6d36e1cdf97b
e8fb94cbf2b37205ba6b' 64229910fdb447538af1'
]) ])
] /, ] /,
/ manifest / 3:h'a40101020203585aa2024481814100045850860150fa6b4a5 / manifest / 3:h'a50101020203585ea20244818141000458548614a40150fa6
3d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b820 b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820
2582000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100 2582000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100
c1987d00958258613a106781b687474703a2f2f6578616d706c652e636f6d2f66696c6 e1987d001f602f60958258613a115781b687474703a2f2f6578616d706c652e636f6d2
52e62696e15f603f6' / { f66696c652e62696e15f603f60a438203f6' / {
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:2, / manifest-sequence-number / 2:2,
/ common / 3:h'a2024481814100045850860150fa6b4a53d5ad5fdfbe9de / common / 3:h'a20244818141000458548614a40150fa6b4a53d5ad5fdfb
663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b82025820001122334 e9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450382025820001122334
45566778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / { 45566778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f
6' / {
/ components / 2:h'81814100' / [ / components / 2:h'81814100' / [
[h'00'] [h'00']
] /, ] /,
/ common-sequence / 4:h'860150fa6b4a53d5ad5fdfbe9de663e4d4 / common-sequence / 4:h'8614a40150fa6b4a53d5ad5fdfbe9de663
1ffe02501492af1425695e48bf429b2d51f2ab4514a20b820258200011223344556677 e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820258200011223344556677
8899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / [ 8899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f6' / [
/ condition-vendor-identifier /
1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe / ,
/ condition-class-identifier /
2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ image-digest / 11:[ / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
], ],
/ image-size / 12:34768, / image-size / 14:34768,
} } ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /, ] /,
} /, } /,
/ install / 9:h'8613a106781b687474703a2f2f6578616d706c652e636f / install / 9:h'8613a115781b687474703a2f2f6578616d706c652e636f
6d2f66696c652e62696e15f603f6' / [ 6d2f66696c652e62696e15f603f6' / [
/ directive-set-parameters / 19,{ / directive-set-parameters / 19,{
/ uri / 6:'http://example.com/file.bin', / uri / 21:'http://example.com/file.bin',
} , } ,
/ directive-fetch / 21,F6 / nil / , / directive-fetch / 21,F6 / nil / ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ validate / 10:h'8203f6' / [
/ condition-image-match / 3,F6 / nil /
] /,
} /, } /,
} }
Total size of manifest without COSE authentication object: 142 Total size of manifest without COSE authentication object: 151
Manifest: Manifest:
a103588aa40101020203585aa2024481814100045850860150fa6b4a53d5 a1035893a50101020203585ea20244818141000458548614a40150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 45038202582000112233445566778899aabbccddeeff0123456789abcdef
fedcba98765432100c1987d00958258613a106781b687474703a2f2f6578 fedcba98765432100e1987d001f602f60958258613a115781b687474703a
616d706c652e636f6d2f66696c652e62696e15f603f6 2f2f6578616d706c652e636f6d2f66696c652e62696e15f603f60a438203
f6
Total size of manifest with COSE authentication object: 257 Total size of manifest with COSE authentication object: 266
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a0582482025820be9d3da5d45b780bcaeb84a9 a202587081d28443a10126a0582482025820666b83ff5162819038717048
09b54913302a358d9d7dc6b94c7fbb1f56dbf5f95840d89fb41944231adb 9535aa9441656d8a24401de6458595c42cb0165d58405cb310acb34f7ebb
3920bdae14a4965699771b50e062c28ffef93400a9b63150902bc65929e8 42acfffce430dbda94faa412900ce8e76650445e2c37e4cc132d8bb5f30e
066e1a0eb45be50ee96db0435e5c141ae8fb94cbf2b37205ba6b03588aa4 cf5f8130270bbf8d159f6d36e1cdf97b64229910fdb447538af1035893a5
0101020203585aa2024481814100045850860150fa6b4a53d5ad5fdfbe9d 0101020203585ea20244818141000458548614a40150fa6b4a53d5ad5fdf
e663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b820258 be9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820258
2000112233445566778899aabbccddeeff0123456789abcdeffedcba9876 2000112233445566778899aabbccddeeff0123456789abcdeffedcba9876
5432100c1987d00958258613a106781b687474703a2f2f6578616d706c65 5432100e1987d001f602f60958258613a115781b687474703a2f2f657861
2e636f6d2f66696c652e62696e15f603f6 6d706c652e636f6d2f66696c652e62696e15f603f60a438203f6
12.3. Example 2: Simultaneous Download, Installation, and Secure Boot 12.3. Example 2: Simultaneous Download, Installation, and Secure Boot
Compatibility test, simultaneous download and installation, and Compatibility test, simultaneous download and installation, and
secure boot. ~~~ { / authentication-wrapper / secure boot.
2:h'81d28443a10126a058248202582070cf2a4 fed640658ada6ff33b59af192ca22
b4142e9ae9d8d9b05f2b5a118cf35840f6c95681e f4298dc1288e11004a4b72be80a
374be13efccf5ec94fa1ad2ca7d5510d5ff43ceac60
e7dd32d3614bd0350768f985eff8ba9933625d206286cf983' / [ 18([ /
protected / h'a10126' / { / alg / 1:-7 / ES256 /, } /, / unprotected
/ { }, / payload / h'8202582070cf2a4fed640658ada6ff33b59af192
ca22b4142e9ae9d8d9b05f2b5a118cf3' / [ / algorithm-id / 2 / sha256 /,
/ digest-bytes /
h'70cf2a4fed640658ada6ff33b59af192ca22b4142e9ae9d8d9b05f2b5a118cf3' ]
/, / signature / h'f6c95681ef4298dc1288e11004a4b72be80a37 4be13efccf5
ec94fa1ad2ca7d5510d5ff43ceac60e7dd32d3614bd0350768f985eff8b
a9933625d206286cf983' ]) ] /, / manifest /
3:h'a60101020303585aa2024481814100045850860150fa6b4a5 3d5ad5fdfbe9de6
63e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b820 2582000112233
445566778899aabbccddeeff0123456789abcdeffedcba98765432100 c1987d00958
258613a106781b687474703a2f2f6578616d706c652e636f6d2f66696c6
52e62696e15f603f60a438203f60c438217f6' / { / manifest-version / 1:1,
/ manifest-sequence-number / 2:3, / common /
3:h'a2024481814100045850860150fa6b4a53d5ad5fdfbe9de 663e4d41ffe025014
92af1425695e48bf429b2d51f2ab4514a20b82025820001122334
45566778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / {
/ components / 2:h'81814100' / [ [h'00'] ] /, / common-sequence /
4:h'860150fa6b4a53d5ad5fdfbe9de663e4d4 1ffe02501492af1425695e48bf429b
2d51f2ab4514a20b820258200011223344556677
8899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / [ /
condition-vendor-identifier / 1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' /
fa6b4a53-d5ad-5fdf- be9d-e663e4d41ffe / , / condition-class-
identifier / 2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / , / directive-override-
parameters / 20,{ / image-digest / 11:[ / algorithm-id / 2 / sha256
/, / digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
], / image-size / 12:34768, } ] /, } /, / install /
9:h'8613a106781b687474703a2f2f6578616d706c652e636f
6d2f66696c652e62696e15f603f6' / [ / directive-set-parameters / 19,{ /
uri / 6:'http://example.com/file.bin', } , / directive-fetch / 21,F6
/ nil / , / condition-image-match / 3,F6 / nil / ] /, / validate /
10:h'8203f6' / [ / condition-image-match / 3,F6 / nil / ] /, / run /
12:h'8217f6' / [ / directive-run / 23,None ] /, } /, } ~~~
Total size of manifest without COSE authentication object: 152 {
/ authentication-wrapper / 2:h'81d28443a10126a058248202582038df852
c98928fae9694fce5b6b51addd631bfde473eceb20c8b929ae6ec2d6c584050bba3dd9
b0ad6da91265cff1ec69c3a9e2e42ffd97e780e37c78ac7889140620439874108ec527
1f3325988f2774f17339fcd61a5c08a3d15fb7fcdeef9294e' / [
18([
/ protected / h'a10126' / {
/ alg / 1:-7 / ES256 /,
} /,
/ unprotected / {
},
/ payload / h'8202582038df852c98928fae9694fce5b6b51add
d631bfde473eceb20c8b929ae6ec2d6c' / [
/ algorithm-id / 2 / sha256 /,
/ digest-bytes /
h'38df852c98928fae9694fce5b6b51addd631bfde473eceb20c8b929ae6ec2d6c'
] /,
/ signature / h'50bba3dd9b0ad6da91265cff1ec69c3a9e2e42
ffd97e780e37c78ac7889140620439874108ec5271f3325988f2774f17339fcd61a5c0
8a3d15fb7fcdeef9294e'
])
] /,
/ manifest / 3:h'a60101020303585ea20244818141000458548614a40150fa6
b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820
2582000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100
e1987d001f602f60958258613a115781b687474703a2f2f6578616d706c652e636f6d2
f66696c652e62696e15f603f60a438203f60c438217f6' / {
/ manifest-version / 1:1,
/ manifest-sequence-number / 2:3,
/ common / 3:h'a20244818141000458548614a40150fa6b4a53d5ad5fdfb
e9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450382025820001122334
45566778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f
6' / {
/ components / 2:h'81814100' / [
[h'00']
] /,
/ common-sequence / 4:h'8614a40150fa6b4a53d5ad5fdfbe9de663
e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820258200011223344556677
8899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f6' / [
/ directive-override-parameters / 20,{
/ vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
],
/ image-size / 14:34768,
} ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /,
} /,
/ install / 9:h'8613a115781b687474703a2f2f6578616d706c652e636f
6d2f66696c652e62696e15f603f6' / [
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file.bin',
} ,
/ directive-fetch / 21,F6 / nil / ,
/ condition-image-match / 3,F6 / nil /
] /,
/ validate / 10:h'8203f6' / [
/ condition-image-match / 3,F6 / nil /
] /,
/ run / 12:h'8217f6' / [
/ directive-run / 23,F6 / nil /
] /,
} /,
}
Total size of manifest without COSE authentication object: 156
Manifest: Manifest:
a1035894a60101020303585aa2024481814100045850860150fa6b4a53d5 a1035898a60101020303585ea20244818141000458548614a40150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 45038202582000112233445566778899aabbccddeeff0123456789abcdef
fedcba98765432100c1987d00958258613a106781b687474703a2f2f6578 fedcba98765432100e1987d001f602f60958258613a115781b687474703a
616d706c652e636f6d2f66696c652e62696e15f603f60a438203f60c4382 2f2f6578616d706c652e636f6d2f66696c652e62696e15f603f60a438203
17f6 f60c438217f6
Total size of manifest with COSE authentication object: 267 Total size of manifest with COSE authentication object: 271
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a058248202582070cf2a4fed640658ada6ff33 a202587081d28443a10126a058248202582038df852c98928fae9694fce5
b59af192ca22b4142e9ae9d8d9b05f2b5a118cf35840f6c95681ef4298dc b6b51addd631bfde473eceb20c8b929ae6ec2d6c584050bba3dd9b0ad6da
1288e11004a4b72be80a374be13efccf5ec94fa1ad2ca7d5510d5ff43cea 91265cff1ec69c3a9e2e42ffd97e780e37c78ac7889140620439874108ec
c60e7dd32d3614bd0350768f985eff8ba9933625d206286cf983035894a6 5271f3325988f2774f17339fcd61a5c08a3d15fb7fcdeef9294e035898a6
0101020303585aa2024481814100045850860150fa6b4a53d5ad5fdfbe9d 0101020303585ea20244818141000458548614a40150fa6b4a53d5ad5fdf
e663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b820258 be9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4503820258
2000112233445566778899aabbccddeeff0123456789abcdeffedcba9876 2000112233445566778899aabbccddeeff0123456789abcdeffedcba9876
5432100c1987d00958258613a106781b687474703a2f2f6578616d706c65 5432100e1987d001f602f60958258613a115781b687474703a2f2f657861
2e636f6d2f66696c652e62696e15f603f60a438203f60c438217f6 6d706c652e636f6d2f66696c652e62696e15f603f60a438203f60c438217
f6
12.4. Example 3: Load from External Storage 12.4. Example 3: Load from External Storage
Compatibility test, simultaneous download and installation, load from Compatibility test, simultaneous download and installation, load from
external storage, and secure boot. external storage, and secure boot.
{ {
/ authentication-wrapper / 2:h'81d28443a10126a0582482025820bb008f5 / authentication-wrapper / 2:h'81d28443a10126a05824820258208ae1d4d
7fd1babff8cc432d18c4c9cfc69d7e8ab76b07cc910c6d03ec598baab58409e98c58fc 1846e82975dd5d7555ef0c3836e7e653a8bb1214466457781c0d2f2aa58401ef2d0ca6
d82668443a0249fa5eab10474a099572dfb31c0d2adf750f57c4987d484badf8524a20 aabf259feb880a1a4deb4e345cda314b2facf9983766da3744af825b3f98c74afdfa85
a9e92c4599698eb696254d4c0f77947c8af353b544600ea11' / [ aed406b10315e0cc6c44ee19321681c69f911bc90bf8d22c0' / [
18([ 18([
/ protected / h'a10126' / { / protected / h'a10126' / {
/ alg / 1:-7 / ES256 /, / alg / 1:-7 / ES256 /,
} /, } /,
/ unprotected / { / unprotected / {
}, },
/ payload / h'82025820bb008f57fd1babff8cc432d18c4c9cfc / payload / h'820258208ae1d4d1846e82975dd5d7555ef0c383
69d7e8ab76b07cc910c6d03ec598baab' / [ 6e7e653a8bb1214466457781c0d2f2aa' / [
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'bb008f57fd1babff8cc432d18c4c9cfc69d7e8ab76b07cc910c6d03ec598baab' h'8ae1d4d1846e82975dd5d7555ef0c3836e7e653a8bb1214466457781c0d2f2aa'
] /, ] /,
/ signature / h'9e98c58fcd82668443a0249fa5eab10474a099 / signature / h'1ef2d0ca6aabf259feb880a1a4deb4e345cda3
572dfb31c0d2adf750f57c4987d484badf8524a20a9e92c4599698eb696254d4c0f779 14b2facf9983766da3744af825b3f98c74afdfa85aed406b10315e0cc6c44ee1932168
47c8af353b544600ea11' 1c69f911bc90bf8d22c0'
]) ])
] /, ] /,
/ manifest / 3:h'a70101020403585fa2024782814100814101045852880c000 / manifest / 3:h'a701010204035863a2024782814100814101045856880c001
150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4 4a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f
514a20b8202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9 2ab45038202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9
8765432100c1987d0095827880c0013a106781b687474703a2f2f6578616d706c652e6 8765432100e1987d001f602f6095827880c0013a115781b687474703a2f2f6578616d7
36f6d2f66696c652e62696e15f603f60a45840c0003f60b5834880c0114a30a000b820 06c652e636f6d2f66696c652e62696e15f603f60a45840c0003f60b4b880c0113a1160
2582000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100 016f603f60c45840c0117f6' / {
c1987d016f603f60c45840c0117f6' / {
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:4, / manifest-sequence-number / 2:4,
/ common / 3:h'a2024782814100814101045852880c000150fa6b4a53d5a / common / 3:h'a2024782814100814101045856880c0014a40150fa6b4a5
d5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b8202582 3d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45038202582
000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100c198 000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100e198
7d0' / { 7d001f602f6' / {
/ components / 2:h'82814100814101' / [ / components / 2:h'82814100814101' / [
[h'00'] , [h'00'] ,
[h'01'] [h'01']
] /, ] /,
/ common-sequence / 4:h'880c000150fa6b4a53d5ad5fdfbe9de663 / common-sequence / 4:h'880c0014a40150fa6b4a53d5ad5fdfbe9d
e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b82025820001122334455 e663e4d41ffe02501492af1425695e48bf429b2d51f2ab450382025820001122334455
66778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / [ 66778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f6'
/ [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ condition-vendor-identifier /
1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe / ,
/ condition-class-identifier /
2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ image-digest / 11:[ / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
], ],
/ image-size / 12:34768, / image-size / 14:34768,
} } ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /, ] /,
} /, } /,
/ install / 9:h'880c0013a106781b687474703a2f2f6578616d706c652e / install / 9:h'880c0013a115781b687474703a2f2f6578616d706c652e
636f6d2f66696c652e62696e15f603f6' / [ 636f6d2f66696c652e62696e15f603f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ directive-set-parameters / 19,{ / directive-set-parameters / 19,{
/ uri / 6:'http://example.com/file.bin', / uri / 21:'http://example.com/file.bin',
} , } ,
/ directive-fetch / 21,F6 / nil / , / directive-fetch / 21,F6 / nil / ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ validate / 10:h'840c0003f6' / [ / validate / 10:h'840c0003f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ load / 11:h'880c0114a30a000b8202582000112233445566778899aabb / load / 11:h'880c0113a1160016f603f6' / [
ccddeeff0123456789abcdeffedcba98765432100c1987d016f603f6' / [
/ directive-set-component-index / 12,1 , / directive-set-component-index / 12,1 ,
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ image-digest / 11:[ / source-component / 22:0 / [h'00'] /,
/ algorithm-id / 2 / sha256 /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
],
/ image-size / 12:34768,
/ source-component / 10:0 / [h'00'] /,
} , } ,
/ directive-copy / 22,None , / directive-copy / 22,F6 / nil / ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ run / 12:h'840c0117f6' / [ / run / 12:h'840c0117f6' / [
/ directive-set-component-index / 12,1 , / directive-set-component-index / 12,1 ,
/ directive-run / 23,None / directive-run / 23,F6 / nil /
] /, ] /,
} /, } /,
} }
Total size of manifest without COSE authentication object: 218 Total size of manifest without COSE authentication object: 180
Manifest: Manifest:
a10358d6a70101020403585fa2024782814100814101045852880c000150 a10358b0a701010204035863a2024782814100814101045856880c0014a4
fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d 0150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf42
51f2ab4514a20b8202582000112233445566778899aabbccddeeff012345 9b2d51f2ab45038202582000112233445566778899aabbccddeeff012345
6789abcdeffedcba98765432100c1987d0095827880c0013a106781b6874 6789abcdeffedcba98765432100e1987d001f602f6095827880c0013a115
74703a2f2f6578616d706c652e636f6d2f66696c652e62696e15f603f60a 781b687474703a2f2f6578616d706c652e636f6d2f66696c652e62696e15
45840c0003f60b5834880c0114a30a000b82025820001122334455667788 f603f60a45840c0003f60b4b880c0113a1160016f603f60c45840c0117f6
99aabbccddeeff0123456789abcdeffedcba98765432100c1987d016f603
f60c45840c0117f6
Total size of manifest with COSE authentication object: 333 Total size of manifest with COSE authentication object: 295
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a0582482025820bb008f57fd1babff8cc432d1 a202587081d28443a10126a05824820258208ae1d4d1846e82975dd5d755
8c4c9cfc69d7e8ab76b07cc910c6d03ec598baab58409e98c58fcd826684 5ef0c3836e7e653a8bb1214466457781c0d2f2aa58401ef2d0ca6aabf259
43a0249fa5eab10474a099572dfb31c0d2adf750f57c4987d484badf8524 feb880a1a4deb4e345cda314b2facf9983766da3744af825b3f98c74afdf
a20a9e92c4599698eb696254d4c0f77947c8af353b544600ea110358d6a7 a85aed406b10315e0cc6c44ee19321681c69f911bc90bf8d22c00358b0a7
0101020403585fa2024782814100814101045852880c000150fa6b4a53d5 01010204035863a2024782814100814101045856880c0014a40150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 45038202582000112233445566778899aabbccddeeff0123456789abcdef
fedcba98765432100c1987d0095827880c0013a106781b687474703a2f2f fedcba98765432100e1987d001f602f6095827880c0013a115781b687474
6578616d706c652e636f6d2f66696c652e62696e15f603f60a45840c0003 703a2f2f6578616d706c652e636f6d2f66696c652e62696e15f603f60a45
f60b5834880c0114a30a000b8202582000112233445566778899aabbccdd 840c0003f60b4b880c0113a1160016f603f60c45840c0117f6
eeff0123456789abcdeffedcba98765432100c1987d016f603f60c45840c
0117f6
12.5. Example 4: Load and Decompress from External Storage 12.5. Example 4: Load and Decompress from External Storage
Compatibility test, simultaneous download and installation, load and Compatibility test, simultaneous download and installation, load and
decompress from external storage, and secure boot. decompress from external storage, and secure boot.
{ {
/ authentication-wrapper / 2:h'81d28443a10126a0582482025820b973e24 / authentication-wrapper / 2:h'81d28443a10126a0582482025820310798d
24d03de20c59cb702607a83796dd465674115ae84b3c2c472794dbb8c5840be0ae3d36 3d8276a740505d1f017972e281d6d26c9967a658879ae6d07e6a238a958404d48f0059
0e46dd07f02547ff19e4a1557b7bfce401718ade8200918f191a50dca84148704f76d9 918c261bc1636b467b2b455801c4d211758a42e82a8f8fc245f21857d7c0e78f1b6d6a
7a8c239615114eab0617e9fc9d4faeac1572e7cae61e660c1' / [ 8ab1f0c9e147043066c0af53c1563070d4934faeec21bac55' / [
18([ 18([
/ protected / h'a10126' / { / protected / h'a10126' / {
/ alg / 1:-7 / ES256 /, / alg / 1:-7 / ES256 /,
} /, } /,
/ unprotected / { / unprotected / {
}, },
/ payload / h'82025820b973e2424d03de20c59cb702607a8379 / payload / h'82025820310798d3d8276a740505d1f017972e28
6dd465674115ae84b3c2c472794dbb8c' / [ 1d6d26c9967a658879ae6d07e6a238a9' / [
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'b973e2424d03de20c59cb702607a83796dd465674115ae84b3c2c472794dbb8c' h'310798d3d8276a740505d1f017972e281d6d26c9967a658879ae6d07e6a238a9'
] /, ] /,
/ signature / h'be0ae3d360e46dd07f02547ff19e4a1557b7bf / signature / h'4d48f0059918c261bc1636b467b2b455801c4d
ce401718ade8200918f191a50dca84148704f76d97a8c239615114eab0617e9fc9d4fa 211758a42e82a8f8fc245f21857d7c0e78f1b6d6a8ab1f0c9e147043066c0af53c1563
eac1572e7cae61e660c1' 070d4934faeec21bac55'
]) ])
] /, ] /,
/ manifest / 3:h'a70101020503585fa2024782814100814101045852880c000 / manifest / 3:h'a701010205035863a2024782814100814101045856880c001
150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4 4a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f
514a20b8202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9 2ab45038202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9
8765432100c1987d0095827880c0013a106781b687474703a2f2f6578616d706c652e6 8765432100e1987d001f602f6095827880c0013a115781b687474703a2f2f6578616d7
36f6d2f66696c652e62696e15f603f60a45840c0003f60b5836880c0114a408010a000 06c652e636f6d2f66696c652e62696e15f603f60a45840c0003f60b4d880c0113a2130
b8202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9876543 1160016f603f60c45840c0117f6' / {
2100c1987d016f603f60c45840c0117f6' / {
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:5, / manifest-sequence-number / 2:5,
/ common / 3:h'a2024782814100814101045852880c000150fa6b4a53d5a / common / 3:h'a2024782814100814101045856880c0014a40150fa6b4a5
d5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b8202582 3d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45038202582
000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100c198 000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100e198
7d0' / { 7d001f602f6' / {
/ components / 2:h'82814100814101' / [ / components / 2:h'82814100814101' / [
[h'00'] , [h'00'] ,
[h'01'] [h'01']
] /, ] /,
/ common-sequence / 4:h'880c000150fa6b4a53d5ad5fdfbe9de663 / common-sequence / 4:h'880c0014a40150fa6b4a53d5ad5fdfbe9d
e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b82025820001122334455 e663e4d41ffe02501492af1425695e48bf429b2d51f2ab450382025820001122334455
66778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / [ 66778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f6'
/ [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ condition-vendor-identifier /
1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe / ,
/ condition-class-identifier /
2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ image-digest / 11:[ / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
], ],
/ image-size / 12:34768, / image-size / 14:34768,
} } ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /, ] /,
} /, } /,
/ install / 9:h'880c0013a106781b687474703a2f2f6578616d706c652e / install / 9:h'880c0013a115781b687474703a2f2f6578616d706c652e
636f6d2f66696c652e62696e15f603f6' / [ 636f6d2f66696c652e62696e15f603f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ directive-set-parameters / 19,{ / directive-set-parameters / 19,{
/ uri / 6:'http://example.com/file.bin', / uri / 21:'http://example.com/file.bin',
} , } ,
/ directive-fetch / 21,F6 / nil / , / directive-fetch / 21,F6 / nil / ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ validate / 10:h'840c0003f6' / [ / validate / 10:h'840c0003f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ load / 11:h'880c0114a408010a000b8202582000112233445566778899 / load / 11:h'880c0113a21301160016f603f6' / [
aabbccddeeff0123456789abcdeffedcba98765432100c1987d016f603f6' / [
/ directive-set-component-index / 12,1 , / directive-set-component-index / 12,1 ,
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ image-digest / 11:[ / source-component / 22:0 / [h'00'] /,
/ algorithm-id / 2 / sha256 /, / compression-info / 19:1 / gzip /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
],
/ image-size / 12:34768,
/ source-component / 10:0 / [h'00'] /,
/ compression-info / 8:1 / gzip /,
} , } ,
/ directive-copy / 22,None , / directive-copy / 22,F6 / nil / ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ run / 12:h'840c0117f6' / [ / run / 12:h'840c0117f6' / [
/ directive-set-component-index / 12,1 , / directive-set-component-index / 12,1 ,
/ directive-run / 23,None / directive-run / 23,F6 / nil /
] /, ] /,
} /, } /,
} }
Total size of manifest without COSE authentication object: 220 Total size of manifest without COSE authentication object: 182
Manifest: Manifest:
a10358d8a70101020503585fa2024782814100814101045852880c000150 a10358b2a701010205035863a2024782814100814101045856880c0014a4
fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d 0150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf42
51f2ab4514a20b8202582000112233445566778899aabbccddeeff012345 9b2d51f2ab45038202582000112233445566778899aabbccddeeff012345
6789abcdeffedcba98765432100c1987d0095827880c0013a106781b6874 6789abcdeffedcba98765432100e1987d001f602f6095827880c0013a115
74703a2f2f6578616d706c652e636f6d2f66696c652e62696e15f603f60a 781b687474703a2f2f6578616d706c652e636f6d2f66696c652e62696e15
45840c0003f60b5836880c0114a408010a000b8202582000112233445566 f603f60a45840c0003f60b4d880c0113a21301160016f603f60c45840c01
778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d016 17f6
f603f60c45840c0117f6
Total size of manifest with COSE authentication object: 335 Total size of manifest with COSE authentication object: 297
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a0582482025820b973e2424d03de20c59cb702 a202587081d28443a10126a0582482025820310798d3d8276a740505d1f0
607a83796dd465674115ae84b3c2c472794dbb8c5840be0ae3d360e46dd0 17972e281d6d26c9967a658879ae6d07e6a238a958404d48f0059918c261
7f02547ff19e4a1557b7bfce401718ade8200918f191a50dca84148704f7 bc1636b467b2b455801c4d211758a42e82a8f8fc245f21857d7c0e78f1b6
6d97a8c239615114eab0617e9fc9d4faeac1572e7cae61e660c10358d8a7 d6a8ab1f0c9e147043066c0af53c1563070d4934faeec21bac550358b2a7
0101020503585fa2024782814100814101045852880c000150fa6b4a53d5 01010205035863a2024782814100814101045856880c0014a40150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 45038202582000112233445566778899aabbccddeeff0123456789abcdef
fedcba98765432100c1987d0095827880c0013a106781b687474703a2f2f fedcba98765432100e1987d001f602f6095827880c0013a115781b687474
6578616d706c652e636f6d2f66696c652e62696e15f603f60a45840c0003 703a2f2f6578616d706c652e636f6d2f66696c652e62696e15f603f60a45
f60b5836880c0114a408010a000b8202582000112233445566778899aabb 840c0003f60b4d880c0113a21301160016f603f60c45840c0117f6
ccddeeff0123456789abcdeffedcba98765432100c1987d016f603f60c45
840c0117f6
12.6. Example 5: Compatibility Test, Download, Installation, and Secure 12.6. Example 5: Compatibility Test, Download, Installation, and Secure
Boot Boot
Compatibility test, download, installation, and secure boot. Compatibility test, download, installation, and secure boot.
{ {
/ authentication-wrapper / 2:h'81d28443a10126a05824820258207f35fdc / authentication-wrapper / 2:h'81d28443a10126a05824820258209a45659
e6a55bed88d04497d38b7c2b4ffd1ddb74a83d9acd252d2077637de7058407bec97551 58c6e09c92fc69feeb09081c875f113082245ba2025801fa46dc2280e58404604e6413
827d684ac07b77c3f663f4f9436aff0b79fdfd89061bfe9bddb73919c88d32dc52fd9e 30d610fd0a0545b9b816f09c0767edf66fc57f40393cd4423e0807b36226e843e0f57b
b1d1ea34172eef5c222e7d897778c6b0254e20c7e87942ae1' / [ f860a3cf542655048648dea81e62e39f19e7ac96652d3de90' / [
18([ 18([
/ protected / h'a10126' / { / protected / h'a10126' / {
/ alg / 1:-7 / ES256 /, / alg / 1:-7 / ES256 /,
} /, } /,
/ unprotected / { / unprotected / {
}, },
/ payload / h'820258207f35fdce6a55bed88d04497d38b7c2b4 / payload / h'820258209a4565958c6e09c92fc69feeb09081c8
ffd1ddb74a83d9acd252d2077637de70' / [ 75f113082245ba2025801fa46dc2280e' / [
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'7f35fdce6a55bed88d04497d38b7c2b4ffd1ddb74a83d9acd252d2077637de70' h'9a4565958c6e09c92fc69feeb09081c875f113082245ba2025801fa46dc2280e'
] /, ] /,
/ signature / h'7bec97551827d684ac07b77c3f663f4f9436af / signature / h'4604e641330d610fd0a0545b9b816f09c0767e
f0b79fdfd89061bfe9bddb73919c88d32dc52fd9eb1d1ea34172eef5c222e7d897778c df66fc57f40393cd4423e0807b36226e843e0f57bf860a3cf542655048648dea81e62e
6b0254e20c7e87942ae1' 39f19e7ac96652d3de90'
]) ])
] /, ] /,
/ manifest / 3:h'a70101020503585fa2024782814100814101045852880c000 / manifest / 3:h'a701010205035863a2024782814101814100045856880c011
150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4 4a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f
514a20b8202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9 2ab45038202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9
8765432100c1987d008584c880c0113a206781b687474703a2f2f6578616d706c652e6 8765432100e1987d001f602f6085823840c0013a115781b687474703a2f2f6578616d7
36f6d2f66696c652e62696e0b8202582000112233445566778899aabbccddeeff01234 06c652e636f6d2f66696c652e62696e094b880c0113a1160016f603f60a45840c0103f
56789abcdeffedcba987654321015f603f6094d8a0c0013a10a0116f60c0103f60a458 60c45840c0117f6' / {
40c0003f60c45840c0017f6' / {
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:5, / manifest-sequence-number / 2:5,
/ common / 3:h'a2024782814100814101045852880c000150fa6b4a53d5a / common / 3:h'a2024782814101814100045856880c0114a40150fa6b4a5
d5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b8202582 3d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45038202582
000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100c198 000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100e198
7d0' / { 7d001f602f6' / {
/ components / 2:h'82814100814101' / [ / components / 2:h'82814101814100' / [
[h'00'] , [h'01'] ,
[h'01'] [h'00']
] /, ] /,
/ common-sequence / 4:h'880c000150fa6b4a53d5ad5fdfbe9de663 / common-sequence / 4:h'880c0114a40150fa6b4a53d5ad5fdfbe9d
e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b82025820001122334455 e663e4d41ffe02501492af1425695e48bf429b2d51f2ab450382025820001122334455
66778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d0' / [ 66778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d001f602f6'
/ directive-set-component-index / 12,0 , / [
/ condition-vendor-identifier / / directive-set-component-index / 12,1 ,
1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe / ,
/ condition-class-identifier /
2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ image-digest / 11:[ / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
], ],
/ image-size / 12:34768, / image-size / 14:34768,
} } ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /, ] /,
} /, } /,
/ payload-fetch / 8:h'880c0113a206781b687474703a2f2f6578616d70 / payload-fetch / 8:h'840c0013a115781b687474703a2f2f6578616d70
6c652e636f6d2f66696c652e62696e0b8202582000112233445566778899aabbccddee 6c652e636f6d2f66696c652e62696e' / [
ff0123456789abcdeffedcba987654321015f603f6' / [ / directive-set-component-index / 12,0 ,
/ directive-set-component-index / 12,1 ,
/ directive-set-parameters / 19,{ / directive-set-parameters / 19,{
/ image-digest / 11:[ / uri / 21:'http://example.com/file.bin',
/ algorithm-id / 2 / sha256 /, }
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
],
/ uri / 6:'http://example.com/file.bin',
} ,
/ directive-fetch / 21,F6 / nil / ,
/ condition-image-match / 3,F6 / nil /
] /, ] /,
/ install / 9:h'8a0c0013a10a0116f60c0103f6' / [ / install / 9:h'880c0113a1160016f603f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,1 ,
/ directive-set-parameters / 19,{ / directive-set-parameters / 19,{
/ source-component / 10:1 / [h'01'] /, / source-component / 22:0 / [h'01'] /,
} , } ,
/ directive-copy / 22,None , / directive-copy / 22,F6 / nil / ,
/ directive-set-component-index / 12,1 ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ validate / 10:h'840c0003f6' / [ / validate / 10:h'840c0103f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,1 ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ run / 12:h'840c0017f6' / [ / run / 12:h'840c0117f6' / [
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,1 ,
/ directive-run / 23,None / directive-run / 23,F6 / nil /
] /, ] /,
} /, } /,
} }
Total size of manifest without COSE authentication object: 215 Total size of manifest without COSE authentication object: 176
Manifest: Manifest:
a10358d3a70101020503585fa2024782814100814101045852880c000150 a10358aca701010205035863a2024782814101814100045856880c0114a4
fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d 0150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf42
51f2ab4514a20b8202582000112233445566778899aabbccddeeff012345 9b2d51f2ab45038202582000112233445566778899aabbccddeeff012345
6789abcdeffedcba98765432100c1987d008584c880c0113a206781b6874 6789abcdeffedcba98765432100e1987d001f602f6085823840c0013a115
74703a2f2f6578616d706c652e636f6d2f66696c652e62696e0b82025820 781b687474703a2f2f6578616d706c652e636f6d2f66696c652e62696e09
00112233445566778899aabbccddeeff0123456789abcdeffedcba987654 4b880c0113a1160016f603f60a45840c0103f60c45840c0117f6
321015f603f6094d8a0c0013a10a0116f60c0103f60a45840c0003f60c45
840c0017f6
Total size of manifest with COSE authentication object: 330 Total size of manifest with COSE authentication object: 291
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a05824820258207f35fdce6a55bed88d04497d a202587081d28443a10126a05824820258209a4565958c6e09c92fc69fee
38b7c2b4ffd1ddb74a83d9acd252d2077637de7058407bec97551827d684 b09081c875f113082245ba2025801fa46dc2280e58404604e641330d610f
ac07b77c3f663f4f9436aff0b79fdfd89061bfe9bddb73919c88d32dc52f d0a0545b9b816f09c0767edf66fc57f40393cd4423e0807b36226e843e0f
d9eb1d1ea34172eef5c222e7d897778c6b0254e20c7e87942ae10358d3a7 57bf860a3cf542655048648dea81e62e39f19e7ac96652d3de900358aca7
0101020503585fa2024782814100814101045852880c000150fa6b4a53d5 01010205035863a2024782814101814100045856880c0114a40150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 45038202582000112233445566778899aabbccddeeff0123456789abcdef
fedcba98765432100c1987d008584c880c0113a206781b687474703a2f2f fedcba98765432100e1987d001f602f6085823840c0013a115781b687474
6578616d706c652e636f6d2f66696c652e62696e0b820258200011223344 703a2f2f6578616d706c652e636f6d2f66696c652e62696e094b880c0113
5566778899aabbccddeeff0123456789abcdeffedcba987654321015f603 a1160016f603f60a45840c0103f60c45840c0117f6
f6094d8a0c0013a10a0116f60c0103f60a45840c0003f60c45840c0017f6
12.7. Example 6: Two Images 12.7. Example 6: Two Images
Compatibility test, 2 images, simultaneous download and installation, Compatibility test, 2 images, simultaneous download and installation,
and secure boot. and secure boot.
{ {
/ authentication-wrapper / 2:h'81d28443a10126a058248202582007954f5 / authentication-wrapper / 2:h'81d28443a10126a05824820258201d15a17
19cdd8101156768fbe12f23eb5ca73481e91ca4801bf94dc82f52b0ea5840a76e7f712 13d3a4510ca392454adff987abb5425348e449618122ffa817012cc315840197a4a3a4
b8d3ed6bcf79eaef8f15ee76f8da15aa16b220431f528d5cc237f95688748a156c8ee8 188fe1dd8baa468ae9a35ac8e5ef462017530116eadd90892c96c6ab00825fcb45edb7
47c517b0c660328a7877be52b1902f50e7acecc4bbd6c439f' / [ 57547733c14d3b637ea8a085ce7bfc782a0b2cd80d31b1294' / [
18([ 18([
/ protected / h'a10126' / { / protected / h'a10126' / {
/ alg / 1:-7 / ES256 /, / alg / 1:-7 / ES256 /,
} /, } /,
/ unprotected / { / unprotected / {
}, },
/ payload / h'8202582007954f519cdd8101156768fbe12f23eb / payload / h'820258201d15a1713d3a4510ca392454adff987a
5ca73481e91ca4801bf94dc82f52b0ea' / [ bb5425348e449618122ffa817012cc31' / [
/ algorithm-id / 2 / sha256 /, / algorithm-id / 2 / sha256 /,
/ digest-bytes / / digest-bytes /
h'07954f519cdd8101156768fbe12f23eb5ca73481e91ca4801bf94dc82f52b0ea' h'1d15a1713d3a4510ca392454adff987abb5425348e449618122ffa817012cc31'
] /, ] /,
/ signature / h'a76e7f712b8d3ed6bcf79eaef8f15ee76f8da1 / signature / h'197a4a3a4188fe1dd8baa468ae9a35ac8e5ef4
5aa16b220431f528d5cc237f95688748a156c8ee847c517b0c660328a7877be52b1902 62017530116eadd90892c96c6ab00825fcb45edb757547733c14d3b637ea8a085ce7bf
f50e7acecc4bbd6c439f' c782a0b2cd80d31b1294'
]) ])
] /, ] /,
/ manifest / 3:h'a60101020303588ea20247828141008141010458818c0c000 / manifest / 3:h'a501010203035899a202448181410004588f8814a20150fa6
150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4 b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450f825
514a20b8202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9 82e8405f614a2038202582000112233445566778899aabbccddeeff0123456789abcde
8765432100c1987d00c0114a20b820258200123456789abcdeffedcba9876543210001 ffedcba98765432100e1987d058308405f614a203820258200123456789abcdeffedcb
12233445566778899aabbccddeeff0c1a00012c2209584f900c0013a106781c6874747 a987654321000112233445566778899aabbccddeeff0e1a00012c2201f602f60958538
03a2f2f6578616d706c652e636f6d2f66696c65312e62696e15f603f60c0113a106781 60f8258248405f613a115781c687474703a2f2f6578616d706c652e636f6d2f66696c6
c687474703a2f2f6578616d706c652e636f6d2f66696c65322e62696e15f603f60a498 5312e62696e58248405f613a115781c687474703a2f2f6578616d706c652e636f6d2f6
80c0003f60c0103f60c45840c0017f6' / { 6696c65322e62696e15f603f60a438203f6' / {
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:3, / manifest-sequence-number / 2:3,
/ common / 3:h'a20247828141008141010458818c0c000150fa6b4a53d5a / common / 3:h'a202448181410004588f8814a20150fa6b4a53d5ad5fdfb
d5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b8202582 e9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450f82582e8405f614a20
000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100c198 38202582000112233445566778899aabbccddeeff0123456789abcdeffedcba9876543
7d00c0114a20b820258200123456789abcdeffedcba987654321000112233445566778 2100e1987d058308405f614a203820258200123456789abcdeffedcba9876543210001
899aabbccddeeff0c1a00012c22' / { 12233445566778899aabbccddeeff0e1a00012c2201f602f6' / {
/ components / 2:h'82814100814101' / [ / components / 2:h'81814100' / [
[h'00'] , [h'00']
[h'01']
] /, ] /,
/ common-sequence / 4:h'8c0c000150fa6b4a53d5ad5fdfbe9de663 / common-sequence / 4:h'8814a20150fa6b4a53d5ad5fdfbe9de663
e4d41ffe02501492af1425695e48bf429b2d51f2ab4514a20b82025820001122334455 e4d41ffe02501492af1425695e48bf429b2d51f2ab450f82582e8405f614a203820258
66778899aabbccddeeff0123456789abcdeffedcba98765432100c1987d00c0114a20b 2000112233445566778899aabbccddeeff0123456789abcdeffedcba98765432100e19
820258200123456789abcdeffedcba987654321000112233445566778899aabbccddee 87d058308405f614a203820258200123456789abcdeffedcba98765432100011223344
ff0c1a00012c22' / [ 5566778899aabbccddeeff0e1a00012c2201f602f6' / [
/ directive-set-component-index / 12,0 ,
/ condition-vendor-identifier /
1,h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe / ,
/ condition-class-identifier /
2,h'1492af1425695e48bf429b2d51f2ab45' /
1492af14-2569-5e48-bf42-9b2d51f2ab45 / ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ image-digest / 11:[ / vendor-id /
/ algorithm-id / 2 / sha256 /, 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
/ digest-bytes / be9d-e663e4d41ffe /,
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' / class-id / 2:h'1492af1425695e48bf429b2d51f2ab45'
], / 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ image-size / 12:34768,
} , } ,
/ directive-set-component-index / 12,1 , / directive-try-each / 15,[
/ directive-override-parameters / 20,{ h'8405f614a2038202582000112233445566778899aabbccdd
/ image-digest / 11:[ eeff0123456789abcdeffedcba98765432100e1987d0' / [
/ algorithm-id / 2 / sha256 /, / condition-component-offset / 5,F6 / nil / ,
/ digest-bytes / / directive-override-parameters / 20,{
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
],
/ image-size / 14:34768,
}
] / ,
h'8405f614a203820258200123456789abcdeffedcba987654
321000112233445566778899aabbccddeeff0e1a00012c22' / [
/ condition-component-offset / 5,F6 / nil / ,
/ directive-override-parameters / 20,{
/ image-digest / 3:[
/ algorithm-id / 2 / sha256 /,
/ digest-bytes /
h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff'
], ],
/ image-size / 12:76834, / image-size / 14:76834,
} }
] /
] ,
/ condition-vendor-identifier / 1,F6 / nil / ,
/ condition-class-identifier / 2,F6 / nil /
] /, ] /,
} /, } /,
/ install / 9:h'900c0013a106781c687474703a2f2f6578616d706c652e / install / 9:h'860f8258248405f613a115781c687474703a2f2f657861
636f6d2f66696c65312e62696e15f603f60c0113a106781c687474703a2f2f6578616d 6d706c652e636f6d2f66696c65312e62696e58248405f613a115781c687474703a2f2f
706c652e636f6d2f66696c65322e62696e15f603f6' / [ 6578616d706c652e636f6d2f66696c65322e62696e15f603f6' / [
/ directive-set-component-index / 12,0 , / directive-try-each / 15,[
/ directive-set-parameters / 19,{ h'8405f613a115781c687474703a2f2f6578616d706c652e636f6d
/ uri / 6:'http://example.com/file1.bin', 2f66696c65312e62696e' / [
} , / condition-component-offset / 5,F6 / nil / ,
/ directive-fetch / 21,F6 / nil / , / directive-set-parameters / 19,{
/ condition-image-match / 3,F6 / nil / , / uri / 21:'http://example.com/file1.bin',
/ directive-set-component-index / 12,1 , }
/ directive-set-parameters / 19,{ ] / ,
/ uri / 6:'http://example.com/file2.bin', h'8405f613a115781c687474703a2f2f6578616d706c652e636f6d
} , 2f66696c65322e62696e' / [
/ condition-component-offset / 5,F6 / nil / ,
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file2.bin',
}
] /
] ,
/ directive-fetch / 21,F6 / nil / , / directive-fetch / 21,F6 / nil / ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ validate / 10:h'880c0003f60c0103f6' / [ / validate / 10:h'8203f6' / [
/ directive-set-component-index / 12,0 ,
/ condition-image-match / 3,F6 / nil / ,
/ directive-set-component-index / 12,1 ,
/ condition-image-match / 3,F6 / nil / / condition-image-match / 3,F6 / nil /
] /, ] /,
/ run / 12:h'840c0017f6' / [
/ directive-set-component-index / 12,0 ,
/ directive-run / 23,None
] /,
} /, } /,
} }
Total size of manifest without COSE authentication object: 254 Total size of manifest without COSE authentication object: 256
Manifest: Manifest:
a10358faa60101020303588ea20247828141008141010458818c0c000150 a10358fca501010203035899a202448181410004588f8814a20150fa6b4a
fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
51f2ab4514a20b8202582000112233445566778899aabbccddeeff012345 450f82582e8405f614a2038202582000112233445566778899aabbccddee
6789abcdeffedcba98765432100c1987d00c0114a20b8202582001234567 ff0123456789abcdeffedcba98765432100e1987d058308405f614a20382
89abcdeffedcba987654321000112233445566778899aabbccddeeff0c1a 0258200123456789abcdeffedcba987654321000112233445566778899aa
00012c2209584f900c0013a106781c687474703a2f2f6578616d706c652e bbccddeeff0e1a00012c2201f602f6095853860f8258248405f613a11578
636f6d2f66696c65312e62696e15f603f60c0113a106781c687474703a2f 1c687474703a2f2f6578616d706c652e636f6d2f66696c65312e62696e58
2f6578616d706c652e636f6d2f66696c65322e62696e15f603f60a49880c 248405f613a115781c687474703a2f2f6578616d706c652e636f6d2f6669
0003f60c0103f60c45840c0017f6 6c65322e62696e15f603f60a438203f6
Total size of manifest with COSE authentication object: 369 Total size of manifest with COSE authentication object: 371
Manifest with COSE authentication object: Manifest with COSE authentication object:
a202587081d28443a10126a058248202582007954f519cdd8101156768fb a202587081d28443a10126a05824820258201d15a1713d3a4510ca392454
e12f23eb5ca73481e91ca4801bf94dc82f52b0ea5840a76e7f712b8d3ed6 adff987abb5425348e449618122ffa817012cc315840197a4a3a4188fe1d
bcf79eaef8f15ee76f8da15aa16b220431f528d5cc237f95688748a156c8 d8baa468ae9a35ac8e5ef462017530116eadd90892c96c6ab00825fcb45e
ee847c517b0c660328a7877be52b1902f50e7acecc4bbd6c439f0358faa6 db757547733c14d3b637ea8a085ce7bfc782a0b2cd80d31b12940358fca5
0101020303588ea20247828141008141010458818c0c000150fa6b4a53d5 01010203035899a202448181410004588f8814a20150fa6b4a53d5ad5fdf
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab4514 be9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450f82582e
a20b8202582000112233445566778899aabbccddeeff0123456789abcdef 8405f614a2038202582000112233445566778899aabbccddeeff01234567
fedcba98765432100c1987d00c0114a20b820258200123456789abcdeffe 89abcdeffedcba98765432100e1987d058308405f614a203820258200123
dcba987654321000112233445566778899aabbccddeeff0c1a00012c2209 456789abcdeffedcba987654321000112233445566778899aabbccddeeff
584f900c0013a106781c687474703a2f2f6578616d706c652e636f6d2f66 0e1a00012c2201f602f6095853860f8258248405f613a115781c68747470
696c65312e62696e15f603f60c0113a106781c687474703a2f2f6578616d 3a2f2f6578616d706c652e636f6d2f66696c65312e62696e58248405f613
706c652e636f6d2f66696c65322e62696e15f603f60a49880c0003f60c01 a115781c687474703a2f2f6578616d706c652e636f6d2f66696c65322e62
03f60c45840c0017f6 696e15f603f60a438203f6
13. IANA Considerations 13. IANA Considerations
Several registries will be required for: IANA is requested to setup a registry group for SUIT elements.
- standard Commands. Within this group, IANA is requested to setup registries for SUIT
keys:
- standard Parameters. - SUIT Envelope Elements
- standard Algorithm identifiers. - SUIT Manifest Elements
- standard text values. - SUIT Common Elements
- SUIT Commands
- SUIT Parameters
- SUIT Text Values
- SUIT Algorithm Identifiers
For each registry, values 0-23 are Standards Action, 24-255 are IETF
Review, 256-65535 are Expert Review, and 65536 or greater are First
Come First Served.
Negative values -23 to 0 are Experimental Use, -24 and lower are
Private Use.
14. Security Considerations 14. Security Considerations
This document is about a manifest format describing and protecting This document is about a manifest format describing and protecting
firmware images and as such it is part of a larger solution for firmware images and as such it is part of a larger solution for
offering a standardized way of delivering firmware updates to IoT offering a standardized way of delivering firmware updates to IoT
devices. A more detailed discussion about security can be found in devices. A more detailed discussion about security can be found in
the architecture document [I-D.ietf-suit-architecture] and in the architecture document [I-D.ietf-suit-architecture] and in
[I-D.ietf-suit-information-model]. [I-D.ietf-suit-information-model].
skipping to change at page 83, line 4 skipping to change at page 87, line 25
[2] https://www1.ietf.org/mailman/listinfo/suit [2] https://www1.ietf.org/mailman/listinfo/suit
[3] https://www.ietf.org/mail-archive/web/suit/current/index.html [3] https://www.ietf.org/mail-archive/web/suit/current/index.html
Authors' Addresses Authors' Addresses
Brendan Moran Brendan Moran
Arm Limited Arm Limited
EMail: Brendan.Moran@arm.com EMail: Brendan.Moran@arm.com
Hannes Tschofenig Hannes Tschofenig
Arm Limited Arm Limited
EMail: hannes.tschofenig@arm.com EMail: hannes.tschofenig@arm.com
Henk Birkholz Henk Birkholz
Fraunhofer SIT Fraunhofer SIT
EMail: henk.birkholz@sit.fraunhofer.de EMail: henk.birkholz@sit.fraunhofer.de
Koen Zandberg
Inria
EMail: koen.zandberg@inria.fr
 End of changes. 261 change blocks. 
1041 lines changed or deleted 1236 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/