| < draft-tschofenig-rats-psa-token-06.txt | draft-tschofenig-rats-psa-token-07.txt > | |||
|---|---|---|---|---|
| RATS H. Tschofenig | RATS H. Tschofenig | |||
| Internet-Draft S. Frost | Internet-Draft S. Frost | |||
| Intended status: Informational M. Brossard | Intended status: Informational M. Brossard | |||
| Expires: 4 June 2021 A. Shaw | Expires: 5 August 2021 A. Shaw | |||
| T. Fossati | T. Fossati | |||
| Arm Limited | Arm Limited | |||
| 1 December 2020 | 1 February 2021 | |||
| Arm's Platform Security Architecture (PSA) Attestation Token | Arm's Platform Security Architecture (PSA) Attestation Token | |||
| draft-tschofenig-rats-psa-token-06 | draft-tschofenig-rats-psa-token-07 | |||
| Abstract | Abstract | |||
| The Platform Security Architecture (PSA) is a family of hardware and | The Platform Security Architecture (PSA) is a family of hardware and | |||
| firmware security specifications, as well as open-source reference | firmware security specifications, as well as open-source reference | |||
| implementations, to help device makers and chip manufacturers build | implementations, to help device makers and chip manufacturers build | |||
| best-practice security into products. Devices that are PSA compliant | best-practice security into products. Devices that are PSA compliant | |||
| are able to produce attestation tokens as described in this memo, | are able to produce attestation tokens as described in this memo, | |||
| which are the basis for a number of different protocols, including | which are the basis for a number of different protocols, including | |||
| secure provisioning and network access control. This document | secure provisioning and network access control. This document | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 4 June 2021. | This Internet-Draft will expire on 5 August 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Simplified BSD License text | extracted from this document must include Simplified BSD License text | |||
| as described in Section 4.e of the Trust Legal Provisions and are | as described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Simplified BSD License. | provided without warranty as described in the Simplified BSD License. | |||
| skipping to change at page 3, line 18 ¶ | skipping to change at page 3, line 18 ¶ | |||
| 8.1.9. No Software Measurements Claim . . . . . . . . . . . 18 | 8.1.9. No Software Measurements Claim . . . . . . . . . . . 18 | |||
| 8.1.10. Verification Service Indicator Claim . . . . . . . . 18 | 8.1.10. Verification Service Indicator Claim . . . . . . . . 18 | |||
| 8.1.11. Profile Definition Claim . . . . . . . . . . . . . . 19 | 8.1.11. Profile Definition Claim . . . . . . . . . . . . . . 19 | |||
| 8.2. Media Type Registration . . . . . . . . . . . . . . . . . 19 | 8.2. Media Type Registration . . . . . . . . . . . . . . . . . 19 | |||
| 8.3. CoAP Content-Formats Registration . . . . . . . . . . . . 20 | 8.3. CoAP Content-Formats Registration . . . . . . . . . . . . 20 | |||
| 8.3.1. Registry Contents . . . . . . . . . . . . . . . . . . 20 | 8.3.1. Registry Contents . . . . . . . . . . . . . . . . . . 20 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 20 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 20 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 22 | 9.2. Informative References . . . . . . . . . . . . . . . . . 22 | |||
| Appendix A. Reference Implementation . . . . . . . . . . . . . . 22 | Appendix A. Reference Implementation . . . . . . . . . . . . . . 22 | |||
| Appendix B. Example . . . . . . . . . . . . . . . . . . . . . . 22 | Appendix B. Example . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 24 | Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 24 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 1. Introduction | 1. Introduction | |||
| Trusted execution environments are now present in many devices, which | Trusted execution environments are now present in many devices, which | |||
| provide a safe environment to place security sensitive code such as | provide a safe environment to place security sensitive code such as | |||
| cryptography, secure boot, secure storage, and other essential | cryptography, secure boot, secure storage, and other essential | |||
| security functions. These security functions are typically exposed | security functions. These security functions are typically exposed | |||
| through a narrow and well-defined interface, and can be used by | through a narrow and well-defined interface, and can be used by | |||
| operating system libraries and applications. Various APIs have been | operating system libraries and applications. Various APIs have been | |||
| developed by Arm as part of the Platform Security Architecture [PSA] | developed by Arm as part of the Platform Security Architecture [PSA] | |||
| skipping to change at page 21, line 9 ¶ | skipping to change at page 21, line 9 ¶ | |||
| * Reference: [[this RFC]] | * Reference: [[this RFC]] | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [EAN-13] GS1, "International Article Number - EAN/UPC barcodes", | [EAN-13] GS1, "International Article Number - EAN/UPC barcodes", | |||
| 2019, <https://www.gs1.org/standards/barcodes/ean-upc>. | 2019, <https://www.gs1.org/standards/barcodes/ean-upc>. | |||
| [PSA-FF] Arm, "Platform Security Architecture Firmware Framework | [PSA-FF] Arm, "Platform Security Architecture Firmware Framework | |||
| 1.0 (PSA-FF)", February 2019, | 1.0 (PSA-FF)", February 2019, <https://developer.arm.com/- | |||
| <https://pages.arm.com/psa-resources-ff.html>. | /media/Files/pdf/PlatformSecurityArchitecture/Architect/ | |||
| DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf>. | ||||
| [PSA-SM] Arm, "Platform Security Architecture Security Model 1.0 | [PSA-SM] Arm, "Platform Security Architecture Security Model 1.0 | |||
| (PSA-SM)", February 2019, | (PSA-SM)", February 2019, <https://developer.arm.com/- | |||
| <https://pages.arm.com/psa-resources-sm.html>. | /media/Files/pdf/PlatformSecurityArchitecture/Architect/ | |||
| DEN0079_PSA_SM_ALPHA-03_RC01.pdf>. | ||||
| [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
| Extensions (MIME) Part Two: Media Types", RFC 2046, | Extensions (MIME) Part Two: Media Types", RFC 2046, | |||
| DOI 10.17487/RFC2046, November 1996, | DOI 10.17487/RFC2046, November 1996, | |||
| <https://www.rfc-editor.org/info/rfc2046>. | <https://www.rfc-editor.org/info/rfc2046>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 22, line 11 ¶ | skipping to change at page 22, line 17 ¶ | |||
| Express Concise Binary Object Representation (CBOR) and | Express Concise Binary Object Representation (CBOR) and | |||
| JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | |||
| June 2019, <https://www.rfc-editor.org/info/rfc8610>. | June 2019, <https://www.rfc-editor.org/info/rfc8610>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [I-D.ietf-rats-architecture] | [I-D.ietf-rats-architecture] | |||
| Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | |||
| W. Pan, "Remote Attestation Procedures Architecture", Work | W. Pan, "Remote Attestation Procedures Architecture", Work | |||
| in Progress, Internet-Draft, draft-ietf-rats-architecture- | in Progress, Internet-Draft, draft-ietf-rats-architecture- | |||
| 07, 16 October 2020, <http://www.ietf.org/internet-drafts/ | 08, 8 December 2020, <http://www.ietf.org/internet-drafts/ | |||
| draft-ietf-rats-architecture-07.txt>. | draft-ietf-rats-architecture-08.txt>. | |||
| [I-D.ietf-rats-eat] | [I-D.ietf-rats-eat] | |||
| Mandyam, G., Lundblade, L., Ballesteros, M., and J. | Mandyam, G., Lundblade, L., Ballesteros, M., and J. | |||
| O'Donoghue, "The Entity Attestation Token (EAT)", Work in | O'Donoghue, "The Entity Attestation Token (EAT)", Work in | |||
| Progress, Internet-Draft, draft-ietf-rats-eat-04, 31 | Progress, Internet-Draft, draft-ietf-rats-eat-06, 2 | |||
| August 2020, <http://www.ietf.org/internet-drafts/draft- | December 2020, <http://www.ietf.org/internet-drafts/draft- | |||
| ietf-rats-eat-04.txt>. | ietf-rats-eat-06.txt>. | |||
| [IANA-CoAP-Content-Formats] | [IANA-CoAP-Content-Formats] | |||
| IANA, "CoAP Content-Formats", 2020, | IANA, "CoAP Content-Formats", 2021, | |||
| <https://www.iana.org/assignments/core-parameters>. | <https://www.iana.org/assignments/core-parameters>. | |||
| [IANA-CWT] IANA, "CBOR Web Token (CWT) Claims", 2020, | [IANA-CWT] IANA, "CBOR Web Token (CWT) Claims", 2021, | |||
| <https://www.iana.org/assignments/cwt/cwt.xhtml>. | <https://www.iana.org/assignments/cwt/cwt.xhtml>. | |||
| [IANA-MediaTypes] | [IANA-MediaTypes] | |||
| IANA, "Media Types", 2020, | IANA, "Media Types", 2021, | |||
| <http://www.iana.org/assignments/media-types>. | <http://www.iana.org/assignments/media-types>. | |||
| [PSA] Arm, "Platform Security Architecture Resources", 2019, | [PSA] Arm, "Platform Security Architecture Resources", 2021, | |||
| <https://www.arm.com/why-arm/architecture/platform- | <https://developer.arm.com/architectures/security- | |||
| security-architecture/psa-resources>. | architectures/platform-security-architecture/ | |||
| documentation>. | ||||
| [TF-M] Linaro, "Trusted Firmware", 2020, | [TF-M] Linaro, "Trusted Firmware-M", 2021, | |||
| <https://www.trustedfirmware.org>. | <https://www.trustedfirmware.org/projects/tf-m/>. | |||
| Appendix A. Reference Implementation | Appendix A. Reference Implementation | |||
| A reference implementation is provided by the Trusted Firmware | A reference implementation is provided by the Trusted Firmware | |||
| project [TF-M]. | project [TF-M]. | |||
| Appendix B. Example | Appendix B. Example | |||
| The following example shows a PSA attestation token for an | The following example shows a PSA attestation token for an | |||
| hypothetical system comprising two measured software components (a | hypothetical system comprising two measured software components (a | |||
| End of changes. 16 change blocks. | ||||
| 25 lines changed or deleted | 28 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||