idnits 2.17.1 draft-ietf-rats-yang-tpm-charra-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 40 instances of too long lines in the document, the longest one being 53 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 180 has weird spacing: '...r-index pcr...' == Line 243 has weird spacing: '...te-name cer...' == Line 275 has weird spacing: '...-number uin...' == Line 332 has weird spacing: '...version ide...' == Line 336 has weird spacing: '...sh-algo ide...' -- The document date (14 April 2021) is 1108 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'TPM20-hash-algo' is mentioned on line 335, but not defined == Outdated reference: A later version (-35) exists of draft-ietf-netconf-keystore-21 == Outdated reference: A later version (-22) exists of draft-ietf-rats-architecture-11 ** Downref: Normative reference to an Informational draft: draft-ietf-rats-architecture (ref. 'I-D.ietf-rats-architecture') == Outdated reference: A later version (-09) exists of draft-ietf-rats-reference-interaction-models-01 ** Downref: Normative reference to an Informational draft: draft-ietf-rats-reference-interaction-models (ref. 'I-D.ietf-rats-reference-interaction-models') == Outdated reference: A later version (-14) exists of draft-ietf-rats-tpm-based-network-device-attest-06 ** Downref: Normative reference to an Informational draft: draft-ietf-rats-tpm-based-network-device-attest (ref. 'I-D.ietf-rats-tpm-based-network-device-attest') -- Possible downref: Non-RFC (?) normative reference: ref. 'TCG-Algos' Summary: 4 errors (**), 0 flaws (~~), 11 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 RATS Working Group H. Birkholz 3 Internet-Draft M. Eckel 4 Intended status: Standards Track Fraunhofer SIT 5 Expires: 16 October 2021 S. Bhandari 6 ThoughtSpot 7 E. Voit 8 B. Sulzen 9 Cisco 10 L. Xia 11 Huawei 12 T. Laffey 13 HPE 14 G. Fedorkow 15 Juniper 16 14 April 2021 18 A YANG Data Model for Challenge-Response-based Remote Attestation 19 Procedures using TPMs 20 draft-ietf-rats-yang-tpm-charra-07 22 Abstract 24 This document defines a YANG RPC and a small number of configuration 25 node required to retrieve attestation evidence about integrity 26 measurements from a device following the operational context defined 27 in TPM-based Network Device Remote Integrity Verification. 28 Complementary measurement logs are also provided by the YANG RPC 29 originating from one or more roots of trust of measurement. The 30 module defined requires at least one TPM 1.2 or TPM 2.0 and 31 corresponding Trusted Software Stack included in the device 32 components of the composite device the YANG server is running on. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on 16 October 2021. 50 Copyright Notice 52 Copyright (c) 2021 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 57 license-info) in effect on the date of publication of this document. 58 Please review these documents carefully, as they describe your rights 59 and restrictions with respect to this document. Code Components 60 extracted from this document must include Simplified BSD License text 61 as described in Section 4.e of the Trust Legal Provisions and are 62 provided without warranty as described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 68 2. The YANG Module for Basic Remote Attestation Procedures . . . 3 69 2.1. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 3 70 2.1.1. ietf-tpm-remote-attestation . . . . . . . . . . . . . 3 71 2.1.2. ietf-tcg-algs . . . . . . . . . . . . . . . . . . . . 31 72 3. IANA considerations . . . . . . . . . . . . . . . . . . . . . 47 73 4. Security Considerations . . . . . . . . . . . . . . . . . . . 47 74 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 48 75 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 48 76 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 49 77 7.1. Normative References . . . . . . . . . . . . . . . . . . 49 78 7.2. Informative References . . . . . . . . . . . . . . . . . 50 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 51 81 1. Introduction 83 This document is based on the terminology defined in the 84 [I-D.ietf-rats-architecture] and uses the operational context defined 85 in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the 86 interaction model and information elements defined in 87 [I-D.ietf-rats-reference-interaction-models]. The currently 88 supported hardware security modules (HWM) are the Trusted Platform 89 Module (TPM) [TPM1.2] and [TPM2.0] specified by the Trusted Computing 90 Group (TCG). One ore more TPMs embedded in the components of a 91 composite device - sometimes also referred to as an aggregate device 92 - are required in order to use the YANG module defined in this 93 document. A TPM is used as a root of trust for reporting (RTR) in 94 order to retrieve attestation evidence from a composite device (quote 95 primitive operation). Additionally, it is used as a root of trust 96 for storage (RTS) in order to retain shielded secrets and store 97 system measurements using a folding hash function (extend primitive 98 operation). 100 1.1. Requirements notation 102 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 103 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 104 "OPTIONAL" in this document are to be interpreted as described in 105 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 106 capitals, as shown here. 108 2. The YANG Module for Basic Remote Attestation Procedures 110 One or more TPMs MUST be embedded in the composite device that is 111 providing attestation evidence via the YANG module defined in this 112 document. The ietf-basic-remote-attestation YANG module enables a 113 composite device to take on the role of Claimant and Attester in 114 accordance with the Remote Attestation Procedures (RATS) architecture 115 [I-D.ietf-rats-architecture] and the corresponding challenge-response 116 interaction model defined in the 117 [I-D.ietf-rats-reference-interaction-models] document. A fresh nonce 118 with an appropriate amount of entropy MUST be supplied by the YANG 119 client in order to enable a proof-of-freshness with respect to the 120 attestation evidence provided by the attester running the YANG 121 datastore. The functions of this YANG module are restricted to 0-1 122 TPMs per hardware component. 124 2.1. YANG Modules 126 2.1.1. ietf-tpm-remote-attestation 128 This YANG module imports modules from [RFC6991], [RFC8348], 129 [I-D.ietf-netconf-keystore], ietf-tcg-algs.yang Section 2.1.2.3. 131 2.1.1.1. Features 133 This module supports the following features: 135 - Indicates that multiple TPMs on the device can support 136 remote attestation, This feature is applicable in cases where 137 multiple line cards, each with its own TPM. 139 - Indicates the device supports the retrieval of bios event 140 logs. 142 - Indicates the device supports the retrieval of Integrity 143 Measurement Architecture event logs. 145 - Indicates the device supports the retrieval of 146 netequip boot event logs. 148 2.1.1.2. Identities 150 This module supports the following types of attestation event logs: 151 , , and . 153 2.1.1.3. RPCs 155 2.1.1.3.1. 157 This RPC allows a Verifier to request a quote of PCRs from a TPM2.0 158 compliant cryptoprocessor. Where the feature is active, and 159 one or more is not provided, all TPM2.0 compliant 160 cryptoprocessors will respond. A YANG tree diagram of this RPC is as 161 follows: 163 +---x tpm20-challenge-response-attestation {taa:TPM20}? 164 +---w input 165 | +---w tpm20-attestation-challenge 166 | +---w nonce-value binary 167 | +---w tpm20-pcr-selection* [] 168 | | +---w TPM20-hash-algo? identityref 169 | | +---w pcr-index* tpm:pcr 170 | +---w certificate-name* certificate-name-ref {tpm:TPMs}? 171 +--ro output 172 +--ro tpm20-attestation-response* [] 173 +--ro certificate-name certificate-name-ref 174 +--ro TPMS_QUOTE_INFO binary 175 +--ro quote-signature? binary 176 +--ro up-time? uint32 177 +--ro unsigned-pcr-values* [] 178 +--ro TPM20-hash-algo? identityref 179 +--ro pcr-values* [pcr-index] 180 +--ro pcr-index pcr 181 +--ro pcr-value? binary 183 An example of an RPC challenge requesting PCRs 0-7 from a SHA256 bank 184 could look like the following: 186 187 188 xmlns="urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation"> 189 110101010110011011111001010010100 190 191 193 taa:TPM_ALG_SHA256 194 195 0 196 1 197 2 198 3 199 4 200 5 201 6 202 7 203 204 205 207 and a successful response might be formated as follows: 209 211 213 215 ks:(instance of Certificate name in the Keystore) 216 217 218 (raw information from the TPM Quote, this includes a digest 219 across the requested PCRs, the nonce, TPM2 time counters.) 220 221 222 (signature across TPMS_QUOTE_INFO) 223 224 225 227 2.1.1.4. 229 This RPC allows a Verifier to request a quote of PCRs from a TPM1.2 230 compliant cryptoprocessor. Where the feature is active, and 231 one or more is not provided, all TPM1.2 compliant 232 cryptoprocessors will respond. A YANG tree diagram of this RPC is as 233 follows: 235 +---x tpm12-challenge-response-attestation {taa:TPM12}? 236 +---w input 237 | +---w tpm12-attestation-challenge 238 | +---w pcr-index* pcr 239 | +---w nonce-value binary 240 | +---w certificate-name* certificate-name-ref {tpm:TPMs}? 241 +--ro output 242 +--ro tpm12-attestation-response* [] 243 +--ro certificate-name certificate-name-ref 244 +--ro up-time? uint32 245 +--ro TPM_QUOTE2? binary 247 2.1.1.5. 249 This RPC allows a Verifier to acquire the evidence which was extended 250 into specific PCRs. A YANG tree diagram of this RPC is as follows: 252 +---x log-retrieval 253 +---w input 254 | +---w log-selector* [] 255 | | +---w tpm-name* string 256 | | +---w (index-type)? 257 | | | +--:(last-entry) 258 | | | | +---w last-entry-value? binary 259 | | | +--:(index) 260 | | | | +---w last-index-number? uint64 261 | | | +--:(timestamp) 262 | | | +---w timestamp? yang:date-and-time 263 | | +---w log-entry-quantity? uint16 264 | +---w log-type identityref 265 +--ro output 266 +--ro system-event-logs 267 +--ro node-data* [] 268 +--ro tpm-name? string 269 +--ro up-time? uint32 270 +--ro log-result 271 +--ro (attested_event_log_type) 272 +--:(bios) 273 | +--ro bios-event-logs 274 | +--ro bios-event-entry* [event-number] 275 | +--ro event-number uint32 276 | +--ro event-type? uint32 277 | +--ro pcr-index? pcr 278 | +--ro digest-list* [] 279 | | +--ro hash-algo? identityref 280 | | +--ro digest* binary 281 | +--ro event-size? uint32 282 | +--ro event-data* uint8 283 +--:(ima) 284 | +--ro ima-event-logs 285 | +--ro ima-event-entry* [event-number] 286 | +--ro event-number uint64 287 | +--ro ima-template? string 288 | +--ro filename-hint? string 289 | +--ro filedata-hash? binary 290 | +--ro filedata-hash-algorithm? string 291 | +--ro template-hash-algorithm? string 292 | +--ro template-hash? binary 293 | +--ro pcr-index? pcr 294 | +--ro signature? binary 295 +--:(netequip_boot) 296 +--ro boot-event-logs 297 +--ro boot-event-entry* [event-number] 298 +--ro event-number uint64 299 +--ro filename-hint? string 300 +--ro filedata-hash? binary 301 +--ro filedata-hash-algorithm? string 302 +--ro file-version? string 303 +--ro file-type? string 304 +--ro pcr-index? pcr 306 2.1.1.6. Data Nodes 308 This section provides a high level description of the data nodes 309 containing the configuration and operational objects with the YANG 310 model. For more details, please see the YANG model itself in 311 Section 2.1.1.7. 313 container - This houses the set of 314 information relating to a device's TPM(s). 316 container - Provides configuration and operational details for 317 each supported TPM, including the tpm-firmware-version, PCRs which 318 may be quoted, certificates which are associated with that TPM, and 319 the current operational status. Of note is the certificates which 320 are associated with that TPM. As a certificate is associated with a 321 single Attestation key, knowledge of the certificate allows a 322 specific TPM to be identified. 324 +--rw tpms 325 +--rw tpm* [tpm-name] 326 +--rw tpm-name string 327 +--ro hardware-based? boolean 328 +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? 329 +--ro tpm-path? string 330 +--ro compute-node compute-node-ref {tpm:TPMs}? 331 +--ro tpm-manufacturer? string 332 +--rw tpm-firmware-version identityref 333 +--rw TPM12-hash-algo? identityref 334 +--rw TPM12-pcrs* pcr 335 +--rw tpm20-pcr-bank* [TPM20-hash-algo] 336 | +--rw TPM20-hash-algo identityref 337 | +--rw pcr-index* tpm:pcr 338 +--ro tpm-status enumeration 339 +--rw certificates 340 +--rw certificate* [certificate-name] 341 +--rw certificate-name string 342 +--rw certificate-keystore-ref? -> /ks:keystore/asymmetric-keys/asymmetric-key/certificates/certificate/name 343 +--rw certificate-type? enumeration 345 container - Identifies which TCG 346 algorithms are available for use the Attesting platform. This allows 347 an operator to limit algorithms available for use by RPCs to just a 348 desired set from the universe of all allowed by TCG. 350 +--rw attester-supported-algos 351 +--rw tpm12-asymmetric-signing* identityref {taa:TPM12}? 352 +--rw tpm12-hash* identityref {taa:TPM12}? 353 +--rw tpm20-asymmetric-signing* identityref {taa:TPM20}? 354 +--rw tpm20-hash* identityref {taa:TPM20}? 356 container - When there is more than one TPM 357 supported, this container maintains the set of information related to 358 the compute associated with a specific TPM. This allows each 359 specific TPM to identify on which it belongs. 361 +--rw compute-nodes {tpm:TPMs}? 362 +--ro compute-node* [node-id] 363 +--ro node-id string 364 +--ro node-physical-index? int32 {ietfhw:entity-mib}? 365 +--ro node-name? string 366 +--ro node-location? string 368 2.1.1.7. YANG Module 369 file "ietf-tpm-remote-attestation@2021-03-16.yang" 370 module ietf-tpm-remote-attestation { 371 namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation"; 372 prefix "tpm"; 374 import ietf-yang-types { 375 prefix yang; 376 } 377 import ietf-hardware { 378 prefix ietfhw; 379 } 380 import ietf-keystore { 381 prefix ks; 382 } 383 import ietf-tcg-algs { 384 prefix taa; 385 } 387 organization 388 "IETF RATS (Remote ATtestation procedureS) Working Group"; 390 contact 391 "WG Web : 392 WG List : 393 Author : Eric Voit 394 Author : Henk Birkholz 395 Author : Michael Eckel 396 Author : Shwetha Bhandari 397 Author : Bill Sulzen 398 Author : Liang Xia (Frank) 399 Author : Tom Laffey 400 Author : Guy Fedorkow "; 402 description 403 "A YANG module to enable a TPM 1.2 and TPM 2.0 based 404 remote attestation procedure using a challenge-response 405 interaction model and the TPM 1.2 and TPM 2.0 Quote 406 primitive operations. 408 Copyright (c) 2020 IETF Trust and the persons identified 409 as authors of the code. All rights reserved. 411 Redistribution and use in source and binary forms, with 412 or without modification, is permitted pursuant to, and 413 subject to the license terms contained in, the Simplified 414 BSD License set forth in Section 4.c of the IETF Trust's 415 Legal Provisions Relating to IETF Documents 416 (https://trustee.ietf.org/license-info). 418 This version of this YANG module is part of RFC XXXX 419 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC 420 itself for full legal notices. 422 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 423 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 424 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 425 are to be interpreted as described in BCP 14 (RFC 2119) 426 (RFC 8174) when, and only when, they appear in all 427 capitals, as shown here."; 429 revision "2021-03-16" { 430 description 431 "Initial version"; 432 reference 433 "draft-ietf-rats-yang-tpm-charra"; 434 } 436 /*****************/ 437 /* Features */ 438 /*****************/ 440 feature TPMs { 441 description 442 "The device supports the remote attestation of multiple 443 TPM based cryptoprocessors."; 444 } 446 feature bios { 447 description 448 "The device supports the bios logs."; 449 reference 450 "https://trustedcomputinggroup.org/wp-content/uploads/ 451 PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf 452 Section 9.4.5.2"; 453 } 455 feature ima { 456 description 457 "The device supports Integrity Measurement Architecture logs."; 458 reference 459 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 460 TCG_IWG_CEL_v1_r0p30_13feb2021.pdf Section 4.3"; 461 } 463 feature netequip_boot { 464 description 465 "The device supports the netequip_boot logs."; 467 } 469 /*****************/ 470 /* Typedefs */ 471 /*****************/ 473 typedef pcr { 474 type uint8 { 475 range "0..31"; 476 } 477 description 478 "Valid index number for a PCR. At this point 0-31 is viable."; 479 } 481 typedef compute-node-ref { 482 type leafref { 483 path "/tpm:rats-support-structures/tpm:compute-nodes" + 484 "/tpm:compute-node/tpm:node-name"; 485 } 486 description 487 "This type is used to reference a hardware node. It is quite 488 possible this leafref will eventually point to another YANG 489 module's node."; 490 } 492 typedef certificate-name-ref { 493 type leafref { 494 path "/tpm:rats-support-structures/tpm:tpms/tpm:tpm" + 495 "/tpm:certificates/tpm:certificate/tpm:certificate-name"; 496 } 497 description 498 "A type which allows identification of a TPM based certificate."; 499 } 501 /******************/ 502 /* Identities */ 503 /******************/ 505 identity attested_event_log_type { 506 description 507 "Base identity allowing categorization of the reasons why and 508 attested measurement has been taken on an Attester."; 509 } 511 identity ima { 512 base attested_event_log_type; 513 description 514 "An event type recorded in IMA."; 515 } 517 identity bios { 518 base attested_event_log_type; 519 description 520 "An event type associated with BIOS/UEFI."; 521 } 523 identity netequip_boot { 524 base attested_event_log_type; 525 description 526 "An event type associated with Network Equipment Boot."; 527 } 529 /*****************/ 530 /* Groupings */ 531 /*****************/ 533 grouping TPM20-hash-algo { 534 description 535 "The cryptographic algorithm used to hash the TPM2 PCRs. This 536 must be from the list of platform supported options."; 537 leaf TPM20-hash-algo { 538 type identityref { 539 base taa:hash; 540 } 541 must "/tpm:rats-support-structures/tpm:attester-supported-algos" 542 + "/tpm:tpm20-hash" { 543 error-message "Not a platform supported TPM20-hash-algo"; 544 } 545 default taa:TPM_ALG_SHA256; 546 description 547 "The hash scheme that is used to hash a TPM1.2 PCR. This 548 must be one of those supported by a platform."; 549 } 550 } 552 grouping TPM12-hash-algo { 553 description 554 "The cryptographic algorithm used to hash the TPM1.2 PCRs."; 555 leaf TPM12-hash-algo { 556 type identityref { 557 base taa:hash; 558 } 559 must "/tpm:rats-support-structures/tpm:attester-supported-algos" 560 + "/tpm:tpm12-hash" { 561 error-message "Not a platform supported TPM12-hash-algo"; 563 } 564 default taa:TPM_ALG_SHA1; 565 description 566 "The hash scheme that is used to hash a TPM1.2 PCR. This 567 MUST be one of those supported by a platform. This assumes 568 that an algorithm other than SHA1 can be supported on some 569 TPM1.2 cryptoprocessor variant."; 570 } 571 } 573 grouping nonce { 574 description 575 "A random number intended to be used once to show freshness 576 and to allow the detection of replay attacks."; 577 leaf nonce-value { 578 type binary; 579 mandatory true; 580 description 581 "This nonce SHOULD be generated via a registered 582 cryptographic-strength algorithm. In consequence, 583 the length of the nonce depends on the hash algorithm 584 used. The algorithm used in this case is independent 585 from the hash algorithm used to create the hash-value 586 in the response of the attestor."; 587 } 588 } 590 grouping tpm12-pcr-selection { 591 description 592 "A Verifier can request one or more PCR values using its 593 individually created Attestation Key Certificate (AC). 594 The corresponding selection filter is represented in this 595 grouping. 596 Requesting a PCR value that is not in scope of the AC used, 597 detailed exposure via error msg should be avoided."; 598 leaf-list pcr-index { 599 /* the following XPATH must be updated to ensure that only 600 selectable PCRs are allowed in the RPC 601 must "/tpm:rats-support-structures/tpm:tpms" + 602 "/tpm:tpm[tpm-name = current()]" + 603 "/tpm:tpm[TPM12-pcrs = current()]" { 604 error-message "Acquiring this PCR index is not supported"; 605 } 606 */ 607 type pcr; 608 description 609 "The numbers/indexes of the PCRs. At the moment this is limited 610 to 32."; 612 } 613 } 615 grouping tpm20-pcr-selection { 616 description 617 "A Verifier can acquire one or more PCR values, which are hashed 618 together in a TPM2B_DIGEST coming from the TPM2. The selection 619 list of desired PCRs and the Hash Algorithm is represented in 620 this grouping."; 621 list tpm20-pcr-selection { 622 unique "TPM20-hash-algo"; 623 description 624 "Specifies the list of PCRs and Hash Algorithms that can be 625 returned within a TPM2B_DIGEST."; 626 reference 627 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 628 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.9.7"; 629 uses TPM20-hash-algo; 630 leaf-list pcr-index { 631 /* the following XPATH must be updated to ensure that only 632 selectable PCRs are allowed in the RPC 633 must "/tpm:rats-support-structures/tpm:tpms" + 634 "/tpm:tpm[tpm-name = current()]" + 635 "/tpm:tpm20-pcr-bank[pcr-index = current()]" { 636 error-message "Acquiring this PCR index is not supported"; 637 } 638 */ 639 type tpm:pcr; 640 description 641 "The numbers of the PCRs that which are being tracked 642 with a hash based on the TPM20-hash-algo."; 643 } 644 } 645 } 647 grouping certificate-name-ref { 648 description 649 "Identifies a certificate in a keystore."; 650 leaf certificate-name { 651 type certificate-name-ref; 652 mandatory true; 653 description 654 "Identifies a certificate in a keystore."; 655 } 656 } 658 grouping tpm-name { 659 description 660 "A unique TPM on a device."; 661 leaf tpm-name { 662 type string; 663 description 664 "Unique system generated name for a TPM on a device."; 665 } 666 } 668 grouping tpm-name-selector { 669 description 670 "One or more TPM on a device."; 671 leaf-list tpm-name { 672 type string; 673 config false; 674 description 675 "Name of one or more unique TPMs on a device. If this object 676 exists, a selection should pull only the objects related to 677 these TPM(s). If it does not exist, all qualifying TPMs that 678 are 'hardware-based' equals true on the device are selected."; 679 } 680 } 682 grouping node-uptime { 683 description 684 "Uptime in seconds of the node."; 685 leaf up-time { 686 type uint32; 687 description 688 "Uptime in seconds of this node reporting its data"; 689 } 690 } 692 grouping tpm12-attestation { 693 description 694 "Contains an instance of TPM1.2 style signed cryptoprocessor 695 measurements. It is supplemented by unsigned Attester 696 information."; 697 uses node-uptime; 698 leaf TPM_QUOTE2 { 699 type binary; 700 description 701 "Result of a TPM1.2 Quote2 operation. This includes PCRs, 702 signatures, locality, the provided nonce and other data which 703 can be further parsed to appraise the Attester."; 704 reference 705 "TPM1.2 commands rev116 July 2007, Section 16.5"; 706 } 707 } 708 grouping tpm20-attestation { 709 description 710 "Contains an instance of TPM2 style signed cryptoprocessor 711 measurements. It is supplemented by unsigned Attester 712 information."; 713 leaf TPMS_QUOTE_INFO { 714 type binary; 715 mandatory true; 716 description 717 "A hash of the latest PCR values (and the hash algorithm used) 718 which have been returned from a Verifier for the selected PCRs 719 and Hash Algorithms."; 720 reference 721 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 722 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.12.1"; 723 } 724 leaf quote-signature { 725 type binary; 726 description 727 "Quote signature returned by TPM Quote. The signature was 728 generated using the key associated with the 729 certificate-name."; 730 reference 731 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 732 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 11.2.1"; 733 } 734 uses node-uptime; 735 list unsigned-pcr-values { 736 description 737 "PCR values in each PCR bank. This might appear redundant with 738 the TPM2B_DIGEST, but that digest is calculated across multiple 739 PCRs. Having to verify across multiple PCRs does not 740 necessarily make it easy for a Verifier to appraise just the 741 minimum set of PCR information which has changed since the last 742 received TPM2B_DIGEST. Put another way, why should a Verifier 743 reconstruct the proper value of all PCR Quotes when only a 744 single PCR has changed? 746 To help this happen, if the Attester does know specific PCR 747 values, the Attester can provide these individual values via 748 'unsigned-pcr-values'. By comparing this information to the 749 what has previously been validated, it is possible for a 750 Verifier to confirm the Attester's signature while eliminating 751 significant processing."; 752 uses TPM20-hash-algo; 753 list pcr-values { 754 key pcr-index; 755 description 756 "List of one PCR bank."; 757 leaf pcr-index { 758 type pcr; 759 description 760 "PCR index number."; 761 } 762 leaf pcr-value { 763 type binary; 764 description 765 "PCR value."; 766 reference 767 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 768 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.9.7"; 769 } 770 } 771 } 772 } 774 grouping log-identifier { 775 description 776 "Identifier for type of log to be retrieved."; 777 leaf log-type { 778 type identityref { 779 base attested_event_log_type; 780 } 781 mandatory true; 782 description 783 "The corresponding measurement log type identity."; 784 } 785 } 787 grouping boot-event-log { 788 description 789 "Defines an event log corresponding to the event that extended 790 the PCR"; 791 leaf event-number { 792 type uint32; 793 description 794 "Unique event number of this event"; 795 } 796 leaf event-type { 797 type uint32; 798 description 799 "log event type"; 800 } 801 leaf pcr-index { 802 type pcr; 803 description 804 "Defines the PCR index that this event extended"; 805 } 806 list digest-list { 807 description 808 "Hash of event data"; 809 leaf hash-algo { 810 type identityref { 811 base taa:hash; 812 } 813 description 814 "The hash scheme that is used to compress the event data in 815 each of the leaf-list digest items."; 816 } 817 leaf-list digest { 818 type binary; 819 description 820 "The hash of the event data using the algorithm of the 821 'hash-algo' against 'event data'."; 822 } 823 } 824 leaf event-size { 825 type uint32; 826 description 827 "Size of the event data"; 828 } 829 leaf-list event-data { 830 type uint8; 831 description 832 "The event data size determined by event-size"; 833 } 834 } 836 grouping bios-event-log { 837 description 838 "Measurement log created by the BIOS/UEFI."; 839 list bios-event-entry { 840 key event-number; 841 description 842 "Ordered list of TCG described event log 843 that extended the PCRs in the order they 844 were logged"; 845 uses boot-event-log; 846 } 847 } 849 grouping ima-event { 850 description 851 "Defines an hash log extend event for IMA measurements"; 852 reference 853 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 854 TCG_IWG_CEL_v1_r0p30_13feb2021.pdf Section 4.3"; 855 leaf event-number { 856 type uint64; 857 description 858 "Unique number for this event for sequencing"; 859 } 860 leaf ima-template { 861 type string; 862 description 863 "Name of the template used for event logs 864 for e.g. ima, ima-ng, ima-sig"; 865 } 866 leaf filename-hint { 867 type string; 868 description 869 "File that was measured"; 870 } 871 leaf filedata-hash { 872 type binary; 873 description 874 "Hash of filedata"; 875 } 876 leaf filedata-hash-algorithm { 877 type string; 878 description 879 "Algorithm used for filedata-hash"; 880 } 881 leaf template-hash-algorithm { 882 type string; 883 description 884 "Algorithm used for template-hash"; 885 } 886 leaf template-hash { 887 type binary; 888 description 889 "hash(filedata-hash, filename-hint)"; 890 } 891 leaf pcr-index { 892 type pcr; 893 description 894 "Defines the PCR index that this event extended"; 895 } 896 leaf signature { 897 type binary; 898 description 899 "The file signature"; 900 } 901 } 903 grouping ima-event-log { 904 description 905 "Measurement log created by IMA."; 906 list ima-event-entry { 907 key event-number; 908 description 909 "Ordered list of ima event logs by event-number"; 910 uses ima-event; 911 } 912 } 914 grouping netequip-boot-event { 915 description 916 "Defines an hash log extend event for Network Equipment Boot."; 917 leaf event-number { 918 type uint64; 919 description 920 "Unique number for this event for sequencing"; 921 } 922 leaf filename-hint { 923 type string; 924 description 925 "File that was measured"; 926 } 927 leaf filedata-hash { 928 type binary; 929 description 930 "Hash of filedata"; 931 } 932 leaf filedata-hash-algorithm { 933 type string; 934 description 935 "Algorithm used for filedata-hash."; 936 } 937 leaf file-version { 938 type string; 939 description 940 "File version information."; 941 } 942 leaf file-type { 943 type string; 944 description 945 "Indicating at which boot stage the file is loaded, 946 such as BIOS, BootLoader, etc."; 948 } 949 leaf pcr-index { 950 type pcr; 951 description 952 "Defines the PCR index that this event extended"; 953 } 954 } 956 grouping network-equipment-boot-event-log { 957 description 958 "Measurement log created by Network Equipment Boot."; 959 list boot-event-entry { 960 key event-number; 961 description 962 "Ordered list of Network Equipment Boot event logs 963 by event-number."; 964 uses netequip-boot-event; 965 } 966 } 968 grouping event-logs { 969 description 970 "A selector for the log and its type."; 971 choice attested_event_log_type { 972 mandatory true; 973 description 974 "Event log type determines the event logs content."; 975 case bios { 976 if-feature "bios"; 977 description 978 "BIOS/UEFI event logs"; 979 container bios-event-logs { 980 description 981 "BIOS/UEFI event logs"; 982 uses bios-event-log; 983 } 984 } 985 case ima { 986 if-feature "ima"; 987 description 988 "IMA event logs."; 989 container ima-event-logs { 990 description 991 "IMA event logs."; 992 uses ima-event-log; 993 } 994 } 995 case netequip_boot { 996 if-feature "netequip_boot"; 997 description 998 "Network Equipment Boot event logs"; 999 container boot-event-logs { 1000 description 1001 "Network equipment boot event logs."; 1002 uses network-equipment-boot-event-log; 1003 } 1004 } 1005 } 1006 } 1008 /**********************/ 1009 /* RPC operations */ 1010 /**********************/ 1012 rpc tpm12-challenge-response-attestation { 1013 if-feature "taa:TPM12"; 1014 description 1015 "This RPC accepts the input for TSS TPM 1.2 commands made to the 1016 attesting device."; 1017 input { 1018 container tpm12-attestation-challenge { 1019 description 1020 "This container includes every information element defined 1021 in the reference challenge-response interaction model for 1022 remote attestation. Corresponding values are based on 1023 TPM 1.2 structure definitions"; 1024 uses tpm12-pcr-selection; 1025 uses nonce; 1026 leaf-list certificate-name { 1027 if-feature "tpm:TPMs"; 1028 type certificate-name-ref; 1029 must "/tpm:rats-support-structures/tpm:tpms" + 1030 "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm12']" + 1031 "/tpm:certificates/" + 1032 "/tpm:certificate[certificate-name-ref=current()]" { 1033 error-message "Not an available TPM1.2 AIK certificate."; 1034 } 1035 description 1036 "When populated, the RPC will only get a Quote for the 1037 TPMs associated with these certificate(s)."; 1038 } 1039 } 1040 } 1041 output { 1042 list tpm12-attestation-response { 1043 unique "certificate-name"; 1044 description 1045 "The binary output of TPM 1.2 TPM_Quote/TPM_Quote2, including 1046 the PCR selection and other associated attestation evidence 1047 metadata"; 1048 uses certificate-name-ref { 1049 description 1050 "Certificate associated with this tpm12-attestation."; 1051 } 1052 uses tpm12-attestation; 1053 } 1054 } 1055 } 1057 rpc tpm20-challenge-response-attestation { 1058 if-feature "taa:TPM20"; 1059 description 1060 "This RPC accepts the input for TSS TPM 2.0 commands of the 1061 managed device. ComponentIndex from the hardware manager YANG 1062 module to refer to dedicated TPM in composite devices, 1063 e.g. smart NICs, is still a TODO."; 1064 input { 1065 container tpm20-attestation-challenge { 1066 description 1067 "This container includes every information element defined 1068 in the reference challenge-response interaction model for 1069 remote attestation. Corresponding values are based on 1070 TPM 2.0 structure definitions"; 1071 uses nonce; 1072 uses tpm20-pcr-selection; 1073 leaf-list certificate-name { 1074 if-feature "tpm:TPMs"; 1075 type certificate-name-ref; 1076 must "/tpm:rats-support-structures/tpm:tpms" + 1077 "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm20']" + 1078 "/tpm:certificates/" + 1079 "/tpm:certificate[certificate-name-ref=current()]" { 1080 error-message "Not an available TPM2.0 AIK certificate."; 1081 } 1082 description 1083 "When populated, the RPC will only get a Quote for the 1084 TPMs associated with the certificates."; 1085 } 1086 } 1087 } 1088 output { 1089 list tpm20-attestation-response { 1090 unique "certificate-name"; 1091 description 1092 "The binary output of TPM2b_Quote in one TPM chip of the 1093 node which identified by node-id. An TPMS_ATTEST structure 1094 including a length, encapsulated in a signature"; 1095 uses certificate-name-ref { 1096 description 1097 "Certificate associated with this tpm20-attestation."; 1098 } 1099 uses tpm20-attestation; 1100 } 1101 } 1102 } 1104 rpc log-retrieval { 1105 description 1106 "Logs Entries are either identified via indices or via providing 1107 the last line received. The number of lines returned can be 1108 limited. The type of log is a choice that can be augmented."; 1109 input { 1110 list log-selector { 1111 description 1112 "Selection of log entries to be reported."; 1113 uses tpm-name-selector; 1114 choice index-type { 1115 description 1116 "Last log entry received, log index number, or timestamp."; 1117 case last-entry { 1118 description 1119 "The last entry of the log already retrieved."; 1120 leaf last-entry-value { 1121 type binary; 1122 description 1123 "Content of an log event which matches 1:1 with a 1124 unique event record contained within the log. Log 1125 entries subsequent to this will be passed to the 1126 requester. Note: if log entry values are not unique, 1127 this MUST return an error."; 1128 } 1129 } 1130 case index { 1131 description 1132 "Numeric index of the last log entry retrieved, or 1133 zero."; 1134 leaf last-index-number { 1135 type uint64; 1136 description 1137 "The last numeric index number of a log entry. 1138 Zero means to start at the beginning of the log. 1139 Entries subsequent to this will be passed to the 1140 requester."; 1141 } 1142 } 1143 case timestamp { 1144 leaf timestamp { 1145 type yang:date-and-time; 1146 description 1147 "Timestamp from which to start the extraction. The 1148 next log entry subsequent to this timestamp is to 1149 be sent."; 1150 } 1151 description 1152 "Timestamp from which to start the extraction."; 1153 } 1154 } 1155 leaf log-entry-quantity { 1156 type uint16; 1157 description 1158 "The number of log entries to be returned. If omitted, it 1159 means all of them."; 1160 } 1161 } 1162 uses log-identifier; 1163 } 1165 output { 1166 container system-event-logs { 1167 description 1168 "The requested data of the measurement event logs"; 1169 list node-data { 1170 unique "tpm-name"; 1171 description 1172 "Event logs of a node in a distributed system 1173 identified by the node name"; 1174 uses tpm-name; 1175 uses node-uptime; 1176 container log-result { 1177 description 1178 "The requested entries of the corresponding log."; 1179 uses event-logs; 1180 } 1181 } 1182 } 1183 } 1184 } 1186 /**************************************/ 1187 /* Config & Oper accessible nodes */ 1188 /**************************************/ 1190 container rats-support-structures { 1191 description 1192 "The datastore definition enabling verifiers or relying 1193 parties to discover the information necessary to use the 1194 remote attestation RPCs appropriately."; 1195 container compute-nodes { 1196 if-feature "tpm:TPMs"; 1197 description 1198 "Holds the set device subsystems/components in this composite 1199 device that support TPM operations."; 1200 list compute-node { 1201 key node-id; 1202 config false; 1203 min-elements 2; 1204 description 1205 "A component within this composite device which 1206 supports TPM operations."; 1207 leaf node-id { 1208 type string; 1209 description 1210 "ID of the compute node, such as Board Serial Number."; 1211 } 1212 leaf node-physical-index { 1213 if-feature ietfhw:entity-mib; 1214 type int32 { 1215 range "1..2147483647"; 1216 } 1217 config false; 1218 description 1219 "The entPhysicalIndex for the compute node."; 1220 reference 1221 "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex"; 1222 } 1223 leaf node-name { 1224 type string; 1225 description 1226 "Name of the compute node."; 1227 } 1228 leaf node-location { 1229 type string; 1230 description 1231 "Location of the compute node, such as slot number."; 1232 } 1233 } 1234 } 1235 container tpms { 1236 description 1237 "Holds the set of TPMs within an Attester."; 1238 list tpm { 1239 key tpm-name; 1240 unique "tpm-path"; 1241 description 1242 "A list of TPMs in this composite device that RATS 1243 can be conducted with."; 1244 uses tpm-name; 1245 leaf hardware-based { 1246 type boolean; 1247 config false; 1248 description 1249 "Answers the question: is this TPM is a hardware based 1250 TPM?"; 1251 } 1252 leaf tpm-physical-index { 1253 if-feature ietfhw:entity-mib; 1254 type int32 { 1255 range "1..2147483647"; 1256 } 1257 config false; 1258 description 1259 "The entPhysicalIndex for the TPM."; 1260 reference 1261 "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex"; 1262 } 1263 leaf tpm-path { 1264 type string; 1265 config false; 1266 description 1267 "Path to a unique TPM on a device. This can change across 1268 reboots."; 1269 } 1270 leaf compute-node { 1271 if-feature "tpm:TPMs"; 1272 type compute-node-ref; 1273 config false; 1274 mandatory true; 1275 description 1276 "Indicates the compute node measured by this TPM."; 1277 } 1278 leaf tpm-manufacturer { 1279 type string; 1280 config false; 1281 description 1282 "TPM manufacturer name."; 1283 } 1284 leaf tpm-firmware-version { 1285 type identityref { 1286 base taa:cryptoprocessor; 1287 } 1288 mandatory true; 1289 description 1290 "Identifies the cryptoprocessor API set supported. This 1291 is automatically configured by the device and should not 1292 be changed."; 1293 } 1294 uses TPM12-hash-algo { 1295 when "tpm-firmware-version = 'taa:tpm12'"; 1296 refine TPM12-hash-algo { 1297 description 1298 "The hash algorithm overwrites the default used for PCRs 1299 on this TPM1.2 compliant cryptoprocessor."; 1300 } 1301 } 1302 leaf-list TPM12-pcrs { 1303 when "../tpm-firmware-version = 'taa:tpm12'"; 1304 type pcr; 1305 description 1306 "The PCRs which may be extracted from this TPM1.2 1307 compliant cryptoprocessor."; 1308 } 1309 list tpm20-pcr-bank { 1310 when "../tpm-firmware-version = 'taa:tpm20'"; 1311 key "TPM20-hash-algo"; 1312 description 1313 "Specifies the list of PCRs that may be extracted for 1314 a specific Hash Algorithm on this TPM2 compliant 1315 cryptoprocessor. A bank is a set of PCRs which are 1316 extended using a particular hash algorithm."; 1317 reference 1318 "https://www.trustedcomputinggroup.org/wp-content/uploads/ 1319 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.9.7"; 1320 leaf TPM20-hash-algo { 1321 type identityref { 1322 base taa:hash; 1323 } 1324 must "/tpm:rats-support-structures" 1325 + "/tpm:attester-supported-algos" 1326 + "/tpm:tpm20-hash" { 1327 error-message "Not a platform supported TPM20-hash-algo"; 1328 } 1329 description 1330 "The hash scheme actively being used to hash a 1331 one or more TPM2.0 PCRs."; 1333 } 1334 leaf-list pcr-index { 1335 type tpm:pcr; 1336 description 1337 "Defines what TPM2 PCRs are available to be extracted."; 1338 } 1339 } 1340 leaf tpm-status { 1341 type enumeration { 1342 enum operational { 1343 value 0; 1344 description 1345 "The TPM currently is currently running normally and 1346 is ready to accept and process TPM quotes."; 1347 reference 1348 "TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf 1349 Section 12"; 1350 } 1351 enum non-operational { 1352 value 1; 1353 description 1354 "TPM is in a state such as startup or shutdown which 1355 precludes the processing of TPM quotes."; 1356 } 1357 } 1358 config false; 1359 mandatory true; 1360 description 1361 "TPM chip self-test status."; 1362 } 1363 container certificates { 1364 description 1365 "The TPM's certificates, including EK certificates 1366 and AK certificates."; 1367 list certificate { 1368 key "certificate-name"; 1369 description 1370 "Three types of certificates can be accessed via 1371 this statement, including Initial Attestation 1372 Key Cert, Local Attestation Key Cert or 1373 Endorsement Key Cert."; 1374 leaf certificate-name { 1375 type string; 1376 description 1377 "An arbitrary name uniquely identifying a certificate 1378 associated within key within a TPM."; 1379 } 1380 leaf certificate-keystore-ref { 1381 type leafref { 1382 path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key" 1383 + "/ks:certificates/ks:certificate/ks:name"; 1384 } 1385 description 1386 "A reference to a specific certificate of an 1387 asymmetric key in the Keystore."; 1388 /* Note: It is also possible to import a grouping which 1389 allows local definition via an imported keystore 1390 schema. */ 1391 } 1392 leaf certificate-type { 1393 type enumeration { 1394 enum endorsement-cert { 1395 value 0; 1396 description 1397 "Endorsement Key (EK) Certificate type."; 1398 } 1399 enum initial-attestation-cert { 1400 value 1; 1401 description 1402 "Initial Attestation key (IAK) Certificate type."; 1403 } 1404 enum local-attestation-cert { 1405 value 2; 1406 description 1407 "Local Attestation Key (LAK) Certificate type."; 1408 } 1409 } 1410 description 1411 "Type of this certificate"; 1412 } 1413 } 1414 } 1415 } 1416 } 1417 container attester-supported-algos { 1418 description 1419 "Identifies which TPM algorithms are available for use on an 1420 attesting platform."; 1421 leaf-list tpm12-asymmetric-signing { 1422 when "../../tpm:tpms" + 1423 "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm12']"; 1424 if-feature "taa:TPM12"; 1425 type identityref { 1426 base taa:asymmetric; 1427 } 1428 description 1429 "Platform Supported TPM12 asymmetric algorithms."; 1430 } 1431 leaf-list tpm12-hash { 1432 when "../../tpm:tpms" + 1433 "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm12']"; 1434 if-feature "taa:TPM12"; 1435 type identityref { 1436 base taa:hash; 1437 } 1438 description 1439 "Platform supported TPM12 hash algorithms."; 1440 } 1441 leaf-list tpm20-asymmetric-signing { 1442 when "../../tpm:tpms" + 1443 "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm20']"; 1444 if-feature "taa:TPM20"; 1445 type identityref { 1446 base taa:asymmetric; 1447 } 1448 description 1449 "Platform Supported TPM20 asymmetric algorithms."; 1450 } 1451 leaf-list tpm20-hash { 1452 when "../../tpm:tpms" + 1453 "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm20']"; 1454 if-feature "taa:TPM20"; 1455 type identityref { 1456 base taa:hash; 1457 } 1458 description 1459 "Platform supported TPM20 hash algorithms."; 1460 } 1461 } 1462 } 1463 } 1464 1466 2.1.2. ietf-tcg-algs 1468 Cryptographic algorithm types were initially included within -v14 1469 NETCONF's iana-crypto-types.yang. Unfortunately all this content 1470 including the algorithms needed here failed to make the -v15 used 1471 WGLC. As a result this document has encoded the TCG Algorithm 1472 definitions of [TCG-Algos], revision 1.32. By including this full 1473 table as a separate YANG file within this document, it is possible 1474 for other YANG models to leverage the contents of this model. 1476 2.1.2.1. Features 1478 There are two types of features supported and . 1479 Support for either of these features indicates that a cryptoprocessor 1480 supporting the corresponding type of TCG API is present on an 1481 Attester. Most commonly, only one type of cryptoprocessor will be 1482 available on an Attester. 1484 2.1.2.2. Identities 1486 There are three types of identities in this model. 1488 The first are the cryptographic functions supportable by a TPM 1489 algorithm, these include: , , , 1490 , , , , and 1491 . The definitions of each of these are in Table 2 of 1492 [TCG-Algos]. 1494 The second are API specifications for tpms: and . 1496 The third are specific algorithm types. Each algorithm type defines 1497 what cryptographic functions may be supported, and on which type of 1498 API specification. It is not required that an implementation of a 1499 specific TPM will support all algorithm types. The contents of each 1500 specific algorithm mirrors what is in Table 3 of [TCG-Algos]. 1502 2.1.2.3. YANG Module 1504 file "ietf-tcg-algs@2020-09-18.yang" 1505 module ietf-tcg-algs { 1506 yang-version 1.1; 1507 namespace "urn:ietf:params:xml:ns:yang:ietf-tcg-algs"; 1508 prefix taa; 1510 organization 1511 "IETF RATS Working Group"; 1513 contact 1514 "WG Web: 1515 WG List: 1516 Author: Eric Voit "; 1518 description 1519 "This module defines a identities for asymmetric algorithms. 1521 Copyright (c) 2020 IETF Trust and the persons identified 1522 as authors of the code. All rights reserved. 1523 Redistribution and use in source and binary forms, with 1524 or without modification, is permitted pursuant to, and 1525 subject to the license terms contained in, the Simplified 1526 BSD License set forth in Section 4.c of the IETF Trust's 1527 Legal Provisions Relating to IETF Documents 1528 (https://trustee.ietf.org/license-info). 1529 This version of this YANG module is part of RFC XXXX 1530 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC 1531 itself for full legal notices. 1532 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 1533 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 1534 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 1535 are to be interpreted as described in BCP 14 (RFC 2119) 1536 (RFC 8174) when, and only when, they appear in all 1537 capitals, as shown here."; 1539 revision 2020-09-18 { 1540 description 1541 "Initial version"; 1542 reference 1543 "RFC XXXX: tbd"; 1544 } 1546 /*****************/ 1547 /* Features */ 1548 /*****************/ 1550 feature TPM12 { 1551 description 1552 "This feature indicates algorithm support for the TPM 1.2 API 1553 as per TPM-main-1.2-Rev94-part-2, Section 4.8."; 1554 } 1556 feature TPM20 { 1557 description 1558 "This feature indicates algorithm support for the TPM 2.0 API 1559 as per TPM-Rev-2.0-Part-1-Architecture-01.38 Section 11.4."; 1560 } 1562 /*****************/ 1563 /* Identities */ 1564 /*****************/ 1566 /* There needs to be collasping/verification of some of the identity 1567 types between the various algorithm types listed below */ 1569 identity asymmetric { 1570 description 1571 "A TCG recognized asymmetric algorithm with a public and 1572 private key."; 1573 reference 1574 "http://trustedcomputinggroup.org/resource/tcg-algorithm-registry/ 1575 TCG_Algorithm_Registry_r1p32_pub Table 2"; 1576 } 1578 identity symmetric { 1579 description 1580 "A TCG recognized symmetric algorithm with only a private key."; 1581 reference 1582 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1583 } 1585 identity hash { 1586 description 1587 "A TCG recognized hash algorithm that compresses input data to 1588 a digest value or indicates a method that uses a hash."; 1589 reference 1590 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1591 } 1593 identity signing { 1594 description 1595 "A TCG recognized signing algorithm"; 1596 reference 1597 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1598 } 1600 identity anonymous_signing { 1601 description 1602 "A TCG recognized anonymous signing algorithm."; 1603 reference 1604 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1605 } 1607 identity encryption_mode { 1608 description 1609 "A TCG recognized encryption mode."; 1610 reference 1611 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1612 } 1614 identity method { 1615 description 1616 "A TCG recognized method such as a mask generation function."; 1617 reference 1618 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1620 } 1622 identity object_type { 1623 description 1624 "A TCG recognized object type."; 1625 reference 1626 "TCG_Algorithm_Registry_r1p32_pub Table 2"; 1627 } 1629 identity cryptoprocessor { 1630 description 1631 "Base identity identifying a crytoprocessor."; 1632 } 1634 identity tpm12 { 1635 if-feature "TPM12"; 1636 base cryptoprocessor; 1637 description 1638 "Supportable by a TPM1.2."; 1639 reference 1640 "TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf 1641 TPM_ALGORITHM_ID values, page 18"; 1642 } 1644 identity tpm20 { 1645 if-feature "TPM12"; 1646 base cryptoprocessor; 1647 description 1648 "Supportable by a TPM2."; 1649 reference 1650 "TPM-Rev-2.0-Part-2-Structures-01.38.pdf 1651 The TCG Algorithm Registry. Table 9"; 1652 } 1654 identity TPM_ALG_RSA { 1655 if-feature "TPM12 or TPM20"; 1656 base tpm12; 1657 base tpm20; 1658 base asymmetric; 1659 base object_type; 1660 description 1661 "RSA algorithm"; 1662 reference 1663 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1664 RFC 8017. ALG_ID: 0x0001"; 1665 } 1667 identity TPM_ALG_TDES { 1668 if-feature "TPM12"; 1669 base tpm12; 1670 base symmetric; 1671 description 1672 "Block cipher with various key sizes (Triple Data Encryption 1673 Algorithm, commonly called Triple Data Encryption Standard) 1674 Note: was banned in TPM1.2 v94"; 1675 reference 1676 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1677 ISO/IEC 18033-3. ALG_ID: 0x0003"; 1678 } 1680 identity TPM_ALG_SHA1 { 1681 if-feature "TPM12 or TPM20"; 1682 base hash; 1683 base tpm12; 1684 base tpm20; 1685 description 1686 "SHA1 algorithm - Deprecated due to insufficient cryptographic 1687 protection. However it is still useful for hash algorithms 1688 where protection is not required."; 1689 reference 1690 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1691 ISO/IEC 10118-3. ALG_ID: 0x0004"; 1692 } 1694 identity TPM_ALG_HMAC { 1695 if-feature "TPM12 or TPM20"; 1696 base tpm12; 1697 base tpm20; 1698 base hash; 1699 base signing; 1700 description 1701 "Hash Message Authentication Code (HMAC) algorithm"; 1702 reference 1703 "TCG_Algorithm_Registry_r1p32_pub Table 3, 1704 ISO/IEC 9797-2 and RFC2014. ALG_ID: 0x0005"; 1705 } 1707 identity TPM_ALG_AES { 1708 if-feature "TPM12"; 1709 base tpm12; 1710 base symmetric; 1711 description 1712 "The AES algorithm with various key sizes"; 1713 reference 1714 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1715 ISO/IEC 18033-3. ALG_ID: 0x0006"; 1717 } 1719 identity TPM_ALG_MGF1 { 1720 if-feature "TPM20"; 1721 base tpm20; 1722 base hash; 1723 base method; 1724 description 1725 "hash-based mask-generation function"; 1726 reference 1727 "TCG_Algorithm_Registry_r1p32_pub Table 3, 1728 IEEE Std 1363-2000 and IEEE Std 1363a -2004. 1729 ALG_ID: 0x0007"; 1730 } 1732 identity TPM_ALG_KEYEDHASH { 1733 if-feature "TPM20"; 1734 base tpm20; 1735 base hash; 1736 base object_type; 1737 description 1738 "An encryption or signing algorithm using a keyed hash. These 1739 may use XOR for encryption or an HMAC for signing and may 1740 also refer to a data object that is neither signing nor 1741 encrypting."; 1742 reference 1743 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1744 TCG TPM 2.0 library specification. . ALG_ID: 0x0008"; 1745 } 1747 identity TPM_ALG_XOR { 1748 if-feature "TPM12 or TPM20"; 1749 base tpm12; 1750 base tpm20; 1751 base hash; 1752 base symmetric; 1753 description 1754 "The XOR encryption algorithm."; 1755 reference 1756 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1757 TCG TPM 2.0 library specification. ALG_ID: 0x000A"; 1758 } 1760 identity TPM_ALG_SHA256 { 1761 if-feature "TPM20"; 1762 base tpm20; 1763 base hash; 1764 description 1765 "The SHA 256 algorithm"; 1766 reference 1767 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1768 ISO/IEC 10118-3. ALG_ID: 0x000B"; 1769 } 1771 identity TPM_ALG_SHA384 { 1772 if-feature "TPM20"; 1773 base tpm20; 1774 base hash; 1775 description 1776 "The SHA 384 algorithm"; 1777 reference 1778 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1779 ISO/IEC 10118-3. ALG_ID: 0x000C"; 1780 } 1782 identity TPM_ALG_SHA512 { 1783 if-feature "TPM20"; 1784 base tpm20; 1785 base hash; 1786 description 1787 "The SHA 512 algorithm"; 1788 reference 1789 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1790 ISO/IEC 10118-3. ALG_ID: 0x000D"; 1791 } 1793 identity TPM_ALG_NULL { 1794 if-feature "TPM20"; 1795 base tpm20; 1796 description 1797 "NULL algorithm"; 1798 reference 1799 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1800 TCG TPM 2.0 library specification. ALG_ID: 0x0010"; 1801 } 1803 identity TPM_ALG_SM3_256 { 1804 if-feature "TPM20"; 1805 base tpm20; 1806 base hash; 1807 description 1808 "The SM3 hash algorithm."; 1809 reference 1810 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1811 GM/T 0004-2012 - SM3_256. ALG_ID: 0x0012"; 1812 } 1813 identity TPM_ALG_SM4 { 1814 if-feature "TPM20"; 1815 base tpm20; 1816 base symmetric; 1817 description 1818 "SM4 symmetric block cipher"; 1819 reference 1820 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1821 GB/T 32907-2016. ALG_ID: 0x0013"; 1822 } 1824 identity TPM_ALG_RSASSA { 1825 if-feature "TPM20"; 1826 base tpm20; 1827 base asymmetric; 1828 base signing; 1829 description 1830 "Signature algorithm defined in section 8.2 (RSASSAPKCS1-v1_5)"; 1831 reference 1832 "TCG_Algorithm_Registry_r1p32_pub Table 3 and RFC 8017. 1833 ALG_ID: 0x0014"; 1834 } 1836 identity TPM_ALG_RSAES { 1837 if-feature "TPM20"; 1838 base tpm20; 1839 base asymmetric; 1840 base encryption_mode; 1841 description 1842 "Signature algorithm defined in section 7.2 (RSAES-PKCS1-v1_5)"; 1843 reference 1844 "TCG_Algorithm_Registry_r1p32_pub Table 3 and RFC 8017 1845 ALG_ID: 0x0015"; 1846 } 1848 identity TPM_ALG_RSAPSS { 1849 if-feature "TPM20"; 1850 base tpm20; 1851 base asymmetric; 1852 base signing; 1853 description 1854 "Padding algorithm defined in section 8.1 (RSASSA PSS)"; 1855 reference 1856 "TCG_Algorithm_Registry_r1p32_pub Table 3 and RFC 8017. 1857 ALG_ID: 0x0016"; 1858 } 1860 identity TPM_ALG_OAEP { 1861 if-feature "TPM20"; 1862 base tpm20; 1863 base asymmetric; 1864 base encryption_mode; 1865 description 1866 "Padding algorithm defined in section 7.1 (RSASSA OAEP)"; 1867 reference 1868 "TCG_Algorithm_Registry_r1p32_pub Table 3 and RFC 8017. 1869 ALG_ID: 0x0017"; 1870 } 1872 identity TPM_ALG_ECDSA { 1873 if-feature "TPM20"; 1874 base tpm20; 1875 base asymmetric; 1876 base signing; 1877 description 1878 "Signature algorithm using elliptic curve cryptography (ECC)"; 1879 reference 1880 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1881 ISO/IEC 14888-3. ALG_ID: 0x0018"; 1882 } 1884 identity TPM_ALG_ECDH { 1885 if-feature "TPM20"; 1886 base tpm20; 1887 base asymmetric; 1888 base method; 1889 description 1890 "Secret sharing using ECC"; 1891 reference 1892 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1893 NIST SP800-56A and RFC 7748. ALG_ID: 0x0019"; 1894 } 1896 identity TPM_ALG_ECDAA { 1897 if-feature "TPM20"; 1898 base tpm20; 1899 base asymmetric; 1900 base signing; 1901 base anonymous_signing; 1902 description 1903 "Elliptic-curve based anonymous signing scheme"; 1904 reference 1905 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1906 TCG TPM 2.0 library specification. ALG_ID: 0x001A"; 1907 } 1908 identity TPM_ALG_SM2 { 1909 if-feature "TPM20"; 1910 base tpm20; 1911 base asymmetric; 1912 base signing; 1913 base encryption_mode; 1914 base method; 1915 description 1916 "SM2 - depending on context, either an elliptic-curve based, 1917 signature algorithm, an encryption scheme, or a key exchange 1918 protocol"; 1919 reference 1920 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1921 A GM/T 0003.1-2012, GM/T 0003.2-2012, GM/T 0003.3-2012, 1922 GM/T 0003.5-2012 SM2. ALG_ID: 0x001B"; 1923 } 1925 identity TPM_ALG_ECSCHNORR { 1926 if-feature "TPM20"; 1927 base tpm20; 1928 base asymmetric; 1929 base signing; 1930 description 1931 "Elliptic-curve based Schnorr signature"; 1932 reference 1933 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1934 TCG TPM 2.0 library specification. ALG_ID: 0x001C"; 1935 } 1937 identity TPM_ALG_ECMQV { 1938 if-feature "TPM20"; 1939 base tpm20; 1940 base asymmetric; 1941 base method; 1942 description 1943 "Two-phase elliptic-curve key"; 1944 reference 1945 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1946 NIST SP800-56A. ALG_ID: 0x001D"; 1947 } 1949 identity TPM_ALG_KDF1_SP800_56A { 1950 if-feature "TPM20"; 1951 base tpm20; 1952 base hash; 1953 base method; 1954 description 1955 "Concatenation key derivation function"; 1957 reference 1958 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1959 NIST SP800-56A (approved alternative1) section 5.8.1. 1960 ALG_ID: 0x0020"; 1961 } 1963 identity TPM_ALG_KDF2 { 1964 if-feature "TPM20"; 1965 base tpm20; 1966 base hash; 1967 base method; 1968 description 1969 "Key derivation function"; 1970 reference 1971 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1972 IEEE 1363a-2004 KDF2 section 13.2. ALG_ID: 0x0021"; 1973 } 1975 identity TPM_ALG_KDF1_SP800_108 { 1976 base TPM_ALG_KDF2; 1977 description 1978 "A key derivation method"; 1979 reference 1980 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1981 NIST SP800-108 - Section 5.1 KDF. ALG_ID: 0x0022"; 1982 } 1984 identity TPM_ALG_ECC { 1985 if-feature "TPM20"; 1986 base tpm20; 1987 base asymmetric; 1988 base object_type; 1989 description 1990 "Prime field ECC"; 1991 reference 1992 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 1993 ISO/IEC 15946-1. ALG_ID: 0x0023"; 1994 } 1996 identity TPM_ALG_SYMCIPHER { 1997 if-feature "TPM20"; 1998 base tpm20; 1999 description 2000 "Object type for a symmetric block cipher"; 2001 reference 2002 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2003 TCG TPM 2.0 library specification. ALG_ID: 0x0025"; 2004 } 2005 identity TPM_ALG_CAMELLIA { 2006 if-feature "TPM20"; 2007 base tpm20; 2008 base symmetric; 2009 description 2010 "The Camellia algorithm"; 2011 reference 2012 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2013 ISO/IEC 18033-3. ALG_ID: 0x0026"; 2014 } 2016 identity TPM_ALG_SHA3_256 { 2017 if-feature "TPM20"; 2018 base tpm20; 2019 base hash; 2020 description 2021 "ISO/IEC 10118-3 - the SHA 256 algorithm"; 2022 reference 2023 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2024 NIST PUB FIPS 202. ALG_ID: 0x0027"; 2025 } 2027 identity TPM_ALG_SHA3_384 { 2028 if-feature "TPM20"; 2029 base tpm20; 2030 base hash; 2031 description 2032 "The SHA 384 algorithm"; 2033 reference 2034 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2035 NIST PUB FIPS 202. ALG_ID: 0x0028"; 2036 } 2038 identity TPM_ALG_SHA3_512 { 2039 if-feature "TPM20"; 2040 base tpm20; 2041 base hash; 2042 description 2043 "The SHA 512 algorithm"; 2044 reference 2045 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2046 NIST PUB FIPS 202. ALG_ID: 0x0029"; 2047 } 2049 identity TPM_ALG_CMAC { 2050 if-feature "TPM20"; 2051 base tpm20; 2052 base symmetric; 2053 base signing; 2054 description 2055 "block Cipher-based Message Authentication Code (CMAC)"; 2056 reference 2057 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2058 ISO/IEC 9797-1:2011 Algorithm 5. ALG_ID: 0x003F"; 2059 } 2061 identity TPM_ALG_CTR { 2062 if-feature "TPM20"; 2063 base tpm20; 2064 base symmetric; 2065 base encryption_mode; 2066 description 2067 "Counter mode"; 2068 reference 2069 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2070 ISO/IEC 10116. ALG_ID: 0x0040"; 2071 } 2073 identity TPM_ALG_OFB { 2074 base tpm20; 2075 base symmetric; 2076 base encryption_mode; 2077 description 2078 "Output Feedback mode"; 2079 reference 2080 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2081 ISO/IEC 10116. ALG_ID: 0x0041"; 2082 } 2084 identity TPM_ALG_CBC { 2085 if-feature "TPM20"; 2086 base tpm20; 2087 base symmetric; 2088 base encryption_mode; 2089 description 2090 "Cipher Block Chaining mode"; 2091 reference 2092 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2093 ISO/IEC 10116. ALG_ID: 0x0042"; 2094 } 2096 identity TPM_ALG_CFB { 2097 if-feature "TPM20"; 2098 base tpm20; 2099 base symmetric; 2100 base encryption_mode; 2101 description 2102 "Cipher Feedback mode"; 2103 reference 2104 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2105 ISO/IEC 10116. ALG_ID: 0x0043"; 2106 } 2108 identity TPM_ALG_ECB { 2109 if-feature "TPM20"; 2110 base tpm20; 2111 base symmetric; 2112 base encryption_mode; 2113 description 2114 "Electronic Codebook mode"; 2115 reference 2116 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2117 ISO/IEC 10116. ALG_ID: 0x0044"; 2118 } 2120 identity TPM_ALG_CCM { 2121 if-feature "TPM20"; 2122 base tpm20; 2123 base symmetric; 2124 base signing; 2125 base encryption_mode; 2126 description 2127 "Counter with Cipher Block Chaining-Message Authentication 2128 Code (CCM)"; 2129 reference 2130 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2131 NIST SP800-38C. ALG_ID: 0x0050"; 2132 } 2134 identity TPM_ALG_GCM { 2135 if-feature "TPM20"; 2136 base tpm20; 2137 base symmetric; 2138 base signing; 2139 base encryption_mode; 2140 description 2141 "Galois/Counter Mode (GCM)"; 2142 reference 2143 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2144 NIST SP800-38D. ALG_ID: 0x0051"; 2145 } 2147 identity TPM_ALG_KW { 2148 if-feature "TPM20"; 2149 base tpm20; 2150 base symmetric; 2151 base signing; 2152 base encryption_mode; 2153 description 2154 "AES Key Wrap (KW)"; 2155 reference 2156 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2157 NIST SP800-38F. ALG_ID: 0x0052"; 2158 } 2160 identity TPM_ALG_KWP { 2161 if-feature "TPM20"; 2162 base tpm20; 2163 base symmetric; 2164 base signing; 2165 base encryption_mode; 2166 description 2167 "AES Key Wrap with Padding (KWP)"; 2168 reference 2169 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2170 NIST SP800-38F. ALG_ID: 0x0053"; 2171 } 2173 identity TPM_ALG_EAX { 2174 if-feature "TPM20"; 2175 base tpm20; 2176 base symmetric; 2177 base signing; 2178 base encryption_mode; 2179 description 2180 "Authenticated-Encryption Mode"; 2181 reference 2182 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2183 NIST SP800-38F. ALG_ID: 0x0054"; 2184 } 2186 identity TPM_ALG_EDDSA { 2187 if-feature "TPM20"; 2188 base tpm20; 2189 base asymmetric; 2190 base signing; 2191 description 2192 "Edwards-curve Digital Signature Algorithm (PureEdDSA)"; 2193 reference 2194 "TCG_Algorithm_Registry_r1p32_pub Table 3 and 2195 RFC 8032. ALG_ID: 0x0060"; 2196 } 2198 } 2199 2201 Note that not all cryptographic functions are required for use by 2202 ietf-tpm-remote-attestation.yang. However the full definition of 2203 Table 3 of [TCG-Algos] will allow use by additional YANG 2204 specifications. 2206 3. IANA considerations 2208 This document will include requests to IANA: 2210 To be defined yet. But keeping up with changes to ietf-tcg-algs.yang 2211 will be necessary. 2213 4. Security Considerations 2215 The YANG module specified in this document defines a schema for data 2216 that is designed to be accessed via network management protocols such 2217 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2218 is the secure transport layer, and the mandatory-to-implement secure 2219 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2220 is HTTPS, and the mandatory-to-implement secure transport is TLS 2221 [RFC8446]. 2223 There are a number of data nodes defined in this YANG module that are 2224 writable/creatable/deletable (i.e., config true, which is the 2225 default). These data nodes may be considered sensitive or vulnerable 2226 in some network environments. Write operations (e.g., edit-config) 2227 to these data nodes without proper protection can have a negative 2228 effect on network operations. These are the subtrees and data nodes 2229 and their sensitivity/vulnerability: 2231 Container: 2233 * , , , and all could be populated with algorithms 2235 which are not supported by the underlying physical TPM installed 2236 by the equipment vendor. 2238 Container: 2240 * - Although shown as 'rw', it is system generated 2242 * - It is possible to configure PCRs for extraction 2243 which are not being extended by system software. This could 2244 unnecessarily use TPM resources. 2246 * - It is possible to provision a certificate which 2247 does not correspond to a Attestation Identity Key (AIK) within the 2248 TPM. 2250 RPC: - Need to verify that the 2251 certificate is for an active AIK. 2253 RPC: - Need to verify that the 2254 certificate is for an active AIK. 2256 RPC: - Pulling lots of logs can chew up system 2257 resources. 2259 5. Acknowledgements 2261 Not yet. 2263 6. Change Log 2265 Changes from version 04 to version 05: 2267 * YANG Dr comments covered 2269 Changes from version 03 to version 04: 2271 * TPM1.2 Quote1 eliminated 2273 * YANG model simplifications so redundant info isn't exposed 2275 Changes from version 02 to version 03: 2277 * moved to tcg-algs 2279 * cleaned up model to eliminate sources of errors 2281 * removed key establishment RPC 2283 * added lots of XPATH which must all be scrubbed still 2285 * Descriptive text added on model contents. 2287 Changes from version 01 to version 02: 2289 * Extracted Crypto-types into a separate YANG file 2291 * Mades the algorithms explicit, not strings 2293 * Hash Algo as key the selected TPM2 PCRs 2294 * PCR numbers are their own type 2296 * Eliminated nested keys for node-id plus tpm-name 2298 * Eliminated TPM-Name of "ALL" 2300 * Added TPM-Path 2302 Changes from version 00 to version 01: 2304 * Addressed author's comments 2306 * Extended complementary details about attestation-certificates 2308 * Relabeled chunk-size to log-entry-quantity 2310 * Relabeled location with compute-node or tpm-name where appropriate 2312 * Added a valid entity-mib physical-index to compute-node and tpm- 2313 name to map it back to hardware inventory 2315 * Relabeled name to tpm_name 2317 * Removed event-string in last-entry 2319 7. References 2321 7.1. Normative References 2323 [I-D.ietf-netconf-keystore] 2324 Watsen, K., "A YANG Data Model for a Keystore", Work in 2325 Progress, Internet-Draft, draft-ietf-netconf-keystore-21, 2326 10 February 2021, . 2329 [I-D.ietf-rats-architecture] 2330 Birkholz, H., Thaler, D., Richardson, M., Smith, N., and 2331 W. Pan, "Remote Attestation Procedures Architecture", Work 2332 in Progress, Internet-Draft, draft-ietf-rats-architecture- 2333 11, 30 March 2021, . 2336 [I-D.ietf-rats-reference-interaction-models] 2337 Birkholz, H., Eckel, M., Newton, C., and L. Chen, 2338 "Reference Interaction Models for Remote Attestation 2339 Procedures", Work in Progress, Internet-Draft, draft-ietf- 2340 rats-reference-interaction-models-01, 23 October 2020, 2341 . 2344 [I-D.ietf-rats-tpm-based-network-device-attest] 2345 Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM- 2346 based Network Device Remote Integrity Verification", Work 2347 in Progress, Internet-Draft, draft-ietf-rats-tpm-based- 2348 network-device-attest-06, 7 December 2020, 2349 . 2352 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2353 Requirement Levels", BCP 14, RFC 2119, 2354 DOI 10.17487/RFC2119, March 1997, 2355 . 2357 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2358 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2359 . 2361 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2362 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2363 May 2017, . 2365 [RFC8348] Bierman, A., Bjorklund, M., Dong, J., and D. Romascanu, "A 2366 YANG Data Model for Hardware Management", RFC 8348, 2367 DOI 10.17487/RFC8348, March 2018, 2368 . 2370 [TCG-Algos] 2371 "TCG_Algorithm_Registry_r1p32_pub", n.d., 2372 . 2375 [TPM1.2] TCG, ., "TPM 1.2 Main Specification", 2 October 2003, 2376 . 2379 [TPM2.0] TCG, ., "TPM 2.0 Library Specification", 15 March 2013, 2380 . 2383 7.2. Informative References 2385 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2386 and A. Bierman, Ed., "Network Configuration Protocol 2387 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2388 . 2390 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2391 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2392 . 2394 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2395 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2396 . 2398 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2399 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2400 . 2402 Authors' Addresses 2404 Henk Birkholz 2405 Fraunhofer SIT 2406 Rheinstrasse 75 2407 64295 Darmstadt 2408 Germany 2410 Email: henk.birkholz@sit.fraunhofer.de 2412 Michael Eckel 2413 Fraunhofer SIT 2414 Rheinstrasse 75 2415 64295 Darmstadt 2416 Germany 2418 Email: michael.eckel@sit.fraunhofer.de 2420 Shwetha Bhandari 2421 ThoughtSpot 2423 Email: shwetha.bhandari@thoughtspot.com 2425 Eric Voit 2426 Cisco Systems 2428 Email: evoit@cisco.com 2429 Bill Sulzen 2430 Cisco Systems 2432 Email: bsulzen@cisco.com 2434 Liang Xia (Frank) 2435 Huawei Technologies 2436 101 Software Avenue, Yuhuatai District 2437 Nanjing 2438 Jiangsu, 210012 2439 China 2441 Email: Frank.Xialiang@huawei.com 2443 Tom Laffey 2444 Hewlett Packard Enterprise 2446 Email: tom.laffey@hpe.com 2448 Guy C. Fedorkow 2449 Juniper Networks 2450 10 Technology Park Drive 2451 Westford 2453 Email: gfedorkow@juniper.net