idnits 2.17.1
draft-ietf-rats-yang-tpm-charra-13.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** There are 66 instances of too long lines in the document, the longest
one being 3 characters in excess of 72.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 188 has weird spacing: '...te-name cer...'
== Line 217 has weird spacing: '...r-index pcr...'
== Line 301 has weird spacing: '...-number uin...'
== Line 360 has weird spacing: '...version ide...'
== Line 364 has weird spacing: '...sh-algo ide...'
-- The document date (2 February 2022) is 813 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
-- Possible downref: Non-RFC (?) normative reference: ref.
'BIOS-Log-Event-Type'
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-23
== Outdated reference: A later version (-22) exists of
draft-ietf-rats-architecture-14
** Downref: Normative reference to an Informational draft:
draft-ietf-rats-architecture (ref. 'I-D.ietf-rats-architecture')
== Outdated reference: A later version (-14) exists of
draft-ietf-rats-tpm-based-network-device-attest-11
** Downref: Normative reference to an Informational draft:
draft-ietf-rats-tpm-based-network-device-attest (ref.
'I-D.ietf-rats-tpm-based-network-device-attest')
-- Possible downref: Non-RFC (?) normative reference: ref.
'IEEE-Std-1363-2000'
-- Possible downref: Non-RFC (?) normative reference: ref.
'IEEE-Std-1363a-2004'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-10116'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-10118-3'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-14888-3'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-15946-1'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-18033-3'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-9797-1'
-- Possible downref: Non-RFC (?) normative reference: ref. 'ISO-IEC-9797-2'
-- Possible downref: Non-RFC (?) normative reference: ref.
'NIST-PUB-FIPS-202'
-- Possible downref: Non-RFC (?) normative reference: ref. 'NIST-SP800-108'
-- Possible downref: Non-RFC (?) normative reference: ref. 'NIST-SP800-38C'
-- Possible downref: Non-RFC (?) normative reference: ref. 'NIST-SP800-38D'
-- Possible downref: Non-RFC (?) normative reference: ref. 'NIST-SP800-38F'
-- Possible downref: Non-RFC (?) normative reference: ref. 'NIST-SP800-56A'
** Downref: Normative reference to an Informational RFC: RFC 7748
** Downref: Normative reference to an Informational RFC: RFC 8017
** Downref: Normative reference to an Informational RFC: RFC 8032
-- Possible downref: Non-RFC (?) normative reference: ref. 'TCG-Algos'
== Outdated reference: A later version (-09) exists of
draft-ietf-rats-reference-interaction-models-05
Summary: 6 errors (**), 0 flaws (~~), 10 warnings (==), 18 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 RATS Working Group H. Birkholz
3 Internet-Draft M. Eckel
4 Intended status: Standards Track Fraunhofer SIT
5 Expires: 6 August 2022 S. Bhandari
6 ThoughtSpot
7 E. Voit
8 B. Sulzen
9 Cisco
10 L. Xia
11 Huawei
12 T. Laffey
13 HPE
14 G. Fedorkow
15 Juniper
16 2 February 2022
18 A YANG Data Model for Challenge-Response-based Remote Attestation
19 Procedures using TPMs
20 draft-ietf-rats-yang-tpm-charra-13
22 Abstract
24 This document defines YANG RPCs and a small number of configuration
25 nodes required to retrieve attestation evidence about integrity
26 measurements from a device, following the operational context defined
27 in TPM-based Network Device Remote Integrity Verification.
28 Complementary measurement logs are also provided by the YANG RPCs,
29 originating from one or more roots of trust for measurement (RTMs).
30 The module defined requires at least one TPM 1.2 or TPM 2.0 as well
31 as a corresponding TPM Software Stack (TSS), included in the device
32 components of the composite device the YANG server is running on.
34 Status of This Memo
36 This Internet-Draft is submitted in full conformance with the
37 provisions of BCP 78 and BCP 79.
39 Internet-Drafts are working documents of the Internet Engineering
40 Task Force (IETF). Note that other groups may also distribute
41 working documents as Internet-Drafts. The list of current Internet-
42 Drafts is at https://datatracker.ietf.org/drafts/current/.
44 Internet-Drafts are draft documents valid for a maximum of six months
45 and may be updated, replaced, or obsoleted by other documents at any
46 time. It is inappropriate to use Internet-Drafts as reference
47 material or to cite them other than as "work in progress."
48 This Internet-Draft will expire on 6 August 2022.
50 Copyright Notice
52 Copyright (c) 2022 IETF Trust and the persons identified as the
53 document authors. All rights reserved.
55 This document is subject to BCP 78 and the IETF Trust's Legal
56 Provisions Relating to IETF Documents (https://trustee.ietf.org/
57 license-info) in effect on the date of publication of this document.
58 Please review these documents carefully, as they describe your rights
59 and restrictions with respect to this document. Code Components
60 extracted from this document must include Revised BSD License text as
61 described in Section 4.e of the Trust Legal Provisions and are
62 provided without warranty as described in the Revised BSD License.
64 Table of Contents
66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
67 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3
68 2. The YANG Module for Basic Remote Attestation Procedures . . . 3
69 2.1. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 3
70 2.1.1. 'ietf-tpm-remote-attestation' . . . . . . . . . . . . 3
71 2.1.2. 'ietf-tcg-algs' . . . . . . . . . . . . . . . . . . . 32
72 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48
73 4. Security Considerations . . . . . . . . . . . . . . . . . . . 49
74 5. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 50
75 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 51
76 6.1. Normative References . . . . . . . . . . . . . . . . . . 51
77 6.2. Informative References . . . . . . . . . . . . . . . . . 57
78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57
80 1. Introduction
82 This document is based on the general terminology defined in the
83 [I-D.ietf-rats-architecture] and uses the operational context defined
84 in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the
85 interaction model and information elements defined in
86 [I-D.ietf-rats-reference-interaction-models]. The currently
87 supported hardware security modules (HSMs) are the Trusted Platform
88 Modules (TPMs) [TPM1.2] and [TPM2.0] as specified by the Trusted
89 Computing Group (TCG). One or more TPMs embedded in the components
90 of a Composite Device are required in order to use the YANG module
91 defined in this document. A TPM is used as a root of trust for
92 reporting (RTR) in order to retrieve attestation Evidence from a
93 composite device (_TPM Quote_ primitive operation). Additionally, it
94 is used as a root of trust for storage (RTS) in order to retain
95 shielded secrets and store system measurements using a folding hash
96 function (_TPM PCR Extend_ primitive operation).
98 Specific terms imported from [I-D.ietf-rats-architecture] and used in
99 this document include: Attester, Composite Device, Evidence.
101 Specific terms imported from [TPM2.0-Key] and used in this document
102 include: Endorsement Key (EK), Initial Attestation Key (IAK), Local
103 Attestation Key (LAK).
105 1.1. Requirements notation
107 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
108 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
109 "OPTIONAL" in this document are to be interpreted as described in
110 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
111 capitals, as shown here.
113 2. The YANG Module for Basic Remote Attestation Procedures
115 One or more TPMs MUST be embedded in a Composite Device that provides
116 attestation evidence via the YANG module defined in this document.
117 The ietf-basic-remote-attestation YANG module enables a composite
118 device to take on the role of an Attester, in accordance with the
119 Remote Attestation Procedures (RATS) architecture
120 [I-D.ietf-rats-architecture], and the corresponding challenge-
121 response interaction model defined in the
122 [I-D.ietf-rats-reference-interaction-models] document. A fresh nonce
123 with an appropriate amount of entropy [NIST-915121] MUST be supplied
124 by the YANG client in order to enable a proof-of-freshness with
125 respect to the attestation Evidence provided by the Attester running
126 the YANG datastore. Further, this nonce is used to prevent replay
127 attacks. The method for communicating the relationship of each
128 individual TPM to specific measured component within the Composite
129 Device is out of the scope of this document.
131 2.1. YANG Modules
133 In this section the several YANG modules are defined.
135 2.1.1. 'ietf-tpm-remote-attestation'
137 This YANG module imports modules from [RFC6991], [RFC8348],
138 [I-D.ietf-netconf-keystore], and ietf-tcg-algs.yang Section 2.1.2.3.
139 Additionally references are made to [RFC8032], [RFC8017], [RFC6933],
140 [TPM1.2-Commands], [TPM2.0-Arch], [TPM2.0-Structures], [TPM2.0-Key],
141 [TPM1.2-Structures], [PC-Client-EFI-TPM-1.2], [ima-log],
142 [BIOS-Log-Event-Type] and [netequip-boot-log].
144 2.1.1.1. Features
146 This module supports the following features:
148 * 'TPMs': Indicates that multiple TPMs on the device can support
149 remote attestation. This feature is applicable in cases where
150 multiple line cards are present, each with its own TPM.
152 * 'bios': Indicates that the device supports the retrieval of BIOS/
153 UEFI event logs. [bios-log]
155 * 'ima': Indicates that the device supports the retrieval of event
156 logs from the Linux Integrity Measurement Architecture (IMA).
157 [ima-log]
159 * 'netequip_boot': Indicates that the device supports the retrieval
160 of netequip boot event logs. [netequip-boot-log]
162 2.1.1.2. Identities
164 This module supports the following types of attestation event logs:
165 'bios', 'ima', and 'netequip_boot'.
167 2.1.1.3. Remote Procedure Calls (RPCs)
169 In the following, RPCs for both TPM 1.2 and TPM 2.0 attestation
170 procedures are defined.
172 2.1.1.3.1. 'tpm12-challenge-response-attestation'
174 This RPC allows a Verifier to request signed TPM PCRs (_TPM Quote_
175 operation) from a TPM 1.2 compliant cryptoprocessor. Where the
176 feature 'TPMs' is active, and one or more 'certificate-name' is not
177 provided, all TPM 1.2 compliant cryptoprocessors will respond. A
178 YANG tree diagram of this RPC is as follows:
180 +---x tpm12-challenge-response-attestation {taa:TPM12}?
181 +---w input
182 | +---w tpm12-attestation-challenge
183 | +---w pcr-index* pcr
184 | +---w nonce-value binary
185 | +---w certificate-name* certificate-name-ref {tpm:TPMs}?
186 +--ro output
187 +--ro tpm12-attestation-response* []
188 +--ro certificate-name certificate-name-ref
189 +--ro up-time? uint32
190 +--ro TPM_QUOTE2? binary
192 2.1.1.3.2. 'tpm20-challenge-response-attestation'
194 This RPC allows a Verifier to request signed TPM PCRs (_TPM Quote_
195 operation) from a TPM 2.0 compliant cryptoprocessor. Where the
196 feature 'TPMs' is active, and one or more 'certificate-name' is not
197 provided, all TPM 2.0 compliant cryptoprocessors will respond. A
198 YANG tree diagram of this RPC is as follows:
200 +---x tpm20-challenge-response-attestation {taa:tpm}?
201 +---w input
202 | +---w tpm20-attestation-challenge
203 | +---w nonce-value binary
204 | +---w tpm20-pcr-selection* []
205 | | +---w TPM20-hash-algo? identityref
206 | | +---w pcr-index* tpm:pcr
207 | +---w certificate-name* certificate-name-ref {tpm:TPMs}?
208 +--ro output
209 +--ro tpm20-attestation-response* []
210 +--ro certificate-name certificate-name-ref
211 +--ro TPMS_QUOTE_INFO binary
212 +--ro quote-signature? binary
213 +--ro up-time? uint32
214 +--ro unsigned-pcr-values* []
215 +--ro TPM20-hash-algo? identityref
216 +--ro pcr-values* [pcr-index]
217 +--ro pcr-index pcr
218 +--ro pcr-value? binary
220 An example of an RPC challenge requesting PCRs 0-7 from a SHA-256
221 bank could look like the following:
223
224
225 xmlns="urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation">
226
227 (identifier of a TPM signature key with which the Verifier is
228 supposed to sign the attestation data)
229
230
231 0xe041307208d9f78f5b1bbecd19e2d152ad49de2fc5a7d8dbf769f6b8ffdeab9
232
233
234
236 TPM_ALG_SHA256
237
238 0
239 1
240 2
241 3
242 4
243 5
244 6
245 7
246
247
248
250 A successful response could be formatted as follows:
252
254
256
258 (instance of Certificate name in the Keystore)
259
260
261 (raw attestation data, i.e. the TPM quote; this includes
262 a composite digest of requested PCRs, the nonce,
263 and TPM 2.0 time information.)
264
265
266 (signature over attestation-data using the TPM key
267 identified by sig-key-id)
268
269
270
272 2.1.1.4. 'log-retrieval'
274 This RPC allows a Verifier to acquire the evidence which was extended
275 into specific TPM PCRs. A YANG tree diagram of this RPC is as
276 follows:
278 +---x log-retrieval
279 +---w input
280 | +---w log-selector* []
281 | | +---w name* string
282 | | +---w (index-type)?
283 | | | +--:(last-entry)
284 | | | | +---w last-entry-value? binary
285 | | | +--:(index)
286 | | | | +---w last-index-number? uint64
287 | | | +--:(timestamp)
288 | | | +---w timestamp? yang:date-and-time
289 | | +---w log-entry-quantity? uint16
290 | +---w log-type identityref
291 +--ro output
292 +--ro system-event-logs
293 +--ro node-data* []
294 +--ro name? string
295 +--ro up-time? uint32
296 +--ro log-result
297 +--ro (attested_event_log_type)
298 +--:(bios) {bios}?
299 | +--ro bios-event-logs
300 | +--ro bios-event-entry* [event-number]
301 | +--ro event-number uint32
302 | +--ro event-type? uint32
303 | +--ro pcr-index? pcr
304 | +--ro digest-list* []
305 | | +--ro hash-algo? identityref
306 | | +--ro digest* binary
307 | +--ro event-size? uint32
308 | +--ro event-data* uint8
309 +--:(ima) {ima}?
310 | +--ro ima-event-logs
311 | +--ro ima-event-entry* [event-number]
312 | +--ro event-number uint64
313 | +--ro ima-template? string
314 | +--ro filename-hint? string
315 | +--ro filedata-hash? binary
316 | +--ro filedata-hash-algorithm? string
317 | +--ro template-hash-algorithm? string
318 | +--ro template-hash? binary
319 | +--ro pcr-index? pcr
320 | +--ro signature? binary
321 +--:(netequip_boot) {netequip_boot}?
322 +--ro boot-event-logs
323 +--ro boot-event-entry* [event-number]
324 +--ro event-number uint64
325 +--ro ima-template? string
326 +--ro filename-hint? string
327 +--ro filedata-hash? binary
328 +--ro filedata-hash-algorithm? string
329 +--ro template-hash-algorithm? string
330 +--ro template-hash? binary
331 +--ro pcr-index? pcr
332 +--ro signature? binary
334 2.1.1.5. Data Nodes
336 This section provides a high level description of the data nodes
337 containing the configuration and operational objects with the YANG
338 model. For more details, please see the YANG model itself in
339 Figure 1.
341 Container 'rats-support-structures': This houses the set of
342 information relating to a device's TPM(s).
344 Container 'tpms': Provides configuration and operational details for
345 each supported TPM, including the tpm-firmware-version, PCRs which
346 may be quoted, certificates which are associated with that TPM,
347 and the current operational status. Of note are the certificates
348 which are associated with that TPM. As a certificate is
349 associated with a particular TPM attestation key, knowledge of the
350 certificate allows a specific TPM to be identified.
352 +--rw tpms
353 +--rw tpm* [name]
354 +--rw name string
355 +--ro hardware-based? boolean
356 +--ro physical-index? int32 {hw:entity-mib}?
357 +--ro path? string
358 +--ro compute-node compute-node-ref {tpm:tpms}?
359 +--ro manufacturer? string
360 +--rw firmware-version identityref
361 +--rw tpm12-hash-algo? identityref
362 +--rw tpm12-pcrs* pcr
363 +--rw tpm20-pcr-bank* [tpm20-hash-algo]
364 | +--rw tpm20-hash-algo identityref
365 | +--rw pcr-index* tpm:pcr
366 +--ro status enumeration
367 +--rw certificates
368 +--rw certificate* [name]
369 +--rw name string
370 +--rw keystore-ref? leafref
371 +--rw type? enumeration
373 container 'attester-supported-algos' - Identifies which TCG hash
374 algorithms are available for use on the Attesting platform. This
375 allows an operator to limit algorithms available for use by RPCs to
376 just a desired set from the universe of all allowed hash algorithms
377 by the TCG.
379 +--rw attester-supported-algos
380 +--rw tpm12-asymmetric-signing* identityref
381 +--rw tpm12-hash* identityref
382 +--rw tpm20-asymmetric-signing* identityref
383 +--rw tpm20-hash* identityref
385 container 'compute-nodes' - When there is more than one TPM
386 supported, this container maintains the set of information related to
387 the compute node associated with a specific TPM. This allows each
388 specific TPM to identify to which 'compute-node' it belongs.
390 +--rw compute-nodes {tpm:TPMs}?
391 +--ro compute-node* [node-id]
392 +--ro node-id string
393 +--ro node-physical-index? int32 {hw:entity-mib}?
394 +--ro node-name? string
395 +--ro node-location? string
397 2.1.1.6. YANG Module
398 file "ietf-tpm-remote-attestation@2022-11-16.yang"
399 module ietf-tpm-remote-attestation {
400 namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";
401 prefix tpm;
403 import ietf-yang-types {
404 prefix yang;
405 }
406 import ietf-hardware {
407 prefix hw;
408 }
409 import ietf-keystore {
410 prefix ks;
411 }
412 import ietf-tcg-algs {
413 prefix taa;
414 }
416 organization
417 "IETF RATS (Remote ATtestation procedureS) Working Group";
418 contact
419 "WG Web :
420 WG List :
421 Author : Eric Voit
422 Author : Henk Birkholz
423 Author : Michael Eckel
424 Author : Shwetha Bhandari
425 Author : Bill Sulzen
426 Author : Liang Xia (Frank)
427 Author : Tom Laffey
428 Author : Guy Fedorkow ";
429 description
430 "A YANG module to enable a TPM 1.2 and TPM 2.0 based
431 remote attestation procedure using a challenge-response
432 interaction model and the TPM 1.2 and TPM 2.0 Quote
433 primitive operations.
434 Copyright (c) 2021 IETF Trust and the persons identified
435 as authors of the code. All rights reserved.
436 Redistribution and use in source and binary forms, with
437 or without modification, is permitted pursuant to, and
438 subject to the license terms contained in, the Simplified
439 BSD License set forth in Section 4.c of the IETF Trust's
440 Legal Provisions Relating to IETF Documents
441 (https://trustee.ietf.org/license-info).
442 This version of this YANG module is part of RFC XXXX
443 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
444 itself for full legal notices.
446 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
447 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
448 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
449 are to be interpreted as described in BCP 14 (RFC 2119)
450 (RFC 8174) when, and only when, they appear in all
451 capitals, as shown here.";
453 revision 2022-01-27 {
454 description
455 "Initial version";
456 reference
457 "RFC XXXX: A YANG Data Model for Challenge-Response-based Remote
458 Attestation Procedures using TPMs";
459 }
461 /*****************/
462 /* Features */
463 /*****************/
465 feature tpms {
466 description
467 "The device supports the remote attestation of multiple
468 TPM based cryptoprocessors.";
469 }
471 feature bios {
472 description
473 "The device supports the bios logs.";
474 reference
475 "PC-Client-EFI-TPM-1.2:
476 https://trustedcomputinggroup.org/wp-content/uploads/
477 PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf
478 Section 9.4.5.2";
479 }
481 feature ima {
482 description
483 "The device supports Integrity Measurement Architecture logs.
484 Many variants of IMA logs exist in the deployment. Each encodes
485 the log entry contents as the specific measurements which get
486 hashed into a PCRs as Evidence. See the reference below for
487 one example of such an encoding.";
488 reference
489 "ima-log:
490 https://www.trustedcomputinggroup.org/wp-content/uploads/
491 TCG_IWG_CEL_v1_r0p30_13feb2021.pdf Section 4.3";
492 }
493 feature netequip_boot {
494 description
495 "The device supports the netequip_boot logs.";
496 reference
497 "netequip-boot-log:
498 https://www.kernel.org/doc/Documentation/ABI/testing/ima_policy";
499 }
501 /*****************/
502 /* Typedefs */
503 /*****************/
505 typedef pcr {
506 type uint8 {
507 range "0..31";
508 }
509 description
510 "Valid index number for a PCR. At this point 0-31 is viable.";
511 }
513 typedef compute-node-ref {
514 type leafref {
515 path "/tpm:rats-support-structures/tpm:compute-nodes"
516 + "/tpm:compute-node/tpm:node-name";
517 }
518 description
519 "This type is used to reference a hardware node. It is quite
520 possible this leafref will eventually point to another YANG
521 module's node.";
522 }
524 typedef certificate-name-ref {
525 type leafref {
526 path "/tpm:rats-support-structures/tpm:tpms/tpm:tpm"
527 + "/tpm:certificates/tpm:certificate/tpm:name";
528 }
529 description
530 "A type which allows identification of a TPM based certificate.";
531 }
533 /******************/
534 /* Identities */
535 /******************/
537 identity attested_event_log_type {
538 description
539 "Base identity allowing categorization of the reasons why an
540 attested measurement has been taken on an Attester.";
542 }
544 identity ima {
545 base attested_event_log_type;
546 description
547 "An event type recorded in IMA.";
548 }
550 identity bios {
551 base attested_event_log_type;
552 description
553 "An event type associated with BIOS/UEFI.";
554 }
556 identity netequip_boot {
557 base attested_event_log_type;
558 description
559 "An event type associated with Network Equipment Boot.";
560 }
562 /*****************/
563 /* Groupings */
564 /*****************/
566 grouping tpm20-hash-algo {
567 description
568 "The cryptographic algorithm used to hash the TPM2 PCRs. This
569 must be from the list of platform supported options.";
570 leaf tpm20-hash-algo {
571 type identityref {
572 base taa:hash;
573 }
574 must '/tpm:rats-support-structures/tpm:attester-supported-algos'
575 + '/tpm:tpm20-hash' {
576 error-message "This platform does not support tpm20-hash-algo";
577 }
578 default "taa:TPM_ALG_SHA256";
579 description
580 "The hash scheme that is used to hash a TPM1.2 PCR. This
581 must be one of those supported by a platform.";
582 }
583 }
585 grouping tpm12-hash-algo {
586 description
587 "The cryptographic algorithm used to hash the TPM1.2 PCRs.";
588 leaf tpm12-hash-algo {
589 type identityref {
590 base taa:hash;
591 }
592 must '/tpm:rats-support-structures/tpm:attester-supported-algos'
593 + '/tpm:tpm12-hash' {
594 error-message "This platform does not support tpm12-hash-algo";
595 }
596 default "taa:TPM_ALG_SHA1";
597 description
598 "The hash scheme that is used to hash a TPM1.2 PCR. This
599 MUST be one of those supported by a platform. This assumes
600 that an algorithm other than SHA1 can be supported on some
601 TPM1.2 cryptoprocessor variant.";
602 }
603 }
605 grouping nonce {
606 description
607 "A random number intended to be used once to show freshness
608 and to allow the detection of replay attacks.";
609 leaf nonce-value {
610 type binary;
611 mandatory true;
612 description
613 "A cryptographically generated random number which should
614 not be predictable prior to its issuance from a random
615 number generation function. The random number MUST be
616 derived from an entropy source external to the Attester.
618 Note that a nonce sent into a TPM will typically be 160 or 256
619 binary digits long. (This is 20 or 32 bytes.) So if fewer
620 binary are sent, this nonce object will be padded
621 with leading zeros any in Quotes returned from the TPM.
622 Additionally if more bytes are sent, the nonce will be trimmed
623 to the most significant binary digits.";
624 }
625 }
627 grouping tpm12-pcr-selection {
628 description
629 "A Verifier can request one or more PCR values using its
630 individually created Attestation Key Certificate (AC).
631 The corresponding selection filter is represented in this
632 grouping.
633 Requesting a PCR value that is not in scope of the AC used,
634 detailed exposure via error msg should be avoided.";
635 leaf-list pcr-index {
636 type pcr;
637 description
638 "The numbers/indexes of the PCRs. At the moment this is limited
639 to 32. In addition, any selection of PCRs MUST verify that
640 the set of PCRs requested are a subset the set of PCRs
641 exposed by in the leaf-list /tpm:rats-support-structures
642 /tpm:tpms/tpm:tpm[name=current()]/tpm:tpm12-pcrs";
643 }
644 }
646 grouping tpm20-pcr-selection {
647 description
648 "A Verifier can acquire one or more PCR values, which are hashed
649 together in a TPM2B_DIGEST coming from the TPM2. The selection
650 list of desired PCRs and the Hash Algorithm is represented in
651 this grouping.";
652 list tpm20-pcr-selection {
653 unique "tpm20-hash-algo";
654 description
655 "Specifies the list of PCRs and Hash Algorithms that can be
656 returned within a TPM2B_DIGEST.";
657 reference
658 "TPM2.0-Structures:
659 https://www.trustedcomputinggroup.org/wp-content/uploads/
660 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.9.7";
661 uses tpm20-hash-algo;
662 leaf-list pcr-index {
663 type pcr;
664 must '/tpm:rats-support-structures/tpm:tpms'
665 + '/tpm:tpm[name = current()] and '
666 + '/tpm:rats-support-structures/tpm:tpms/tpm:tpm'
667 + '/tpm:tpm20-pcr-bank[pcr-index = current()]' {
668 error-message "Acquiring this PCR index is not supported";
669 }
670 description
671 "The numbers of the PCRs that which are being tracked
672 with a hash based on the tpm20-hash-algo. In addition,
673 any selection of PCRs MUST verify that the set of PCRs
674 requested are a subset the set of PCR indexes exposed
675 within /tpm:rats-support-structures/tpm:tpms
676 /tpm:tpm[name=current()]/tpm:tpm20-pcr-bank
677 /tpm:pcr-index";
678 }
679 }
680 }
682 grouping certificate-name-ref {
683 description
684 "Identifies a certificate in a keystore.";
685 leaf certificate-name {
686 type certificate-name-ref;
687 mandatory true;
688 description
689 "Identifies a certificate in a keystore.";
690 }
691 }
693 grouping tpm-name {
694 description
695 "A unique TPM on a device.";
696 leaf name {
697 type string;
698 description
699 "Unique system generated name for a TPM on a device.";
700 }
701 }
703 grouping tpm-name-selector {
704 description
705 "One or more TPM on a device.";
706 leaf-list name {
707 type string;
708 config false;
709 description
710 "Name of one or more unique TPMs on a device. If this object
711 exists, a selection should pull only the objects related to
712 these TPM(s). If it does not exist, all qualifying TPMs that
713 are 'hardware-based' equals true on the device are selected.";
714 }
715 }
717 grouping node-uptime {
718 description
719 "Uptime in seconds of the node.";
720 leaf up-time {
721 type uint32;
722 description
723 "Uptime in seconds of this node reporting its data";
724 }
725 }
727 grouping tpm12-attestation {
728 description
729 "Contains an instance of TPM1.2 style signed cryptoprocessor
730 measurements. It is supplemented by unsigned Attester
731 information.";
732 uses node-uptime;
733 leaf TPM_QUOTE2 {
734 type binary;
735 description
736 "Result of a TPM1.2 Quote2 operation. This includes PCRs,
737 signatures, locality, the provided nonce and other data which
738 can be further parsed to appraise the Attester.";
739 reference
740 "TPM1.2-Commands:
741 TPM1.2 commands rev116 July 2007, Section 16.5
742 https://trustedcomputinggroup.org/wp-content/uploads
743 /TPM-Main-Part-3-Commands_v1.2_rev116_01032011.pdf";
744 }
745 }
747 grouping tpm20-attestation {
748 description
749 "Contains an instance of TPM2 style signed cryptoprocessor
750 measurements. It is supplemented by unsigned Attester
751 information.";
752 leaf TPMS_QUOTE_INFO {
753 type binary;
754 mandatory true;
755 description
756 "A hash of the latest PCR values (and the hash algorithm used)
757 which have been returned from a Verifier for the selected PCRs
758 and Hash Algorithms.";
759 reference
760 "TPM2.0-Structures:
761 https://www.trustedcomputinggroup.org/wp-content/uploads/
762 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.12.1";
763 }
764 leaf quote-signature {
765 type binary;
766 description
767 "Quote signature returned by TPM Quote. The signature was
768 generated using the key associated with the
769 certificate 'name'.";
770 reference
771 "TPM2.0-Structures:
772 https://www.trustedcomputinggroup.org/wp-content/uploads/
773 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 11.2.1";
774 }
775 uses node-uptime;
776 list unsigned-pcr-values {
777 description
778 "PCR values in each PCR bank. This might appear redundant with
779 the TPM2B_DIGEST, but that digest is calculated across multiple
780 PCRs. Having to verify across multiple PCRs does not
781 necessarily make it easy for a Verifier to appraise just the
782 minimum set of PCR information which has changed since the last
783 received TPM2B_DIGEST. Put another way, why should a Verifier
784 reconstruct the proper value of all PCR Quotes when only a
785 single PCR has changed?
786 To help this happen, if the Attester does know specific PCR
787 values, the Attester can provide these individual values via
788 'unsigned-pcr-values'. By comparing this information to the
789 what has previously been validated, it is possible for a
790 Verifier to confirm the Attester's signature while eliminating
791 significant processing. There should never be a result where
792 an unsigned PCR value is actually that that within a quote.
793 If there is a difference, a signed result which has been
794 verified from retrieved logs is considered definitive.";
795 uses tpm20-hash-algo;
796 list pcr-values {
797 key "pcr-index";
798 description
799 "List of one PCR bank.";
800 leaf pcr-index {
801 type pcr;
802 description
803 "PCR index number.";
804 }
805 leaf pcr-value {
806 type binary;
807 description
808 "PCR value.";
809 reference
810 "TPM2.0-Structures:
811 https://www.trustedcomputinggroup.org/wp-content/uploads/
812 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.9.7";
813 }
814 }
815 }
816 }
818 grouping log-identifier {
819 description
820 "Identifier for type of log to be retrieved.";
821 leaf log-type {
822 type identityref {
823 base attested_event_log_type;
824 }
825 mandatory true;
826 description
827 "The corresponding measurement log type identity.";
828 }
829 }
830 grouping boot-event-log {
831 description
832 "Defines a specific instance of an event log entry
833 and corresponding to the information used to
834 extended the PCR";
835 leaf event-number {
836 type uint32;
837 description
838 "Unique event number of this event";
839 }
840 leaf event-type {
841 type uint32;
842 description
843 "BIOS Log Event Type:
844 https://trustedcomputinggroup.org/wp-content/uploads/
845 TCG_PCClient_PFP_r1p05_v23_pub.pdf Section 10.4.1";
846 }
847 leaf pcr-index {
848 type pcr;
849 description
850 "Defines the PCR index that this event extended";
851 }
852 list digest-list {
853 description
854 "Hash of event data";
855 leaf hash-algo {
856 type identityref {
857 base taa:hash;
858 }
859 description
860 "The hash scheme that is used to compress the event data in
861 each of the leaf-list digest items.";
862 }
863 leaf-list digest {
864 type binary;
865 description
866 "The hash of the event data using the algorithm of the
867 'hash-algo' against 'event data'.";
868 }
869 }
870 leaf event-size {
871 type uint32;
872 description
873 "Size of the event data";
874 }
875 leaf-list event-data {
876 type uint8;
877 description
878 "The event data size determined by event-size";
879 }
880 }
881 grouping bios-event-log {
882 description
883 "Measurement log created by the BIOS/UEFI.";
884 list bios-event-entry {
885 key event-number;
886 description
887 "Ordered list of TCG described event log
888 that extended the PCRs in the order they
889 were logged";
890 uses boot-event-log;
891 }
892 }
893 grouping ima-event {
894 description
895 "Defines an hash log extend event for IMA measurements";
896 reference
897 "ima-log:
898 https://www.trustedcomputinggroup.org/wp-content/uploads/
899 TCG_IWG_CEL_v1_r0p30_13feb2021.pdf Section 4.3";
900 leaf event-number {
901 type uint64;
902 description
903 "Unique number for this event for sequencing";
904 }
905 leaf ima-template {
906 type string;
907 description
908 "Name of the template used for event logs
909 for e.g. ima, ima-ng, ima-sig";
910 }
911 leaf filename-hint {
912 type string;
913 description
914 "File that was measured";
915 }
916 leaf filedata-hash {
917 type binary;
918 description
919 "Hash of filedata";
920 }
921 leaf filedata-hash-algorithm {
922 type string;
923 description
924 "Algorithm used for filedata-hash";
925 }
926 leaf template-hash-algorithm {
927 type string;
928 description
929 "Algorithm used for template-hash";
930 }
931 leaf template-hash {
932 type binary;
933 description
934 "hash(filedata-hash, filename-hint)";
935 }
936 leaf pcr-index {
937 type pcr;
938 description
939 "Defines the PCR index that this event extended";
940 }
941 leaf signature {
942 type binary;
943 description
944 "The file signature";
945 }
946 }
947 grouping ima-event-log {
948 description
949 "Measurement log created by IMA.";
950 list ima-event-entry {
951 key event-number;
952 description
953 "Ordered list of ima event logs by event-number";
954 uses ima-event;
955 }
956 }
958 grouping network-equipment-boot-event-log {
959 description
960 "Measurement log created by Network Equipment Boot. The Network
961 Equipment Boot format is identical to the IMA format. In
962 contrast to the IMA log, the Network Equipment Boot log
963 includes every measurable event from an Attester, including
964 the boot stages of BIOS, Bootloader, etc. In essence, the scope
965 of events represented in this format combines the scope of BIOS
966 events and IMA events.";
967 list boot-event-entry {
968 key event-number;
969 description
970 "Ordered list of Network Equipment Boot event logs
971 by event-number, using the IMA event format.";
972 uses ima-event;
973 }
975 }
976 grouping event-logs {
977 description
978 "A selector for the log and its type.";
979 choice attested_event_log_type {
980 mandatory true;
981 description
982 "Event log type determines the event logs content.";
983 case bios {
984 if-feature "bios";
985 description
986 "BIOS/UEFI event logs";
987 container bios-event-logs {
988 description
989 "BIOS/UEFI event logs";
990 uses bios-event-log;
991 }
992 }
993 case ima {
994 if-feature "ima";
995 description
996 "IMA event logs.";
997 container ima-event-logs {
998 description
999 "IMA event logs.";
1000 uses ima-event-log;
1001 }
1002 }
1003 case netequip_boot {
1004 if-feature "netequip_boot";
1005 description
1006 "Network Equipment Boot event logs";
1007 container boot-event-logs {
1008 description
1009 "Network equipment boot event logs.";
1010 uses network-equipment-boot-event-log;
1011 }
1012 }
1013 }
1014 }
1016 /**********************/
1017 /* RPC operations */
1018 /**********************/
1020 rpc tpm12-challenge-response-attestation {
1021 if-feature "taa:tpm12";
1022 description
1023 "This RPC accepts the input for TSS TPM 1.2 commands made to the
1024 attesting device.";
1025 input {
1026 container tpm12-attestation-challenge {
1027 description
1028 "This container includes every information element defined
1029 in the reference challenge-response interaction model for
1030 remote attestation. Corresponding values are based on
1031 TPM 1.2 structure definitions";
1032 uses tpm12-pcr-selection;
1033 uses nonce;
1034 leaf-list certificate-name {
1035 if-feature "tpm:tpms";
1036 type certificate-name-ref;
1037 must "/tpm:rats-support-structures/tpm:tpms"
1038 + "/tpm:tpm[tpm:firmware-version='taa:tpm12']"
1039 + "/tpm:certificates/"
1040 + "/tpm:certificate[name=current()]" {
1041 error-message "Not an available TPM1.2 AIK certificate.";
1042 }
1043 description
1044 "When populated, the RPC will only get a Quote for the
1045 TPMs associated with these certificate(s).";
1046 }
1047 }
1048 }
1049 output {
1050 list tpm12-attestation-response {
1051 unique "certificate-name";
1052 description
1053 "The binary output of TPM 1.2 TPM_Quote/TPM_Quote2, including
1054 the PCR selection and other associated attestation evidence
1055 metadata";
1056 uses certificate-name-ref {
1057 description
1058 "Certificate associated with this tpm12-attestation.";
1059 }
1060 uses tpm12-attestation;
1061 }
1062 }
1063 }
1065 rpc tpm20-challenge-response-attestation {
1066 if-feature "taa:tpm20";
1067 description
1068 "This RPC accepts the input for TSS TPM 2.0 commands of the
1069 managed device. ComponentIndex from the hardware manager YANG
1070 module to refer to dedicated TPM in composite devices,
1071 e.g. smart NICs, is still a TODO.";
1072 input {
1073 container tpm20-attestation-challenge {
1074 description
1075 "This container includes every information element defined
1076 in the reference challenge-response interaction model for
1077 remote attestation. Corresponding values are based on
1078 TPM 2.0 structure definitions";
1079 uses nonce;
1080 uses tpm20-pcr-selection;
1081 leaf-list certificate-name {
1082 if-feature "tpm:tpms";
1083 type certificate-name-ref;
1084 must "/tpm:rats-support-structures/tpm:tpms"
1085 + "/tpm:tpm[tpm:firmware-version='taa:tpm20']"
1086 + "/tpm:certificates/"
1087 + "/tpm:certificate[name=current()]" {
1088 error-message "Not an available TPM2.0 AIK certificate.";
1089 }
1090 description
1091 "When populated, the RPC will only get a Quote for the
1092 TPMs associated with the certificates.";
1093 }
1094 }
1095 }
1096 output {
1097 list tpm20-attestation-response {
1098 unique "certificate-name";
1099 description
1100 "The binary output of TPM2b_Quote in one TPM chip of the
1101 node which identified by node-id. An TPMS_ATTEST structure
1102 including a length, encapsulated in a signature";
1103 uses certificate-name-ref {
1104 description
1105 "Certificate associated with this tpm20-attestation.";
1106 }
1107 uses tpm20-attestation;
1108 }
1109 }
1110 }
1112 rpc log-retrieval {
1113 description
1114 "Logs Entries are either identified via indices or via providing
1115 the last line received. The number of lines returned can be
1116 limited. The type of log is a choice that can be augmented.";
1117 input {
1118 list log-selector {
1119 description
1120 "Selection of log entries to be reported.";
1121 uses tpm-name-selector;
1122 choice index-type {
1123 description
1124 "Last log entry received, log index number, or timestamp.";
1125 case last-entry {
1126 description
1127 "The last entry of the log already retrieved.";
1128 leaf last-entry-value {
1129 type binary;
1130 description
1131 "Content of an log event which matches 1:1 with a
1132 unique event record contained within the log. Log
1133 entries subsequent to this will be passed to the
1134 requester. Note: if log entry values are not unique,
1135 this MUST return an error.";
1136 }
1137 }
1138 case index {
1139 description
1140 "Numeric index of the last log entry retrieved, or
1141 zero.";
1142 leaf last-index-number {
1143 type uint64;
1144 description
1145 "The last numeric index number of a log entry.
1146 Zero means to start at the beginning of the log.
1147 Entries subsequent to this will be passed to the
1148 requester.";
1149 }
1150 }
1151 case timestamp {
1152 leaf timestamp {
1153 type yang:date-and-time;
1154 description
1155 "Timestamp from which to start the extraction. The
1156 next log entry subsequent to this timestamp is to
1157 be sent.";
1158 }
1159 description
1160 "Timestamp from which to start the extraction.";
1161 }
1162 }
1163 leaf log-entry-quantity {
1164 type uint16;
1165 description
1166 "The number of log entries to be returned. If omitted, it
1167 means all of them.";
1168 }
1169 }
1170 uses log-identifier;
1171 }
1172 output {
1173 container system-event-logs {
1174 description
1175 "The requested data of the measurement event logs";
1176 list node-data {
1177 unique "name";
1178 description
1179 "Event logs of a node in a distributed system
1180 identified by the node name";
1181 uses tpm-name;
1182 uses node-uptime;
1183 container log-result {
1184 description
1185 "The requested entries of the corresponding log.";
1186 uses event-logs;
1187 }
1188 }
1189 }
1190 }
1191 }
1193 /**************************************/
1194 /* Config & Oper accessible nodes */
1195 /**************************************/
1197 container rats-support-structures {
1198 description
1199 "The datastore definition enabling verifiers or relying
1200 parties to discover the information necessary to use the
1201 remote attestation RPCs appropriately.";
1202 container compute-nodes {
1203 if-feature "tpm:tpms";
1204 description
1205 "Holds the set device subsystems/components in this composite
1206 device that support TPM operations.";
1207 list compute-node {
1208 key "node-id";
1209 config false;
1210 min-elements 2;
1211 description
1212 "A component within this composite device which
1213 supports TPM operations.";
1214 leaf node-id {
1215 type string;
1216 description
1217 "ID of the compute node, such as Board Serial Number.";
1218 }
1219 leaf node-physical-index {
1220 if-feature "hw:entity-mib";
1221 type int32 {
1222 range "1..2147483647";
1223 }
1224 config false;
1225 description
1226 "The entPhysicalIndex for the compute node.";
1227 reference
1228 "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
1229 }
1230 leaf node-name {
1231 type string;
1232 description
1233 "Name of the compute node.";
1234 }
1235 leaf node-location {
1236 type string;
1237 description
1238 "Location of the compute node, such as slot number.";
1239 }
1240 }
1241 }
1242 container tpms {
1243 description
1244 "Holds the set of TPMs within an Attester.";
1245 list tpm {
1246 key "name";
1247 unique "path";
1248 description
1249 "A list of TPMs in this composite device that RATS
1250 can be conducted with.";
1251 uses tpm-name;
1252 leaf hardware-based {
1253 type boolean;
1254 config false;
1255 description
1256 "Answers the question: is this TPM is a hardware based
1257 TPM?";
1258 }
1259 leaf physical-index {
1260 if-feature "hw:entity-mib";
1261 type int32 {
1262 range "1..2147483647";
1264 }
1265 config false;
1266 description
1267 "The entPhysicalIndex for the TPM.";
1268 reference
1269 "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
1270 }
1271 leaf path {
1272 type string;
1273 config false;
1274 description
1275 "Path to a unique TPM on a device. This can change across
1276 reboots.";
1277 }
1278 leaf compute-node {
1279 if-feature "tpm:tpms";
1280 type compute-node-ref;
1281 config false;
1282 mandatory true;
1283 description
1284 "Indicates the compute node measured by this TPM.";
1285 }
1286 leaf manufacturer {
1287 type string;
1288 config false;
1289 description
1290 "TPM manufacturer name.";
1291 }
1292 leaf firmware-version {
1293 type identityref {
1294 base taa:cryptoprocessor;
1295 }
1296 mandatory true;
1297 description
1298 "Identifies the cryptoprocessor API set supported. This
1299 is automatically configured by the device and should not
1300 be changed.";
1301 }
1302 uses tpm12-hash-algo {
1303 when "firmware-version = 'taa:tpm12'";
1304 refine "tpm12-hash-algo" {
1305 description
1306 "The hash algorithm overwrites the default used for PCRs
1307 on this TPM1.2 compliant cryptoprocessor.";
1308 }
1309 }
1310 leaf-list tpm12-pcrs {
1311 when "../firmware-version = 'taa:tpm12'";
1312 type pcr;
1313 description
1314 "The PCRs which may be extracted from this TPM1.2
1315 compliant cryptoprocessor.";
1316 }
1317 list tpm20-pcr-bank {
1318 when "../firmware-version = 'taa:tpm20'";
1319 key "tpm20-hash-algo";
1320 description
1321 "Specifies the list of PCRs that may be extracted for
1322 a specific Hash Algorithm on this TPM2 compliant
1323 cryptoprocessor. A bank is a set of PCRs which are
1324 extended using a particular hash algorithm.";
1325 reference
1326 "TPM2.0-Structures:
1327 https://www.trustedcomputinggroup.org/wp-content/uploads/
1328 TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.9.7";
1329 leaf tpm20-hash-algo {
1330 type identityref {
1331 base taa:hash;
1332 }
1333 must '/tpm:rats-support-structures'
1334 + '/tpm:attester-supported-algos'
1335 + '/tpm:tpm20-hash' {
1336 error-message
1337 "This platform does not support tpm20-hash-algo";
1338 }
1339 description
1340 "The hash scheme actively being used to hash a
1341 one or more TPM2.0 PCRs.";
1342 }
1343 leaf-list pcr-index {
1344 type tpm:pcr;
1345 description
1346 "Defines what TPM2 PCRs are available to be extracted.";
1347 }
1348 }
1349 leaf status {
1350 type enumeration {
1351 enum operational {
1352 value 0;
1353 description
1354 "The TPM currently is currently running normally and
1355 is ready to accept and process TPM quotes.";
1356 reference
1357 "TPM2.0-Arch:
1358 TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf
1359 Section 12";
1361 }
1362 enum non-operational {
1363 value 1;
1364 description
1365 "TPM is in a state such as startup or shutdown which
1366 precludes the processing of TPM quotes.";
1367 }
1368 }
1369 config false;
1370 mandatory true;
1371 description
1372 "TPM chip self-test status.";
1373 }
1374 container certificates {
1375 description
1376 "The TPM's certificates, including EK certificates
1377 and AK certificates.";
1378 list certificate {
1379 key "name";
1380 description
1381 "Three types of certificates can be accessed via
1382 this statement, including Initial Attestation
1383 Key Certificate, Local Attestation Key Certificate or
1384 Endorsement Key Certificate.";
1385 leaf name {
1386 type string;
1387 description
1388 "An arbitrary name uniquely identifying a certificate
1389 associated within key within a TPM.";
1390 }
1391 leaf keystore-ref {
1392 type leafref {
1393 path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key"
1394 + "/ks:certificates/ks:certificate/ks:name";
1395 }
1396 description
1397 "A reference to a specific certificate of an
1398 asymmetric key in the Keystore.";
1399 }
1400 leaf type {
1401 type enumeration {
1402 enum endorsement-certificate {
1403 value 0;
1404 description
1405 "Endorsement Key (EK) Certificate type.";
1406 reference
1407 "TPM2.0-Key:
1408 https://trustedcomputinggroup.org/wp-content/
1409 uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf
1410 Section 3.11";
1411 }
1412 enum initial-attestation-certificate {
1413 value 1;
1414 description
1415 "Initial Attestation key (IAK) Certificate type.";
1416 reference
1417 "TPM2.0-Key:
1418 https://trustedcomputinggroup.org/wp-content/
1419 uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf
1420 Section 3.2";
1421 }
1422 enum local-attestation-certificate {
1423 value 2;
1424 description
1425 "Local Attestation Key (LAK) Certificate type.";
1426 reference
1427 "TPM2.0-Key:
1428 https://trustedcomputinggroup.org/wp-content/
1429 uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf
1430 Section 3.2";
1431 }
1432 }
1433 description
1434 "Function supported by this certificate from within the
1435 TPM.";
1436 }
1437 }
1438 }
1439 }
1440 }
1441 container attester-supported-algos {
1442 description
1443 "Identifies which TPM algorithms are available for use on an
1444 attesting platform.";
1445 leaf-list tpm12-asymmetric-signing {
1446 when "../../tpm:tpms"
1447 + "/tpm:tpm[tpm:firmware-version='taa:tpm12']";
1448 type identityref {
1449 base taa:asymmetric;
1450 }
1451 description
1452 "Platform Supported TPM12 asymmetric algorithms.";
1453 }
1454 leaf-list tpm12-hash {
1455 when "../../tpm:tpms"
1456 + "/tpm:tpm[tpm:firmware-version='taa:tpm12']";
1458 type identityref {
1459 base taa:hash;
1460 }
1461 description
1462 "Platform supported TPM12 hash algorithms.";
1463 }
1464 leaf-list tpm20-asymmetric-signing {
1465 when "../../tpm:tpms"
1466 + "/tpm:tpm[tpm:firmware-version='taa:tpm20']";
1467 type identityref {
1468 base taa:asymmetric;
1469 }
1470 description
1471 "Platform Supported TPM20 asymmetric algorithms.";
1472 }
1473 leaf-list tpm20-hash {
1474 when "../../tpm:tpms"
1475 + "/tpm:tpm[tpm:firmware-version='taa:tpm20']";
1476 type identityref {
1477 base taa:hash;
1478 }
1479 description
1480 "Platform supported TPM20 hash algorithms.";
1481 }
1482 }
1483 }
1484 }
1485
1487 Figure 1
1489 2.1.2. 'ietf-tcg-algs'
1491 This document has encoded the TCG Algorithm definitions of
1492 [TCG-Algos], revision 1.32. By including this full table as a
1493 separate YANG file within this document, it is possible for other
1494 YANG models to leverage the contents of this model. Specific
1495 references to [RFC7748], [ISO-IEC-9797-1], [ISO-IEC-9797-2],
1496 [ISO-IEC-10116], [ISO-IEC-10118-3], [ISO-IEC-14888-3],
1497 [ISO-IEC-15946-1], [ISO-IEC-18033-3], [IEEE-Std-1363-2000],
1498 [IEEE-Std-1363a-2004], [NIST-PUB-FIPS-202], [NIST-SP800-38C],
1499 [NIST-SP800-38D], [NIST-SP800-38F], [NIST-SP800-56A],
1500 [NIST-SP800-108], [PC-Client-EFI-TPM-1.2], [ima-log], and
1501 [netequip-boot-log] exist within the YANG Model.
1503 2.1.2.1. Features
1505 There are two types of features supported: 'TPM12' and 'TPM20'.
1506 Support for either of these features indicates that a cryptoprocessor
1507 supporting the corresponding type of TCG TPM API is present on an
1508 Attester. Most commonly, only one type of cryptoprocessor will be
1509 available on an Attester.
1511 2.1.2.2. Identities
1513 There are three types of identities in this model:
1515 1. Cryptographic functions supported by a TPM algorithm; these
1516 include: 'asymmetric', 'symmetric', 'hash', 'signing',
1517 'anonymous_signing', 'encryption_mode', 'method', and
1518 'object_type'. The definitions of each of these are in Table 2
1519 of [TCG-Algos].
1521 2. API specifications for TPMs: 'tpm12' and 'tpm20'
1523 3. Specific algorithm types: Each algorithm type defines what
1524 cryptographic functions may be supported, and on which type of
1525 API specification. It is not required that an implementation of
1526 a specific TPM will support all algorithm types. The contents of
1527 each specific algorithm mirrors what is in Table 3 of
1528 [TCG-Algos].
1530 2.1.2.3. YANG Module
1532 file "ietf-tcg-algs@2022-01-27.yang"
1533 module ietf-tcg-algs {
1534 yang-version 1.1;
1535 namespace "urn:ietf:params:xml:ns:yang:ietf-tcg-algs";
1536 prefix taa;
1538 organization
1539 "IETF RATS Working Group";
1541 contact
1542 "WG Web:
1543 WG List:
1544 Author: Eric Voit ";
1546 description
1547 "This module defines a identities for asymmetric algorithms.
1549 Copyright (c) 2021 IETF Trust and the persons identified
1550 as authors of the code. All rights reserved.
1552 Redistribution and use in source and binary forms, with
1553 or without modification, is permitted pursuant to, and
1554 subject to the license terms contained in, the Simplified
1555 BSD License set forth in Section 4.c of the IETF Trust's
1556 Legal Provisions Relating to IETF Documents
1557 (https://trustee.ietf.org/license-info).
1558 This version of this YANG module is part of RFC XXXX
1559 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
1560 itself for full legal notices.
1561 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
1562 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
1563 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
1564 are to be interpreted as described in BCP 14 (RFC 2119)
1565 (RFC 8174) when, and only when, they appear in all
1566 capitals, as shown here.";
1568 revision 2022-01-27 {
1569 description
1570 "Initial version";
1571 reference
1572 "RFC XXXX: A YANG Data Model for Challenge-Response-based Remote
1573 Attestation Procedures using TPMs";
1574 }
1576 /*****************/
1577 /* Features */
1578 /*****************/
1580 feature tpm12 {
1581 description
1582 "This feature indicates algorithm support for the TPM 1.2 API
1583 as per Section 4.8 of TPM1.2-Structures:
1584 TPM Main Part 2 TPM Structures
1585 https://trustedcomputinggroup.org/wp-content/uploads/
1586 TPM-main-1.2-Rev94-part-2.pdf";
1587 }
1589 feature tpm20 {
1590 description
1591 "This feature indicates algorithm support for the TPM 2.0 API
1592 as per Section 11.4 of Trusted Platform Module Library
1593 Part 1: Architecture. See TPM2.0-Arch:
1594 https://trustedcomputinggroup.org/wp-content/uploads/
1595 TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf";
1596 }
1598 /*****************/
1599 /* Identities */
1600 /*****************/
1602 identity asymmetric {
1603 description
1604 "A TCG recognized asymmetric algorithm with a public and
1605 private key.";
1606 reference
1607 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2,
1608 http://trustedcomputinggroup.org/resource/tcg-algorithm-registry/
1609 TCG-_Algorithm_Registry_r1p32_pub";
1610 }
1612 identity symmetric {
1613 description
1614 "A TCG recognized symmetric algorithm with only a private key.";
1615 reference
1616 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1617 }
1619 identity hash {
1620 description
1621 "A TCG recognized hash algorithm that compresses input data to
1622 a digest value or indicates a method that uses a hash.";
1623 reference
1624 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1625 }
1627 identity signing {
1628 description
1629 "A TCG recognized signing algorithm";
1630 reference
1631 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1632 }
1634 identity anonymous_signing {
1635 description
1636 "A TCG recognized anonymous signing algorithm.";
1637 reference
1638 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1639 }
1641 identity encryption_mode {
1642 description
1643 "A TCG recognized encryption mode.";
1644 reference
1645 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1646 }
1647 identity method {
1648 description
1649 "A TCG recognized method such as a mask generation function.";
1650 reference
1651 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1652 }
1654 identity object_type {
1655 description
1656 "A TCG recognized object type.";
1657 reference
1658 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 2";
1659 }
1661 identity cryptoprocessor {
1662 description
1663 "Base identity identifying a crytoprocessor.";
1664 }
1666 identity tpm12 {
1667 if-feature "tpm12";
1668 base cryptoprocessor;
1669 description
1670 "Supportable by a TPM1.2.";
1671 reference
1672 "TPM1.2-Structures:
1673 https://trustedcomputinggroup.org/wp-content/uploads/
1674 TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf
1675 TPM_ALGORITHM_ID values, page 18";
1676 }
1678 identity tpm20 {
1679 if-feature "tpm20";
1680 base cryptoprocessor;
1681 description
1682 "Supportable by a TPM2.";
1683 reference
1684 "TPM2.0-Structures:
1685 https://trustedcomputinggroup.org/wp-content/uploads/
1686 TPM-Rev-2.0-Part-2-Structures-01.38.pdf
1687 The TCG Algorithm Registry. Table 9";
1688 }
1690 identity TPM_ALG_RSA {
1691 if-feature "tpm12 or tpm20";
1692 base tpm12;
1693 base tpm20;
1694 base asymmetric;
1695 base object_type;
1696 description
1697 "RSA algorithm";
1698 reference
1699 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1700 RFC 8017. ALG_ID: 0x0001";
1701 }
1703 identity TPM_ALG_TDES {
1704 if-feature "tpm12";
1705 base tpm12;
1706 base symmetric;
1707 description
1708 "Block cipher with various key sizes (Triple Data Encryption
1709 Algorithm, commonly called Triple Data Encryption Standard)
1710 Note: was banned in TPM1.2 v94";
1711 reference
1712 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1713 ISO/IEC 18033-3. ALG_ID: 0x0003";
1714 }
1716 identity TPM_ALG_SHA1 {
1717 if-feature "tpm12 or tpm20";
1718 base hash;
1719 base tpm12;
1720 base tpm20;
1721 description
1722 "SHA1 algorithm - Deprecated due to insufficient cryptographic
1723 protection. However it is still useful for hash algorithms
1724 where protection is not required.";
1725 reference
1726 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1727 ISO/IEC 10118-3. ALG_ID: 0x0004";
1728 }
1730 identity TPM_ALG_HMAC {
1731 if-feature "tpm12 or tpm20";
1732 base tpm12;
1733 base tpm20;
1734 base hash;
1735 base signing;
1736 description
1737 "Hash Message Authentication Code (HMAC) algorithm";
1738 reference
1739 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3,
1740 ISO/IEC 9797-2 and RFC2014. ALG_ID: 0x0005";
1741 }
1742 identity TPM_ALG_AES {
1743 if-feature "tpm12";
1744 base tpm12;
1745 base symmetric;
1746 description
1747 "The AES algorithm with various key sizes";
1748 reference
1749 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3,
1750 ISO/IEC 18033-3. ALG_ID: 0x0006";
1751 }
1753 identity TPM_ALG_MGF1 {
1754 if-feature "tpm20";
1755 base tpm20;
1756 base hash;
1757 base method;
1758 description
1759 "hash-based mask-generation function";
1760 reference
1761 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3,
1762 IEEE Std 1363-2000 and IEEE Std 1363a-2004.
1763 ALG_ID: 0x0007";
1764 }
1766 identity TPM_ALG_KEYEDHASH {
1767 if-feature "tpm20";
1768 base tpm20;
1769 base hash;
1770 base object_type;
1771 description
1772 "An encryption or signing algorithm using a keyed hash. These
1773 may use XOR for encryption or an HMAC for signing and may
1774 also refer to a data object that is neither signing nor
1775 encrypting.";
1776 reference
1777 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3,
1778 ALG_ID: 0x0008";
1779 }
1781 identity TPM_ALG_XOR {
1782 if-feature "tpm12 or tpm20";
1783 base tpm12;
1784 base tpm20;
1785 base hash;
1786 base symmetric;
1787 description
1788 "The XOR encryption algorithm.";
1789 reference
1790 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3.
1791 ALG_ID: 0x000A";
1792 }
1794 identity TPM_ALG_SHA256 {
1795 if-feature "tpm20";
1796 base tpm20;
1797 base hash;
1798 description
1799 "The SHA 256 algorithm";
1800 reference
1801 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1802 ISO/IEC 10118-3. ALG_ID: 0x000B";
1803 }
1805 identity TPM_ALG_SHA384 {
1806 if-feature "tpm20";
1807 base tpm20;
1808 base hash;
1809 description
1810 "The SHA 384 algorithm";
1811 reference
1812 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1813 ISO/IEC 10118-3. ALG_ID: 0x000C";
1814 }
1816 identity TPM_ALG_SHA512 {
1817 if-feature "tpm20";
1818 base tpm20;
1819 base hash;
1820 description
1821 "The SHA 512 algorithm";
1822 reference
1823 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1824 ISO/IEC 10118-3. ALG_ID: 0x000D";
1825 }
1827 identity TPM_ALG_NULL {
1828 if-feature "tpm20";
1829 base tpm20;
1830 description
1831 "NULL algorithm";
1832 reference
1833 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3.
1834 ALG_ID: 0x0010";
1835 }
1837 identity TPM_ALG_SM3_256 {
1838 if-feature "tpm20";
1839 base tpm20;
1840 base hash;
1841 description
1842 "The SM3 hash algorithm.";
1843 reference
1844 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1845 ISO/IEC 10118-3:2018. ALG_ID: 0x0012";
1846 }
1848 identity TPM_ALG_SM4 {
1849 if-feature "tpm20";
1850 base tpm20;
1851 base symmetric;
1852 description
1853 "SM4 symmetric block cipher";
1854 reference
1855 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3.
1856 ALG_ID: 0x0013";
1857 }
1859 identity TPM_ALG_RSASSA {
1860 if-feature "tpm20";
1861 base tpm20;
1862 base asymmetric;
1863 base signing;
1864 description
1865 "Signature algorithm defined in section 8.2 (RSASSAPKCS1-v1_5)";
1866 reference
1867 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1868 RFC 8017. ALG_ID: 0x0014";
1869 }
1871 identity TPM_ALG_RSAES {
1872 if-feature "tpm20";
1873 base tpm20;
1874 base asymmetric;
1875 base encryption_mode;
1876 description
1877 "Signature algorithm defined in section 7.2 (RSAES-PKCS1-v1_5)";
1878 reference
1879 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1880 RFC 8017. ALG_ID: 0x0015";
1881 }
1883 identity TPM_ALG_RSAPSS {
1884 if-feature "tpm20";
1885 base tpm20;
1886 base asymmetric;
1887 base signing;
1888 description
1889 "Padding algorithm defined in section 8.1 (RSASSA PSS)";
1890 reference
1891 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1892 RFC 8017. ALG_ID: 0x0016";
1893 }
1895 identity TPM_ALG_OAEP {
1896 if-feature "tpm20";
1897 base tpm20;
1898 base asymmetric;
1899 base encryption_mode;
1900 description
1901 "Padding algorithm defined in section 7.1 (RSASSA OAEP)";
1902 reference
1903 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1904 RFC 8017. ALG_ID: 0x0017";
1905 }
1907 identity TPM_ALG_ECDSA {
1908 if-feature "tpm20";
1909 base tpm20;
1910 base asymmetric;
1911 base signing;
1912 description
1913 "Signature algorithm using elliptic curve cryptography (ECC)";
1914 reference
1915 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1916 ISO/IEC 14888-3. ALG_ID: 0x0018";
1917 }
1919 identity TPM_ALG_ECDH {
1920 if-feature "tpm20";
1921 base tpm20;
1922 base asymmetric;
1923 base method;
1924 description
1925 "Secret sharing using ECC";
1926 reference
1927 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1928 NIST SP800-56A and RFC 7748. ALG_ID: 0x0019";
1929 }
1931 identity TPM_ALG_ECDAA {
1932 if-feature "tpm20";
1933 base tpm20;
1934 base asymmetric;
1935 base signing;
1936 base anonymous_signing;
1937 description
1938 "Elliptic-curve based anonymous signing scheme";
1939 reference
1940 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1941 TCG TPM 2.0 library specification. ALG_ID: 0x001A";
1942 }
1944 identity TPM_ALG_SM2 {
1945 if-feature "tpm20";
1946 base tpm20;
1947 base asymmetric;
1948 base signing;
1949 base encryption_mode;
1950 base method;
1951 description
1952 "SM2 - depending on context, either an elliptic-curve based,
1953 signature algorithm, an encryption scheme, or a key exchange
1954 protocol";
1955 reference
1956 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3.
1957 ALG_ID: 0x001B";
1958 }
1960 identity TPM_ALG_ECSCHNORR {
1961 if-feature "tpm20";
1962 base tpm20;
1963 base asymmetric;
1964 base signing;
1965 description
1966 "Elliptic-curve based Schnorr signature";
1967 reference
1968 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3.
1969 ALG_ID: 0x001C";
1970 }
1972 identity TPM_ALG_ECMQV {
1973 if-feature "tpm20";
1974 base tpm20;
1975 base asymmetric;
1976 base method;
1977 description
1978 "Two-phase elliptic-curve key";
1979 reference
1980 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1981 NIST SP800-56A. ALG_ID: 0x001D";
1983 }
1985 identity TPM_ALG_KDF1_SP800_56A {
1986 if-feature "tpm20";
1987 base tpm20;
1988 base hash;
1989 base method;
1990 description
1991 "Concatenation key derivation function";
1992 reference
1993 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
1994 NIST SP800-56A (approved alternative1) section 5.8.1.
1995 ALG_ID: 0x0020";
1996 }
1998 identity TPM_ALG_KDF2 {
1999 if-feature "tpm20";
2000 base tpm20;
2001 base hash;
2002 base method;
2003 description
2004 "Key derivation function";
2005 reference
2006 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2007 IEEE 1363a-2004 KDF2 section 13.2. ALG_ID: 0x0021";
2008 }
2010 identity TPM_ALG_KDF1_SP800_108 {
2011 base TPM_ALG_KDF2;
2012 description
2013 "A key derivation method";
2014 reference
2015 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2016 NIST SP800-108 - Section 5.1 KDF. ALG_ID: 0x0022";
2017 }
2019 identity TPM_ALG_ECC {
2020 if-feature "tpm20";
2021 base tpm20;
2022 base asymmetric;
2023 base object_type;
2024 description
2025 "Prime field ECC";
2026 reference
2027 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2028 ISO/IEC 15946-1. ALG_ID: 0x0023";
2029 }
2030 identity TPM_ALG_SYMCIPHER {
2031 if-feature "tpm20";
2032 base tpm20;
2033 description
2034 "Object type for a symmetric block cipher";
2035 reference
2036 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2037 TCG TPM 2.0 library specification. ALG_ID: 0x0025";
2038 }
2040 identity TPM_ALG_CAMELLIA {
2041 if-feature "tpm20";
2042 base tpm20;
2043 base symmetric;
2044 description
2045 "The Camellia algorithm";
2046 reference
2047 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2048 ISO/IEC 18033-3. ALG_ID: 0x0026";
2049 }
2051 identity TPM_ALG_SHA3_256 {
2052 if-feature "tpm20";
2053 base tpm20;
2054 base hash;
2055 description
2056 "ISO/IEC 10118-3 - the SHA 256 algorithm";
2057 reference
2058 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2059 NIST PUB FIPS 202. ALG_ID: 0x0027";
2060 }
2062 identity TPM_ALG_SHA3_384 {
2063 if-feature "tpm20";
2064 base tpm20;
2065 base hash;
2066 description
2067 "The SHA 384 algorithm";
2068 reference
2069 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2070 NIST PUB FIPS 202. ALG_ID: 0x0028";
2071 }
2073 identity TPM_ALG_SHA3_512 {
2074 if-feature "tpm20";
2075 base tpm20;
2076 base hash;
2077 description
2078 "The SHA 512 algorithm";
2079 reference
2080 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2081 NIST PUB FIPS 202. ALG_ID: 0x0029";
2082 }
2084 identity TPM_ALG_CMAC {
2085 if-feature "tpm20";
2086 base tpm20;
2087 base symmetric;
2088 base signing;
2089 description
2090 "block Cipher-based Message Authentication Code (CMAC)";
2091 reference
2092 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2093 ISO/IEC 9797-1:2011 Algorithm 5. ALG_ID: 0x003F";
2094 }
2096 identity TPM_ALG_CTR {
2097 if-feature "tpm20";
2098 base tpm20;
2099 base symmetric;
2100 base encryption_mode;
2101 description
2102 "Counter mode";
2103 reference
2104 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2105 ISO/IEC 10116. ALG_ID: 0x0040";
2106 }
2108 identity TPM_ALG_OFB {
2109 base tpm20;
2110 base symmetric;
2111 base encryption_mode;
2112 description
2113 "Output Feedback mode";
2114 reference
2115 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2116 ISO/IEC 10116. ALG_ID: 0x0041";
2117 }
2119 identity TPM_ALG_CBC {
2120 if-feature "tpm20";
2121 base tpm20;
2122 base symmetric;
2123 base encryption_mode;
2124 description
2125 "Cipher Block Chaining mode";
2127 reference
2128 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2129 ISO/IEC 10116. ALG_ID: 0x0042";
2130 }
2132 identity TPM_ALG_CFB {
2133 if-feature "tpm20";
2134 base tpm20;
2135 base symmetric;
2136 base encryption_mode;
2137 description
2138 "Cipher Feedback mode";
2139 reference
2140 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2141 ISO/IEC 10116. ALG_ID: 0x0043";
2142 }
2144 identity TPM_ALG_ECB {
2145 if-feature "tpm20";
2146 base tpm20;
2147 base symmetric;
2148 base encryption_mode;
2149 description
2150 "Electronic Codebook mode";
2151 reference
2152 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2153 ISO/IEC 10116. ALG_ID: 0x0044";
2154 }
2156 identity TPM_ALG_CCM {
2157 if-feature "tpm20";
2158 base tpm20;
2159 base symmetric;
2160 base signing;
2161 base encryption_mode;
2162 description
2163 "Counter with Cipher Block Chaining-Message Authentication
2164 Code (CCM)";
2165 reference
2166 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2167 NIST SP800-38C. ALG_ID: 0x0050";
2168 }
2170 identity TPM_ALG_GCM {
2171 if-feature "tpm20";
2172 base tpm20;
2173 base symmetric;
2174 base signing;
2175 base encryption_mode;
2176 description
2177 "Galois/Counter Mode (GCM)";
2178 reference
2179 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2180 NIST SP800-38D. ALG_ID: 0x0051";
2181 }
2183 identity TPM_ALG_KW {
2184 if-feature "tpm20";
2185 base tpm20;
2186 base symmetric;
2187 base signing;
2188 base encryption_mode;
2189 description
2190 "AES Key Wrap (KW)";
2191 reference
2192 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2193 NIST SP800-38F. ALG_ID: 0x0052";
2194 }
2196 identity TPM_ALG_KWP {
2197 if-feature "tpm20";
2198 base tpm20;
2199 base symmetric;
2200 base signing;
2201 base encryption_mode;
2202 description
2203 "AES Key Wrap with Padding (KWP)";
2204 reference
2205 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2206 NIST SP800-38F. ALG_ID: 0x0053";
2207 }
2209 identity TPM_ALG_EAX {
2210 if-feature "tpm20";
2211 base tpm20;
2212 base symmetric;
2213 base signing;
2214 base encryption_mode;
2215 description
2216 "Authenticated-Encryption Mode";
2217 reference
2218 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2219 NIST SP800-38F. ALG_ID: 0x0054";
2220 }
2222 identity TPM_ALG_EDDSA {
2223 if-feature "tpm20";
2224 base tpm20;
2225 base asymmetric;
2226 base signing;
2227 description
2228 "Edwards-curve Digital Signature Algorithm (PureEdDSA)";
2229 reference
2230 "TCG-Algos:TCG Algorithm Registry Rev1.32 Table 3 and
2231 RFC 8032. ALG_ID: 0x0060";
2232 }
2233 }
2234
2236 Note that not all cryptographic functions are required for use by
2237 ietf-tpm-remote-attestation.yang. However the full definition of
2238 Table 3 of [TCG-Algos] will allow use by additional YANG
2239 specifications.
2241 3. IANA Considerations
2243 This document registers the following namespace URIs in the
2244 [IANA.xml-registry] as per [RFC3688]:
2246 URI: urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation
2248 Registrant Contact: The IESG.
2250 XML: N/A; the requested URI is an XML namespace.
2252 URI: urn:ietf:params:xml:ns:yang:ietf-tcg-algs
2254 Registrant Contact: The IESG.
2256 XML: N/A; the requested URI is an XML namespace.
2258 This document registers the following YANG modules in the registry
2259 [IANA.yang-parameters] as per Section 14 of [RFC6020]:
2261 Name: ietf-tpm-remote-attestation
2263 Namespace: urn:ietf:params:xml:ns:yang:ietf-tpm-remote-
2264 attestation
2266 Prefix: tpm
2268 Reference: draft-ietf-rats-yang-tpm-charra (RFC form)
2270 Name: ietf-tcg-algs
2271 Namespace: urn:ietf:params:xml:ns:yang:ietf-tcg-algs
2273 Prefix: taa
2275 Reference: draft-ietf-rats-yang-tpm-charra (RFC form)
2277 4. Security Considerations
2279 The YANG module ietf-tpm-remote-attestation.yang specified in this
2280 document defines a schema for data that is designed to be accessed
2281 via network management protocols such as NETCONF [RFC6241] or
2282 RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport
2283 layer, and the mandatory-to-implement secure transport is Secure
2284 Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the
2285 mandatory-to-implement secure transport is TLS [RFC8446].
2287 There are a number of data nodes defined in this YANG module that are
2288 writable/creatable/deletable (i.e., _config true_, which is the
2289 default). These data nodes may be considered sensitive or vulnerable
2290 in some network environments. Write operations (e.g., _edit-config_)
2291 to these data nodes without proper protection can have a negative
2292 effect on network operations. These are the subtrees and data nodes
2293 as well as their sensitivity/vulnerability:
2295 Container '/rats-support-structures/attester-supported-algos': 'tpm1
2296 2-asymmetric-signing', 'tpm12-hash', 'tpm20-asymmetric-signing',
2297 and 'tpm20-hash'. All could be populated with algorithms that are
2298 not supported by the underlying physical TPM installed by the
2299 equipment vendor.
2301 Container: '/rats-support-structures/tpms': 'name': Although shown
2302 as 'rw', it is system generated. Therefore it should not be
2303 possible for an operator to add or remove a TPM from the
2304 configuration.
2306 'tpm20-pcr-bank': It is possible to configure PCRs for extraction
2307 which are not being extended by system software. This could
2308 unnecessarily use TPM resources.
2310 'certificates': It is possible to provision a certificate which
2311 does not correspond to an Attestation Identity Key (AIK) within
2312 the TPM 1.2, or an Attestation Key (AK) within the TPM 2.0
2313 respectively.
2315 RPC 'tpm12-challenge-response-attestation': It must be verified that
2316 the certificate is for an active AIK, i.e., the certificate
2317 provided is able to support Attestation on the targeted TPM 1.2.
2319 RPC 'tpm20-challenge-response-attestation': It must be verified that
2320 the certificate is for an active AK, i.e., the quote signature
2321 associated with RPC response has been generated by an entity
2322 legitimately able to perform Attestation on the targeted TPM 2.0.
2324 RPC 'log-retrieval': Requesting a large volume of logs from the
2325 attester could require significant system resources and create a
2326 denial of service.
2328 Information collected through the RPCs above could reveal that
2329 specific versions of software and configurations of endpoints that
2330 could identify vulnerabilities on those systems. Therefore RPCs
2331 should be protected by NACM [RFC8341] with a default setting of deny-
2332 all to limit the extraction of attestation data by only authorized
2333 Verifiers.
2335 For the YANG module ietf-tcg-algs.yang, please use care when
2336 selecting specific algorithms. The introductory section of
2337 [TCG-Algos] highlights that some algorithms should be considered
2338 legacy, and recommends implementers and adopters diligently evaluate
2339 available information such as governmental, industrial, and academic
2340 research before selecting an algorithm for use.
2342 5. Change Log
2344 Changes from version 08 to version 09:
2346 * AD Review comments
2348 Changes from version 08 to version 09:
2350 * Minor formatting tweaks for shepherd. IANA registered.
2352 Changes from version 05 to version 06:
2354 * More YANG Dr comments covered
2356 Changes from version 04 to version 05:
2358 * YANG Dr comments covered
2360 Changes from version 03 to version 04:
2362 * TPM1.2 Quote1 eliminated
2364 * YANG model simplifications so redundant info isn't exposed
2366 Changes from version 02 to version 03:
2368 * moved to tcg-algs
2370 * cleaned up model to eliminate sources of errors
2372 * removed key establishment RPC
2374 * added lots of XPATH which must all be scrubbed still
2376 * Descriptive text added on model contents.
2378 Changes from version 01 to version 02:
2380 * Extracted Crypto-types into a separate YANG file
2382 * Mades the algorithms explicit, not strings
2384 * Hash Algo as key the selected TPM2 PCRs
2386 * PCR numbers are their own type
2388 * Eliminated nested keys for node-id plus tpm-name
2390 * Eliminated TPM-Name of "ALL"
2392 * Added TPM-Path
2394 Changes from version 00 to version 01:
2396 * Addressed author's comments
2398 * Extended complementary details about attestation-certificates
2400 * Relabeled chunk-size to log-entry-quantity
2402 * Relabeled location with compute-node or tpm-name where appropriate
2404 * Added a valid entity-mib physical-index to compute-node and tpm-
2405 name to map it back to hardware inventory
2407 * Relabeled name to tpm_name
2409 * Removed event-string in last-entry
2411 6. References
2413 6.1. Normative References
2415 [BIOS-Log-Event-Type]
2416 "TCG PC Client Platform Firmware Profile Specification",
2417 n.d., .
2420 [I-D.ietf-netconf-keystore]
2421 Watsen, K., "A YANG Data Model for a Keystore", Work in
2422 Progress, Internet-Draft, draft-ietf-netconf-keystore-23,
2423 14 December 2021, .
2426 [I-D.ietf-rats-architecture]
2427 Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
2428 W. Pan, "Remote Attestation Procedures Architecture", Work
2429 in Progress, Internet-Draft, draft-ietf-rats-architecture-
2430 14, 9 December 2021, .
2433 [I-D.ietf-rats-tpm-based-network-device-attest]
2434 Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM-
2435 based Network Device Remote Integrity Verification", Work
2436 in Progress, Internet-Draft, draft-ietf-rats-tpm-based-
2437 network-device-attest-11, 29 January 2022,
2438 .
2441 [IANA.xml-registry]
2442 IANA, "IETF XML Registry",
2443 .
2445 [IANA.yang-parameters]
2446 IANA, "YANG Parameters",
2447 .
2449 [IEEE-Std-1363-2000]
2450 "IEEE 1363-2000 - IEEE Standard Specifications for Public-
2451 Key Cryptography", n.d.,
2452 .
2454 [IEEE-Std-1363a-2004]
2455 "1363a-2004 - IEEE Standard Specifications for Public-Key
2456 Cryptography - Amendment 1: Additional Techniques", n.d.,
2457 .
2459 [ima-log] "Canonical Event Log Format, Section 4.3", n.d.,
2460 .
2463 [ISO-IEC-10116]
2464 "ISO/IEC 10116:2017 - Information technology", n.d.,
2465 .
2467 [ISO-IEC-10118-3]
2468 "Dedicated hash-functions - ISO/IEC 10118-3:2018", n.d.,
2469 .
2471 [ISO-IEC-14888-3]
2472 "ISO/IEC 14888-3:2018 - Digital signatures with appendix",
2473 n.d., .
2475 [ISO-IEC-15946-1]
2476 "ISO/IEC 15946-1:2016 - Information technology", n.d.,
2477 .
2479 [ISO-IEC-18033-3]
2480 "ISO/IEC 18033-3:2010 - Encryption algorithms", n.d.,
2481 .
2483 [ISO-IEC-9797-1]
2484 "Message Authentication Codes (MACs) - ISO/IEC
2485 9797-1:2011", n.d.,
2486 .
2488 [ISO-IEC-9797-2]
2489 "Message Authentication Codes (MACs) - ISO/IEC
2490 9797-2:2011", n.d.,
2491 .
2493 [netequip-boot-log]
2494 "IMA Policy Kernel Documentation", n.d.,
2495 .
2498 [NIST-PUB-FIPS-202]
2499 "SHA-3 Standard: Permutation-Based Hash and Extendable-
2500 Output Functions", n.d.,
2501 .
2504 [NIST-SP800-108]
2505 "Recommendation for Key Derivation Using Pseudorandom
2506 Functions", n.d.,
2507 .
2510 [NIST-SP800-38C]
2511 "Recommendation for Block Cipher Modes of Operation: the
2512 CCM Mode for Authentication and Confidentiality", n.d.,
2513 .
2516 [NIST-SP800-38D]
2517 "Recommendation for Block Cipher Modes of Operation:
2518 Galois/Counter Mode (GCM) and GMAC", n.d.,
2519 .
2522 [NIST-SP800-38F]
2523 "Recommendation for Block Cipher Modes of Operation:
2524 Methods for Key Wrapping", n.d.,
2525 .
2528 [NIST-SP800-56A]
2529 "Recommendation for Pair-Wise Key-Establishment Schemes
2530 Using Discrete Logarithm Cryptography", n.d.,
2531 .
2534 [PC-Client-EFI-TPM-1.2]
2535 Trusted Computing Group, "TCG EFI Platform Specification
2536 for TPM Family 1.1 or 1.2, Specification Version 1.22,
2537 Revision 15", 1 January 2014,
2538 .
2541 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
2542 Requirement Levels", BCP 14, RFC 2119,
2543 DOI 10.17487/RFC2119, March 1997,
2544 .
2546 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
2547 DOI 10.17487/RFC3688, January 2004,
2548 .
2550 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
2551 the Network Configuration Protocol (NETCONF)", RFC 6020,
2552 DOI 10.17487/RFC6020, October 2010,
2553 .
2555 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
2556 and A. Bierman, Ed., "Network Configuration Protocol
2557 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
2558 .
2560 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
2561 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
2562 .
2564 [RFC6933] Bierman, A., Romascanu, D., Quittek, J., and M.
2565 Chandramouli, "Entity MIB (Version 4)", RFC 6933,
2566 DOI 10.17487/RFC6933, May 2013,
2567 .
2569 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
2570 RFC 6991, DOI 10.17487/RFC6991, July 2013,
2571 .
2573 [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
2574 for Security", RFC 7748, DOI 10.17487/RFC7748, January
2575 2016, .
2577 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,
2578 "PKCS #1: RSA Cryptography Specifications Version 2.2",
2579 RFC 8017, DOI 10.17487/RFC8017, November 2016,
2580 .
2582 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
2583 Signature Algorithm (EdDSA)", RFC 8032,
2584 DOI 10.17487/RFC8032, January 2017,
2585 .
2587 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
2588 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
2589 .
2591 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2592 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
2593 May 2017, .
2595 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
2596 Access Control Model", STD 91, RFC 8341,
2597 DOI 10.17487/RFC8341, March 2018,
2598 .
2600 [RFC8348] Bierman, A., Bjorklund, M., Dong, J., and D. Romascanu, "A
2601 YANG Data Model for Hardware Management", RFC 8348,
2602 DOI 10.17487/RFC8348, March 2018,
2603 .
2605 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
2606 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
2607 .
2609 [TCG-Algos]
2610 "TCG Algorithm Registry", n.d.,
2611 .
2614 [TPM1.2] TCG, ., "TPM 1.2 Main Specification", 2 October 2003,
2615 .
2618 [TPM1.2-Commands]
2619 "TPM Main Part 3 Commands", n.d.,
2620 .
2623 [TPM1.2-Structures]
2624 "TPM Main Part 2 TPM Structures", n.d.,
2625 .
2628 [TPM2.0] TCG, ., "TPM 2.0 Library Specification", 15 March 2013,
2629 .
2632 [TPM2.0-Arch]
2633 "Trusted Platform Module Library - Part 1: Architecture",
2634 n.d., .
2638 [TPM2.0-Key]
2639 TCG, ., "TPM 2.0 Keys for Device Identity and Attestation,
2640 Rev10", 14 April 2021, .
2643 [TPM2.0-Structures]
2644 "Trusted Platform Module Library - Part 2: Structures",
2645 n.d., .
2648 6.2. Informative References
2650 [bios-log] "TCG PC Client Platform Firmware Profile Specification,
2651 Section 9.4.5.2", n.d.,
2652 .
2656 [I-D.ietf-rats-reference-interaction-models]
2657 Birkholz, H., Eckel, M., Pan, W., and E. Voit, "Reference
2658 Interaction Models for Remote Attestation Procedures",
2659 Work in Progress, Internet-Draft, draft-ietf-rats-
2660 reference-interaction-models-05, 26 January 2022,
2661 .
2664 [NIST-915121]
2665 "True Randomness Can't be Left to Chance: Why entropy is
2666 important for information security", n.d.,
2667 .
2670 Authors' Addresses
2672 Henk Birkholz
2673 Fraunhofer SIT
2674 Rheinstrasse 75
2675 64295 Darmstadt
2676 Germany
2678 Email: henk.birkholz@sit.fraunhofer.de
2680 Michael Eckel
2681 Fraunhofer SIT
2682 Rheinstrasse 75
2683 64295 Darmstadt
2684 Germany
2686 Email: michael.eckel@sit.fraunhofer.de
2688 Shwetha Bhandari
2689 ThoughtSpot
2691 Email: shwetha.bhandari@thoughtspot.com
2692 Eric Voit
2693 Cisco Systems
2695 Email: evoit@cisco.com
2697 Bill Sulzen
2698 Cisco Systems
2700 Email: bsulzen@cisco.com
2702 Liang Xia (Frank)
2703 Huawei Technologies
2704 101 Software Avenue, Yuhuatai District
2705 Nanjing
2706 Jiangsu, 210012
2707 China
2709 Email: Frank.Xialiang@huawei.com
2711 Tom Laffey
2712 Hewlett Packard Enterprise
2714 Email: tom.laffey@hpe.com
2716 Guy C. Fedorkow
2717 Juniper Networks
2718 10 Technology Park Drive
2719 Westford
2721 Email: gfedorkow@juniper.net