draft-ietf-rats-tpm-based-network-device-attest-06.txt   draft-ietf-rats-tpm-based-network-device-attest-07.txt 
RATS Working Group G. Fedorkow, Ed. RATS Working Group G. Fedorkow, Ed.
Internet-Draft Juniper Networks, Inc. Internet-Draft Juniper Networks, Inc.
Intended status: Informational E. Voit Intended status: Informational E. Voit
Expires: June 10, 2021 Cisco Systems, Inc. Expires: December 12, 2021 Cisco Systems, Inc.
J. Fitzgerald-McKay J. Fitzgerald-McKay
National Security Agency National Security Agency
December 07, 2020 June 10, 2021
TPM-based Network Device Remote Integrity Verification TPM-based Network Device Remote Integrity Verification
draft-ietf-rats-tpm-based-network-device-attest-06 draft-ietf-rats-tpm-based-network-device-attest-07
Abstract Abstract
This document describes a workflow for remote attestation of the This document describes a workflow for remote attestation of the
integrity of firmware and software installed on network devices that integrity of firmware and software installed on network devices that
contain Trusted Platform Modules [TPM1.2], [TPM2.0], as defined by contain Trusted Platform Modules [TPM1.2], [TPM2.0], as defined by
the Trusted Computing Group (TCG). the Trusted Computing Group (TCG).
Status of This Memo Status of This Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 10, 2021. This Internet-Draft will expire on December 12, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 20, line 26 skipping to change at page 20, line 26
the Attester according to [Platform-DevID-TPM-2.0], the Attester according to [Platform-DevID-TPM-2.0],
[PC-Client-BIOS-TPM-1.2], or [Platform-ID-TPM-1.2]. [PC-Client-BIOS-TPM-1.2], or [Platform-ID-TPM-1.2].
The Attester's TPM Keys MUST be associated with the DevID on the The Attester's TPM Keys MUST be associated with the DevID on the
Verifier (see [Platform-DevID-TPM-2.0] and Section 5 Security Verifier (see [Platform-DevID-TPM-2.0] and Section 5 Security
Considerations, below). Considerations, below).
3.1.3. Appraisal Policy for Evidence 3.1.3. Appraisal Policy for Evidence
The Verifier MUST obtain trustworthy Reference Values (encoded as The Verifier MUST obtain trustworthy Reference Values (encoded as
SWID or CoSWID tags [I-D.birkholz-yang-swid]). These reference SWID or CoSWID tags [I-D.ietf-sacm-coswid]. These reference
measurements will eventually be compared to signed PCR Evidence measurements will eventually be compared to signed PCR Evidence
('quotes') acquired from an Attester's TPM using Attestation Policies ('quotes') acquired from an Attester's TPM using Attestation Policies
chosen by the administrator or owner of the device. chosen by the administrator or owner of the device.
This document does not specify the format or contents for the This document does not specify the format or contents for the
Appraisal Policy for Evidence, but Reference Values may be acquired Appraisal Policy for Evidence, but Reference Values may be acquired
in one of two ways: in one of two ways:
1. a Verifier may obtain reference measurements directly from an 1. a Verifier may obtain reference measurements directly from an
Reference Value Provider chosen by the Verifier administrator Reference Value Provider chosen by the Verifier administrator
skipping to change at page 31, line 50 skipping to change at page 31, line 50
o Complex supply chains can be certified using TCG Platform o Complex supply chains can be certified using TCG Platform
Certificates [Platform-Certificates]. Certificates [Platform-Certificates].
o The TCG TAP mechanism couple with [I-D.ietf-rats-yang-tpm-charra] o The TCG TAP mechanism couple with [I-D.ietf-rats-yang-tpm-charra]
can be used to retrieve attestation evidence. can be used to retrieve attestation evidence.
o Reference Values must be conveyed from the software authority o Reference Values must be conveyed from the software authority
(e.g., the manufacturer) in Reference Integrity Manifests, to the (e.g., the manufacturer) in Reference Integrity Manifests, to the
system in which verification will take place. IETF and TCG SWID system in which verification will take place. IETF and TCG SWID
and CoSWID work ([I-D.birkholz-yang-swid], [RIM])) forms the basis and CoSWID work [I-D.ietf-sacm-coswid], [RIM])) forms the basis
for this function. for this function.
7. IANA Considerations 7. IANA Considerations
This memo includes no request to IANA. This memo includes no request to IANA.
8. Acknowledgements 8. Acknowledgements
The authors wish to thank numerous reviewers for generous assistance, The authors wish to thank numerous reviewers for generous assistance,
including William Bellingrath, Mark Baushke, Ned Smith, Henk including William Bellingrath, Mark Baushke, Ned Smith, Henk
Birkholz, Tom Laffey, Dave Thaler, Wei Pan, Michael Eckel, Thomas Birkholz, Tom Laffey, Dave Thaler, Wei Pan, Michael Eckel, Thomas
Hardjono, Bill Sulzen, Monty Wiseman, Kathleen Moriarty, Nancy Cam- Hardjono, Bill Sulzen, Willard (Monty) Wiseman, Kathleen Moriarty,
Winget and Shwetha Bhandari Nancy Cam-Winget and Shwetha Bhandari
9. Appendix 9. Appendix
9.1. Using a TPM for Attestation 9.1. Using a TPM for Attestation
The Trusted Platform Module and surrounding ecosystem provide three The Trusted Platform Module and surrounding ecosystem provide three
interlocking capabilities to enable secure collection of evidence interlocking capabilities to enable secure collection of evidence
from a remote device, Platform Configuration Registers (PCRs), a from a remote device, Platform Configuration Registers (PCRs), a
Quote mechanism, and a standardized Event Log. Quote mechanism, and a standardized Event Log.
skipping to change at page 35, line 30 skipping to change at page 35, line 30
******************************************************************** ********************************************************************
....................... ....................... ....................... .......................
. Reference Integrity . . TAP (PTS2.0) Info . . Reference Integrity . . TAP (PTS2.0) Info .
. Manifest . . Model and Canonical . . Manifest . . Model and Canonical .
. . . Log Format . . . . Log Format .
....................... ....................... ....................... .......................
************************* .............. ********************** ************************* .............. **********************
* YANG SWID Module * . TCG . * YANG Attestation * * YANG SWID Module * . TCG . * YANG Attestation *
* I-D.birkholz-yang-swid* . Attestation. * Module * * I-D.ietf-sacm-coswid * . Attestation. * Module *
* * . MIB . * I-D.ietf-rats- * * * . MIB . * I-D.ietf-rats- *
* * . . * yang-tpm-charra * * * . . * yang-tpm-charra *
************************* .............. ********************** ************************* .............. **********************
************************* ************ ************************ ************************* ************ ************************
* XML, JSON, CBOR (etc) * * UDP * * XML, JSON, CBOR (etc)* * XML, JSON, CBOR (etc) * * UDP * * XML, JSON, CBOR (etc)*
************************* ************ ************************ ************************* ************ ************************
************************* ************************ ************************* ************************
* RESTCONF/NETCONF * * RESTCONF/NETCONF * * RESTCONF/NETCONF * * RESTCONF/NETCONF *
skipping to change at page 37, line 11 skipping to change at page 37, line 11
| Make CoSWID tags for BIOS/LoaderLKernel objects | IETF CoSWID | | Make CoSWID tags for BIOS/LoaderLKernel objects | IETF CoSWID |
| o Add reference measurements into SWID tags | ISO/IEC 19770-2| | o Add reference measurements into SWID tags | ISO/IEC 19770-2|
| o Manufacturer should sign the SWID tags | NIST IR 8060 | | o Manufacturer should sign the SWID tags | NIST IR 8060 |
| o The TCG RIM-IM identifies further | | | o The TCG RIM-IM identifies further | |
| procedures to create signed RIM | | | procedures to create signed RIM | |
| documents that provide the necessary | | | documents that provide the necessary | |
| reference information | | | reference information | |
-------------------------------------------------------------------- --------------------------------------------------------------------
| Package the SWID tags with a vendor software | Retrieve tags | | Package the SWID tags with a vendor software | Retrieve tags |
| release | with | | release | with |
| o A tag-generator plugin such | draft-birkholz-yang-swid| | o A tag-generator plugin such | I-D.ietf-sacm-coswid|
| as [SWID-Gen] can be used |----------------| | as [SWID-Gen] can be used |----------------|
| | TCG PC Client | | | TCG PC Client |
| | RIM | | | RIM |
-------------------------------------------------------------------- --------------------------------------------------------------------
| Use PC Client measurement definitions | TCG PC Client | | Use PC Client measurement definitions | TCG PC Client |
| to define the use of PCRs | BIOS | | to define the use of PCRs | BIOS |
| (although Windows OS is rare on Networking | | | (although Windows OS is rare on Networking | |
| Equipment, UEFI BIOS is not) | | | Equipment, UEFI BIOS is not) | |
-------------------------------------------------------------------- --------------------------------------------------------------------
| Use TAP to retrieve measurements | | | Use TAP to retrieve measurements | |
skipping to change at page 38, line 5 skipping to change at page 38, line 5
Figure 8: Component Status Figure 8: Component Status
10. References 10. References
10.1. Normative References 10.1. Normative References
[Canonical-Event-Log] [Canonical-Event-Log]
Trusted Computing Group, "DRAFT Canonical Event Log Format Trusted Computing Group, "DRAFT Canonical Event Log Format
Version: 1.0, Revision: .12", October 2018. Version: 1.0, Revision: .12", October 2018.
[I-D.birkholz-yang-swid]
Birkholz, H., "Software Inventory YANG module based on
Software Identifiers", draft-birkholz-yang-swid-02 (work
in progress), October 2018.
[I-D.ietf-rats-yang-tpm-charra] [I-D.ietf-rats-yang-tpm-charra]
Birkholz, H., Eckel, M., Voit, E., Bhandari, S., Sulzen, Birkholz, H., Eckel, M., Bhandari, S., Voit, E., Sulzen,
B., Xia, L., Laffey, T., and G. Fedorkow, "A YANG Data B., (Frank), L. X., Laffey, T., and G. C. Fedorkow, "A
Model for Challenge-Response-based Remote Attestation YANG Data Model for Challenge-Response-based Remote
Procedures using TPMs", draft-ietf-rats-yang-tpm-charra-03 Attestation Procedures using TPMs", draft-ietf-rats-yang-
(work in progress), September 2020. tpm-charra-07 (work in progress), April 2021.
[I-D.ietf-sacm-coswid] [I-D.ietf-sacm-coswid]
Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D.
Waltermire, "Concise Software Identification Tags", draft- Waltermire, "Concise Software Identification Tags", draft-
ietf-sacm-coswid-16 (work in progress), November 2020. ietf-sacm-coswid-17 (work in progress), February 2021.
[IEEE-802-1AR] [IEEE-802-1AR]
Seaman, M., "802.1AR-2018 - IEEE Standard for Local and Seaman, M., "802.1AR-2018 - IEEE Standard for Local and
Metropolitan Area Networks - Secure Device Identity, IEEE Metropolitan Area Networks - Secure Device Identity, IEEE
Computer Society", August 2018. Computer Society", August 2018.
[PC-Client-BIOS-TPM-1.2] [PC-Client-BIOS-TPM-1.2]
Trusted Computing Group, "TCG PC Client Specific Trusted Computing Group, "TCG PC Client Specific
Implementation Specification for Conventional BIOS, Implementation Specification for Conventional BIOS,
Specification Version 1.21 Errata, Revision 1.00", Specification Version 1.21 Errata, Revision 1.00",
skipping to change at page 40, line 43 skipping to change at page 40, line 37
[EFI-TPM] Trusted Computing Group, "TCG EFI Platform Specification [EFI-TPM] Trusted Computing Group, "TCG EFI Platform Specification
for TPM Family 1.1 or 1.2, Specification Version 1.22, for TPM Family 1.1 or 1.2, Specification Version 1.22,
Revision 15", January 2014, Revision 15", January 2014,
<https://trustedcomputinggroup.org/resource/tcg-efi- <https://trustedcomputinggroup.org/resource/tcg-efi-
platform-specification/>. platform-specification/>.
[I-D.birkholz-rats-network-device-subscription] [I-D.birkholz-rats-network-device-subscription]
Birkholz, H., Voit, E., and W. Pan, "Attestation Event Birkholz, H., Voit, E., and W. Pan, "Attestation Event
Stream Subscription", draft-birkholz-rats-network-device- Stream Subscription", draft-birkholz-rats-network-device-
subscription-01 (work in progress), October 2020. subscription-02 (work in progress), March 2021.
[I-D.birkholz-rats-reference-interaction-model] [I-D.birkholz-rats-reference-interaction-model]
Birkholz, H., Eckel, M., Newton, C., and L. Chen, Birkholz, H., Eckel, M., Newton, C., and L. Chen,
"Reference Interaction Models for Remote Attestation "Reference Interaction Models for Remote Attestation
Procedures", draft-birkholz-rats-reference-interaction- Procedures", draft-birkholz-rats-reference-interaction-
model-03 (work in progress), July 2020. model-03 (work in progress), July 2020.
[I-D.birkholz-rats-tuda] [I-D.birkholz-rats-tuda]
Fuchs, A., Birkholz, H., McDonald, I., and C. Bormann, Fuchs, A., Birkholz, H., McDonald, I. E., and C. Bormann,
"Time-Based Uni-Directional Attestation", draft-birkholz- "Time-Based Uni-Directional Attestation", draft-birkholz-
rats-tuda-03 (work in progress), July 2020. rats-tuda-04 (work in progress), January 2021.
[I-D.ietf-rats-architecture] [I-D.ietf-rats-architecture]
Birkholz, H., Thaler, D., Richardson, M., Smith, N., and Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
W. Pan, "Remote Attestation Procedures Architecture", W. Pan, "Remote Attestation Procedures Architecture",
draft-ietf-rats-architecture-07 (work in progress), draft-ietf-rats-architecture-12 (work in progress), April
October 2020. 2021.
[I-D.ietf-rats-eat] [I-D.ietf-rats-eat]
Mandyam, G., Lundblade, L., Ballesteros, M., and J. Mandyam, G., Lundblade, L., Ballesteros, M., and J.
O'Donoghue, "The Entity Attestation Token (EAT)", draft- O'Donoghue, "The Entity Attestation Token (EAT)", draft-
ietf-rats-eat-06 (work in progress), December 2020. ietf-rats-eat-09 (work in progress), March 2021.
[I-D.richardson-rats-usecases] [I-D.richardson-rats-usecases]
Richardson, M., Wallace, C., and W. Pan, "Use cases for Richardson, M., Wallace, C., and W. Pan, "Use cases for
Remote Attestation common encodings", draft-richardson- Remote Attestation common encodings", draft-richardson-
rats-usecases-08 (work in progress), November 2020. rats-usecases-08 (work in progress), November 2020.
[I-D.voit-rats-trusted-path-routing] [I-D.voit-rats-trusted-path-routing]
Voit, E., "Trusted Path Routing", draft-voit-rats-trusted- Voit, E., "Trusted Path Routing", draft-voit-rats-trusted-
path-routing-02 (work in progress), June 2020. path-routing-02 (work in progress), June 2020.
 End of changes. 18 change blocks. 
28 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/