draft-ietf-suit-information-model-00.txt   draft-ietf-suit-information-model-01.txt 
SUIT B. Moran SUIT B. Moran
Internet-Draft H. Tschofenig Internet-Draft H. Tschofenig
Intended status: Standards Track Arm Limited Intended status: Standards Track Arm Limited
Expires: December 5, 2018 H. Birkholz Expires: January 3, 2019 H. Birkholz
Fraunhofer SIT Fraunhofer SIT
J. Jimenez July 02, 2018
Ericsson
June 03, 2018
Firmware Updates for Internet of Things Devices - An Information Model Firmware Updates for Internet of Things Devices - An Information Model
for Manifests for Manifests
draft-ietf-suit-information-model-00 draft-ietf-suit-information-model-01
Abstract Abstract
Vulnerabilities with Internet of Things (IoT) devices have raised the Vulnerabilities with Internet of Things (IoT) devices have raised the
need for a solid and secure firmware update mechanism that is also need for a solid and secure firmware update mechanism that is also
suitable for constrained devices. Incorporating such update suitable for constrained devices. Incorporating such update
mechanism to fix vulnerabilities, to update configuration settings as mechanism to fix vulnerabilities, to update configuration settings as
well as adding new functionality is recommended by security experts. well as adding new functionality is recommended by security experts.
One component of such a firmware update is the meta-data, or One component of such a firmware update is the meta-data, or
skipping to change at page 1, line 44 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 5, 2018. This Internet-Draft will expire on January 3, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 35 skipping to change at page 2, line 30
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 4 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 5
3. Motivation for Manifest Fields . . . . . . . . . . . . . . . 4 3. Motivation for Manifest Fields . . . . . . . . . . . . . . . 5
3.1. Threat Model . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Threat Model . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Threat Descriptions . . . . . . . . . . . . . . . . . . . 5 3.2. Threat Descriptions . . . . . . . . . . . . . . . . . . . 6
3.2.1. Threat MFT1: Old Firmware . . . . . . . . . . . . . . 5 3.2.1. Threat MFT1: Old Firmware . . . . . . . . . . . . . . 6
3.2.2. Threat MFT2: Mismatched Firmware . . . . . . . . . . 5 3.2.2. Threat MFT2: Mismatched Firmware . . . . . . . . . . 6
3.2.3. Threat MFT3: Offline device + Old Firmware . . . . . 5 3.2.3. Threat MFT3: Offline device + Old Firmware . . . . . 7
3.2.4. Threat MFT4: The target device misinterprets the type 3.2.4. Threat MFT4: The target device misinterprets the type
of payload . . . . . . . . . . . . . . . . . . . . . 6 of payload . . . . . . . . . . . . . . . . . . . . . 7
3.2.5. Threat MFT5: The target device installs the payload 3.2.5. Threat MFT5: The target device installs the payload
to the wrong location . . . . . . . . . . . . . . . . 6 to the wrong location . . . . . . . . . . . . . . . . 7
3.2.6. Threat MFT6: Redirection . . . . . . . . . . . . . . 6 3.2.6. Threat MFT6: Redirection . . . . . . . . . . . . . . 8
3.2.7. Threat MFT7: Payload Verification on Boot . . . . . . 6 3.2.7. Threat MFT7: Payload Verification on Boot . . . . . . 8
3.2.8. Threat MFT8: Unauthenticated Updates . . . . . . . . 7 3.2.8. Threat MFT8: Unauthenticated Updates . . . . . . . . 8
3.2.9. Threat MFT9: Unexpected Precursor images . . . . . . 7 3.2.9. Threat MFT9: Unexpected Precursor images . . . . . . 8
3.2.10. Threat MFT10: Unqualified Firmware . . . . . . . . . 7 3.2.10. Threat MFT10: Unqualified Firmware . . . . . . . . . 9
3.2.11. Threat MFT11: Reverse Engineering Of Firmware Image 3.2.11. Threat MFT11: Reverse Engineering Of Firmware Image
for Vulnerability Analysis . . . . . . . . . . . . . 8 for Vulnerability Analysis . . . . . . . . . . . . . 10
3.2.12. Threat MFT12: Overriding Critical Manifest Elements . 10
3.3. Security Requirements . . . . . . . . . . . . . . . . . . 9 3.3. Security Requirements . . . . . . . . . . . . . . . . . . 11
3.3.1. Security Requirement MFSR1: Monotonic Sequence 3.3.1. Security Requirement MFSR1: Monotonic Sequence
Numbers . . . . . . . . . . . . . . . . . . . . . . . 9 Numbers . . . . . . . . . . . . . . . . . . . . . . . 11
3.3.2. Security Requirement MFSR2: Vendor, Device-type 3.3.2. Security Requirement MFSR2: Vendor, Device-type
Identifiers . . . . . . . . . . . . . . . . . . . . . 9 Identifiers . . . . . . . . . . . . . . . . . . . . . 11
3.3.3. Security Requirement MFSR3: Best-Before Timestamps . 9 3.3.3. Security Requirement MFSR3: Best-Before Timestamps . 11
3.3.4. Security Requirement MFSR4: Signed Payload Descriptor 9 3.3.4. Security Requirement MFSR5: Cryptographic
3.3.5. Security Requirement MFSR5: Cryptographic Authenticity . . . . . . . . . . . . . . . . . . . . 12
Authenticity . . . . . . . . . . . . . . . . . . . . 10 3.3.5. Security Requirement MFSR4a: Authenticated Payload
3.3.6. Security Requirement MFSR6: Rights Require Type . . . . . . . . . . . . . . . . . . . . . . . . 12
Authenticity . . . . . . . . . . . . . . . . . . . . 10 3.3.6. Security Requirement MFSR4b: Authenticated Storage
3.3.7. Security Requirement MFSR7: Firmware encryption . . . 11 Location . . . . . . . . . . . . . . . . . . . . . . 12
3.4. User Stories . . . . . . . . . . . . . . . . . . . . . . 11 3.3.7. Security Requirement MFSR4c: Authenticated Remote
3.4.1. Use Case MFUC1: Installation Instructions . . . . . . 11 Resource Location . . . . . . . . . . . . . . . . . . 12
3.4.2. Use Case MFUC2: Reuse Local Infrastructure . . . . . 12 3.3.8. Security Requirement MFSR4d: Secure Boot . . . . . . 13
3.4.3. Use Case MFUC3: Modular Update . . . . . . . . . . . 12 3.3.9. Security Requirement MFSR4e: Authenticated precursor
3.4.4. Use Case MFUC4: Multiple Authorisations . . . . . . . 12 images . . . . . . . . . . . . . . . . . . . . . . . 13
3.4.5. Use Case MFUC5: Multiple Payload Formats . . . . . . 12 3.3.10. Security Requirement MFSR4f: Authenticated Vendor and
3.4.6. Use Case MFUC6: IP Protection . . . . . . . . . . . . 12 Class IDs . . . . . . . . . . . . . . . . . . . . . . 13
3.5. Usability Requirements . . . . . . . . . . . . . . . . . 13 3.3.11. Security Requirement MFSR4f: Authenticated Vendor and
3.5.1. Usability Requirement MFUR1 . . . . . . . . . . . . . 13 Class IDs . . . . . . . . . . . . . . . . . . . . . . 13
3.5.2. Usability Requirement MFUR2 . . . . . . . . . . . . . 13 3.3.12. Security Requirement MFSR6: Rights Require
3.5.3. Usability Requirement MFUR3 . . . . . . . . . . . . . 13 Authenticity . . . . . . . . . . . . . . . . . . . . 13
3.5.4. Usability Requirement MFUR4 . . . . . . . . . . . . . 13 3.3.13. Security Requirement MFSR7: Firmware encryption . . . 14
3.5.5. Usability Requirement MFUR5 . . . . . . . . . . . . . 13 3.3.14. Security Requirement MFSR8: Access Control Lists . . 14
4. Manifest Fields . . . . . . . . . . . . . . . . . . . . . . . 14 3.4. User Stories . . . . . . . . . . . . . . . . . . . . . . 14
4.1. Manifest Version Field: version identifier of the 3.4.1. Use Case MFUS1: Installation Instructions . . . . . . 15
manifest structure . . . . . . . . . . . . . . . . . . . 14 3.4.2. Use Case MFUS2: Override Non-Critical Manifest
4.2. Manifest Field: Monotonic Sequence Number . . . . . . . . 14 Elements . . . . . . . . . . . . . . . . . . . . . . 15
4.3. Manifest Field: Vendor ID Condition . . . . . . . . . . . 14 3.4.3. Use Case MFUS3: Modular Update . . . . . . . . . . . 16
4.4. Manifest Field: Class ID Condition . . . . . . . . . . . 15 3.4.4. Use Case MFUS4: Multiple Authorisations . . . . . . . 16
4.5. Manifest Field: Precursor Image Digest Condition . . . . 15 3.4.5. Use Case MFUS5: Multiple Payload Formats . . . . . . 16
4.6. Manifest Field: Best-Before timestamp condition . . . . . 15 3.4.6. Use Case MFUS6: Prevent Confidential Information
4.7. Manifest Field: Payload Format . . . . . . . . . . . . . 15 Disclosures . . . . . . . . . . . . . . . . . . . . . 16
4.8. Manifest Field: Storage Location . . . . . . . . . . . . 15 3.4.7. Use Case MFUS7: Prevent Devices from Unpacking
4.9. Manifest Field: URIs . . . . . . . . . . . . . . . . . . 16 Unknown Formats . . . . . . . . . . . . . . . . . . . 16
4.10. Manifest Field: Digests . . . . . . . . . . . . . . . . . 16 3.4.8. Use Case MFUS8: Specify Version Numbers of Target
4.11. Manifest Field: Size . . . . . . . . . . . . . . . . . . 16 Firmware . . . . . . . . . . . . . . . . . . . . . . 17
4.12. Manifest Field: Signature . . . . . . . . . . . . . . . . 16 3.4.9. Use Case MFUS9: Enable devices to choose between
4.13. Manifest Field: Directives . . . . . . . . . . . . . . . 16 images . . . . . . . . . . . . . . . . . . . . . . . 17
4.14. Manifest Field: Aliases . . . . . . . . . . . . . . . . . 16 3.5. Usability Requirements . . . . . . . . . . . . . . . . . 17
4.15. Manifest Field: Dependencies . . . . . . . . . . . . . . 17 3.5.1. Usability Requirement MFUR1 . . . . . . . . . . . . . 17
4.16. Manifest Field: Content Key Distribution Method . . . . . 17 3.5.2. Usability Requirement MFUR2 . . . . . . . . . . . . . 17
5. Security Considerations . . . . . . . . . . . . . . . . . . . 17 3.5.3. Usability Requirement MFUR3 . . . . . . . . . . . . . 18
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 3.5.4. Usability Requirement MFUR4 . . . . . . . . . . . . . 19
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 3.5.5. Usability Requirement MFUR5 . . . . . . . . . . . . . 19
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.5.6. Usability Requirement MFUR6 . . . . . . . . . . . . . 19
8.1. Normative References . . . . . . . . . . . . . . . . . . 17 3.5.7. Usability Requirement MFUR7 . . . . . . . . . . . . . 19
8.2. Informative References . . . . . . . . . . . . . . . . . 17 3.5.8. Usability Requirement MFUR8 . . . . . . . . . . . . . 20
Appendix A. Mailing List Information . . . . . . . . . . . . . . 19 4. Manifest Information Elements . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 4.1. Manifest Element: version identifier of the manifest
structure . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2. Manifest Element: Monotonic Sequence Number . . . . . . . 20
4.3. Manifest Element: Vendor ID Condition . . . . . . . . . . 20
4.3.1. Example: Domain Name-based UUIDs . . . . . . . . . . 21
4.4. Manifest Element: Class ID Condition . . . . . . . . . . 21
4.4.1. Example 1: Different Classes . . . . . . . . . . . . 21
4.4.2. Example 2: Upgrading Class ID . . . . . . . . . . . . 22
4.4.3. Example 3: Shared Functionality . . . . . . . . . . . 22
4.5. Manifest Element: Precursor Image Digest Condition . . . 23
4.6. Manifest Element: Required Image Version List . . . . . . 23
4.7. Manifest Element: Best-Before timestamp condition . . . . 23
4.8. Manifest Element: Payload Format . . . . . . . . . . . . 23
4.9. Manifest Element: Processing Steps . . . . . . . . . . . 24
4.10. Manifest Element: Storage Location . . . . . . . . . . . 24
4.10.1. Example 1: Two Storage Locations . . . . . . . . . . 24
4.10.2. Example 2: File System . . . . . . . . . . . . . . . 24
4.10.3. Example 3: Flash Memory . . . . . . . . . . . . . . 24
4.11. Manifest Element: Component Identifier . . . . . . . . . 25
4.12. Manifest Element: URIs . . . . . . . . . . . . . . . . . 25
4.13. Manifest Element: Payload Digest . . . . . . . . . . . . 25
4.14. Manifest Element: Size . . . . . . . . . . . . . . . . . 25
4.15. Manifest Element: Signature . . . . . . . . . . . . . . . 26
4.16. Manifest Element: Directives . . . . . . . . . . . . . . 26
4.17. Manifest Element: Aliases . . . . . . . . . . . . . . . . 26
4.18. Manifest Element: Dependencies . . . . . . . . . . . . . 26
4.19. Manifest Element: Content Key Distribution Method . . . . 27
4.20. Manifest Element: XIP Address . . . . . . . . . . . . . . 27
5. Security Considerations . . . . . . . . . . . . . . . . . . . 27
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 28
8.1. Normative References . . . . . . . . . . . . . . . . . . 28
8.2. Informative References . . . . . . . . . . . . . . . . . 28
Appendix A. Mailing List Information . . . . . . . . . . . . . . 29
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29
1. Introduction 1. Introduction
The information model aims to describe all the information that must The information model describes all the information elements required
be present in the manifest that is consumed by an IoT device. to secure firmware updates of IoT devices from the threats described
Additional information is possible. The fields that are described in Section 3.1 and enable the user stories captured in Section 3.4.
here are the minimum required to meet the usability and security These threats and user stories are not intended to be an exhaustive
requirements outlined in Section 3.3. list of the threats against IoT devices, nor of the possible use
cases of firmware update; instead they are intended to describe the
threats against firmware update in isolation and provide sufficient
motivation to provide information elements that cover a wide range of
use cases. The information model does not define the encoding,
ordering, or structure of information elements, only their semantics.
Because the information model covers a wide range of user stories and
a wide range of threats, not all information elements apply to all
scenarios. As a result, many information elements could be
considered optional to implement and optional to use, depending on
which threats exist in a particular system and which use cases are
required. Elements marked as mandatory provide baseline security and
usability properties that are expected to be required for most
applications. Those elements are mandatory to implement and
mandatory to use. Elements marked as recommended provide important
security or usability properties that are needed on most devices.
Elements marked as optional enable security or usability properties
that are useful in some applications.
2. Conventions and Terminology 2. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC "OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119]. 2119 [RFC2119].
This document uses terms defined in [I-D.ietf-suit-architecture].
The term 'Operator' refers to both, Device and Network Operator.
3. Motivation for Manifest Fields 3. Motivation for Manifest Fields
The following sub-sections describe the threat model, user stories, The following sub-sections describe the threat model, user stories,
security requirements, and usability requirements. security requirements, and usability requirements.
3.1. Threat Model 3.1. Threat Model
The following sub-sections aim to provide information about the The following sub-sections aim to provide information about the
threats that were considered, the security requirements that are threats that were considered, the security requirements that are
derived from those threats and the fields that permit implementation derived from those threats and the fields that permit implementation
skipping to change at page 5, line 36 skipping to change at page 6, line 40
device, signed by an actor with firmware installation permission on device, signed by an actor with firmware installation permission on
both types of device. The firmware is verified by the device both types of device. The firmware is verified by the device
positively because it is signed by an actor with the appropriate positively because it is signed by an actor with the appropriate
permission. This could have wide-ranging consequences. For devices permission. This could have wide-ranging consequences. For devices
that are similar, it could cause minor breakage, or expose security that are similar, it could cause minor breakage, or expose security
vulnerabilities. For devices that are very different, it is likely vulnerabilities. For devices that are very different, it is likely
to render devices inoperable. to render devices inoperable.
Mitigated by: MFSR2 Mitigated by: MFSR2
Example:
Suppose that two vendors, Vendor A and Vendor B, adopt the same trade
name in different geographic regions, and they both make products
with the same names, or product name matching is not used. This
causes firmware from Vendor A to match devices from Vendor B.
If the vendors are the firmware authorities, then devices from Vendor
A will reject images signed by Vendor B since they use different
credentials. However, if both devices trust the same firmware
authority, then, devices from Vendor A could install firmware
intended for devices from Vendor B.
3.2.3. Threat MFT3: Offline device + Old Firmware 3.2.3. Threat MFT3: Offline device + Old Firmware
Classification: Elevation of Privilege Classification: Elevation of Privilege
An attacker targets a device that has been offline for a long time An attacker targets a device that has been offline for a long time
and runs an old firmware version. The attacker sends an old, but and runs an old firmware version. The attacker sends an old, but
valid manifest to a device with an old, but valid firmware image. valid manifest to a device with an old, but valid firmware image.
The attacker-provided firmware is newer than the installed one but The attacker-provided firmware is newer than the installed one but
older than the most recently available firmware. If there is a known older than the most recently available firmware. If there is a known
vulnerability in the provided firmware image then this may allow an vulnerability in the provided firmware image then this may allow an
skipping to change at page 6, line 20 skipping to change at page 7, line 37
If a device misinterprets the type of the firmware image, it may If a device misinterprets the type of the firmware image, it may
cause a device to install a firmware image incorrectly. An cause a device to install a firmware image incorrectly. An
incorrectly installed firmware image would likely cause the device to incorrectly installed firmware image would likely cause the device to
stop functioning. stop functioning.
Threat Escalation: An attacker that can cause a device to Threat Escalation: An attacker that can cause a device to
misinterpret the received firmware image may gain elevation of misinterpret the received firmware image may gain elevation of
privilege and potentially expand this to all types of threat. privilege and potentially expand this to all types of threat.
Mitigated by: MFSR4 Mitigated by: MFSR4a
3.2.5. Threat MFT5: The target device installs the payload to the wrong 3.2.5. Threat MFT5: The target device installs the payload to the wrong
location location
Classification: Denial of Service Classification: Denial of Service
If a device installs a firmware image to the wrong location on the If a device installs a firmware image to the wrong location on the
device, then it is likely to break. For example, a firmware image device, then it is likely to break. For example, a firmware image
installed as an application could cause a device and/or an installed as an application could cause a device and/or an
application to stop functioning. application to stop functioning.
Threat Escalation: An attacker that can cause a device to Threat Escalation: An attacker that can cause a device to
misinterpret the received code may gain elevation of privilege and misinterpret the received code may gain elevation of privilege and
potentially expand this to all types of threat. potentially expand this to all types of threat.
Mitigated by: MFSR4 Mitigated by: MFSR4b
3.2.6. Threat MFT6: Redirection 3.2.6. Threat MFT6: Redirection
Classification: Denial of Service Classification: Denial of Service
If a device does not know where to obtain the payload for an update, If a device does not know where to obtain the payload for an update,
it may be redirected to an attacker's server. This would allow an it may be redirected to an attacker's server. This would allow an
attacker to provide broken payloads to devices. attacker to provide broken payloads to devices.
Mitigated by: MFSR4 Mitigated by: MFSR4c
3.2.7. Threat MFT7: Payload Verification on Boot 3.2.7. Threat MFT7: Payload Verification on Boot
Classification: Elevation of Privilege Classification: Elevation of Privilege
An attacker replaces a newly downloaded firmware after a device An attacker replaces a newly downloaded firmware after a device
finishes verifying a manifest. This could cause the device to finishes verifying a manifest. This could cause the device to
execute the attacker's code. This attack likely requires physical execute the attacker's code. This attack likely requires physical
access to the device. However, it is possible that this attack is access to the device. However, it is possible that this attack is
carried out in combination with another threat that allows remote carried out in combination with another threat that allows remote
execution. execution.
Threat Escalation: If the attacker is able to exploit the known Threat Escalation: If the attacker is able to exploit a known
vulnerability, then this threat can be escalated to ALL TYPES. vulnerability, or if the attacker can supply their own firmware, then
this threat can be escalated to ALL TYPES.
Mitigated by: MFSR4 Mitigated by: MFSR4d
3.2.8. Threat MFT8: Unauthenticated Updates 3.2.8. Threat MFT8: Unauthenticated Updates
Classification: Elevation of Privilege Classification: Elevation of Privilege
If an attacker can install their firmware on a device, by If an attacker can install their firmware on a device, by
manipulating either payload or metadata, then they have complete manipulating either payload or metadata, then they have complete
control of the device. control of the device.
Threat Escalation: If the attacker is able to exploit the known Threat Escalation: If the attacker is able to exploit a known
vulnerability, then this threat can be escalated to ALL TYPES. vulnerability, or if the attacker can supply their own firmware, then
this threat can be escalated to ALL TYPES.
Mitigated by: MFSR5 Mitigated by: MFSR5
3.2.9. Threat MFT9: Unexpected Precursor images 3.2.9. Threat MFT9: Unexpected Precursor images
Classification: Denial of Service Classification: Denial of Service
An attacker sends a valid, current manifest to a device that has an An attacker sends a valid, current manifest to a device that has an
unexpected precursor image. If a payload format requires a precursor unexpected precursor image. If a payload format requires a precursor
image (for example, delta updates) and that precursor image is not image (for example, delta updates) and that precursor image is not
available on the target device, it could cause the update to break. available on the target device, it could cause the update to break.
Threat Escalation: An attacker that can cause a device to install a Threat Escalation: An attacker that can cause a device to install a
payload against the wrong precursor image could gain elevation of payload against the wrong precursor image could gain elevation of
privilege and potentially expand this to all types of threat. privilege and potentially expand this to all types of threat.
Mitigated by: MFSR4 Mitigated by: MFSR4e
3.2.10. Threat MFT10: Unqualified Firmware 3.2.10. Threat MFT10: Unqualified Firmware
Classification: Denial of Service, Elevation of Privilege Classification: Denial of Service, Elevation of Privilege
This threat can appear in several ways, however it is ultimately This threat can appear in several ways, however it is ultimately
about interoperability of devices with other systems. The owner or about interoperability of devices with other systems. The owner or
operator of a network needs to approve firmware for their network in operator of a network needs to approve firmware for their network in
order to ensure interoperability with other devices on the network, order to ensure interoperability with other devices on the network,
or the network itself. If the firmware is not qualified, it may not or the network itself. If the firmware is not qualified, it may not
work. Therefore, if a device installs firmware without the approval work. Therefore, if a device installs firmware without the approval
of the network owner or operator, this is a threat to devices and the of the network owner or operator, this is a threat to devices and the
network. network.
Example 1: We assume that OEMs expect the rights to create firmware, Threat Escalation: If the firmware expects configuration that is
but that Operators expect the rights to qualify firmware as fit-for- present in devices deployed in Network A, but not in devices deployed
purpose on their networks. in Network B, then the device may experience degraded security,
leading to threats of All Types.
An attacker obtains a manifest for a device on Network A. They send Mitigated by: MFSR6, MFSR8
that manifest to a device on Network B. Because Network A and
Network B are different, and the firmware has not been qualified for 3.2.10.1. Example 1: Multiple Network Operators with a Single Device
Network B, the target device is disabled by this unqualified, but Operator
signed firmware.
In this example let us assume that Device Operators expect the rights
to create firmware but that Network Operators expect the rights to
qualify firmware as fit-for-purpose on their networks. Additionally
assume that an Device Operators manage devices that can be deployed
on any network, including Network A and B in our example.
An attacker may obtain a manifest for a device on Network A. Then,
this attacker sends that manifest to a device on Network B. Because
Network A and Network B are under control of different Operators, and
the firmware for a device on Network A has not been qualified to be
deployed on Network B, the target device on Network B is now in
violation of the Operator B's policy and may get disabled by this
unqualified, but signed firmware.
This is a denial of service because it can render devices inoperable. This is a denial of service because it can render devices inoperable.
This is an elevation of privilege because it allows the attacker to This is an elevation of privilege because it allows the attacker to
make installation decisions that should be made by the Operator. make installation decisions that should be made by the Operator.
Example 2: Multiple devices that interoperate are used on the same 3.2.10.2. Example 2: Single Network Operator with Multiple Device
network. Some devices are manufactured by OEM A and other devices by Operators
OEM B. These devices communicate with each other. A new firmware is
released by OEM A that breaks compatibility with OEM B devices. An
attacker sends the new firmware to the OEM A devices without approval
of the network operator. This breaks the behaviour of the larger
system causing denial of service and possibly other threats. Where
the network is a distributed SCADA system, this could cause
misbehaviour of the process that is under control.
Threat Escalation: If the firmware expects configuration that is
present in Network A devices, but not Network B devices, then the
device may experience degraded security, leading to threats of All
Types.
Mitigated by: MFSR6 Multiple devices that interoperate are used on the same network and
communicate with each other. Some devices are manufactured and
managed by Device Operator A and other devices by Device Operator B.
A new firmware is released by Device Operator A that breaks
compatibility with devices from Device Operator B. An attacker sends
the new firmware to the devices managed by Device Operator A without
approval of the Network Operator. This breaks the behaviour of the
larger system causing denial of service and possibly other threats.
Where the network is a distributed SCADA system, this could cause
misbehaviour of the process that is under control.
3.2.11. Threat MFT11: Reverse Engineering Of Firmware Image for 3.2.11. Threat MFT11: Reverse Engineering Of Firmware Image for
Vulnerability Analysis Vulnerability Analysis
Classification: All Types Classification: All Types
An attacker wants to mount an attack on an IoT device. To prepare An attacker wants to mount an attack on an IoT device. To prepare
the attack he or she retrieves the provided firmware image and the attack he or she retrieves the provided firmware image and
performs reverse engineering of the firmware image to analyze it for performs reverse engineering of the firmware image to analyze it for
specific vulnerabilities. specific vulnerabilities.
Mitigated by: MFSR7 Mitigated by: MFSR7
3.2.12. Threat MFT12: Overriding Critical Manifest Elements
Classification: Elevation of Privilege
An authorised actor, but not the firmware authority, uses an override
mechanism (MFUS2) to change an information element in a manifest
signed by the firmware authority. For example, if the authorised
actor overrides the digest and URI of the payload, the actor can
replace the entire payload with a payload of their choice.
Threat Escalation: By overriding elements such as payload
installation instructions or firmware digest, this threat can be
escalated to all types.
Mitigated by: MFSR8
3.3. Security Requirements 3.3. Security Requirements
The security requirements here are a set of policies that mitigate The security requirements here are a set of policies that mitigate
the threats described in Section 3.1. the threats described in Section 3.1.
3.3.1. Security Requirement MFSR1: Monotonic Sequence Numbers 3.3.1. Security Requirement MFSR1: Monotonic Sequence Numbers
Only an actor with firmware installation authority is permitted to Only an actor with firmware installation authority is permitted to
decide when device firmware can be installed. To enforce this rule, decide when device firmware can be installed. To enforce this rule,
Manifests MUST contain monotonically increasing sequence numbers. manifests MUST contain monotonically increasing sequence numbers.
Manifests MAY use UTC epoch timestamps to coordinate monotonically Manifests MAY use UTC epoch timestamps to coordinate monotonically
increasing sequence numbers across many actors in many locations. increasing sequence numbers across many actors in many locations. If
Devices MUST reject manifests with sequence numbers smaller than any UTC epoch timestamps are used, they MUST NOT be treated as times,
onboard sequence number. they MUST be treated only as sequence numbers. Devices MUST reject
manifests with sequence numbers smaller than any onboard sequence
number.
N.B. This is not a firmware version. It is a manifest sequence Note: This is not a firmware version. It is a manifest sequence
number. A firmware version may be rolled back by creating a new number. A firmware version may be rolled back by creating a new
manifest for the old firmware version with a later sequence number. manifest for the old firmware version with a later sequence number.
Mitigates: Threat MFT1 Implemented by: Manifest Field: Timestamp Mitigates: Threat MFT1
Implemented by: Manifest Element: Monotonic Sequence Number
3.3.2. Security Requirement MFSR2: Vendor, Device-type Identifiers 3.3.2. Security Requirement MFSR2: Vendor, Device-type Identifiers
Devices MUST only apply firmware that is intended for them. Devices Devices MUST only apply firmware that is intended for them. Devices
MUST know with fine granularity that a given update applies to their MUST know with fine granularity that a given update applies to their
vendor, model, hardware revision, software revision. Human-readable vendor, model, hardware revision, software revision. Human-readable
identifiers are often error-prone in this regard, so unique identifiers are often error-prone in this regard, so unique
identifiers SHOULD be used. identifiers SHOULD be used.
Mitigates: Threat MFT2 Implemented by: Manifest Fields: Vendor ID Mitigates: Threat MFT2
Condition, Class ID Condition
Implemented by: Manifest Elements: Vendor ID Condition, Class ID
Condition
3.3.3. Security Requirement MFSR3: Best-Before Timestamps 3.3.3. Security Requirement MFSR3: Best-Before Timestamps
Firmware MAY expire after a given time. Devices MAY provide a secure Firmware MAY expire after a given time. Devices MAY provide a secure
clock (local or remote). If a secure clock is provided and the clock (local or remote). If a secure clock is provided and the
Firmware manifest has a best-before timestamp, the device MUST reject Firmware manifest has a best-before timestamp, the device MUST reject
the manifest if current time is larger than the best-before time. the manifest if current time is larger than the best-before time.
Mitigates: Threat MFT3 Implemented by: Manifest Field: Best-Before Mitigates: Threat MFT3
timestamp condition
3.3.4. Security Requirement MFSR4: Signed Payload Descriptor Implemented by: Manifest Element: Best-Before timestamp condition
All descriptive information about the payload MUST be signed. This 3.3.4. Security Requirement MFSR5: Cryptographic Authenticity
MUST include:
- The type of payload (which may be independent of format) The authenticity of an update must be demonstrable. Typically, this
- The location to store the payload means that updates must be digitally authenticated. Because the
manifest contains information about how to install the update, the
manifest's authenticity must also be demonstrable. To reduce the
overhead required for validation, the manifest contains the digest of
the firmware image, rather than a second digital signature. The
authenticity of the manifest can be verified with a digital signature
or Message Authentication Code, the authenticity of the firmware
image is tied to the manifest by the use of a digest of the firmware
image.
- The payload digest, in each state of installation (encrypted, Mitigates: Threat MFT8
plaintext, installed, etc.)
- The payload size Implemented by: Signature, Payload Digest
- The payload format 3.3.5. Security Requirement MFSR4a: Authenticated Payload Type
- Where to obtain the payload The type of payload (which may be independent of format) MUST be
authenticated. For example, the target must know whether the payload
is XIP firmware, a loadable module, or serialized configuration data.
- All instructions or parameters for applying the payload Mitigates: MFT4
- Any rules that identify whether or not the payload can be used on Implemented by: Manifest Elements: Payload Format, Storage Location
this device
Mitigates: Threats MFT4, MFT5, MFT6, MFT7, MFT9 Implemented by: 3.3.6. Security Requirement MFSR4b: Authenticated Storage Location
Manifest Fields: Vendor ID Condition, Class ID Condition, Precursor
Image Digest Condition, Payload Format, Storage Location, URIs,
Digests, Size
3.3.5. Security Requirement MFSR5: Cryptographic Authenticity The location on the target where the payload is to be stored MUST be
authenticated.
The authenticity of an update must be demonstrable. Typically, this Mitigates: MFT5
means that updates must be digitally signed. Because the manifest
contains information about how to install the update, the manifest's
authenticity must also be demonstrable. To reduce the overhead
required for validation, the manifest contains the digest of the
firmware image, rather than a second digital signature. The
authenticity of the manifest can be verified with a digital
signature, the authenticity of the firmware image is tied to the
manifest by the use of a fingerprint of the firmware image.
Mitigates: Threat MFT8 Implemented by: Signature Implemented by: Manifest Elements: Storage Location
3.3.6. Security Requirement MFSR6: Rights Require Authenticity 3.3.7. Security Requirement MFSR4c: Authenticated Remote Resource
Location
The location where a target should find a payload MUST be
authenticated.
Mitigates: MFT6
Implemented by: Manifest Elements: URIs
3.3.8. Security Requirement MFSR4d: Secure Boot
The target SHOULD verify firmware at time of boot. This requires
authenticated payload size, and digest.
Mitigates: MFT7
Implemented by: Manifest Elements: Payload Digest, Size
3.3.9. Security Requirement MFSR4e: Authenticated precursor images
If an update uses a differential compression method, it MUST specify
the digest of the precursor image and that digest MUST be
authenticated.
Mitigates: MFT9
Implemented by: Manifest Elements: Precursor Image Digest Condition
3.3.10. Security Requirement MFSR4f: Authenticated Vendor and Class IDs
The identifiers that specify firmware compatibility MUST be
authenticated to ensure that only compatible firmware is installed on
a target device.
Mitigates: MFT2
Implemented By: Manifest Elements: Vendor ID Condition, Class ID
Condition
3.3.11. Security Requirement MFSR4f: Authenticated Vendor and Class IDs
The identifiers that specify firmware compatibility MUST be
authenticated to ensure that only compatible firmware is installed on
a target device.
Mitigates: MFT2
Implemented By: Manifest Elements: Vendor ID Condition, Class ID
Condition
3.3.12. Security Requirement MFSR6: Rights Require Authenticity
If a device grants different rights to different actors, exercising If a device grants different rights to different actors, exercising
those rights MUST be accompanied by proof of those rights, in the those rights MUST be accompanied by proof of those rights, in the
form of proof of authenticity. Authenticity mechanisms such as those form of proof of authenticity. Authenticity mechanisms such as those
required in MFSR5 are acceptable but need to follow the end-to-end required in MFSR5 are acceptable but need to follow the end-to-end
security model. security model.
For example, if a device has a policy that requires that firmware For example, if a device has a policy that requires that firmware
have both an Authorship right and a Qualification right and if that have both an Authorship right and a Qualification right and if that
device grants Authorship and Qualification rights to different device grants Authorship and Qualification rights to different
parties, such as an OEM and an Operator, respectively, then the parties, such as a Device Operator and a Network Operator,
firmware cannot be installed without proof of rights from both the respectively, then the firmware cannot be installed without proof of
OEM and the Operator. rights from both the Device and the Network Operator.
Mitigates: MFT10 Implemented by: Signature Mitigates: MFT10
3.3.7. Security Requirement MFSR7: Firmware encryption Implemented by: Signature
Firmware images must support encryption. Encryption helps to prevent 3.3.13. Security Requirement MFSR7: Firmware encryption
third parties, including attackers, from reading the content of the
firmware image and to reverse engineer the code.
Mitigates: MFT11 Implemented by: Manifest Field: Content Key The manifest information model must enable encrypted payloads.
Distribution Method Encryption helps to prevent third parties, including attackers, from
reading the content of the firmware image. This can protect against
confidential information disclosures and discovery of vulnerabilities
through reverse engineering. Therefore the manifest must convey the
information required to allow an intended recipient to decrypt an
encrypted payload.
Mitigates: MFT11
Implemented by: Manifest Element: Content Key Distribution Method
3.3.14. Security Requirement MFSR8: Access Control Lists
If a device grants different rights to different actors, then an
exercise of those rights must be validated against a list of rights
for the actor. This typically takes the form of an Access Control
List (ACL). ACLs are applied to two scenarios:
1. An ACL decides which elements of the manifest may be overridden
and by which actors.
2. An ACL decides which component identifier/storage identifier
pairs can be written by which actors.
Mitigates: MFT12, MFT10
Implemented by: Client-side code, not specified in manifest.
3.4. User Stories 3.4. User Stories
User stories provide expected use cases. These are used to feed into User stories provide expected use cases. These are used to feed into
usability requirements. usability requirements.
3.4.1. Use Case MFUC1: Installation Instructions 3.4.1. Use Case MFUS1: Installation Instructions
As an OEM for IoT devices, I want to provide my devices with As an Device Operator, I want to provide my devices with additional
additional installation instructions so that I can keep process installation instructions so that I can keep process details out of
details out of my payload data. my payload data.
Some installation instructions might be: Some installation instructions might be:
- Specify a package handler
- Use a table of hashes to ensure that each block of the payload is - Use a table of hashes to ensure that each block of the payload is
validated before writing. validate before writing.
- Run post-processing script after the update is installed
- Do not report progress - Do not report progress.
- Pre-cache the update, but do not install - Pre-cache the update, but do not install.
- Install the pre-cached update matching this manifest - Install the pre-cached update matching this manifest.
- Install this update immediately, overriding any long-running - Install this update immediately, overriding any long-running
tasks. tasks.
Satisfied by: MFUR1 Satisfied by: MFUR1
3.4.2. Use Case MFUC2: Reuse Local Infrastructure 3.4.2. Use Case MFUS2: Override Non-Critical Manifest Elements
As an Operator of IoT devices, I would like to tell my devices to As a Network Operator, I would like to be able to override the non-
look at my own infrastructure for payloads so that I can manage the critical information in the manifest so that I can control my devices
traffic generated by firmware updates on my network and my peers' more precisely. This assumes that the Device Operator delegated
networks. rights about the device to the Network Operator.
Some examples of potentially overridable information:
- URIs: this allows the Network Operator to direct devices to their
own infrastructure in order to reduce network load.
- Conditions: this allows the Network Operator to pose additional
constraints on the installation of the manifest.
- Directives: this allows the Network Operator to add more
instructions such as time of installation.
- Processing Steps: If an intermediary performs an action on behalf
of a device, it may need to override the processing steps. It is
still possible for a device to verify the final content and the
result of any processing step that specifies a digest. Some
processing steps should be non-overridable.
Satisfied by: MFUR2, MFUR3 Satisfied by: MFUR2, MFUR3
3.4.3. Use Case MFUC3: Modular Update 3.4.3. Use Case MFUS3: Modular Update
As an OEM of IoT devices, I want to divide my firmware into As an Operator, I want to divide my firmware into frequently updated
frequently updated and infrequently updated components, so that I can and infrequently updated components, so that I can reduce the size of
reduce the size of updates and make different parties responsible for updates and make different parties responsible for different
different components. components.
Satisfied by: MFUR3 Satisfied by: MFUR3
3.4.4. Use Case MFUC4: Multiple Authorisations 3.4.4. Use Case MFUS4: Multiple Authorisations
As an Operator, I want to ensure the quality of a firmware update As a Device Operator, I want to ensure the quality of a firmware
before installing it, so that I can ensure a high standard of update before installing it, so that I can ensure interoperability of
reliability on my network. The OEM may restrict my ability to create all devices in my product family. I want to restrict the ability to
firmware, so I cannot be the only authority on the device. make changes to my devices to require my express approval.
Satisfied by: MFUR4 Satisfied by: MFUR4, MFSR8
3.4.5. Use Case MFUC5: Multiple Payload Formats 3.4.5. Use Case MFUS5: Multiple Payload Formats
As an OEM or Operator of devices, I want to be able to send multiple As an Operator, I want to be able to send multiple payload formats to
payload formats to suit the needs of my update, so that I can suit the needs of my update, so that I can optimise the bandwidth
optimise the bandwidth used by my devices. used by my devices.
Satisfied by: MFUR5 Satisfied by: MFUR5
3.4.6. Use Case MFUC6: IP Protection 3.4.6. Use Case MFUS6: Prevent Confidential Information Disclosures
As an OEM or developer for IoT devices, I want to protect the IP As an firmware author, I want to prevent confidential information
contained in the firmware image, such as the utilized algorithms. from being disclosed during firmware updates. It is assumed that
The need for protecting IP may have also been imposed on me due to channel security is adequate to protect the manifest itself against
the use of some third party code libraries. information disclosure.
Satisfied by: MFSR7 Satisfied by: MFSR7
3.4.7. Use Case MFUS7: Prevent Devices from Unpacking Unknown Formats
As a Device Operator, I want devices to determine whether they can
process a payload prior to downloading it.
In some cases, it may be desirable for a third party to perform some
processing on behalf of a target. For this to occur, the third party
MUST indicate what processing occurred and how to verify it against
the Trust Provisioning Authority's intent.
This amounts to overriding Processing Steps and URIs.
Satisfied by: MFUR6, MFUR2
3.4.8. Use Case MFUS8: Specify Version Numbers of Target Firmware
As a Device Operator, I want to be able to target devices for updates
based on their current firmware version, so that I can control which
versions are replaced with a single manifest.
Satisfied by: MFUR7
3.4.9. Use Case MFUS9: Enable devices to choose between images
As a developer, I want to be able to sign two or more versions of my
firmware in a single manifest so that I can use a very simple
bootloader that chooses between two or more images that are executed
in-place.
Satisfied by: MFUR8
3.5. Usability Requirements 3.5. Usability Requirements
The following usability requirements satisfy the user stories listed The following usability requirements satisfy the user stories listed
above. above.
3.5.1. Usability Requirement MFUR1 3.5.1. Usability Requirement MFUR1
It must be possible to write additional installation instructions It must be possible to provide all information necessary for the
into the manifest. processing of a manifest into the manifest.
Satisfies: Use-Case MFUC1 Implemented by: Manifest Field: Directives Satisfies: User story MFUS1
Implemented by: Manifest Element: Directives
3.5.2. Usability Requirement MFUR2 3.5.2. Usability Requirement MFUR2
It must be possible to redirect payload fetches. This applies where It must be possible to redirect payload fetches. This applies where
two manifests are used in conjunction. For example, an OEM manifest two manifests are used in conjunction. For example, a Device
specifies a payload and signs it, and provides a URI for that Operator creates a manifest specifying a payload and signs it, and
payload. An Operator creates a second manifest, with a dependency on provides a URI for that payload. A Network Operator creates a second
the first. They use this second manifest to override the URIs manifest, with a dependency on the first. They use this second
provided by the OEM, directing them into their own infrastructure manifest to override the URIs provided by the Device Operator,
instead. directing them into their own infrastructure instead. Some devices
may provide this capability, while others may only look at canonical
sources of firmware. For this to be possible, the device must fetch
the payload, whereas a device that accpets payload pushes will ignore
this feature.
Satisfies: Use-Case MFUC2 Implemented by: Manifest Field: Aliases Satisfies: User story MFUS2
Implemented by: Manifest Element: Aliases
3.5.3. Usability Requirement MFUR3 3.5.3. Usability Requirement MFUR3
It MUST be possible to link multiple manifests together so that a It must be possible express the requirement to install one or more
multi-component update can be described. This allows multiple payloads from one or more authorities so that a multi-payload update
parties with different permissions to collaborate in creating a can be described. This allows multiple parties with different
single update for the IoT device, across multiple components. permissions to collaborate in creating a single update for the IoT
device, across multiple components.
Satisfies: Use-Case MFUC2, MFUC3 Implemented by: Manifest Field: This requirement effectively means that it must be possible to
Dependencies construct a tree of manifests on a multi-image target.
Because devices can be either HeSA or HoSA both the storage system
and the storage location within that storage system must be possible
to specify. In a HoSA device, the payload location may be as simple
as an address, or a file path. In a HeSA device, the payload
location may be scoped by a component identifier. It is expedient to
consider that all HoSA devices are HeSA devices with a single
component.
3.5.3.1. Example 1: Multiple Microcontrollers
An IoT device with multiple microcontrollers in the same physical
device (HeSA) will likely require multiple payloads with different
component identifiers.
3.5.3.2. Example 2: Code and Configuration
A firmware image can be divided into two payloads: code and
configuration. These payloads may require authorizations from
different actors in order to install (see MFSR6 and MFSR8). This
structure means that multiple manifests may be required, with a
dependency structure between them.
3.5.3.3. Example 3: Multiple Chunks
A firmware image can be divided into multiple functional blocks for
separate testing and distribution. This means that code would need
to be distributed in multiple payloads. For example, this might be
desirable in order to ensure that common code between devices is
identical in order to reduce distribution bandwidth.
Satisfies: User story MFUS2, MFUS3
Implemented by Manifest Element: Dependencies, StorageIdentifier,
ComponentIdentifier
3.5.4. Usability Requirement MFUR4 3.5.4. Usability Requirement MFUR4
It MUST be possible to sign a manifest multiple times so that It MUST be possible to sign a manifest multiple times so that
signatures from multiple parties with different permissions can be signatures from multiple parties with different permissions can be
required in order to authorise installation of a manifest. required in order to authorise installation of a manifest.
Satisfies: Use-Case MFUC4 Implemented by: COSE Signature (or similar) Satisfies: User story MFUS4
Implemented by: COSE Signature (or similar)
3.5.5. Usability Requirement MFUR5 3.5.5. Usability Requirement MFUR5
The manifest format MUST accommodate any payload format that an The manifest format MUST accommodate any payload format that an
operator or OEM wishes to use. Some examples of payload format would Operator wishes to use. Some examples of payload format would be:
be:
- Binary - Binary
- Elf - Elf
- Differential - Differential
- Compressed - Compressed
- Packed configuration - Packed configuration
Satisfies: Use-Case MFUC5 Implemented by: Manifest Field: Payload - Intel HEX
Format
4. Manifest Fields - S-Record
Each manifest field is anchored in a security requirement or a Satisfies: User story MFUS5
usability requirement. The manifest fields are described below and
Implemented by: Manifest Element: Payload Format
3.5.6. Usability Requirement MFUR6
The manifest format must accommodate nested formats, announcing to
the target device all the nesting steps and any parameters used by
those steps.
Satisfies: User story MFUS6
Implemented by: Manifest Element: Processing Steps
3.5.7. Usability Requirement MFUR7
The manifest format must provide a method to specify multiple version
numbers of firmware to which the manifest applies, either with a list
or with range matching.
Satisfies: User story MFUS8
Implemented by: Manifest Element: Required Image Version List
3.5.8. Usability Requirement MFUR8
The manifest format must provide a mechanism to list multiple
equivalent payloads by Execute-In-Place Installation Address,
including the payload digest and, optionally, payload URIs.
Satisfies: User story MFUS9
Implemented by: Manifest Element: XIP Address
4. Manifest Information Elements
Each manifest element is anchored in a security requirement or a
usability requirement. The manifest elements are described below and
justified by their requirements. justified by their requirements.
4.1. Manifest Version Field: version identifier of the manifest 4.1. Manifest Element: version identifier of the manifest structure
structure
An identifier that describes which iteration of the manifest format An identifier that describes which iteration of the manifest format
is contained in the structure. is contained in the structure.
4.2. Manifest Field: Monotonic Sequence Number This element is MANDATORY and must be present in order to allow
devices to identify the version of the manifest data model that is in
use.
4.2. Manifest Element: Monotonic Sequence Number
A monotonically increasing sequence number. For convenience, the A monotonically increasing sequence number. For convenience, the
monotonic sequence number MAY be a UTC timestamp. This allows global monotonic sequence number MAY be a UTC timestamp. This allows global
synchronisation of sequence numbers without any additional synchronisation of sequence numbers without any additional
management. management.
This element is MANDATORY and is necessary to prevent malicious
actors from reverting a firmware update against the wishes of the
relevant authority.
Implements: Security Requirement MFSR1. Implements: Security Requirement MFSR1.
4.3. Manifest Field: Vendor ID Condition 4.3. Manifest Element: Vendor ID Condition
Vendor IDs MUST be unique. This is to prevent similarly, or Vendor IDs MUST be unique. This is to prevent similarly, or
identically named entities from different geographic regions from identically named entities from different geographic regions from
colliding in their customer's infrastructure. Recommended practice colliding in their customer's infrastructure. Recommended practice
is to use version 5 UUIDs with the vendor's domain name and the UUID is to use type 5 UUIDs with the vendor's domain name and the UUID DNS
DNS prefix [RFC4122]. Other options include version 1 and type 4 prefix. Other options include type 1 and type 4 UUIDs.
UUIDs.
Implements: Security Requirement MFSR2, MFSR4. This ID is OPTIONAL but RECOMMENDED and helps to distinguish between
identically named products from different vendors.
4.4. Manifest Field: Class ID Condition Implements: Security Requirement MFSR2, MFSR4f.
Class Identifiers MUST be unique within a Vendor ID. This is to 4.3.1. Example: Domain Name-based UUIDs
prevent similarly, or identically named devices colliding in their
customer's infrastructure. Recommended practice is to use type 5
UUIDs with the model, hardware revision, etc. and use the Vendor ID
as the UUID prefix. Other options include type 1 and type 4 UUIDs.
A device "Class" is defined as any device that can run the same
firmware without modification. Classes MAY be implemented in a more
granular way. Classes MUST NOT be implemented in a less granular
way. Class ID can encompass model name, hardware revision, software
revision. Devices MAY have multiple Class IDs.
Implements: Security Requirement MFSR2, MFSR4. Vendor A creates a UUID based on their domain name:
4.5. Manifest Field: Precursor Image Digest Condition vendorId = UUID5(DNS, "vendor-a.com")
Because the DNS infrastructure prevents multiple registrations of the
same domain name, this UUID is guaranteed to be unique. Because the
domain name is known, this UUID is reproducible. Type 1 and type 4
UUIDs produce similar guarantees of uniqueness, but not
reproducibility.
4.4. Manifest Element: Class ID Condition
A device "Class" is defined as any device that can accept the same
firmware update without modification. Class Identifiers MUST be
unique within a Vendor ID. This is to prevent similarly, or
identically named devices colliding in their customer's
infrastructure. Recommended practice is to use type 5 UUIDs with the
model, hardware revision, etc. and use the Vendor ID as the UUID
prefix. Other options include type 1 and type 4 UUIDs. Classes MAY
be implemented in a more granular way. Classes MUST NOT be
implemented in a less granular way. Class ID can encompass model
name, hardware revision, software revision. Devices MAY have
multiple Class IDs.
Note Well: Class ID is not a human-readable element. It is intended
for match/mismatch use only.
This ID is OPTIONAL but RECOMMENDED and allows devices to determine
applicability of a firmware in an unambiguous way.
Implements: Security Requirement MFSR2, MFSR4f.
4.4.1. Example 1: Different Classes
Vendor A creates product Z and product Y. The firmware images of
products Z and Y are not interchangeable. Vendor A creates UUIDs as
follows:
- vendorId = UUID5(DNS, "vendor-a.com")
- ZclassId = UUID5(vendorId, "Product Z")
- YclassId = UUID5(vendorId, "Product Y")
This ensures that Vendor A's Product Z cannot install firmware for
Product Y and Product Y cannot install firmware for Product Z.
4.4.2. Example 2: Upgrading Class ID
Vendor A creates product X. Later, Vendor A adds a new feature to
product X, creating product X v2. Product X requires a firmware
update to work with firmware intended for product X v2.
Vendor A creates UUIDs as follows:
- vendorId = UUID5(DNS, "vendor-a.com")
- XclassId = UUID5(vendorId, "Product X")
- Xv2classId = UUID5(vendorId, "Product X v2")
When product X receives the firmware update necessary to be
compatible with product X v2, part of the firmware update changes the
class ID to Xv2classId.
4.4.3. Example 3: Shared Functionality
Vendor A produces two products, product X and product Y. These
components share a common core (such as an operating system), but
have different applications. The common core and the applications
can be updated independently. To enable X and Y to receive the same
common core update, they require the same class ID. To ensure that
only product X receives application X and only product Y receives
application Y, product X and product Y must have different class IDs.
The vendor creates Class IDs as follows:
- vendorId = UUID5(DNS, "vendor-a.com")
- XclassId = UUID5(vendorId, "Product X")
- YclassId = UUID5(vendorId, "Product Y")
- CommonClassId = UUID5(vendorId, "common core")
Product X matches against both XclassId and CommonClassId. Product Y
matches against both YclassId and CommonClassId.
4.5. Manifest Element: Precursor Image Digest Condition
When a precursor image is required by the payload format, a precursor When a precursor image is required by the payload format, a precursor
image digest condition MUST be present in the conditions list. image digest condition MUST be present in the conditions list. The
precursor image may be installed or stored as a candidate.
Implements: Security Requirement MFSR4 This element is MANDATORY for differential updates. Otherwise, it is
not needed.
4.6. Manifest Field: Best-Before timestamp condition Implements: Security Requirement MFSR4e
This field tells a device the last application time. This is only 4.6. Manifest Element: Required Image Version List
When a payload applies to multiple versions of a firmware, the
required image version list specifies which versions must be present
for the update to be applied. This allows the update author to
target specific versions of firmware for an update, while excluding
those to which it should not be applied.
Where an update can only be applied over specific predecessor
versions, that version MUST be specified by the Required Image
Version List.
This element is OPTIONAL.
Implements: MFUR7
4.7. Manifest Element: Best-Before timestamp condition
This element tells a device the last application time. This is only
usable in conjunction with a secure clock. usable in conjunction with a secure clock.
This element is OPTIONAL and MAY enable use cases where a secure
clock is provided and firmware is intended to expire regularly.
Implements: Security Requirement MFSR3 Implements: Security Requirement MFSR3
4.7. Manifest Field: Payload Format 4.8. Manifest Element: Payload Format
The format of the payload must be indicated to devices in an The format of the payload must be indicated to devices is in an
unambiguous way. This field provides a mechanism to describe the unambiguous way. This element provides a mechanism to describe the
payload format, within the signed metadata. payload format, within the signed metadata.
Implements: Security Requirement MFSR4, Usability Requirement MFUR5 This element is MANDATORY and MUST be present to enable devices to
decode payloads correctly.
4.8. Manifest Field: Storage Location Implements: Security Requirement MFSR4a, Usability Requirement MFUR5
This field tells the device which component is being updated. The 4.9. Manifest Element: Processing Steps
A list of all payload processors necessary to process a nested format
and any parameters needed by those payload processors. Each
Processing Step SHOULD indicate the expected digest of the payload
after the processing is complete. Processing steps are distinct from
Directives in that Directives apply to the manifest as a whole,
whereas Processing Steps apply to an individual payload and provide
instructions on how to unpack it.
Implements: Usability Requirement MFUR6
4.10. Manifest Element: Storage Location
This element tells the device which component is being updated. The
device can use this to establish which permissions are necessary and device can use this to establish which permissions are necessary and
the physical location to use. the physical location to use.
Implements: Security Requirement MFSR4 This element is MANDATORY and MUST be present to enable devices to
store payloads to the correct location.
4.9. Manifest Field: URIs Implements: Security Requirement MFSR4b
This field is a list of weighted URIs, which are used to select where 4.10.1. Example 1: Two Storage Locations
to obtain a payload.
Implements: Security Requirement MFSR4 A device supports two components: an OS and an application. These
components can be updated independently, expressing dependencies to
ensure compatibility between the components. The firmware authority
chooses two storage identifiers:
4.10. Manifest Field: Digests - OS
This field is a map of digests, each for a separate stage of - APP
installation. This allows the target device to ensure authenticity
of the payload at every step of installation.
Implements: Security Requirement MFSR4 4.10.2. Example 2: File System
4.11. Manifest Field: Size A device supports a full filesystem. The firmware authority chooses
to make the storage identifier the path at which to install the
payload. The payload may be a tarball, in which case, it unpacks the
tarball into the specified path.
4.10.3. Example 3: Flash Memory
A device supports flash memory. The firmware authority chooses to
make the storage identifier the offset where the image should be
written.
4.11. Manifest Element: Component Identifier
In a heterogeneous storage architecture, a storage identifier is
insufficient to identify where and how to store a payload. To
resolve this, a component identifier indicates which part of the
storage architecture is targeted by the payload. In a homogeneous
storage architecture, this element is unnecessary.
This element is OPTIONAL and only necessary in heterogeneous storage
architecture devices.
Implements: MFUR3
4.12. Manifest Element: URIs
This element is a list of weighted URIs that the device uses to
select where to obtain a payload.
This element is OPTIONAL and only needed when the target device does
not intrinsically know where to find the payload.
Note: Devices will typically require URIs.
Implements: Security Requirement MFSR4c
4.13. Manifest Element: Payload Digest
This element contains the digest of the payload. This allows the
target device to ensure authenticity of the payload. It MUST be
possible to specify more than one payload digest, indexed by Manifest
Element: XIP Address.
This element is MANDATORY and fundamentally necessary to ensure the
authenticity and integrity of the payload.
Implements: Security Requirement MFSR4d, Usability Requirement MFUR8
4.14. Manifest Element: Size
The size of the payload in bytes. The size of the payload in bytes.
Implements: Security Requirement MFSR4 This element is MANDATORY and informs the target device how big of a
payload to expect. Without it, devices are exposed to some classes
of denial of service attack.
4.12. Manifest Field: Signature Implements: Security Requirement MFSR4d
This is not strictly a manifest field. Instead, the manifest is 4.15. Manifest Element: Signature
This is not strictly a manifest element. Instead, the manifest is
wrapped by a standardised authentication container, such as a COSE or wrapped by a standardised authentication container, such as a COSE or
CMS signature object. The authentication container MUST support CMS signature object. The authentication container MUST support
multiple actors and multiple authentications. multiple actors and multiple authentications.
This element is MANDATORY and represents the foundation of all
security properties of the manifest.
Implements: Security Requirement MFSR5, MFSR6, MFUR4 Implements: Security Requirement MFSR5, MFSR6, MFUR4
4.13. Manifest Field: Directives 4.16. Manifest Element: Directives
A list of instructions that the device should execute, in order, when A list of instructions that the device should execute, in order, when
installing the payload. processing the manifest. This information is distinct from the
information necessary to process a payload (Processing Steps) and
applies to the whole manifest including all payloads that it
references. Directives include information such as update timing
(For example, install only on Sunday, at 0200), procedural
considerations (for example, shut down the equipment under control
before executing the update), pre and post-installation steps (for
example, run a script).
This element is OPTIONAL and enables some use cases.
Implements: Usability Requirement MFUR1 Implements: Usability Requirement MFUR1
4.14. Manifest Field: Aliases 4.17. Manifest Element: Aliases
A list of URI/Digest pairs. A device is expected to build an alias A list of Digest/URI pairs. A device should build an alias table
table while paring a manifest tree and treat any aliases as top- while paring a manifest tree and treat any aliases as top-ranked URIs
ranked URIs for the corresponding digest. for the corresponding digest.
This element is OPTIONAL and enables some use cases.
Implements: Usability Requirement MFUR2 Implements: Usability Requirement MFUR2
4.15. Manifest Field: Dependencies 4.18. Manifest Element: Dependencies
A list of URI/Digest pairs that refer to other manifests by digest. A list of Digest/URI pairs that refer to other manifests by digest.
The manifests that are linked in this way must be acquired and The manifests that are linked in this way must be acquired and
installed simultaneously in order to form a complete update. installed simultaneously in order to form a complete update.
This element is MANDATORY to use in deployments that include both
multiple authorities and multiple payloads.
Implements: Usability Requirement MFUR3 Implements: Usability Requirement MFUR3
4.16. Manifest Field: Content Key Distribution Method 4.19. Manifest Element: Content Key Distribution Method
Efficiently encrypting firmware images requires the use of symmetric Encrypting firmware images requires symmetric content encryption
key cryptography. Since there are several methods to protect or keys. Since there are several methods to protect or distribute the
distribute the symmetric content encryption keys, the manifest symmetric content encryption keys, the manifest contains a element
contains a field for the Content Key Distribution Method. One for the Content Key Distribution Method. One examples for such a
example for such a Content Key Distribution Method is the usage of Content Key Distribution Method is the usage of Key Tables, pointing
Key Tables, pointing to content encryption keys, which themselves are to content encryption keys, which themselves are encrypted using the
encrypted using the public keys of devices. public keys of devices. This MAY be included in a decryption step
contained in Processing Steps.
This element is MANDATORY to use for encrypted payloads,
Implements: Security Requirement MFSR7. Implements: Security Requirement MFSR7.
4.20. Manifest Element: XIP Address
In order to support XIP systems with multiple possible base
addresses, it is necessary to specify which address the payload is
linked for.
For example a microcontroller may have a simple bootloader that
chooses one of two images to boot. That microcontroller then needs
to choose one of two firmware images to install, based on which of
its two images is older.
Implements: MFUR8
5. Security Considerations 5. Security Considerations
Security considerations for this document are covered in Section 3. Security considerations for this document are covered in Section 3.
6. IANA Considerations 6. IANA Considerations
This document does not require any actions by IANA. This document does not require any actions by IANA.
7. Acknowledgements 7. Acknowledgements
We would like to thank our working group chairs, Dave Thaler, Russ We would like to thank our working group chairs, Dave Thaler, Russ
Housley and David Waltermire, for their review comments and their Housley and David Waltermire, for their review comments and their
support. support.
We would like to thank the participants of the 2018 Berlin SUIT
Hackathon and the June 2018 virtual design team meetings for their
discussion input. In particular, we would like to thank Koen
Zandberg, Emmanuel Baccelli, Carsten Bormann, David Brown, Markus
Gueller, Frank Audun Kvamtro, Oyvind Ronningstad, Michael Richardson,
Jan-Frederik Rieckers Francisco Acosta, Anton Gerasimov, Matthias
Waehlisch, Max Groening, Daniel Petry, Gaetan Harter, Ralph Hamm,
Steve Patrick, Fabio Utzig, Paul Lambert, Benjamin Kaduk, Said
Gharout, and Milen Stoychev.
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-suit-architecture]
Moran, B., Meriac, M., Tschofenig, H., and D. Brown, "A
Firmware Update Architecture for Internet of Things
Devices", draft-ietf-suit-architecture-01 (work in
progress), July 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
8.2. Informative References 8.2. Informative References
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, <https://www.rfc- DOI 10.17487/RFC4122, July 2005, <https://www.rfc-
skipping to change at page 19, line 31 skipping to change at line 1352
Hannes Tschofenig Hannes Tschofenig
Arm Limited Arm Limited
EMail: hannes.tschofenig@gmx.net EMail: hannes.tschofenig@gmx.net
Henk Birkholz Henk Birkholz
Fraunhofer SIT Fraunhofer SIT
EMail: henk.birkholz@sit.fraunhofer.de EMail: henk.birkholz@sit.fraunhofer.de
Jaime Jimenez
Ericsson
EMail: jaime.jimenez@ericsson.com
 End of changes. 127 change blocks. 
280 lines changed or deleted 801 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/