draft-ietf-suit-manifest-13.txt   draft-ietf-suit-manifest-14.txt 
SUIT B. Moran SUIT B. Moran
Internet-Draft H. Tschofenig Internet-Draft H. Tschofenig
Intended status: Standards Track Arm Limited Intended status: Standards Track Arm Limited
Expires: November 26, 2021 H. Birkholz Expires: January 13, 2022 H. Birkholz
Fraunhofer SIT Fraunhofer SIT
K. Zandberg K. Zandberg
Inria Inria
May 25, 2021 July 12, 2021
A Concise Binary Object Representation (CBOR)-based Serialization Format A Concise Binary Object Representation (CBOR)-based Serialization Format
for the Software Updates for Internet of Things (SUIT) Manifest for the Software Updates for Internet of Things (SUIT) Manifest
draft-ietf-suit-manifest-13 draft-ietf-suit-manifest-14
Abstract Abstract
This specification describes the format of a manifest. A manifest is This specification describes the format of a manifest. A manifest is
a bundle of metadata about code/data obtained by a recipient (chiefly a bundle of metadata about code/data obtained by a recipient (chiefly
the firmware for an IoT device), where to find the that code/data, the firmware for an IoT device), where to find the that code/data,
the devices to which it applies, and cryptographic information the devices to which it applies, and cryptographic information
protecting the manifest. Software updates and Trusted Invocation protecting the manifest. Software updates and Trusted Invocation
both tend to use sequences of common operations, so the manifest both tend to use sequences of common operations, so the manifest
encodes those sequences of operations, rather than declaring the encodes those sequences of operations, rather than declaring the
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 26, 2021. This Internet-Draft will expire on January 13, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 24
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 6 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 6
3. How to use this Document . . . . . . . . . . . . . . . . . . 8 3. How to use this Document . . . . . . . . . . . . . . . . . . 8
4. Background . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Background . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. IoT Firmware Update Constraints . . . . . . . . . . . . . 9 4.1. IoT Firmware Update Constraints . . . . . . . . . . . . . 9
4.2. SUIT Workflow Model . . . . . . . . . . . . . . . . . . . 10 4.2. SUIT Workflow Model . . . . . . . . . . . . . . . . . . . 10
5. Metadata Structure Overview . . . . . . . . . . . . . . . . . 11 5. Metadata Structure Overview . . . . . . . . . . . . . . . . . 11
5.1. Envelope . . . . . . . . . . . . . . . . . . . . . . . . 13 5.1. Envelope . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2. Delegation Chains . . . . . . . . . . . . . . . . . . . . 13 5.2. Delegation Chains . . . . . . . . . . . . . . . . . . . . 13
5.3. Authentication Block . . . . . . . . . . . . . . . . . . 13 5.3. Authentication Block . . . . . . . . . . . . . . . . . . 13
5.4. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 14 5.4. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 13
5.4.1. Critical Metadata . . . . . . . . . . . . . . . . . . 14 5.4.1. Critical Metadata . . . . . . . . . . . . . . . . . . 14
5.4.2. Common . . . . . . . . . . . . . . . . . . . . . . . 14 5.4.2. Common . . . . . . . . . . . . . . . . . . . . . . . 14
5.4.3. Command Sequences . . . . . . . . . . . . . . . . . . 14 5.4.3. Command Sequences . . . . . . . . . . . . . . . . . . 14
5.4.4. Integrity Check Values . . . . . . . . . . . . . . . 15 5.4.4. Integrity Check Values . . . . . . . . . . . . . . . 15
5.4.5. Human-Readable Text . . . . . . . . . . . . . . . . . 15 5.4.5. Human-Readable Text . . . . . . . . . . . . . . . . . 15
5.5. Severable Elements . . . . . . . . . . . . . . . . . . . 15 5.5. Severable Elements . . . . . . . . . . . . . . . . . . . 15
5.6. Integrated Dependencies and Payloads . . . . . . . . . . 16 5.6. Integrated Dependencies and Payloads . . . . . . . . . . 16
6. Manifest Processor Behavior . . . . . . . . . . . . . . . . . 16 6. Manifest Processor Behavior . . . . . . . . . . . . . . . . . 16
6.1. Manifest Processor Setup . . . . . . . . . . . . . . . . 16 6.1. Manifest Processor Setup . . . . . . . . . . . . . . . . 16
6.2. Required Checks . . . . . . . . . . . . . . . . . . . . . 17 6.2. Required Checks . . . . . . . . . . . . . . . . . . . . . 17
skipping to change at page 3, line 22 skipping to change at page 3, line 22
8.2. Envelope . . . . . . . . . . . . . . . . . . . . . . . . 36 8.2. Envelope . . . . . . . . . . . . . . . . . . . . . . . . 36
8.3. Delegation Chains . . . . . . . . . . . . . . . . . . . . 36 8.3. Delegation Chains . . . . . . . . . . . . . . . . . . . . 36
8.4. Authenticated Manifests . . . . . . . . . . . . . . . . . 36 8.4. Authenticated Manifests . . . . . . . . . . . . . . . . . 36
8.5. Encrypted Manifests . . . . . . . . . . . . . . . . . . . 37 8.5. Encrypted Manifests . . . . . . . . . . . . . . . . . . . 37
8.6. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 37 8.6. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 37
8.6.1. suit-manifest-version . . . . . . . . . . . . . . . . 38 8.6.1. suit-manifest-version . . . . . . . . . . . . . . . . 38
8.6.2. suit-manifest-sequence-number . . . . . . . . . . . . 38 8.6.2. suit-manifest-sequence-number . . . . . . . . . . . . 38
8.6.3. suit-reference-uri . . . . . . . . . . . . . . . . . 38 8.6.3. suit-reference-uri . . . . . . . . . . . . . . . . . 38
8.6.4. suit-text . . . . . . . . . . . . . . . . . . . . . . 38 8.6.4. suit-text . . . . . . . . . . . . . . . . . . . . . . 38
8.7. text-version-required . . . . . . . . . . . . . . . . . . 40 8.7. text-version-required . . . . . . . . . . . . . . . . . . 40
8.7.1. suit-coswid . . . . . . . . . . . . . . . . . . . . . 40 8.7.1. suit-coswid . . . . . . . . . . . . . . . . . . . . . 41
8.7.2. suit-common . . . . . . . . . . . . . . . . . . . . . 40 8.7.2. suit-common . . . . . . . . . . . . . . . . . . . . . 41
8.7.3. SUIT_Command_Sequence . . . . . . . . . . . . . . . . 42 8.7.3. SUIT_Command_Sequence . . . . . . . . . . . . . . . . 43
8.7.4. Reporting Policy . . . . . . . . . . . . . . . . . . 44 8.7.4. Reporting Policy . . . . . . . . . . . . . . . . . . 45
8.7.5. SUIT_Parameters . . . . . . . . . . . . . . . . . . . 46 8.7.5. SUIT_Parameters . . . . . . . . . . . . . . . . . . . 46
8.7.6. SUIT_Condition . . . . . . . . . . . . . . . . . . . 57 8.7.6. SUIT_Condition . . . . . . . . . . . . . . . . . . . 57
8.7.7. SUIT_Directive . . . . . . . . . . . . . . . . . . . 61 8.7.7. SUIT_Directive . . . . . . . . . . . . . . . . . . . 61
8.7.8. suit-directive-garbage-collect . . . . . . . . . . . 68 8.7.8. suit-directive-unlink . . . . . . . . . . . . . . . . 68
8.7.9. Integrity Check Values . . . . . . . . . . . . . . . 69 8.7.9. Integrity Check Values . . . . . . . . . . . . . . . 69
8.8. Severable Elements . . . . . . . . . . . . . . . . . . . 69 8.8. Severable Elements . . . . . . . . . . . . . . . . . . . 69
9. Access Control Lists . . . . . . . . . . . . . . . . . . . . 70 9. Access Control Lists . . . . . . . . . . . . . . . . . . . . 70
10. SUIT Digest Container . . . . . . . . . . . . . . . . . . . . 70 10. SUIT Digest Container . . . . . . . . . . . . . . . . . . . . 70
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 70 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 71
11.1. SUIT Commands . . . . . . . . . . . . . . . . . . . . . 71 11.1. SUIT Commands . . . . . . . . . . . . . . . . . . . . . 71
11.2. SUIT Parameters . . . . . . . . . . . . . . . . . . . . 73 11.2. SUIT Parameters . . . . . . . . . . . . . . . . . . . . 73
11.3. SUIT Text Values . . . . . . . . . . . . . . . . . . . . 74 11.3. SUIT Text Values . . . . . . . . . . . . . . . . . . . . 75
11.4. SUIT Component Text Values . . . . . . . . . . . . . . . 74 11.4. SUIT Component Text Values . . . . . . . . . . . . . . . 75
11.5. SUIT Algorithm Identifiers . . . . . . . . . . . . . . . 74 11.5. SUIT Algorithm Identifiers . . . . . . . . . . . . . . . 75
11.5.1. SUIT Digest Algorithm Identifiers . . . . . . . . . 74 11.5.1. SUIT Compression Algorithm Identifiers . . . . . . . 75
11.5.2. SUIT Compression Algorithm Identifiers . . . . . . . 75 11.5.2. Unpack Algorithms . . . . . . . . . . . . . . . . . 76
11.5.3. Unpack Algorithms . . . . . . . . . . . . . . . . . 75
12. Security Considerations . . . . . . . . . . . . . . . . . . . 76 12. Security Considerations . . . . . . . . . . . . . . . . . . . 76
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 76 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 76
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 76 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 77
14.1. Normative References . . . . . . . . . . . . . . . . . . 76 14.1. Normative References . . . . . . . . . . . . . . . . . . 77
14.2. Informative References . . . . . . . . . . . . . . . . . 77 14.2. Informative References . . . . . . . . . . . . . . . . . 78
Appendix A. A. Full CDDL . . . . . . . . . . . . . . . . . . . . 79 Appendix A. A. Full CDDL . . . . . . . . . . . . . . . . . . . . 80
Appendix B. B. Examples . . . . . . . . . . . . . . . . . . . . 88 Appendix B. B. Examples . . . . . . . . . . . . . . . . . . . . 89
B.1. Example 0: Secure Boot . . . . . . . . . . . . . . . . . 89 B.1. Example 0: Secure Boot . . . . . . . . . . . . . . . . . 90
B.2. Example 1: Simultaneous Download and Installation of B.2. Example 1: Simultaneous Download and Installation of
Payload . . . . . . . . . . . . . . . . . . . . . . . . . 91 Payload . . . . . . . . . . . . . . . . . . . . . . . . . 92
B.3. Example 2: Simultaneous Download, Installation, Secure B.3. Example 2: Simultaneous Download, Installation, Secure
Boot, Severed Fields . . . . . . . . . . . . . . . . . . 93 Boot, Severed Fields . . . . . . . . . . . . . . . . . . 94
B.4. Example 3: A/B images . . . . . . . . . . . . . . . . . . 96 B.4. Example 3: A/B images . . . . . . . . . . . . . . . . . . 98
B.5. Example 4: Load and Decompress from External Storage . . 99 B.5. Example 4: Load and Decompress from External Storage . . 101
B.6. Example 5: Two Images . . . . . . . . . . . . . . . . . . 102 B.6. Example 5: Two Images . . . . . . . . . . . . . . . . . . 104
Appendix C. C. Design Rational . . . . . . . . . . . . . . . . . 105 Appendix C. C. Design Rational . . . . . . . . . . . . . . . . . 107
C.1. C.1 Design Rationale: Envelope . . . . . . . . . . . . . 106 C.1. C.1 Design Rationale: Envelope . . . . . . . . . . . . . 108
C.2. C.2 Byte String Wrappers . . . . . . . . . . . . . . . . 107 C.2. C.2 Byte String Wrappers . . . . . . . . . . . . . . . . 109
Appendix D. D. Implementation Conformance Matrix . . . . . . . . 107 Appendix D. D. Implementation Conformance Matrix . . . . . . . . 109
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 111 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 113
1. Introduction 1. Introduction
A firmware update mechanism is an essential security feature for IoT A firmware update mechanism is an essential security feature for IoT
devices to deal with vulnerabilities. While the transport of devices to deal with vulnerabilities. While the transport of
firmware images to the devices themselves is important there are firmware images to the devices themselves is important there are
already various techniques available. Equally important is the already various techniques available. Equally important is the
inclusion of metadata about the conveyed firmware image (in the form inclusion of metadata about the conveyed firmware image (in the form
of a manifest) and the use of a security wrapper to provide end-to- of a manifest) and the use of a security wrapper to provide end-to-
end security protection to detect modifications and (optionally) to end security protection to detect modifications and (optionally) to
skipping to change at page 13, line 33 skipping to change at page 13, line 24
Tokens (CWTs). The first claim in each list is signed by a Trust Tokens (CWTs). The first claim in each list is signed by a Trust
Anchor. Each subsequent claim in a list is signed by the public key Anchor. Each subsequent claim in a list is signed by the public key
claimed in the preceding list element. The last element in each list claimed in the preceding list element. The last element in each list
claims a public key that can be used to verify a signature in the claims a public key that can be used to verify a signature in the
Authentication Block (Section 5.3). Authentication Block (Section 5.3).
See Section 8.3 for more detail. See Section 8.3 for more detail.
5.3. Authentication Block 5.3. Authentication Block
The Authentication Block contains a bstr-wrapped Section 10 and one The Authentication Block contains a bstr-wrapped SUIT Digest
or more [RFC8152] CBOR Object Signing and Encryption (COSE) Container, see Section 10, and one or more [RFC8152] CBOR Object
authentication blocks. These blocks are one of: Signing and Encryption (COSE) authentication blocks. These blocks
are one of:
- COSE_Sign_Tagged - COSE_Sign_Tagged
- COSE_Sign1_Tagged - COSE_Sign1_Tagged
- COSE_Mac_Tagged - COSE_Mac_Tagged
- COSE_Mac0_Tagged - COSE_Mac0_Tagged
Each of these objects is used in detached payload mode. The payload Each of these objects is used in detached payload mode. The payload
skipping to change at page 22, line 22 skipping to change at page 22, line 14
| | | | | |
| Process | exec(current[common]); exec(current[current- | | Process | exec(current[common]); exec(current[current- |
| Dependency | segment]) | | Dependency | segment]) |
| | | | | |
| Run | run(current) | | Run | run(current) |
| | | | | |
| Fetch | store(current, fetch(current.params[uri])) | | Fetch | store(current, fetch(current.params[uri])) |
| | | | | |
| Use Before | assert(now() < arg) | | Use Before | assert(now() < arg) |
| | | | | |
| Check Component | assert(offsetof(current) == arg) | | Check Component | assert(current.slot-index == arg) |
| Offset | | | Slot | |
| | | | | |
| Check Device | assert(binary-match(current, | | Check Device | assert(binary-match(current, |
| Identifier | current.params[device-id])) | | Identifier | current.params[device-id])) |
| | | | | |
| Check Image Not | assert(not binary-match(digest(current), | | Check Image Not | assert(not binary-match(digest(current), |
| Match | current.params[digest])) | | Match | current.params[digest])) |
| | | | | |
| Check Minimum | assert(battery >= arg) | | Check Minimum | assert(battery >= arg) |
| Battery | | | Battery | |
| | | | | |
skipping to change at page 23, line 7 skipping to change at page 22, line 47
| | | | | |
| Swap | swap(current, current.params[src-component]) | | Swap | swap(current, current.params[src-component]) |
| | | | | |
| Wait For Event | until event(arg), wait | | Wait For Event | until event(arg), wait |
| | | | | |
| Run Sequence | exec(arg) | | Run Sequence | exec(arg) |
| | | | | |
| Run with | run(current, arg) | | Run with | run(current, arg) |
| Arguments | | | Arguments | |
| | | | | |
| Garbage Collect | garbage-collect(current) | | Unlink | unlink(current) |
+-------------------+-----------------------------------------------+ +-------------------+-----------------------------------------------+
6.5. Special Cases of Component Index and Dependency Index 6.5. Special Cases of Component Index and Dependency Index
Component Index and Dependency Index can each take on one of three Component Index and Dependency Index can each take on one of three
types: types:
1. Integer 1. Integer
2. Array of integers 2. Array of integers
skipping to change at page 34, line 19 skipping to change at page 34, line 19
The following commands are placed in the common block: The following commands are placed in the common block:
- Set Component Index directive (see Section 8.7.7.1) - Set Component Index directive (see Section 8.7.7.1)
- Try Each - Try Each
o First Sequence: o First Sequence:
* Override Parameters directive (see Section 8.7.7.6, * Override Parameters directive (see Section 8.7.7.6,
Section 8.7.5) for Offset A Section 8.7.5) for Slot A
* Check Offset Condition (see Section 8.7.6.5) * Check Slot Condition (see Section 8.7.6.5)
* Override Parameters directive (see Section 8.7.7.6) for * Override Parameters directive (see Section 8.7.7.6) for
Image Digest A and Image Size A (see Section 8.7.5) Image Digest A and Image Size A (see Section 8.7.5)
o Second Sequence: o Second Sequence:
* Override Parameters directive (see Section 8.7.7.6, * Override Parameters directive (see Section 8.7.7.6,
Section 8.7.5) for Offset B Section 8.7.5) for Slot B
* Check Offset Condition (see Section 8.7.6.5) * Check Slot Condition (see Section 8.7.6.5)
* Override Parameters directive (see Section 8.7.7.6) for * Override Parameters directive (see Section 8.7.7.6) for
Image Digest B and Image Size B (see Section 8.7.5) Image Digest B and Image Size B (see Section 8.7.5)
The following commands are placed in the fetch block or install block The following commands are placed in the fetch block or install block
- Set Component Index directive (see Section 8.7.7.1) - Set Component Index directive (see Section 8.7.7.1)
- Try Each - Try Each
o First Sequence: o First Sequence:
* Override Parameters directive (see Section 8.7.7.6, * Override Parameters directive (see Section 8.7.7.6,
Section 8.7.5) for Offset A Section 8.7.5) for Slot A
* Check Offset Condition (see Section 8.7.6.5) * Check Slot Condition (see Section 8.7.6.5)
* Set Parameters directive (see Section 8.7.7.6) for URI A * Set Parameters directive (see Section 8.7.7.6) for URI A
(see Section 8.7.5) (see Section 8.7.5)
o Second Sequence: o Second Sequence:
* Override Parameters directive (see Section 8.7.7.6, * Override Parameters directive (see Section 8.7.7.6,
Section 8.7.5) for Offset B Section 8.7.5) for Slot B
* Check Offset Condition (see Section 8.7.6.5) * Check Slot Condition (see Section 8.7.6.5)
* Set Parameters directive (see Section 8.7.7.6) for URI B * Set Parameters directive (see Section 8.7.7.6) for URI B
(see Section 8.7.5) (see Section 8.7.5)
- Fetch - Fetch
If Trusted Invocation (Section 7.2) is used, only the run sequence is If Trusted Invocation (Section 7.2) is used, only the run sequence is
added to this template, since the common sequence is populated by added to this template, since the common sequence is populated by
this template. this template.
NOTE: Any test can be used to select between images, Check Offset NOTE: Any test can be used to select between images, Check Slot
Condition is used in this template because it is a typical test for Condition is used in this template because it is a typical test for
execute-in-place devices. execute-in-place devices.
8. Metadata Structure 8. Metadata Structure
The metadata for SUIT updates is composed of several primary The metadata for SUIT updates is composed of several primary
constituent parts: the Envelope, Delegation Chains, Authentication constituent parts: the Envelope, Delegation Chains, Authentication
Information, Manifest, and Severable Elements. Information, Manifest, and Severable Elements.
For a diagram of the metadata structure, see Section 5. For a diagram of the metadata structure, see Section 5.
skipping to change at page 36, line 35 skipping to change at page 36, line 35
keys. keys.
A Recipient MAY choose to cache intermediaries and/or delegates. If A Recipient MAY choose to cache intermediaries and/or delegates. If
an Update Distributor knows that a targeted Recipient has cached some an Update Distributor knows that a targeted Recipient has cached some
intermediaries or delegates, it MAY choose to strip any cached intermediaries or delegates, it MAY choose to strip any cached
intermediaries or delegates from the Delegation Chains in order to intermediaries or delegates from the Delegation Chains in order to
reduce bandwidth and energy. reduce bandwidth and energy.
8.4. Authenticated Manifests 8.4. Authenticated Manifests
The suit-authentication-wrapper contains a list containing a The suit-authentication-wrapper contains a list containing a SUIT
Section 10 and one or more cryptographic authentication wrappers for Digest Container (see Section 10) and one or more cryptographic
the Manifest. These are implemented as COSE_Mac_Tagged or authentication wrappers for the Manifest. These blocks are
COSE_Sign_Tagged blocks. Each of these blocks contains a SUIT_Digest implemented as COSE_Mac_Tagged or COSE_Sign_Tagged structures. Each
of the Manifest. This enables modular processing of the manifest. of these blocks contains a SUIT_Digest of the Manifest. This enables
The COSE_Mac_Tagged and COSE_Sign_Tagged blocks are described in RFC modular processing of the manifest. The COSE_Mac_Tagged and
8152 [RFC8152]. The suit-authentication-wrapper MUST come before any COSE_Sign_Tagged blocks are described in RFC 8152 [RFC8152]. The
element in the SUIT_Envelope, except for the OPTIONAL suit- suit-authentication-wrapper MUST come before any element in the
delegation, regardless of canonical encoding of CBOR. All validators SUIT_Envelope, except for the OPTIONAL suit-delegation, regardless of
MUST reject any SUIT_Envelope that begins with any element other than canonical encoding of CBOR. All validators MUST reject any
a suit-authentication-wrapper or suit-delegation. SUIT_Envelope that begins with any element other than a suit-
authentication-wrapper or suit-delegation.
A SUIT_Envelope that has not had authentication information added A SUIT_Envelope that has not had authentication information added
MUST still contain the suit-authentication-wrapper element, but the MUST still contain the suit-authentication-wrapper element, but the
content MUST be a list containing only the SUIT_Digest. content MUST be a list containing only the SUIT_Digest.
A signing application MUST verify the suit-manifest element against A signing application MUST verify the suit-manifest element against
the SUIT_Digest prior to signing. the SUIT_Digest prior to signing.
8.5. Encrypted Manifests 8.5. Encrypted Manifests
skipping to change at page 41, line 15 skipping to change at page 41, line 40
dependency tree MUST contain a suit-components block. dependency tree MUST contain a suit-components block.
suit-common-sequence is a SUIT_Command_Sequence to execute prior to suit-common-sequence is a SUIT_Command_Sequence to execute prior to
executing any other command sequence. Typical actions in suit- executing any other command sequence. Typical actions in suit-
common-sequence include setting expected Recipient identity and image common-sequence include setting expected Recipient identity and image
digests when they are conditional (see Section 8.7.7.3 and digests when they are conditional (see Section 8.7.7.3 and
Section 7.11 for more information on conditional sequences). suit- Section 7.11 for more information on conditional sequences). suit-
common-sequence is RECOMMENDED to implement. It is REQUIRED if the common-sequence is RECOMMENDED to implement. It is REQUIRED if the
optimizations described in Section 6.2.1 will be used. Whenever a optimizations described in Section 6.2.1 will be used. Whenever a
parameter or Try Each command is required by more than one Command parameter or Try Each command is required by more than one Command
Sequence, placing that parameter or commamd in suit-common-sequence Sequence, placing that parameter or command in suit-common-sequence
results in a smaller encoding. results in a smaller encoding.
8.7.2.1. Dependencies 8.7.2.1. Dependencies
SUIT_Dependency specifies a manifest that describes a dependency of SUIT_Dependency specifies a manifest that describes a dependency of
the current manifest. The Manifest is identified, but the Recipient the current manifest. The Manifest is identified, but the Recipient
should expect an Envelope when it acquires the dependency. This is should expect an Envelope when it acquires the dependency. This is
because the Manifest is the one invariant element of the Envelope, because the Manifest is the one invariant element of the Envelope,
where other elements may change by countersigning, adding where other elements may change by countersigning, adding
authentication blocks, or severing elements. authentication blocks, or severing elements.
skipping to change at page 46, line 46 skipping to change at page 47, line 17
| | | | | | | |
| Image Digest | suit-parameter-image-digest | Section 8.7.5 | | Image Digest | suit-parameter-image-digest | Section 8.7.5 |
| | | .6 | | | | .6 |
| | | | | | | |
| Image Size | suit-parameter-image-size | Section 8.7.5 | | Image Size | suit-parameter-image-size | Section 8.7.5 |
| | | .7 | | | | .7 |
| | | | | | | |
| Use Before | suit-parameter-use-before | Section 8.7.5 | | Use Before | suit-parameter-use-before | Section 8.7.5 |
| | | .8 | | | | .8 |
| | | | | | | |
| Component | suit-parameter-component-offset | Section 8.7.5 | | Component Slot | suit-parameter-component-slot | Section 8.7.5 |
| Offset | | .9 | | | | .9 |
| | | | | | | |
| Encryption | suit-parameter-encryption-info | Section 8.7.5 | | Encryption | suit-parameter-encryption-info | Section 8.7.5 |
| Info | | .10 | | Info | | .10 |
| | | | | | | |
| Compression | suit-parameter-compression-info | Section 8.7.5 | | Compression | suit-parameter-compression-info | Section 8.7.5 |
| Info | | .11 | | Info | | .11 |
| | | | | | | |
| Unpack Info | suit-parameter-unpack-info | Section 8.7.5 | | Unpack Info | suit-parameter-unpack-info | Section 8.7.5 |
| | | .12 | | | | .12 |
| | | | | | | |
skipping to change at page 50, line 47 skipping to change at page 51, line 17
The size of the firmware image in bytes. This size is encoded as a The size of the firmware image in bytes. This size is encoded as a
positive integer. positive integer.
8.7.5.8. suit-parameter-use-before 8.7.5.8. suit-parameter-use-before
An expiry date for the use of the manifest encoded as the positive An expiry date for the use of the manifest encoded as the positive
integer number of seconds since 1970-01-01. Implementations that use integer number of seconds since 1970-01-01. Implementations that use
this parameter MUST use a 64-bit internal representation of the this parameter MUST use a 64-bit internal representation of the
integer. integer.
8.7.5.9. suit-parameter-component-offset 8.7.5.9. suit-parameter-component-slot
This parameter sets the offset in a component. Some components This parameter sets the slot index of a component. Some components
support multiple possible Slots (offsets into a storage area). This support multiple possible Slots (offsets into a storage area). This
parameter describes the intended Slot to use, identified by its parameter describes the intended Slot to use, identified by its index
offset into the component's storage area. This offset MUST be into the component's storage area. This slot MUST be encoded as a
encoded as a positive integer. positive integer.
8.7.5.10. suit-parameter-encryption-info 8.7.5.10. suit-parameter-encryption-info
Encryption Info defines the keys and algorithm information Fetch or Encryption Info defines the keys and algorithm information Fetch or
Copy has to use to decrypt the confidentiality protected data. Copy has to use to decrypt the confidentiality protected data.
SUIT_Parameter_Encryption_Info is encoded as a COSE_Encrypt_Tagged SUIT_Parameter_Encryption_Info is encoded as a COSE_Encrypt_Tagged
structure wrapped in a bstr. A separate document will profile the structure wrapped in a bstr. A separate document will profile the
COSE specification for use of manifest and firmware encrytion. COSE specification for use of manifest and firmware encrytion.
8.7.5.11. suit-parameter-compression-info 8.7.5.11. suit-parameter-compression-info
SUIT_Compression_Info defines any information that is required for a SUIT_Compression_Info defines any information that is required for a
Recipient to perform decompression operations. SUIT_Compression_Info Recipient to perform decompression operations. SUIT_Compression_Info
is a map containing this data. The only element defined for the map is a map containing this data. The only element defined for the map
in this specification is the suit-compression-algorithm. This in this specification is the suit-compression-algorithm. This
document defines the following suit-compression-algorithm's: ZLIB document defines the following suit-compression-algorithm's: ZLIB
[RFC1950], Brotli [RFC7932], and ZSTD [I-D.kucherawy-rfc8478bis]. [RFC1950], Brotli [RFC7932], and ZSTD [RFC8878].
Additional suit-compression-algorithm's can be registered through the Additional suit-compression-algorithm's can be registered through the
IANA-maintained registry. If such a format requires more data than IANA-maintained registry. If such a format requires more data than
an algorithm identifier, one or more new elements MUST be introduced an algorithm identifier, one or more new elements MUST be introduced
by specifying an element for SUIT_Compression_Info-extensions. by specifying an element for SUIT_Compression_Info-extensions.
8.7.5.12. suit-parameter-unpack-info 8.7.5.12. suit-parameter-unpack-info
SUIT_Unpack_Info defines the information required for a Recipient to SUIT_Unpack_Info defines the information required for a Recipient to
interpret a packed format. This document defines the use of the interpret a packed format. This document defines the use of the
skipping to change at page 58, line 26 skipping to change at page 58, line 26
| | | | | | | |
| Image Match | suit-condition-image-match | Section 8.7.6 | | Image Match | suit-condition-image-match | Section 8.7.6 |
| | | .2 | | | | .2 |
| | | | | | | |
| Image Not | suit-condition-image-not-match | Section 8.7.6 | | Image Not | suit-condition-image-not-match | Section 8.7.6 |
| Match | | .3 | | Match | | .3 |
| | | | | | | |
| Use Before | suit-condition-use-before | Section 8.7.6 | | Use Before | suit-condition-use-before | Section 8.7.6 |
| | | .4 | | | | .4 |
| | | | | | | |
| Component | suit-condition-component-offset | Section 8.7.6 | | Component Slot | suit-condition-component-slot | Section 8.7.6 |
| Offset | | .5 | | | | .5 |
| | | | | | | |
| Minimum | suit-condition-minimum-battery | Section 8.7.6 | | Minimum | suit-condition-minimum-battery | Section 8.7.6 |
| Battery | | .6 | | Battery | | .6 |
| | | | | | | |
| Update | suit-condition-update-authorized | Section 8.7.6 | | Update | suit-condition-update-authorized | Section 8.7.6 |
| Authorized | | .7 | | Authorized | | .7 |
| | | | | | | |
| Version | suit-condition-version | Section 8.7.6 | | Version | suit-condition-version | Section 8.7.6 |
| | | .8 | | | | .8 |
| | | | | | | |
skipping to change at page 60, line 31 skipping to change at page 60, line 31
Verify that the current time is BEFORE the specified time. suit- Verify that the current time is BEFORE the specified time. suit-
condition-use-before is used to specify the last time at which an condition-use-before is used to specify the last time at which an
update should be installed. The recipient evaluates the current time update should be installed. The recipient evaluates the current time
against the suit-parameter-use-before parameter (Section 8.7.5.8), against the suit-parameter-use-before parameter (Section 8.7.5.8),
which must have already been set as a parameter, encoded as seconds which must have already been set as a parameter, encoded as seconds
after 1970-01-01 00:00:00 UTC. Timestamp conditions MUST be after 1970-01-01 00:00:00 UTC. Timestamp conditions MUST be
evaluated in 64 bits, regardless of encoded CBOR size. suit- evaluated in 64 bits, regardless of encoded CBOR size. suit-
condition-use-before is OPTIONAL to implement. condition-use-before is OPTIONAL to implement.
8.7.6.5. suit-condition-component-offset 8.7.6.5. suit-condition-component-slot
Verify that the offset of the current component matches the offset Verify that the slot index of the current component matches the slot
set in suit-parameter-component-offset (Section 8.7.5.9). This index set in suit-parameter-component-slot (Section 8.7.5.9). This
condition allows a manifest to select between several images to match condition allows a manifest to select between several images to match
a target offset. a target slot.
8.7.6.6. suit-condition-minimum-battery 8.7.6.6. suit-condition-minimum-battery
suit-condition-minimum-battery provides a mechanism to test a suit-condition-minimum-battery provides a mechanism to test a
Recipient's battery level before installing an update. This Recipient's battery level before installing an update. This
condition is primarily for use in primary-cell applications, where condition is primarily for use in primary-cell applications, where
the battery is only ever discharged. For batteries that are charged, the battery is only ever discharged. For batteries that are charged,
suit-directive-wait is more appropriate, since it defines a "wait" suit-directive-wait is more appropriate, since it defines a "wait"
until the battery level is sufficient to install the update. suit- until the battery level is sufficient to install the update. suit-
condition-minimum-battery is specified in mWh. suit-condition- condition-minimum-battery is specified in mWh. suit-condition-
skipping to change at page 62, line 48 skipping to change at page 62, line 48
| | | | | | | |
| Wait For | suit-directive-wait | Section 8.7 | | Wait For | suit-directive-wait | Section 8.7 |
| Event | | .7.11 | | Event | | .7.11 |
| | | | | | | |
| Run Sequence | suit-directive-run-sequence | Section 8.7 | | Run Sequence | suit-directive-run-sequence | Section 8.7 |
| | | .7.12 | | | | .7.12 |
| | | | | | | |
| Swap | suit-directive-swap | Section 8.7 | | Swap | suit-directive-swap | Section 8.7 |
| | | .7.13 | | | | .7.13 |
| | | | | | | |
| Garbage | suit-directive-garbage-collect | Section 8.7 | | Unlink | suit-directive-unlink | Section 8.7 |
| Collect | | .8 | | | | .8 |
+---------------+-------------------------------------+-------------+ +---------------+-------------------------------------+-------------+
The abstract description of these commands is defined in Section 6.4. The abstract description of these commands is defined in Section 6.4.
When a Recipient executes a Directive, it MUST report a result code. When a Recipient executes a Directive, it MUST report a result code.
If the Directive reports failure, then the current Command Sequence If the Directive reports failure, then the current Command Sequence
MUST be terminated. MUST be terminated.
8.7.7.1. suit-directive-set-component-index 8.7.7.1. suit-directive-set-component-index
skipping to change at page 68, line 34 skipping to change at page 68, line 34
defined way. As with suit-directive-copy, if the source component is defined way. As with suit-directive-copy, if the source component is
missing, this command fails. missing, this command fails.
If SUIT_Parameter_Compression_Info or SUIT_Parameter_Encryption_Info If SUIT_Parameter_Compression_Info or SUIT_Parameter_Encryption_Info
are present, they MUST be handled in a symmetric way, so that the are present, they MUST be handled in a symmetric way, so that the
source is decompressed into the destination and the destination is source is decompressed into the destination and the destination is
compressed into the source. The source is decrypted into the compressed into the source. The source is decrypted into the
destination and the destination is encrypted into the source. suit- destination and the destination is encrypted into the source. suit-
directive-swap is OPTIONAL to implement. directive-swap is OPTIONAL to implement.
8.7.8. suit-directive-garbage-collect 8.7.8. suit-directive-unlink
suit-directive-garbage-collect marks the current component as unused suit-directive-unlink marks the current component as unused in the
in the current manifest. This can be used to remove temporary current manifest. This can be used to remove temporary storage or
storage or remove components that are no longer needed. Example use remove components that are no longer needed. Example use cases:
cases:
- Temporary storage for encrypted download - Temporary storage for encrypted download
- Temporary storage for verifying decompressed file before writing - Temporary storage for verifying decompressed file before writing
to flash to flash
- Removing Trusted Service no longer needed by Trusted Application - Removing Trusted Service no longer needed by Trusted Application
Once the current Command Sequence is complete, the manifest Once the current Command Sequence is complete, the manifest
processors checks each marked component to see whether any other processors checks each marked component to see whether any other
manifests have referenced it. Those marked components with no other manifests have referenced it. Those marked components with no other
references are deleted. The manifest processor MAY choose to ignore references are deleted. The manifest processor MAY choose to ignore
a Garbage Collect directive depending on device policy. a Unlink directive depending on device policy.
suit-directive-garbage-collect is OPTIONAL to implement in manifest suit-directive-unlink is OPTIONAL to implement in manifest
processors. processors.
8.7.9. Integrity Check Values 8.7.9. Integrity Check Values
When the CoSWID, Text section, or any Command Sequence of the Update When the CoSWID, Text section, or any Command Sequence of the Update
Procedure is made severable, it is moved to the Envelope and replaced Procedure is made severable, it is moved to the Envelope and replaced
with a SUIT_Digest. The SUIT_Digest is computed over the entire bstr with a SUIT_Digest. The SUIT_Digest is computed over the entire bstr
enclosing the Manifest element that has been moved to the Envelope. enclosing the Manifest element that has been moved to the Envelope.
Each element that is made severable from the Manifest is placed in Each element that is made severable from the Manifest is placed in
the Envelope. The keys for the envelope elements have the same the Envelope. The keys for the envelope elements have the same
skipping to change at page 70, line 33 skipping to change at page 70, line 33
from a Component Identifier requires approval from the ACL. from a Component Identifier requires approval from the ACL.
A third model allows a Recipient to provide even more fine-grained A third model allows a Recipient to provide even more fine-grained
controls: The ACL lists the Component Identifier or Component controls: The ACL lists the Component Identifier or Component
Identifier prefix that an identity can use, and also lists the Identifier prefix that an identity can use, and also lists the
commands and parameters that the identity can use in combination with commands and parameters that the identity can use in combination with
that Component Identifier. that Component Identifier.
10. SUIT Digest Container 10. SUIT Digest Container
RFC 8152 [RFC8152] provides containers for signature, MAC, and The SUIT digest is a CBOR List containing two elements: an algorithm
encryption, but no basic digest container. The container needed for identifier and a bstr containing the bytes of the digest. Some forms
a digest requires a type identifier and a container for the raw of digest may require additional parameters. These can be added
digest data. Some forms of digest may require additional parameters. following the digest.
These can be added following the digest.
The SUIT digest is a CBOR List containing two elements: a suit- The values of the algorithm identifier are defined by
digest-algorithm-id and a bstr containing the bytes of the digest. [I-D.ietf-cose-hash-algs]. The following algorithms MUST be
implemented by all Manifest Processors:
- SHA-256 (-16)
The following algorithms MAY be implemented in a Manifest Processor:
- SHAKE128 (-18)
- SHA-384 (-43)
- SHA-512 (-44)
- SHAKE256 (-45)
11. IANA Considerations 11. IANA Considerations
IANA is requested to: IANA is requested to:
- allocate CBOR tag 107 in the CBOR Tags registry for the SUIT - allocate CBOR tag 107 in the CBOR Tags registry for the SUIT
Envelope. Envelope.
- allocate CBOR tag 1070 in the CBOR Tags registry for the SUIT - allocate CBOR tag 1070 in the CBOR Tags registry for the SUIT
Manifest. Manifest.
skipping to change at page 71, line 37 skipping to change at page 71, line 47
| | | | | | | | | |
| 2 | Class | Section 8.7.6.1 | | | 2 | Class | Section 8.7.6.1 | |
| | Identifier | | | | | Identifier | | |
| | | | | | | | | |
| 3 | Image | Section 8.7.6.2 | | | 3 | Image | Section 8.7.6.2 | |
| | Match | | | | | Match | | |
| | | | | | | | | |
| 4 | Use Before | Section 8.7.6.4 | | | 4 | Use Before | Section 8.7.6.4 | |
| | | | | | | | | |
| 5 | Component | Section 8.7.6.5 | | | 5 | Component | Section 8.7.6.5 | |
| | Offset | | | | | Slot | | |
| | | | | | | | | |
| 12 | Set | Section 8.7.7.1 | | | 12 | Set | Section 8.7.7.1 | |
| | Component | | | | | Component | | |
| | Index | | | | | Index | | |
| | | | | | | | | |
| 13 | Set | Section 8.7.7.2 | | | 13 | Set | Section 8.7.7.2 | |
| | Dependency | | | | | Dependency | | |
| | Index | | | | | Index | | |
| | | | | | | | | |
| 14 | Abort | | | | 14 | Abort | | |
skipping to change at page 72, line 46 skipping to change at page 73, line 8
| | Event | | | | | Event | | |
| | | | | | | | | |
| 30 | Fetch URI | Section 8.7.7.8 | | | 30 | Fetch URI | Section 8.7.7.8 | |
| | List | | | | | List | | |
| | | | | | | | | |
| 31 | Swap | Section 8.7.7.13 | | | 31 | Swap | Section 8.7.7.13 | |
| | | | | | | | | |
| 32 | Run | Section 8.7.7.12 | | | 32 | Run | Section 8.7.7.12 | |
| | Sequence | | | | | Sequence | | |
| | | | | | | | | |
| 33 | Garbage | Section 8.7.8 | | | 33 | Unlink | Section 8.7.8 | |
| | Collect | | |
| | | | | | | | | |
| nint | Custom | Section 8.7.6.10 | | | nint | Custom | Section 8.7.6.10 | |
| | Condition | | | | | Condition | | |
+-------+------------+-----------------------------------+----------+ +-------+------------+-----------------------------------+----------+
11.2. SUIT Parameters 11.2. SUIT Parameters
+-------+------------------+---------------------------+ +-------+------------------+---------------------------+
| Label | Name | Reference | | Label | Name | Reference |
+-------+------------------+---------------------------+ +-------+------------------+---------------------------+
| 1 | Vendor ID | Section 8.7.5.3 | | 1 | Vendor ID | Section 8.7.5.3 |
| | | | | | | |
| 2 | Class ID | Section 8.7.5.4 | | 2 | Class ID | Section 8.7.5.4 |
| | | | | | | |
| 3 | Image Digest | Section 8.7.5.6 | | 3 | Image Digest | Section 8.7.5.6 |
| | | | | | | |
| 4 | Use Before | Section 8.7.5.8 | | 4 | Use Before | Section 8.7.5.8 |
skipping to change at page 73, line 18 skipping to change at page 74, line 15
| Label | Name | Reference | | Label | Name | Reference |
+-------+------------------+---------------------------+ +-------+------------------+---------------------------+
| 1 | Vendor ID | Section 8.7.5.3 | | 1 | Vendor ID | Section 8.7.5.3 |
| | | | | | | |
| 2 | Class ID | Section 8.7.5.4 | | 2 | Class ID | Section 8.7.5.4 |
| | | | | | | |
| 3 | Image Digest | Section 8.7.5.6 | | 3 | Image Digest | Section 8.7.5.6 |
| | | | | | | |
| 4 | Use Before | Section 8.7.5.8 | | 4 | Use Before | Section 8.7.5.8 |
| | | | | | | |
| 5 | Component Offset | Section 8.7.5.9 | | 5 | Component Slot | Section 8.7.5.9 |
| | | | | | | |
| 12 | Strict Order | Section 8.7.5.22 | | 12 | Strict Order | Section 8.7.5.22 |
| | | | | | | |
| 13 | Soft Failure | Section 8.7.5.23 | | 13 | Soft Failure | Section 8.7.5.23 |
| | | | | | | |
| 14 | Image Size | Section 8.7.5.7 | | 14 | Image Size | Section 8.7.5.7 |
| | | | | | | |
| 18 | Encryption Info | Section 8.7.5.10 | | 18 | Encryption Info | Section 8.7.5.10 |
| | | | | | | |
| 19 | Compression Info | Section 8.7.5.11 | | 19 | Compression Info | Section 8.7.5.11 |
skipping to change at page 74, line 45 skipping to change at page 75, line 45
| | | | | | | |
| 6 | Component Version | Section 8.6.4 | | 6 | Component Version | Section 8.6.4 |
| | | | | | | |
| 7 | Component Version Required | Section 8.6.4 | | 7 | Component Version Required | Section 8.6.4 |
| | | | | | | |
| nint | Custom | Section 8.6.4 | | nint | Custom | Section 8.6.4 |
+-------+----------------------------+---------------+ +-------+----------------------------+---------------+
11.5. SUIT Algorithm Identifiers 11.5. SUIT Algorithm Identifiers
11.5.1. SUIT Digest Algorithm Identifiers 11.5.1. SUIT Compression Algorithm Identifiers
+-------+----------+------------+
| Label | Name | |
+-------+----------+------------+
| 1 | SHA224 | Section 10 |
| | | |
| 2 | SHA256 | Section 10 |
| | | |
| 3 | SHA384 | Section 10 |
| | | |
| 4 | SHA512 | Section 10 |
| | | |
| 5 | SHA3-224 | Section 10 |
| | | |
| 6 | SHA3-256 | Section 10 |
| | | |
| 7 | SHA3-384 | Section 10 |
| | | |
| 8 | SHA3-512 | Section 10 |
+-------+----------+------------+
11.5.2. SUIT Compression Algorithm Identifiers
+-------+--------+------------------+ +-------+--------+------------------+
| Label | Name | Reference | | Label | Name | Reference |
+-------+--------+------------------+ +-------+--------+------------------+
| 1 | zlib | Section 8.7.5.11 | | 1 | zlib | Section 8.7.5.11 |
| | | | | | | |
| 2 | Brotli | Section 8.7.5.11 | | 2 | Brotli | Section 8.7.5.11 |
| | | | | | | |
| 3 | zstd | Section 8.7.5.11 | | 3 | zstd | Section 8.7.5.11 |
+-------+--------+------------------+ +-------+--------+------------------+
11.5.3. Unpack Algorithms 11.5.2. Unpack Algorithms
+-------+------+------------------+ +-------+------+------------------+
| Label | Name | Reference | | Label | Name | Reference |
+-------+------+------------------+ +-------+------+------------------+
| 1 | HEX | Section 8.7.5.12 | | 1 | HEX | Section 8.7.5.12 |
| | | | | | | |
| 2 | ELF | Section 8.7.5.12 | | 2 | ELF | Section 8.7.5.12 |
| | | | | | | |
| 3 | COFF | Section 8.7.5.12 | | 3 | COFF | Section 8.7.5.12 |
| | | | | | | |
skipping to change at page 76, line 49 skipping to change at page 77, line 24
- Michael Richardson - Michael Richardson
- David Brown - David Brown
- Emmanuel Baccelli - Emmanuel Baccelli
14. References 14. References
14.1. Normative References 14.1. Normative References
[I-D.ietf-cose-hash-algs]
Schaad, J., "CBOR Object Signing and Encryption (COSE):
Hash Algorithms", draft-ietf-cose-hash-algs-09 (work in
progress), September 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>. <https://www.rfc-editor.org/info/rfc3986>.
skipping to change at page 78, line 17 skipping to change at page 78, line 45
Information Model for Firmware Updates in IoT Devices", Information Model for Firmware Updates in IoT Devices",
draft-ietf-suit-information-model-11 (work in progress), draft-ietf-suit-information-model-11 (work in progress),
April 2021. April 2021.
[I-D.ietf-teep-architecture] [I-D.ietf-teep-architecture]
Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler,
"Trusted Execution Environment Provisioning (TEEP) "Trusted Execution Environment Provisioning (TEEP)
Architecture", draft-ietf-teep-architecture-14 (work in Architecture", draft-ietf-teep-architecture-14 (work in
progress), February 2021. progress), February 2021.
[I-D.kucherawy-rfc8478bis]
Collet, Y. and M. S. Kucherawy, "Zstandard Compression and
the 'application/zstd' Media Type", draft-kucherawy-
rfc8478bis-06 (work in progress), December 2020.
[RFC1950] Deutsch, P. and J-L. Gailly, "ZLIB Compressed Data Format [RFC1950] Deutsch, P. and J-L. Gailly, "ZLIB Compressed Data Format
Specification version 3.3", RFC 1950, Specification version 3.3", RFC 1950,
DOI 10.17487/RFC1950, May 1996, DOI 10.17487/RFC1950, May 1996,
<https://www.rfc-editor.org/info/rfc1950>. <https://www.rfc-editor.org/info/rfc1950>.
[RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for
Constrained-Node Networks", RFC 7228, Constrained-Node Networks", RFC 7228,
DOI 10.17487/RFC7228, May 2014, DOI 10.17487/RFC7228, May 2014,
<https://www.rfc-editor.org/info/rfc7228>. <https://www.rfc-editor.org/info/rfc7228>.
skipping to change at page 78, line 45 skipping to change at page 79, line 23
[RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
"CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
May 2018, <https://www.rfc-editor.org/info/rfc8392>. May 2018, <https://www.rfc-editor.org/info/rfc8392>.
[RFC8747] Jones, M., Seitz, L., Selander, G., Erdtman, S., and H. [RFC8747] Jones, M., Seitz, L., Selander, G., Erdtman, S., and H.
Tschofenig, "Proof-of-Possession Key Semantics for CBOR Tschofenig, "Proof-of-Possession Key Semantics for CBOR
Web Tokens (CWTs)", RFC 8747, DOI 10.17487/RFC8747, March Web Tokens (CWTs)", RFC 8747, DOI 10.17487/RFC8747, March
2020, <https://www.rfc-editor.org/info/rfc8747>. 2020, <https://www.rfc-editor.org/info/rfc8747>.
[RFC8878] Collet, Y. and M. Kucherawy, Ed., "Zstandard Compression
and the 'application/zstd' Media Type", RFC 8878,
DOI 10.17487/RFC8878, February 2021,
<https://www.rfc-editor.org/info/rfc8878>.
[SREC] Wikipedia, ., "SREC (file format)", 2020, [SREC] Wikipedia, ., "SREC (file format)", 2020,
<https://en.wikipedia.org/wiki/SREC_(file_format)>. <https://en.wikipedia.org/wiki/SREC_(file_format)>.
[YAML] "YAML Ain't Markup Language", 2020, <https://yaml.org/>. [YAML] "YAML Ain't Markup Language", 2020, <https://yaml.org/>.
Appendix A. A. Full CDDL Appendix A. A. Full CDDL
In order to create a valid SUIT Manifest document the structure of In order to create a valid SUIT Manifest document the structure of
the corresponding CBOR message MUST adhere to the following CDDL data the corresponding CBOR message MUST adhere to the following CDDL data
definition. definition.
SUIT_Envelope_Tagged = #6.48(SUIT_Envelope) To be valid, the following CDDL MUST have the COSE CDDL appended to
it. The COSE CDDL can be obtained by following the directions in
[RFC8152], section 1.4.
SUIT_Envelope_Tagged = #6.107(SUIT_Envelope)
SUIT_Envelope = { SUIT_Envelope = {
? suit-delegation => bstr .cbor SUIT_Delegation, ? suit-delegation => bstr .cbor SUIT_Delegation,
suit-authentication-wrapper => bstr .cbor SUIT_Authentication, suit-authentication-wrapper => bstr .cbor SUIT_Authentication,
suit-manifest => bstr .cbor SUIT_Manifest, suit-manifest => bstr .cbor SUIT_Manifest,
SUIT_Severable_Manifest_Members, SUIT_Severable_Manifest_Members,
* SUIT_Integrated_Payload, * SUIT_Integrated_Payload,
* SUIT_Integrated_Dependency, * SUIT_Integrated_Dependency,
* $$SUIT_Envelope_Extensions * $$SUIT_Envelope_Extensions,
* (int => bstr)
} }
SUIT_Delegation = [ + SUIT_Delegation_Chain ] SUIT_Delegation = [ + [ + bstr .cbor CWT ] ]
SUIT_Delegation_Chain = [ + bstr .cbor CWT ]
CWT = SUIT_Authentication_Block CWT = SUIT_Authentication_Block
SUIT_Authentication = [ SUIT_Authentication = [
bstr .cbor SUIT_Digest, bstr .cbor SUIT_Digest,
* bstr .cbor SUIT_Authentication_Block * bstr .cbor SUIT_Authentication_Block
] ]
SUIT_Digest = [ SUIT_Digest = [
suit-digest-algorithm-id : suit-digest-algorithm-ids, suit-digest-algorithm-id : suit-cose-hash-algs,
suit-digest-bytes : bstr, suit-digest-bytes : bstr,
* $$SUIT_Digest-extensions * $$SUIT_Digest-extensions
] ]
; Named Information Hash Algorithm Identifiers
suit-digest-algorithm-ids /= algorithm-id-sha224
suit-digest-algorithm-ids /= algorithm-id-sha256
suit-digest-algorithm-ids /= algorithm-id-sha384
suit-digest-algorithm-ids /= algorithm-id-sha512
suit-digest-algorithm-ids /= algorithm-id-sha3-224
suit-digest-algorithm-ids /= algorithm-id-sha3-256
suit-digest-algorithm-ids /= algorithm-id-sha3-384
suit-digest-algorithm-ids /= algorithm-id-sha3-512
SUIT_Authentication_Block /= COSE_Mac_Tagged SUIT_Authentication_Block /= COSE_Mac_Tagged
SUIT_Authentication_Block /= COSE_Sign_Tagged SUIT_Authentication_Block /= COSE_Sign_Tagged
SUIT_Authentication_Block /= COSE_Mac0_Tagged SUIT_Authentication_Block /= COSE_Mac0_Tagged
SUIT_Authentication_Block /= COSE_Sign1_Tagged SUIT_Authentication_Block /= COSE_Sign1_Tagged
SUIT_Severable_Manifest_Members = ( SUIT_Severable_Manifest_Members = (
? suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence, ? suit-dependency-resolution => bstr .cbor SUIT_Command_Sequence,
? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence, ? suit-payload-fetch => bstr .cbor SUIT_Command_Sequence,
? suit-install => bstr .cbor SUIT_Command_Sequence, ? suit-install => bstr .cbor SUIT_Command_Sequence,
? suit-text => bstr .cbor SUIT_Text_Map, ? suit-text => bstr .cbor SUIT_Text_Map,
? suit-coswid => bstr ;.cbor concise-software-identity, ? suit-coswid => bstr .cbor concise-software-identity,
* $$SUIT_severable-members-extensions, * $$SUIT_severable-members-extensions,
) )
SUIT_Integrated_Payload = (suit-integrated-payload-key => bstr) SUIT_Integrated_Payload = (suit-integrated-payload-key => bstr)
SUIT_Integrated_Dependency = ( SUIT_Integrated_Dependency = (
suit-integrated-payload-key => bstr .cbor SUIT_Envelope suit-integrated-dependency-key => bstr .cbor SUIT_Envelope
) )
suit-integrated-payload-key = nint / uint .ge 24 suit-integrated-payload-key = nint / uint .ge 24
suit-integrated-dependency-key = suit-integrated-payload-key
SUIT_Manifest_Tagged = #6.480(SUIT_Manifest) SUIT_Manifest_Tagged = #6.1070(SUIT_Manifest)
SUIT_Manifest = { SUIT_Manifest = {
suit-manifest-version => 1, suit-manifest-version => 1,
suit-manifest-sequence-number => uint, suit-manifest-sequence-number => uint,
suit-common => bstr .cbor SUIT_Common, suit-common => bstr .cbor SUIT_Common,
? suit-reference-uri => tstr, ? suit-reference-uri => tstr,
SUIT_Severable_Manifest_Members, SUIT_Severable_Members_Choice,
SUIT_Severable_Members_Digests,
SUIT_Unseverable_Members, SUIT_Unseverable_Members,
* $$SUIT_Manifest_Extensions, * $$SUIT_Manifest_Extensions,
} }
SUIT_Unseverable_Members = ( SUIT_Unseverable_Members = (
? suit-validate => bstr .cbor SUIT_Command_Sequence, ? suit-validate => bstr .cbor SUIT_Command_Sequence,
? suit-load => bstr .cbor SUIT_Command_Sequence, ? suit-load => bstr .cbor SUIT_Command_Sequence,
? suit-run => bstr .cbor SUIT_Command_Sequence, ? suit-run => bstr .cbor SUIT_Command_Sequence,
* $$unserverble-manifest-member-extensions, * $$unseverable-manifest-member-extensions,
) )
SUIT_Severable_Members_Digests = ( SUIT_Severable_Members_Choice = (
? suit-dependency-resolution => SUIT_Digest, ? suit-dependency-resolution => \
? suit-payload-fetch => SUIT_Digest, bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
? suit-install => SUIT_Digest, ? suit-payload-fetch => \
? suit-text => SUIT_Digest, bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
? suit-coswid => SUIT_Digest, ? suit-install => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
* $$severable-manifest-members-digests-extensions ? suit-text => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
? suit-coswid => bstr .cbor SUIT_Command_Sequence / SUIT_Digest,
* $$severable-manifest-members-choice-extensions
) )
SUIT_Common = { SUIT_Common = {
? suit-dependencies => SUIT_Dependencies, ? suit-dependencies => SUIT_Dependencies,
? suit-components => SUIT_Components, ? suit-components => SUIT_Components,
? suit-common-sequence => bstr .cbor SUIT_Common_Sequence, ? suit-common-sequence => bstr .cbor SUIT_Common_Sequence,
* $$SUIT_Common-extensions, * $$SUIT_Common-extensions,
} }
SUIT_Dependencies = [ + SUIT_Dependency ] SUIT_Dependencies = [ + SUIT_Dependency ]
SUIT_Components = [ + SUIT_Component_Identifier ] SUIT_Components = [ + SUIT_Component_Identifier ]
;concise-software-identity = any concise-software-identity = any
SUIT_Dependency = { SUIT_Dependency = {
suit-dependency-digest => SUIT_Digest, suit-dependency-digest => SUIT_Digest,
? suit-dependency-prefix => SUIT_Component_Identifier, ? suit-dependency-prefix => SUIT_Component_Identifier,
* $$SUIT_Dependency-extensions, * $$SUIT_Dependency-extensions,
} }
;REQUIRED to implement:
suit-cose-hash-algs /= cose-alg-sha-256
;OPTIONAL to implement:
suit-cose-hash-algs /= cose-alg-shake128
suit-cose-hash-algs /= cose-alg-sha-384
suit-cose-hash-algs /= cose-alg-sha-512
suit-cose-hash-algs /= cose-alg-shake256
SUIT_Component_Identifier = [* bstr] SUIT_Component_Identifier = [* bstr]
SUIT_Common_Sequence = [ SUIT_Common_Sequence = [
+ ( SUIT_Condition // SUIT_Common_Commands ) + ( SUIT_Condition // SUIT_Common_Commands )
] ]
SUIT_Common_Commands //= (suit-directive-set-component-index, IndexArg) SUIT_Common_Commands //= (suit-directive-set-component-index, IndexArg)
SUIT_Common_Commands //= (suit-directive-set-dependency-index, IndexArg) SUIT_Common_Commands //= (suit-directive-set-dependency-index, IndexArg)
SUIT_Common_Commands //= (suit-directive-run-sequence, SUIT_Common_Commands //= (suit-directive-run-sequence,
bstr .cbor SUIT_Command_Sequence) bstr .cbor SUIT_Command_Sequence)
skipping to change at page 82, line 5 skipping to change at page 83, line 10
SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil) SUIT_Command_Custom = (suit-command-custom, bstr/tstr/int/nil)
SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-vendor-identifier, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-class-identifier, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-class-identifier, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-device-identifier, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-device-identifier, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-image-match, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-image-match, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-image-not-match, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-image-not-match, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-use-before, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-use-before, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-minimum-battery, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-minimum-battery, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-update-authorized, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-update-authorized, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-version, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-version, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-component-offset, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-component-slot, SUIT_Rep_Policy)
SUIT_Condition //= (suit-condition-abort, SUIT_Rep_Policy) SUIT_Condition //= (suit-condition-abort, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-set-component-index, IndexArg) SUIT_Directive //= (suit-directive-set-component-index, IndexArg)
SUIT_Directive //= (suit-directive-set-dependency-index, IndexArg) SUIT_Directive //= (suit-directive-set-dependency-index, IndexArg)
SUIT_Directive //= (suit-directive-run-sequence, SUIT_Directive //= (suit-directive-run-sequence,
bstr .cbor SUIT_Command_Sequence) bstr .cbor SUIT_Command_Sequence)
SUIT_Directive //= (suit-directive-try-each, SUIT_Directive //= (suit-directive-try-each,
SUIT_Directive_Try_Each_Argument) SUIT_Directive_Try_Each_Argument)
SUIT_Directive //= (suit-directive-process-dependency, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-process-dependency, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-set-parameters, SUIT_Directive //= (suit-directive-set-parameters,
{+ SUIT_Parameters}) {+ SUIT_Parameters})
SUIT_Directive //= (suit-directive-override-parameters, SUIT_Directive //= (suit-directive-override-parameters,
{+ SUIT_Parameters}) {+ SUIT_Parameters})
SUIT_Directive //= (suit-directive-fetch, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-fetch, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-copy, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-copy, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-swap, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-swap, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-run, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-run, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-wait, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-wait, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-fetch-uri-list, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-fetch-uri-list, SUIT_Rep_Policy)
SUIT_Directive //= (suit-directive-garbage-collect, SUIT_Rep_Policy) SUIT_Directive //= (suit-directive-unlink, SUIT_Rep_Policy)
SUIT_Directive_Try_Each_Argument = [ SUIT_Directive_Try_Each_Argument = [
+ bstr .cbor SUIT_Command_Sequence, 2* bstr .cbor SUIT_Command_Sequence,
nil / bstr .cbor SUIT_Command_Sequence ?nil
] ]
SUIT_Rep_Policy = uint .bits suit-reporting-bits SUIT_Rep_Policy = uint .bits suit-reporting-bits
suit-reporting-bits = &( suit-reporting-bits = &(
suit-send-record-success : 0, suit-send-record-success : 0,
suit-send-record-failure : 1, suit-send-record-failure : 1,
suit-send-sysinfo-success : 2, suit-send-sysinfo-success : 2,
suit-send-sysinfo-failure : 3 suit-send-sysinfo-failure : 3
) )
skipping to change at page 83, line 20 skipping to change at page 84, line 25
SUIT_Parameters //= (suit-parameter-vendor-identifier => SUIT_Parameters //= (suit-parameter-vendor-identifier =>
(RFC4122_UUID / cbor-pen)) (RFC4122_UUID / cbor-pen))
cbor-pen = #6.112(bstr) cbor-pen = #6.112(bstr)
SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID) SUIT_Parameters //= (suit-parameter-class-identifier => RFC4122_UUID)
SUIT_Parameters //= (suit-parameter-image-digest SUIT_Parameters //= (suit-parameter-image-digest
=> bstr .cbor SUIT_Digest) => bstr .cbor SUIT_Digest)
SUIT_Parameters //= (suit-parameter-image-size => uint) SUIT_Parameters //= (suit-parameter-image-size => uint)
SUIT_Parameters //= (suit-parameter-use-before => uint) SUIT_Parameters //= (suit-parameter-use-before => uint)
SUIT_Parameters //= (suit-parameter-component-offset => uint) SUIT_Parameters //= (suit-parameter-component-slot => uint)
SUIT_Parameters //= (suit-parameter-encryption-info SUIT_Parameters //= (suit-parameter-encryption-info
=> bstr .cbor SUIT_Encryption_Info) => bstr .cbor SUIT_Encryption_Info)
SUIT_Parameters //= (suit-parameter-compression-info SUIT_Parameters //= (suit-parameter-compression-info
=> bstr .cbor SUIT_Compression_Info) => bstr .cbor SUIT_Compression_Info)
SUIT_Parameters //= (suit-parameter-unpack-info SUIT_Parameters //= (suit-parameter-unpack-info
=> bstr .cbor SUIT_Unpack_Info) => bstr .cbor SUIT_Unpack_Info)
SUIT_Parameters //= (suit-parameter-uri => tstr) SUIT_Parameters //= (suit-parameter-uri => tstr)
SUIT_Parameters //= (suit-parameter-source-component => uint) SUIT_Parameters //= (suit-parameter-source-component => uint)
skipping to change at page 84, line 47 skipping to change at page 86, line 4
SUIT_Compression_Algorithm_zlib = 1 SUIT_Compression_Algorithm_zlib = 1
SUIT_Compression_Algorithm_brotli = 2 SUIT_Compression_Algorithm_brotli = 2
SUIT_Compression_Algorithm_zstd = 3 SUIT_Compression_Algorithm_zstd = 3
SUIT_Unpack_Info = { SUIT_Unpack_Info = {
suit-unpack-algorithm => SUIT_Unpack_Algorithms, suit-unpack-algorithm => SUIT_Unpack_Algorithms,
* $$SUIT_Unpack_Info-extensions, * $$SUIT_Unpack_Info-extensions,
} }
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Hex
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Elf
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Coff SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Coff
SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Srec SUIT_Unpack_Algorithms /= SUIT_Unpack_Algorithm_Srec
SUIT_Unpack_Algorithm_Hex = 1 SUIT_Unpack_Algorithm_Hex = 1
SUIT_Unpack_Algorithm_Elf = 2 SUIT_Unpack_Algorithm_Elf = 2
SUIT_Unpack_Algorithm_Coff = 3 SUIT_Unpack_Algorithm_Coff = 3
SUIT_Unpack_Algorithm_Srec = 4 SUIT_Unpack_Algorithm_Srec = 4
SUIT_URI_List = [+ tstr ] SUIT_URI_List = [+ tstr ]
SUIT_Text_Map = { SUIT_Text_Map = {
SUIT_Text_Keys,
* SUIT_Component_Identifier => { * SUIT_Component_Identifier => {
SUIT_Text_Component_Keys SUIT_Text_Component_Keys
}, }
SUIT_Text_Keys
} }
SUIT_Text_Component_Keys = ( SUIT_Text_Component_Keys = (
? suit-text-vendor-name => tstr, ? suit-text-vendor-name => tstr,
? suit-text-model-name => tstr, ? suit-text-model-name => tstr,
? suit-text-vendor-domain => tstr, ? suit-text-vendor-domain => tstr,
? suit-text-model-info => tstr, ? suit-text-model-info => tstr,
? suit-text-component-description => tstr, ? suit-text-component-description => tstr,
? suit-text-component-version => tstr, ? suit-text-component-version => tstr,
? suit-text-version-required => tstr, ? suit-text-version-required => tstr,
skipping to change at page 85, line 41 skipping to change at page 86, line 46
? suit-text-update-description => tstr, ? suit-text-update-description => tstr,
? suit-text-manifest-json-source => tstr, ? suit-text-manifest-json-source => tstr,
? suit-text-manifest-yaml-source => tstr, ? suit-text-manifest-yaml-source => tstr,
* $$suit-text-key-extensions * $$suit-text-key-extensions
) )
suit-delegation = 1 suit-delegation = 1
suit-authentication-wrapper = 2 suit-authentication-wrapper = 2
suit-manifest = 3 suit-manifest = 3
algorithm-id-sha224 = 1 ;REQUIRED to implement:
algorithm-id-sha256 = 2 cose-alg-sha-256 = -16
algorithm-id-sha384 = 3
algorithm-id-sha512 = 4 ;OPTIONAL to implement:
algorithm-id-sha3-224 = 5 cose-alg-shake128 = -18
algorithm-id-sha3-256 = 6 cose-alg-sha-384 = -43
algorithm-id-sha3-384 = 7 cose-alg-sha-512 = -44
algorithm-id-sha3-512 = 8 cose-alg-shake256 = -45
suit-manifest-version = 1 suit-manifest-version = 1
suit-manifest-sequence-number = 2 suit-manifest-sequence-number = 2
suit-common = 3 suit-common = 3
suit-reference-uri = 4 suit-reference-uri = 4
suit-dependency-resolution = 7 suit-dependency-resolution = 7
suit-payload-fetch = 8 suit-payload-fetch = 8
suit-install = 9 suit-install = 9
suit-validate = 10 suit-validate = 10
suit-load = 11 suit-load = 11
skipping to change at page 86, line 28 skipping to change at page 87, line 33
suit-dependency-digest = 1 suit-dependency-digest = 1
suit-dependency-prefix = 2 suit-dependency-prefix = 2
suit-command-custom = nint suit-command-custom = nint
suit-condition-vendor-identifier = 1 suit-condition-vendor-identifier = 1
suit-condition-class-identifier = 2 suit-condition-class-identifier = 2
suit-condition-image-match = 3 suit-condition-image-match = 3
suit-condition-use-before = 4 suit-condition-use-before = 4
suit-condition-component-offset = 5 suit-condition-component-slot = 5
suit-condition-abort = 14 suit-condition-abort = 14
suit-condition-device-identifier = 24 suit-condition-device-identifier = 24
suit-condition-image-not-match = 25 suit-condition-image-not-match = 25
suit-condition-minimum-battery = 26 suit-condition-minimum-battery = 26
suit-condition-update-authorized = 27 suit-condition-update-authorized = 27
suit-condition-version = 28 suit-condition-version = 28
suit-directive-set-component-index = 12 suit-directive-set-component-index = 12
suit-directive-set-dependency-index = 13 suit-directive-set-dependency-index = 13
skipping to change at page 86, line 46 skipping to change at page 88, line 4
suit-directive-set-component-index = 12 suit-directive-set-component-index = 12
suit-directive-set-dependency-index = 13 suit-directive-set-dependency-index = 13
suit-directive-try-each = 15 suit-directive-try-each = 15
suit-directive-process-dependency = 18 suit-directive-process-dependency = 18
suit-directive-set-parameters = 19 suit-directive-set-parameters = 19
suit-directive-override-parameters = 20 suit-directive-override-parameters = 20
suit-directive-fetch = 21 suit-directive-fetch = 21
suit-directive-copy = 22 suit-directive-copy = 22
suit-directive-run = 23 suit-directive-run = 23
suit-directive-wait = 29 suit-directive-wait = 29
suit-directive-fetch-uri-list = 30 suit-directive-fetch-uri-list = 30
suit-directive-swap = 31 suit-directive-swap = 31
suit-directive-run-sequence = 32 suit-directive-run-sequence = 32
suit-directive-garbage-collect = 33 suit-directive-unlink = 33
suit-wait-event-authorization = 1
suit-wait-event-power = 2 suit-wait-event-authorization = 1
suit-wait-event-network = 3 suit-wait-event-power = 2
suit-wait-event-network = 3
suit-wait-event-other-device-version = 4 suit-wait-event-other-device-version = 4
suit-wait-event-time = 5 suit-wait-event-time = 5
suit-wait-event-time-of-day = 6 suit-wait-event-time-of-day = 6
suit-wait-event-day-of-week = 7 suit-wait-event-day-of-week = 7
suit-parameter-vendor-identifier = 1 suit-parameter-vendor-identifier = 1
suit-parameter-class-identifier = 2 suit-parameter-class-identifier = 2
suit-parameter-image-digest = 3 suit-parameter-image-digest = 3
suit-parameter-use-before = 4 suit-parameter-use-before = 4
suit-parameter-component-offset = 5 suit-parameter-component-slot = 5
suit-parameter-strict-order = 12 suit-parameter-strict-order = 12
suit-parameter-soft-failure = 13 suit-parameter-soft-failure = 13
suit-parameter-image-size = 14 suit-parameter-image-size = 14
suit-parameter-encryption-info = 18 suit-parameter-encryption-info = 18
suit-parameter-compression-info = 19 suit-parameter-compression-info = 19
suit-parameter-unpack-info = 20 suit-parameter-unpack-info = 20
suit-parameter-uri = 21 suit-parameter-uri = 21
suit-parameter-source-component = 22 suit-parameter-source-component = 22
skipping to change at page 89, line 18 skipping to change at page 90, line 18
+----------------------------+--------+---------+---------+---------+ +----------------------------+--------+---------+---------+---------+
| suit-condition-vendor- | 1 | 1 | 1 | 1 | | suit-condition-vendor- | 1 | 1 | 1 | 1 |
| identifier | | | | | | identifier | | | | |
| | | | | | | | | | | |
| suit-condition-class- | 1 | 1 | 1 | 1 | | suit-condition-class- | 1 | 1 | 1 | 1 |
| identifier | | | | | | identifier | | | | |
| | | | | | | | | | | |
| suit-condition-image-match | 1 | 1 | 1 | 1 | | suit-condition-image-match | 1 | 1 | 1 | 1 |
| | | | | | | | | | | |
| suit-condition-component- | 0 | 1 | 0 | 1 | | suit-condition-component- | 0 | 1 | 0 | 1 |
| offset | | | | | | slot | | | | |
| | | | | | | | | | | |
| suit-directive-fetch | 0 | 0 | 1 | 0 | | suit-directive-fetch | 0 | 0 | 1 | 0 |
| | | | | | | | | | | |
| suit-directive-copy | 0 | 0 | 1 | 0 | | suit-directive-copy | 0 | 0 | 1 | 0 |
| | | | | | | | | | | |
| suit-directive-run | 0 | 0 | 1 | 0 | | suit-directive-run | 0 | 0 | 1 | 0 |
+----------------------------+--------+---------+---------+---------+ +----------------------------+--------+---------+---------+---------+
B.1. Example 0: Secure Boot B.1. Example 0: Secure Boot
This example covers the following templates: This example covers the following templates:
- Compatibility Check (Section 7.1) - Compatibility Check (Section 7.1)
- Secure Boot (Section 7.2) - Secure Boot (Section 7.2)
It also serves as the minimum example. It also serves as the minimum example.
{ 107({
/ authentication-wrapper / 2:bstr .cbor ([ / authentication-wrapper / 2:<<[
digest: bstr .cbor ([ digest: <<[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'5c097ef64bf3bb9b494e71e1f2418eef8d466cc902f639a855ec9af3e9eddb99' h'a6c4590ac53043a98e8c4106e1e31b305516d7cf0a655eddfac6d45c810e036a'
]), ]>>,
signature: bstr .cbor (18([ signature: <<18([
/ protected / bstr .cbor ({ / protected / <<{
/ alg / 1:-7 / "ES256" /, / alg / 1:-7 / "ES256" /,
}), }>>,
/ unprotected / { / unprotected / {
}, },
/ payload / F6 / nil /, / payload / F6 / nil /,
/ signature / h'a19fd1f23b17beed321cece7423dfb48c457b8 / signature / h'd11a2dd9610fb62a707335f58407922570
f1f6ac83577a3c10c6773f6f3a7902376b59540920b6c5f57bac5fc8543d8f5d3d974f 9f96e8117e7eeed98a2f207d05c8ecfba1755208f6abea977b8a6efe3bc2ca3215e119
aa2e6d03daa534b443a7' 3be201467d052b42db6b7287'
])) ])>>
] ]
]), ]>>,
/ manifest / 3:bstr .cbor ({ / manifest / 3:<<{
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:0, / manifest-sequence-number / 2:0,
/ common / 3:bstr .cbor ({ / common / 3:<<{
/ components / 2:[ / components / 2:[
[h'00'] [h'00']
], ],
/ common-sequence / 4:bstr .cbor ([ / common-sequence / 4:<<[
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ vendor-id / / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf- 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /, be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45' / class-id /
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, 2:h'1492af1425695e48bf429b2d51f2ab45' /
/ image-digest / 3:bstr .cbor ([ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ algorithm-id / 2 / "sha256" /, / image-digest / 3:<<[
/ digest-bytes / / algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]), ]>>,
/ image-size / 14:34768, / image-size / 14:34768,
} , } ,
/ condition-vendor-identifier / 1,15 , / condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15 / condition-class-identifier / 2,15
]), ]>>,
}), }>>,
/ validate / 10:bstr .cbor ([ / validate / 10:<<[
/ condition-image-match / 3,15 / condition-image-match / 3,15
]), ]>>,
/ run / 12:bstr .cbor ([ / run / 12:<<[
/ directive-run / 23,2 / directive-run / 23,2
]), ]>>,
}), }>>,
} })
Total size of Envelope without COSE authentication object: 159 Total size of Envelope without COSE authentication object: 161
Envelope: Envelope:
a2025827815824820258205c097ef64bf3bb9b494e71e1f2418eef8d466c d86ba2025827815824822f5820a6c4590ac53043a98e8c4106e1e31b3055
c902f639a855ec9af3e9eddb99035871a50101020003585fa20281814100 16d7cf0a655eddfac6d45c810e036a035871a50101020003585fa2028181
0458568614a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af14 41000458568614a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492
25695e48bf429b2d51f2ab450358248202582000112233445566778899aa af1425695e48bf429b2d51f2ab45035824822f5820001122334455667788
bbccddeeff0123456789abcdeffedcba98765432100e1987d0010f020f0a 99aabbccddeeff0123456789abcdeffedcba98765432100e1987d0010f02
4382030f0c43821702 0f0a4382030f0c43821702
Total size of Envelope with COSE authentication object: 235
Total size of Envelope with COSE authentication object: 237
Envelope with COSE authentication object: Envelope with COSE authentication object:
a2025873825824820258205c097ef64bf3bb9b494e71e1f2418eef8d466c d86ba2025873825824822f5820a6c4590ac53043a98e8c4106e1e31b3055
c902f639a855ec9af3e9eddb99584ad28443a10126a0f65840a19fd1f23b 16d7cf0a655eddfac6d45c810e036a584ad28443a10126a0f65840d11a2d
17beed321cece7423dfb48c457b8f1f6ac83577a3c10c6773f6f3a790237 d9610fb62a707335f584079225709f96e8117e7eeed98a2f207d05c8ecfb
6b59540920b6c5f57bac5fc8543d8f5d3d974faa2e6d03daa534b443a703 a1755208f6abea977b8a6efe3bc2ca3215e1193be201467d052b42db6b72
5871a50101020003585fa202818141000458568614a40150fa6b4a53d5ad 87035871a50101020003585fa202818141000458568614a40150fa6b4a53
5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450358 d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45
248202582000112233445566778899aabbccddeeff0123456789abcdeffe 035824822f582000112233445566778899aabbccddeeff0123456789abcd
dcba98765432100e1987d0010f020f0a4382030f0c43821702 effedcba98765432100e1987d0010f020f0a4382030f0c43821702
B.2. Example 1: Simultaneous Download and Installation of Payload B.2. Example 1: Simultaneous Download and Installation of Payload
This example covers the following templates: This example covers the following templates:
- Compatibility Check (Section 7.1) - Compatibility Check (Section 7.1)
- Firmware Download (Section 7.3) - Firmware Download (Section 7.3)
Simultaneous download and installation of payload. No secure boot is Simultaneous download and installation of payload. No secure boot is
present in this example to demonstrate a download-only manifest. present in this example to demonstrate a download-only manifest.
{ 107({
/ authentication-wrapper / 2:bstr .cbor ([ / authentication-wrapper / 2:<<[
digest: bstr .cbor ([ digest: <<[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'987eec85fa99fd31d332381b9810f90b05c2e0d4f284a6f4211207ed00fff750' h'60c61d6eb7a1aaeddc49ce8157a55cff0821537eeee77a4ded44155b03045132'
]), ]>>,
signature: bstr .cbor (18([ signature: <<18([
/ protected / bstr .cbor ({ / protected / <<{
/ alg / 1:-7 / "ES256" /, / alg / 1:-7 / "ES256" /,
}), }>>,
/ unprotected / { / unprotected / {
}, },
/ payload / F6 / nil /, / payload / F6 / nil /,
/ signature / h'0008d2678ddda1afd6846cb9272f539a789e4c / signature / h'5249dacaf0ffc8326931b09586eb7e3769
ed4c874774e58dbe4cf1607e755668029ad6383d4e14c72083ba43002fe3f5cda48859 e71a0e6a40ad8153db4980db9b05bd1742ddb46085fa11e62b65a79895c12ac7abe266
90c9b59135976b80ebc9' 8ccc5afdd74466aed7bca389'
])) ])>>
] ]
]), ]>>,
/ manifest / 3:bstr .cbor ({ / manifest / 3:<<{
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:1, / manifest-sequence-number / 2:1,
/ common / 3:bstr .cbor ({ / common / 3:<<{
/ components / 2:[ / components / 2:[
[h'00'] [h'00']
], ],
/ common-sequence / 4:bstr .cbor ([ / common-sequence / 4:<<[
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ vendor-id / / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf- 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /, be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45' / class-id /
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, 2:h'1492af1425695e48bf429b2d51f2ab45' /
/ image-digest / 3:bstr .cbor ([ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ algorithm-id / 2 / "sha256" /, / image-digest / 3:<<[
/ digest-bytes / / algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]), ]>>,
/ image-size / 14:34768, / image-size / 14:34768,
} ,
/ condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15
]>>,
}>>,
/ install / 9:<<[
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file.bin',
} , } ,
/ condition-vendor-identifier / 1,15 , / directive-fetch / 21,2 ,
/ condition-class-identifier / 2,15 / condition-image-match / 3,15
]), ]>>,
}), / validate / 10:<<[
/ install / 9:bstr .cbor ([ / condition-image-match / 3,15
/ directive-set-parameters / 19,{ ]>>,
/ uri / 21:'http://example.com/file.bin', }>>,
} , })
/ directive-fetch / 21,2 ,
/ condition-image-match / 3,15
]),
/ validate / 10:bstr .cbor ([
/ condition-image-match / 3,15
]),
}),
}
Total size of Envelope without COSE authentication object: 194 Total size of Envelope without COSE authentication object: 196
Envelope: Envelope:
a202582781582482025820987eec85fa99fd31d332381b9810f90b05c2e0 d86ba2025827815824822f582060c61d6eb7a1aaeddc49ce8157a55cff08
d4f284a6f4211207ed00fff750035894a50101020103585fa20281814100 21537eeee77a4ded44155b03045132035894a50101020103585fa2028181
0458568614a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af14 41000458568614a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492
25695e48bf429b2d51f2ab450358248202582000112233445566778899aa af1425695e48bf429b2d51f2ab45035824822f5820001122334455667788
bbccddeeff0123456789abcdeffedcba98765432100e1987d0010f020f09 99aabbccddeeff0123456789abcdeffedcba98765432100e1987d0010f02
58258613a115781b687474703a2f2f6578616d706c652e636f6d2f66696c 0f0958258613a115781b687474703a2f2f6578616d706c652e636f6d2f66
652e62696e1502030f0a4382030f 696c652e62696e1502030f0a4382030f
Total size of Envelope with COSE authentication object: 272
Total size of Envelope with COSE authentication object: 270
Envelope with COSE authentication object: Envelope with COSE authentication object:
a202587382582482025820987eec85fa99fd31d332381b9810f90b05c2e0 d86ba2025873825824822f582060c61d6eb7a1aaeddc49ce8157a55cff08
d4f284a6f4211207ed00fff750584ad28443a10126a0f658400008d2678d 21537eeee77a4ded44155b03045132584ad28443a10126a0f658405249da
dda1afd6846cb9272f539a789e4ced4c874774e58dbe4cf1607e75566802 caf0ffc8326931b09586eb7e3769e71a0e6a40ad8153db4980db9b05bd17
9ad6383d4e14c72083ba43002fe3f5cda4885990c9b59135976b80ebc903 42ddb46085fa11e62b65a79895c12ac7abe2668ccc5afdd74466aed7bca3
5894a50101020103585fa202818141000458568614a40150fa6b4a53d5ad 89035894a50101020103585fa202818141000458568614a40150fa6b4a53
5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450358 d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45
248202582000112233445566778899aabbccddeeff0123456789abcdeffe 035824822f582000112233445566778899aabbccddeeff0123456789abcd
dcba98765432100e1987d0010f020f0958258613a115781b687474703a2f effedcba98765432100e1987d0010f020f0958258613a115781b68747470
2f6578616d706c652e636f6d2f66696c652e62696e1502030f0a4382030f 3a2f2f6578616d706c652e636f6d2f66696c652e62696e1502030f0a4382
030f
B.3. Example 2: Simultaneous Download, Installation, Secure Boot, B.3. Example 2: Simultaneous Download, Installation, Secure Boot,
Severed Fields Severed Fields
This example covers the following templates: This example covers the following templates:
- Compatibility Check (Section 7.1) - Compatibility Check (Section 7.1)
- Secure Boot (Section 7.2) - Secure Boot (Section 7.2)
- Firmware Download (Section 7.3) - Firmware Download (Section 7.3)
This example also demonstrates severable elements (Section 5.5), and This example also demonstrates severable elements (Section 5.5), and
text (Section 8.6.4). text (Section 8.6.4).
{ 107({
/ authentication-wrapper / 2:bstr .cbor ([ / authentication-wrapper / 2:<<[
digest: bstr .cbor ([ digest: <<[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'78fa7652e377d31dcd7e95730c885ef13b6ee394d586410aa5fd0aca1f299d34' h'e45dcdb2074b951f1c88b866469939c2a83ed433a31fc7dfcb3f63955bd943ec'
]), ]>>,
signature: bstr .cbor (18([ signature: <<18([
/ protected / bstr .cbor ({ / protected / <<{
/ alg / 1:-7 / "ES256" /, / alg / 1:-7 / "ES256" /,
}), }>>,
/ unprotected / { / unprotected / {
}, },
/ payload / F6 / nil /, / payload / F6 / nil /,
/ signature / h'1aa5bf99688b5d6a1211fd9c99bdd409b64cd6 / signature / h'b4fd3a6a18fe1062573488cf24ac96ef9f
add316ff87029a81faf682f93c5fb94863eebdfd17a6fcfed729ffa9735a624ce7edb5 30ac746696e50be96533b356b8156e4332587fe6f4e8743ae525d72005fddd4c1213d5
65cba26ff7a5bd6a779d' 5a8061b2ce67b83640f4777c'
])) ])>>
] ]
]), ]>>,
/ manifest / 3:bstr .cbor ({ / manifest / 3:<<{
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:2, / manifest-sequence-number / 2:2,
/ common / 3:bstr .cbor ({ / common / 3:<<{
/ components / 2:[ / components / 2:[
[h'00'] [h'00']
], ],
/ common-sequence / 4:bstr .cbor ([ / common-sequence / 4:<<[
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ vendor-id / / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf- 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /, be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45' / class-id /
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, 2:h'1492af1425695e48bf429b2d51f2ab45' /
/ image-digest / 3:bstr .cbor ([ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ algorithm-id / 2 / "sha256" /, / image-digest / 3:<<[
/ digest-bytes / / algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]), ]>>,
/ image-size / 14:34768, / image-size / 14:34768,
} , } ,
/ condition-vendor-identifier / 1,15 , / condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15 / condition-class-identifier / 2,15
]), ]>>,
}), }>>,
/ install / 9:[ / install / 9:[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'3ee96dc79641970ae46b929ccf0b72ba9536dd846020dbdc9f949d84ea0e18d2' h'3ee96dc79641970ae46b929ccf0b72ba9536dd846020dbdc9f949d84ea0e18d2'
], ],
/ validate / 10:bstr .cbor ([ / validate / 10:<<[
/ condition-image-match / 3,15 / condition-image-match / 3,15
]), ]>>,
/ run / 12:bstr .cbor ([ / run / 12:<<[
/ directive-run / 23,2 / directive-run / 23,2
]), ]>>,
/ text / 13:[ / text / 13:[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'2bfc4d0cc6680be7dd9f5ca30aa2bb5d1998145de33d54101b80e2ca49faf918' h'2bfc4d0cc6680be7dd9f5ca30aa2bb5d1998145de33d54101b80e2ca49faf918'
], ],
}), }>>,
/ install / 9:bstr .cbor ([ / install / 9:<<[
/ directive-set-parameters / 19,{ / directive-set-parameters / 19,{
/ uri / / uri /
21:'http://example.com/very/long/path/to/file/file.bin', 21:'http://example.com/very/long/path/to/file/file.bin',
} , } ,
/ directive-fetch / 21,2 , / directive-fetch / 21,2 ,
/ condition-image-match / 3,15 / condition-image-match / 3,15
]), ]>>,
/ text / 13:bstr .cbor ({ / text / 13:<<{
[h'00']:{ [h'00']:{
/ vendor-domain / 3:'arm.com', / vendor-domain / 3:'arm.com',
/ component-description / 5:'This component is a / component-description / 5:'This component is a
demonstration. The digest is a sample pattern, not a real one.', demonstration. The digest is a sample pattern, not a real one.',
} }
}), }>>,
} })
Total size of the Envelope without COSE authentication object or Total size of the Envelope without COSE authentication object or
Severable Elements: 233 Severable Elements: 235
Envelope: Envelope:
a20258278158248202582078fa7652e377d31dcd7e95730c885ef13b6ee3 d86ba2025827815824822f5820e45dcdb2074b951f1c88b866469939c2a8
94d586410aa5fd0aca1f299d340358bba70101020203585fa20281814100 3ed433a31fc7dfcb3f63955bd943ec0358bba70101020203585fa2028181
0458568614a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af14 41000458568614a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492
25695e48bf429b2d51f2ab450358248202582000112233445566778899aa af1425695e48bf429b2d51f2ab45035824822f5820001122334455667788
bbccddeeff0123456789abcdeffedcba98765432100e1987d0010f020f09 99aabbccddeeff0123456789abcdeffedcba98765432100e1987d0010f02
820258203ee96dc79641970ae46b929ccf0b72ba9536dd846020dbdc9f94 0f09822f58203ee96dc79641970ae46b929ccf0b72ba9536dd846020dbdc
9d84ea0e18d20a4382030f0c438217020d820258202bfc4d0cc6680be7dd 9f949d84ea0e18d20a4382030f0c438217020d822f58202bfc4d0cc6680b
9f5ca30aa2bb5d1998145de33d54101b80e2ca49faf918 e7dd9f5ca30aa2bb5d1998145de33d54101b80e2ca49faf918
Total size of the Envelope with COSE authentication object but Total size of the Envelope with COSE authentication object but
without Severable Elements: 309 without Severable Elements: 311
Envelope: Envelope:
a20258738258248202582078fa7652e377d31dcd7e95730c885ef13b6ee3 d86ba2025873825824822f5820e45dcdb2074b951f1c88b866469939c2a8
94d586410aa5fd0aca1f299d34584ad28443a10126a0f658401aa5bf9968 3ed433a31fc7dfcb3f63955bd943ec584ad28443a10126a0f65840b4fd3a
8b5d6a1211fd9c99bdd409b64cd6add316ff87029a81faf682f93c5fb948 6a18fe1062573488cf24ac96ef9f30ac746696e50be96533b356b8156e43
63eebdfd17a6fcfed729ffa9735a624ce7edb565cba26ff7a5bd6a779d03 32587fe6f4e8743ae525d72005fddd4c1213d55a8061b2ce67b83640f477
58bba70101020203585fa202818141000458568614a40150fa6b4a53d5ad 7c0358bba70101020203585fa202818141000458568614a40150fa6b4a53
5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450358 d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45
248202582000112233445566778899aabbccddeeff0123456789abcdeffe 035824822f582000112233445566778899aabbccddeeff0123456789abcd
dcba98765432100e1987d0010f020f09820258203ee96dc79641970ae46b effedcba98765432100e1987d0010f020f09822f58203ee96dc79641970a
929ccf0b72ba9536dd846020dbdc9f949d84ea0e18d20a4382030f0c4382 e46b929ccf0b72ba9536dd846020dbdc9f949d84ea0e18d20a4382030f0c
17020d820258202bfc4d0cc6680be7dd9f5ca30aa2bb5d1998145de33d54 438217020d822f58202bfc4d0cc6680be7dd9f5ca30aa2bb5d1998145de3
101b80e2ca49faf918 3d54101b80e2ca49faf918
Total size of Envelope with COSE authentication object and Severable Total size of Envelope with COSE authentication object and Severable
Elements: 892 Elements: 894
Envelope with COSE authentication object: Envelope with COSE authentication object:
a40258738258248202582078fa7652e377d31dcd7e95730c885ef13b6ee3 d86ba4025873825824822f5820e45dcdb2074b951f1c88b866469939c2a8
94d586410aa5fd0aca1f299d34584ad28443a10126a0f658401aa5bf9968 3ed433a31fc7dfcb3f63955bd943ec584ad28443a10126a0f65840b4fd3a
8b5d6a1211fd9c99bdd409b64cd6add316ff87029a81faf682f93c5fb948 6a18fe1062573488cf24ac96ef9f30ac746696e50be96533b356b8156e43
63eebdfd17a6fcfed729ffa9735a624ce7edb565cba26ff7a5bd6a779d03 32587fe6f4e8743ae525d72005fddd4c1213d55a8061b2ce67b83640f477
58bba70101020203585fa202818141000458568614a40150fa6b4a53d5ad 7c0358bba70101020203585fa202818141000458568614a40150fa6b4a53
5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450358 d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab45
248202582000112233445566778899aabbccddeeff0123456789abcdeffe 035824822f582000112233445566778899aabbccddeeff0123456789abcd
dcba98765432100e1987d0010f020f09820258203ee96dc79641970ae46b effedcba98765432100e1987d0010f020f09822f58203ee96dc79641970a
929ccf0b72ba9536dd846020dbdc9f949d84ea0e18d20a4382030f0c4382 e46b929ccf0b72ba9536dd846020dbdc9f949d84ea0e18d20a4382030f0c
17020d820258202bfc4d0cc6680be7dd9f5ca30aa2bb5d1998145de33d54 438217020d822f58202bfc4d0cc6680be7dd9f5ca30aa2bb5d1998145de3
101b80e2ca49faf91809583c8613a1157832687474703a2f2f6578616d70 3d54101b80e2ca49faf91809583c8613a1157832687474703a2f2f657861
6c652e636f6d2f766572792f6c6f6e672f706174682f746f2f66696c652f 6d706c652e636f6d2f766572792f6c6f6e672f706174682f746f2f66696c
66696c652e62696e1502030f0d590204a20179019d2323204578616d706c 652f66696c652e62696e1502030f0d590204a20179019d2323204578616d
6520323a2053696d756c74616e656f757320446f776e6c6f61642c20496e 706c6520323a2053696d756c74616e656f757320446f776e6c6f61642c20
7374616c6c6174696f6e2c2053656375726520426f6f742c205365766572 496e7374616c6c6174696f6e2c2053656375726520426f6f742c20536576
6564204669656c64730a0a2020202054686973206578616d706c6520636f 65726564204669656c64730a0a2020202054686973206578616d706c6520
766572732074686520666f6c6c6f77696e672074656d706c617465733a0a 636f766572732074686520666f6c6c6f77696e672074656d706c61746573
202020200a202020202a20436f6d7061746962696c69747920436865636b 3a0a202020200a202020202a20436f6d7061746962696c69747920436865
20287b7b74656d706c6174652d636f6d7061746962696c6974792d636865 636b20287b7b74656d706c6174652d636f6d7061746962696c6974792d63
636b7d7d290a202020202a2053656375726520426f6f7420287b7b74656d 6865636b7d7d290a202020202a2053656375726520426f6f7420287b7b74
706c6174652d7365637572652d626f6f747d7d290a202020202a20466972 656d706c6174652d7365637572652d626f6f747d7d290a202020202a2046
6d7761726520446f776e6c6f616420287b7b6669726d776172652d646f77 69726d7761726520446f776e6c6f616420287b7b6669726d776172652d64
6e6c6f61642d74656d706c6174657d7d290a202020200a20202020546869 6f776e6c6f61642d74656d706c6174657d7d290a202020200a2020202054
73206578616d706c6520616c736f2064656d6f6e73747261746573207365 686973206578616d706c6520616c736f2064656d6f6e7374726174657320
76657261626c6520656c656d656e747320287b7b6f76722d736576657261 736576657261626c6520656c656d656e747320287b7b6f76722d73657665
626c657d7d292c20616e64207465787420287b7b6d616e69666573742d64 7261626c657d7d292c20616e64207465787420287b7b6d616e6966657374
69676573742d746578747d7d292e814100a2036761726d2e636f6d057852 2d6469676573742d746578747d7d292e814100a2036761726d2e636f6d05
5468697320636f6d706f6e656e7420697320612064656d6f6e7374726174 78525468697320636f6d706f6e656e7420697320612064656d6f6e737472
696f6e2e205468652064696765737420697320612073616d706c65207061 6174696f6e2e205468652064696765737420697320612073616d706c6520
747465726e2c206e6f742061207265616c206f6e652e 7061747465726e2c206e6f742061207265616c206f6e652e
B.4. Example 3: A/B images B.4. Example 3: A/B images
This example covers the following templates: This example covers the following templates:
- Compatibility Check (Section 7.1) - Compatibility Check (Section 7.1)
- Secure Boot (Section 7.2) - Secure Boot (Section 7.2)
- Firmware Download (Section 7.3) - Firmware Download (Section 7.3)
- A/B Image Template (Section 7.11) - A/B Image Template (Section 7.11)
{ 107({
/ authentication-wrapper / 2:bstr .cbor ([ / authentication-wrapper / 2:<<[
digest: bstr .cbor ([ digest: <<[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'7c9b3cb72c262608a42f944d59d659ff2b801c78af44def51b8ff51e9f45721b'
h'ae0c1ea689c9800a843550f38796b6fdbd52a0c78be5d26011d8e784da43d47c' ]>>,
]), signature: <<18([
signature: bstr .cbor (18([ / protected / <<{
/ protected / bstr .cbor ({ / alg / 1:-7 / "ES256" /,
/ alg / 1:-7 / "ES256" /, }>>,
}), / unprotected / {
/ unprotected / { },
}, / payload / F6 / nil /,
/ payload / F6 / nil /, / signature / h'e33d618df0ad21e609529ab1a876afb231
/ signature / h'1296c87d168bb857495e6551730f9d6d3a6d81 faff1d6a3189b5360324c2794250b87cf00cf83be50ea17dc721ca85393cd8e839a066
ad6c908c72fbc52ddcb2e8011d20d217b3f1c028374eecbda5d2ca26d047270b397dca d5dec0ad87a903ab31ea9afa'
a91a48a7c78cf376004e' ])>>
])) ]
] ]>>,
]), / manifest / 3:<<{
/ manifest / 3:bstr .cbor ({ / manifest-version / 1:1,
/ manifest-version / 1:1, / manifest-sequence-number / 2:3,
/ manifest-sequence-number / 2:3, / common / 3:<<{
/ common / 3:bstr .cbor ({ / components / 2:[
/ components / 2:[ [h'00']
[h'00'] ],
], / common-sequence / 4:<<[
/ common-sequence / 4:bstr .cbor ([ / directive-override-parameters / 20,{
/ directive-override-parameters / 20,{ / vendor-id /
/ vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf- 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /, be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45' / class-id /
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, 2:h'1492af1425695e48bf429b2d51f2ab45' /
} , 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
} ,
/ directive-try-each / 15,[
<<[
/ directive-override-parameters / 20,{
/ offset / 5:33792,
} ,
/ condition-component-offset / 5,5 ,
/ directive-override-parameters / 20,{
/ image-digest / 3:<<[
/ algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]>>,
/ image-size / 14:34768,
}
]>> ,
<<[
/ directive-override-parameters / 20,{
/ offset / 5:541696,
} ,
/ condition-component-offset / 5,5 ,
/ directive-override-parameters / 20,{
/ image-digest / 3:<<[
/ algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff'
]>>,
/ image-size / 14:76834,
}
]>>
] ,
/ condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15
]>>,
}>>,
/ install / 9:<<[
/ directive-try-each / 15,[ / directive-try-each / 15,[
bstr .cbor ([ <<[
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ offset / 5:33792, / offset / 5:33792,
} , } ,
/ condition-component-offset / 5,5 , / condition-component-offset / 5,5 ,
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ image-digest / 3:bstr .cbor ([ / uri / 21:'http://example.com/file1.bin',
/ algorithm-id / 2 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]),
/ image-size / 14:34768,
} }
]) , ]>> ,
bstr .cbor ([ <<[
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ offset / 5:541696, / offset / 5:541696,
} , } ,
/ condition-component-offset / 5,5 , / condition-component-offset / 5,5 ,
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ image-digest / 3:bstr .cbor ([ / uri / 21:'http://example.com/file2.bin',
/ algorithm-id / 2 / "sha256" /,
/ digest-bytes /
h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff'
]),
/ image-size / 14:76834,
} }
]) ]>>
] , ] ,
/ condition-vendor-identifier / 1,15 , / directive-fetch / 21,2 ,
/ condition-class-identifier / 2,15 / condition-image-match / 3,15
]), ]>>,
}), / validate / 10:<<[
/ install / 9:bstr .cbor ([ / condition-image-match / 3,15
/ directive-try-each / 15,[ ]>>,
bstr .cbor ([ }>>,
/ directive-set-parameters / 19,{ })
/ offset / 5:33792,
} , Total size of Envelope without COSE authentication object: 332
/ condition-component-offset / 5,5 ,
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file1.bin',
}
]) ,
bstr .cbor ([
/ directive-set-parameters / 19,{
/ offset / 5:541696,
} ,
/ condition-component-offset / 5,5 ,
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file2.bin',
}
])
] ,
/ directive-fetch / 21,2 ,
/ condition-image-match / 3,15
]),
/ validate / 10:bstr .cbor ([
/ condition-image-match / 3,15
]),
}),
}
Total size of Envelope without COSE authentication object: 330
Envelope: Envelope:
a202582781582482025820ae0c1ea689c9800a843550f38796b6fdbd52a0 d86ba2025827815824822f58207c9b3cb72c262608a42f944d59d659ff2b
c78be5d26011d8e784da43d47c0359011ba5010102030358aaa202818141 801c78af44def51b8ff51e9f45721b0359011ba5010102030358aaa20281
000458a18814a20150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af 8141000458a18814a20150fa6b4a53d5ad5fdfbe9de663e4d41ffe025014
1425695e48bf429b2d51f2ab450f8258368614a105198400050514a20358 92af1425695e48bf429b2d51f2ab450f8258368614a105198400050514a2
248202582000112233445566778899aabbccddeeff0123456789abcdeffe 035824822f582000112233445566778899aabbccddeeff0123456789abcd
dcba98765432100e1987d0583a8614a1051a00084400050514a203582482 effedcba98765432100e1987d0583a8614a1051a00084400050514a20358
0258200123456789abcdeffedcba987654321000112233445566778899aa 24822f58200123456789abcdeffedcba9876543210001122334455667788
bbccddeeff0e1a00012c22010f020f095861860f82582a8613a105198400 99aabbccddeeff0e1a00012c22010f020f095861860f82582a8613a10519
050513a115781c687474703a2f2f6578616d706c652e636f6d2f66696c65 8400050513a115781c687474703a2f2f6578616d706c652e636f6d2f6669
312e62696e582c8613a1051a00084400050513a115781c687474703a2f2f 6c65312e62696e582c8613a1051a00084400050513a115781c687474703a
6578616d706c652e636f6d2f66696c65322e62696e1502030f0a4382030f 2f2f6578616d706c652e636f6d2f66696c65322e62696e1502030f0a4382
030f
Total size of Envelope with COSE authentication object: 406 Total size of Envelope with COSE authentication object: 408
Envelope with COSE authentication object: Envelope with COSE authentication object:
a202587382582482025820ae0c1ea689c9800a843550f38796b6fdbd52a0 d86ba2025873825824822f58207c9b3cb72c262608a42f944d59d659ff2b
c78be5d26011d8e784da43d47c584ad28443a10126a0f658401296c87d16 801c78af44def51b8ff51e9f45721b584ad28443a10126a0f65840e33d61
8bb857495e6551730f9d6d3a6d81ad6c908c72fbc52ddcb2e8011d20d217 8df0ad21e609529ab1a876afb231faff1d6a3189b5360324c2794250b87c
b3f1c028374eecbda5d2ca26d047270b397dcaa91a48a7c78cf376004e03 f00cf83be50ea17dc721ca85393cd8e839a066d5dec0ad87a903ab31ea9a
59011ba5010102030358aaa202818141000458a18814a20150fa6b4a53d5 fa0359011ba5010102030358aaa202818141000458a18814a20150fa6b4a
ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab450f 53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d51f2ab
8258368614a105198400050514a203582482025820001122334455667788 450f8258368614a105198400050514a2035824822f582000112233445566
99aabbccddeeff0123456789abcdeffedcba98765432100e1987d0583a86 778899aabbccddeeff0123456789abcdeffedcba98765432100e1987d058
14a1051a00084400050514a2035824820258200123456789abcdeffedcba 3a8614a1051a00084400050514a2035824822f58200123456789abcdeffe
987654321000112233445566778899aabbccddeeff0e1a00012c22010f02 dcba987654321000112233445566778899aabbccddeeff0e1a00012c2201
0f095861860f82582a8613a105198400050513a115781c687474703a2f2f 0f020f095861860f82582a8613a105198400050513a115781c687474703a
6578616d706c652e636f6d2f66696c65312e62696e582c8613a1051a0008 2f2f6578616d706c652e636f6d2f66696c65312e62696e582c8613a1051a
4400050513a115781c687474703a2f2f6578616d706c652e636f6d2f6669 00084400050513a115781c687474703a2f2f6578616d706c652e636f6d2f
6c65322e62696e1502030f0a4382030f 66696c65322e62696e1502030f0a4382030f
B.5. Example 4: Load and Decompress from External Storage B.5. Example 4: Load and Decompress from External Storage
This example covers the following templates: This example covers the following templates:
- Compatibility Check (Section 7.1) - Compatibility Check (Section 7.1)
- Secure Boot (Section 7.2) - Secure Boot (Section 7.2)
- Firmware Download (Section 7.3) - Firmware Download (Section 7.3)
- Install (Section 7.4) - Install (Section 7.4)
- Load & Decompress (Section 7.8) - Load & Decompress (Section 7.8)
{ 107({
/ authentication-wrapper / 2:bstr .cbor ([ / authentication-wrapper / 2:<<[
digest: bstr .cbor ([ digest: <<[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'4b4c7c8c0fda76c9c9591a9db160918e2b3c96a58b0a5e4984fd4e8f9359a928' h'15736702a00f510805dcf89d6913a2cfb417ed414faa760f974d6755c68ba70a'
]), ]>>,
signature: bstr .cbor (18([ signature: <<18([
/ protected / bstr .cbor ({ / protected / <<{
/ alg / 1:-7 / "ES256" /, / alg / 1:-7 / "ES256" /,
}), }>>,
/ unprotected / { / unprotected / {
}, },
/ payload / F6 / nil /, / payload / F6 / nil /,
/ signature / h'd88c4953fe5a0399e69ab37fe654d1f1b957a4 / signature / h'3ada2532326d512132c388677798c24ffd
4a46fde3e9cffdf0cdaa0456ddce9f08bc2a59895ffd70adce0e4aee8690645dcd4b7b cc979bfae2a26b19c8c8bbf511fd7dd85f1501662c1a9e1976b759c4019bab44ba5434
77d401bd91e35aa115d2' efb45d3868aedbca593671f3'
])) ])>>
] ]
]),
/ manifest / 3:bstr .cbor ({ ]>>,
/ manifest-version / 1:1, / manifest / 3:<<{
/ manifest-sequence-number / 2:4, / manifest-version / 1:1,
/ common / 3:bstr .cbor ({ / manifest-sequence-number / 2:4,
/ components / 2:[ / common / 3:<<{
[h'00'] , / components / 2:[
[h'02'] , [h'00'] ,
[h'01'] [h'02'] ,
], [h'01']
/ common-sequence / 4:bstr .cbor ([ ],
/ directive-set-component-index / 12,0 , / common-sequence / 4:<<[
/ directive-override-parameters / 20,{ / directive-set-component-index / 12,0 ,
/ vendor-id / / directive-override-parameters / 20,{
/ vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf- 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /, be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45' / class-id /
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, 2:h'1492af1425695e48bf429b2d51f2ab45' /
/ image-digest / 3:bstr .cbor ([ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ algorithm-id / 2 / "sha256" /, / image-digest / 3:<<[
/ digest-bytes / / algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]), ]>>,
/ image-size / 14:34768, / image-size / 14:34768,
} ,
/ condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15
]>>,
}>>,
/ payload-fetch / 8:<<[
/ directive-set-component-index / 12,1 ,
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file.bin',
} , } ,
/ condition-vendor-identifier / 1,15 , / directive-fetch / 21,2 ,
/ condition-class-identifier / 2,15 / condition-image-match / 3,15
]), ]>>,
}), / install / 9:<<[
/ payload-fetch / 8:bstr .cbor ([ / directive-set-component-index / 12,0 ,
/ directive-set-component-index / 12,1 , / directive-set-parameters / 19,{
/ directive-set-parameters / 19,{ / source-component / 22:1 / [h'02'] /,
/ uri / 21:'http://example.com/file.bin', } ,
} , / directive-copy / 22,2 ,
/ directive-fetch / 21,2 , / condition-image-match / 3,15
/ condition-image-match / 3,15 ]>>,
]), / validate / 10:<<[
/ install / 9:bstr .cbor ([ / directive-set-component-index / 12,0 ,
/ directive-set-component-index / 12,0 , / condition-image-match / 3,15
/ directive-set-parameters / 19,{ ]>>,
/ source-component / 22:1 / [h'02'] /, / load / 11:<<[
} , / directive-set-component-index / 12,2 ,
/ directive-copy / 22,2 , / directive-set-parameters / 19,{
/ condition-image-match / 3,15 / image-digest / 3:<<[
]), / algorithm-id / -16 / "sha256" /,
/ validate / 10:bstr .cbor ([ / digest-bytes /
/ directive-set-component-index / 12,0 ,
/ condition-image-match / 3,15
]),
/ load / 11:bstr .cbor ([
/ directive-set-component-index / 12,2 ,
/ directive-set-parameters / 19,{
/ image-digest / 3:bstr .cbor ([
/ algorithm-id / 2 / "sha256" /,
/ digest-bytes /
h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff'
]), ]>>,
/ image-size / 14:76834, / image-size / 14:76834,
/ source-component / 22:0 / [h'00'] /, / source-component / 22:0 / [h'00'] /,
/ compression-info / 19:1 / "gzip" /, / compression-info / 19:<<{
} , / compression-algorithm / 1:1 / "gzip" /,
/ directive-copy / 22,2 , }>>,
/ condition-image-match / 3,15 } ,
]), / directive-copy / 22,2 ,
/ run / 12:bstr .cbor ([ / condition-image-match / 3,15
/ directive-set-component-index / 12,2 , ]>>,
/ directive-run / 23,2 / run / 12:<<[
]), / directive-set-component-index / 12,2 ,
}), / directive-run / 23,2
} ]>>,
}>>,
})
Total size of Envelope without COSE authentication object: 287 Total size of Envelope without COSE authentication object: 292
Envelope: Envelope:
a2025827815824820258204b4c7c8c0fda76c9c9591a9db160918e2b3c96 d86ba2025827815824822f582015736702a00f510805dcf89d6913a2cfb4
a58b0a5e4984fd4e8f9359a9280358f1a801010204035867a20283814100 17ed414faa760f974d6755c68ba70a0358f4a801010204035867a2028381
814102814101045858880c0014a40150fa6b4a53d5ad5fdfbe9de663e4d4 4100814102814101045858880c0014a40150fa6b4a53d5ad5fdfbe9de663
1ffe02501492af1425695e48bf429b2d51f2ab4503582482025820001122 e4d41ffe02501492af1425695e48bf429b2d51f2ab45035824822f582000
33445566778899aabbccddeeff0123456789abcdeffedcba98765432100e 112233445566778899aabbccddeeff0123456789abcdeffedcba98765432
1987d0010f020f085827880c0113a115781b687474703a2f2f6578616d70 100e1987d0010f020f085827880c0113a115781b687474703a2f2f657861
6c652e636f6d2f66696c652e62696e1502030f094b880c0013a116011602 6d706c652e636f6d2f66696c652e62696e1502030f094b880c0013a11601
030f0a45840c00030f0b583a880c0213a4035824820258200123456789ab 1602030f0a45840c00030f0b583d880c0213a4035824822f582001234567
cdeffedcba987654321000112233445566778899aabbccddeeff0e1a0001 89abcdeffedcba987654321000112233445566778899aabbccddeeff0e1a
2c22130116001602030f0c45840c021702 00012c221343a1010116001602030f0c45840c021702
Total size of Envelope with COSE authentication object: 363 Total size of Envelope with COSE authentication object: 368
Envelope with COSE authentication object: Envelope with COSE authentication object:
a2025873825824820258204b4c7c8c0fda76c9c9591a9db160918e2b3c96 d86ba2025873825824822f582015736702a00f510805dcf89d6913a2cfb4
a58b0a5e4984fd4e8f9359a928584ad28443a10126a0f65840d88c4953fe 17ed414faa760f974d6755c68ba70a584ad28443a10126a0f658403ada25
5a0399e69ab37fe654d1f1b957a44a46fde3e9cffdf0cdaa0456ddce9f08 32326d512132c388677798c24ffdcc979bfae2a26b19c8c8bbf511fd7dd8
bc2a59895ffd70adce0e4aee8690645dcd4b7b77d401bd91e35aa115d203 5f1501662c1a9e1976b759c4019bab44ba5434efb45d3868aedbca593671
58f1a801010204035867a20283814100814102814101045858880c0014a4 f30358f4a801010204035867a20283814100814102814101045858880c00
0150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf42 14a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48
9b2d51f2ab450358248202582000112233445566778899aabbccddeeff01 bf429b2d51f2ab45035824822f582000112233445566778899aabbccddee
23456789abcdeffedcba98765432100e1987d0010f020f085827880c0113 ff0123456789abcdeffedcba98765432100e1987d0010f020f085827880c
a115781b687474703a2f2f6578616d706c652e636f6d2f66696c652e6269 0113a115781b687474703a2f2f6578616d706c652e636f6d2f66696c652e
6e1502030f094b880c0013a116011602030f0a45840c00030f0b583a880c 62696e1502030f094b880c0013a116011602030f0a45840c00030f0b583d
0213a4035824820258200123456789abcdeffedcba987654321000112233 880c0213a4035824822f58200123456789abcdeffedcba98765432100011
445566778899aabbccddeeff0e1a00012c22130116001602030f0c45840c 2233445566778899aabbccddeeff0e1a00012c221343a101011600160203
021702 0f0c45840c021702
B.6. Example 5: Two Images B.6. Example 5: Two Images
This example covers the following templates: This example covers the following templates:
- Compatibility Check (Section 7.1) - Compatibility Check (Section 7.1)
- Secure Boot (Section 7.2) - Secure Boot (Section 7.2)
- Firmware Download (Section 7.3) - Firmware Download (Section 7.3)
Furthermore, it shows using these templates with two images. Furthermore, it shows using these templates with two images.
{ 107({
/ authentication-wrapper / 2:bstr .cbor ([ / authentication-wrapper / 2:<<[
digest: bstr .cbor ([ digest: <<[
/ algorithm-id / 2 / "sha256" /, / algorithm-id / -16 / "sha256" /,
/ digest-bytes / / digest-bytes /
h'de7c7927a15bd2eda59cab1512875f17c9f1e9e23885ce1ac6d671eefcefa37a' h'd1e73f16e4126007bc4d804cd33b0209fbab34728e60ee8c00f3387126748dd2'
]), ]>>,
signature: bstr .cbor (18([ signature: <<18([
/ protected / bstr .cbor ({ / protected / <<{
/ alg / 1:-7 / "ES256" /, / alg / 1:-7 / "ES256" /,
}), }>>,
/ unprotected / { / unprotected / {
}, },
/ payload / F6 / nil /, / payload / F6 / nil /,
/ signature / h'8f5919c05ef786366ab4899db27a2e7412ef72 / signature / h'b7ae0a46a28f02e25cda6d9a255bbaf863
480372437757b1c1c9f8b2ed2a677a88db17fcfbb47d178c9e5620f14ac68a314ceabc 30141831fae5a78012d648bc6cee55102e0f1890bdeacc3adaa4fae0560f83a45eecae
d20cbf54fbe89b8e83ad' 65cabce642f56d84ab97ef8d'
])) ])>>
] ]
]), ]>>,
/ manifest / 3:bstr .cbor ({ / manifest / 3:<<{
/ manifest-version / 1:1, / manifest-version / 1:1,
/ manifest-sequence-number / 2:5, / manifest-sequence-number / 2:5,
/ common / 3:bstr .cbor ({ / common / 3:<<{
/ components / 2:[ / components / 2:[
[h'00'] , [h'00'] ,
[h'01'] [h'01']
], ],
/ common-sequence / 4:bstr .cbor ([ / common-sequence / 4:<<[
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ directive-override-parameters / 20,{ / directive-override-parameters / 20,{
/ vendor-id / / vendor-id /
1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf- 1:h'fa6b4a53d5ad5fdfbe9de663e4d41ffe' / fa6b4a53-d5ad-5fdf-
be9d-e663e4d41ffe /, be9d-e663e4d41ffe /,
/ class-id / 2:h'1492af1425695e48bf429b2d51f2ab45' / class-id /
/ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /, 2:h'1492af1425695e48bf429b2d51f2ab45' /
/ image-digest / 3:bstr .cbor ([ 1492af14-2569-5e48-bf42-9b2d51f2ab45 /,
/ algorithm-id / 2 / "sha256" /, / image-digest / 3:<<[
/ digest-bytes / / algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210' h'00112233445566778899aabbccddeeff0123456789abcdeffedcba9876543210'
]), ]>>,
/ image-size / 14:34768, / image-size / 14:34768,
} ,
/ condition-vendor-identifier / 1,15 ,
/ condition-class-identifier / 2,15 ,
/ directive-set-component-index / 12,1 ,
/ directive-override-parameters / 20,{
/ image-digest / 3:<<[
/ algorithm-id / -16 / "sha256" /,
/ digest-bytes /
h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff'
]>>,
/ image-size / 14:76834,
}
]>>,
}>>,
/ install / 9:<<[
/ directive-set-component-index / 12,0 ,
/ directive-set-parameters / 19,{
/ uri / 21:'http://example.com/file1.bin',
} , } ,
/ condition-vendor-identifier / 1,15 , / directive-fetch / 21,2 ,
/ condition-class-identifier / 2,15 , / condition-image-match / 3,15 ,
/ directive-set-component-index / 12,1 , / directive-set-component-index / 12,1 ,
/ directive-override-parameters / 20,{ / directive-set-parameters / 19,{
/ image-digest / 3:bstr .cbor ([ / uri / 21:'http://example.com/file2.bin',
/ algorithm-id / 2 / "sha256" /, } ,
/ digest-bytes / / directive-fetch / 21,2 ,
h'0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff' / condition-image-match / 3,15
]),
/ image-size / 14:76834,
}
]),
}), ]>>,
/ install / 9:bstr .cbor ([ / validate / 10:<<[
/ directive-set-component-index / 12,0 , / directive-set-component-index / 12,0 ,
/ directive-set-parameters / 19,{ / condition-image-match / 3,15 ,
/ uri / 21:'http://example.com/file1.bin', / directive-set-component-index / 12,1 ,
} , / condition-image-match / 3,15
/ directive-fetch / 21,2 , ]>>,
/ condition-image-match / 3,15 , / run / 12:<<[
/ directive-set-component-index / 12,1 , / directive-set-component-index / 12,0 ,
/ directive-set-parameters / 19,{ / directive-run / 23,2
/ uri / 21:'http://example.com/file2.bin', ]>>,
} , }>>,
/ directive-fetch / 21,2 , })
/ condition-image-match / 3,15
]),
/ validate / 10:bstr .cbor ([
/ directive-set-component-index / 12,0 ,
/ condition-image-match / 3,15 ,
/ directive-set-component-index / 12,1 ,
/ condition-image-match / 3,15
]),
/ run / 12:bstr .cbor ([
/ directive-set-component-index / 12,0 ,
/ directive-run / 23,2
]),
}),
}
Total size of Envelope without COSE authentication object: 304 Total size of Envelope without COSE authentication object: 306
Envelope: Envelope:
a202582781582482025820de7c7927a15bd2eda59cab1512875f17c9f1e9 d86ba2025827815824822f5820d1e73f16e4126007bc4d804cd33b0209fb
e23885ce1ac6d671eefcefa37a03590101a601010205035895a202828141 ab34728e60ee8c00f3387126748dd203590101a601010205035895a20282
008141010458898c0c0014a40150fa6b4a53d5ad5fdfbe9de663e4d41ffe 8141008141010458898c0c0014a40150fa6b4a53d5ad5fdfbe9de663e4d4
02501492af1425695e48bf429b2d51f2ab45035824820258200011223344 1ffe02501492af1425695e48bf429b2d51f2ab45035824822f5820001122
5566778899aabbccddeeff0123456789abcdeffedcba98765432100e1987 33445566778899aabbccddeeff0123456789abcdeffedcba98765432100e
d0010f020f0c0114a2035824820258200123456789abcdeffedcba987654 1987d0010f020f0c0114a2035824822f58200123456789abcdeffedcba98
321000112233445566778899aabbccddeeff0e1a00012c2209584f900c00 7654321000112233445566778899aabbccddeeff0e1a00012c2209584f90
13a115781c687474703a2f2f6578616d706c652e636f6d2f66696c65312e 0c0013a115781c687474703a2f2f6578616d706c652e636f6d2f66696c65
62696e1502030f0c0113a115781c687474703a2f2f6578616d706c652e63 312e62696e1502030f0c0113a115781c687474703a2f2f6578616d706c65
6f6d2f66696c65322e62696e1502030f0a49880c00030f0c01030f0c4584 2e636f6d2f66696c65322e62696e1502030f0a49880c00030f0c01030f0c
0c001702 45840c001702
Total size of Envelope with COSE authentication object: 380 Total size of Envelope with COSE authentication object: 382
Envelope with COSE authentication object: Envelope with COSE authentication object:
a202587382582482025820de7c7927a15bd2eda59cab1512875f17c9f1e9 d86ba2025873825824822f5820d1e73f16e4126007bc4d804cd33b0209fb
e23885ce1ac6d671eefcefa37a584ad28443a10126a0f658408f5919c05e ab34728e60ee8c00f3387126748dd2584ad28443a10126a0f65840b7ae0a
f786366ab4899db27a2e7412ef72480372437757b1c1c9f8b2ed2a677a88 46a28f02e25cda6d9a255bbaf86330141831fae5a78012d648bc6cee5510
db17fcfbb47d178c9e5620f14ac68a314ceabcd20cbf54fbe89b8e83ad03 2e0f1890bdeacc3adaa4fae0560f83a45eecae65cabce642f56d84ab97ef
590101a601010205035895a202828141008141010458898c0c0014a40150 8d03590101a601010205035895a202828141008141010458898c0c0014a4
fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf429b2d 0150fa6b4a53d5ad5fdfbe9de663e4d41ffe02501492af1425695e48bf42
51f2ab450358248202582000112233445566778899aabbccddeeff012345 9b2d51f2ab45035824822f582000112233445566778899aabbccddeeff01
6789abcdeffedcba98765432100e1987d0010f020f0c0114a20358248202 23456789abcdeffedcba98765432100e1987d0010f020f0c0114a2035824
58200123456789abcdeffedcba987654321000112233445566778899aabb 822f58200123456789abcdeffedcba987654321000112233445566778899
ccddeeff0e1a00012c2209584f900c0013a115781c687474703a2f2f6578 aabbccddeeff0e1a00012c2209584f900c0013a115781c687474703a2f2f
616d706c652e636f6d2f66696c65312e62696e1502030f0c0113a115781c 6578616d706c652e636f6d2f66696c65312e62696e1502030f0c0113a115
687474703a2f2f6578616d706c652e636f6d2f66696c65322e62696e1502 781c687474703a2f2f6578616d706c652e636f6d2f66696c65322e62696e
030f0a49880c00030f0c01030f0c45840c001702 1502030f0a49880c00030f0c01030f0c45840c001702
Appendix C. C. Design Rational Appendix C. C. Design Rational
In order to provide flexible behavior to constrained devices, while In order to provide flexible behavior to constrained devices, while
still allowing more powerful devices to use their full capabilities, still allowing more powerful devices to use their full capabilities,
the SUIT manifest encodes the required behavior of a Recipient the SUIT manifest encodes the required behavior of a Recipient
device. Behavior is encoded as a specialized byte code, contained in device. Behavior is encoded as a specialized byte code, contained in
a CBOR list. This promotes a flat encoding, which simplifies the a CBOR list. This promotes a flat encoding, which simplifies the
parser. The information encoded by this byte code closely matches parser. The information encoded by this byte code closely matches
the operations that a device will perform, which promotes ease of the operations that a device will perform, which promotes ease of
skipping to change at page 108, line 22 skipping to change at page 110, line 20
| Class Identifier | Section 8.7.5.2 | REQUIRED | | Class Identifier | Section 8.7.5.2 | REQUIRED |
| | | | | | | |
| Device Identifier | Section 8.7.5.2 | OPTIONAL | | Device Identifier | Section 8.7.5.2 | OPTIONAL |
| | | | | | | |
| Image Match | Section 8.7.6.2 | REQUIRED | | Image Match | Section 8.7.6.2 | REQUIRED |
| | | | | | | |
| Image Not Match | Section 8.7.6.3 | OPTIONAL | | Image Not Match | Section 8.7.6.3 | OPTIONAL |
| | | | | | | |
| Use Before | Section 8.7.6.4 | OPTIONAL | | Use Before | Section 8.7.6.4 | OPTIONAL |
| | | | | | | |
| Component Offset | Section 8.7.6.5 | OPTIONAL | | Component Slot | Section 8.7.6.5 | OPTIONAL |
| | | | | | | |
| Abort | Section 8.7.6.9 | OPTIONAL | | Abort | Section 8.7.6.9 | OPTIONAL |
| | | | | | | |
| Minimum Battery | Section 8.7.6.6 | OPTIONAL | | Minimum Battery | Section 8.7.6.6 | OPTIONAL |
| | | | | | | |
| Update Authorized | Section 8.7.6.7 | OPTIONAL | | Update Authorized | Section 8.7.6.7 | OPTIONAL |
| | | | | | | |
| Version | Section 8.7.6.8 | OPTIONAL | | Version | Section 8.7.6.8 | OPTIONAL |
| | | | | | | |
| Custom Condition | Section 8.7.6.10 | OPTIONAL | | Custom Condition | Section 8.7.6.10 | OPTIONAL |
skipping to change at page 109, line 47 skipping to change at page 111, line 47
| | | | | | | |
| Run Sequence | Section 8.7.7. | OPTIONAL | | Run Sequence | Section 8.7.7. | OPTIONAL |
| | 12 | | | | 12 | |
| | | | | | | |
| Swap | Section 8.7.7. | OPTIONAL | | Swap | Section 8.7.7. | OPTIONAL |
| | 13 | | | | 13 | |
| | | | | | | |
| Fetch URI List | Section 8.7.7. | OPTIONAL | | Fetch URI List | Section 8.7.7. | OPTIONAL |
| | 8 | | | | 8 | |
| | | | | | | |
| Garbage Collect | Section 8.7.8 | OPTIONAL | | Unlink | Section 8.7.8 | OPTIONAL |
+-------------------+----------------+------------------------------+ +-------------------+----------------+------------------------------+
The subsequent table shows the parameters. The subsequent table shows the parameters.
+------------------+------------------+----------------------+ +------------------+------------------+----------------------+
| Name | Reference | Implementation | | Name | Reference | Implementation |
+------------------+------------------+----------------------+ +------------------+------------------+----------------------+
| Vendor ID | Section 8.7.5.3 | REQUIRED | | Vendor ID | Section 8.7.5.3 | REQUIRED |
| | | | | | | |
| Class ID | Section 8.7.5.4 | REQUIRED | | Class ID | Section 8.7.5.4 | REQUIRED |
| | | | | | | |
| Image Digest | Section 8.7.5.6 | REQUIRED | | Image Digest | Section 8.7.5.6 | REQUIRED |
| | | | | | | |
| Image Size | Section 8.7.5.7 | REQUIRED | | Image Size | Section 8.7.5.7 | REQUIRED |
| | | | | | | |
| Use Before | Section 8.7.5.8 | RECOMMENDED | | Use Before | Section 8.7.5.8 | RECOMMENDED |
| | | | | | | |
| Component Offset | Section 8.7.5.9 | OPTIONAL | | Component Slot | Section 8.7.5.9 | OPTIONAL |
| | | | | | | |
| Encryption Info | Section 8.7.5.10 | RECOMMENDED | | Encryption Info | Section 8.7.5.10 | RECOMMENDED |
| | | | | | | |
| Compression Info | Section 8.7.5.11 | RECOMMENDED | | Compression Info | Section 8.7.5.11 | RECOMMENDED |
| | | | | | | |
| Unpack Info | Section 8.7.5.12 | RECOMMENDED | | Unpack Info | Section 8.7.5.12 | RECOMMENDED |
| | | | | | | |
| URI | Section 8.7.5.13 | REQUIRED for Updater | | URI | Section 8.7.5.13 | REQUIRED for Updater |
| | | | | | | |
| Source Component | Section 8.7.5.14 | OPTIONAL | | Source Component | Section 8.7.5.14 | OPTIONAL |
 End of changes. 143 change blocks. 
771 lines changed or deleted 783 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/