From nobody Thu Jan 3 08:44:29 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24A0131184 for ; Thu, 3 Jan 2019 08:44:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1w1O8-P-VH_q for ; Thu, 3 Jan 2019 08:44:19 -0800 (PST) Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 175AA131169 for ; Thu, 3 Jan 2019 08:44:18 -0800 (PST) Received: by mail-qt1-x832.google.com with SMTP id l11so37557197qtp.0 for ; Thu, 03 Jan 2019 08:44:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Tjv9ljZnCt95jOa7p7MlDIV4f3mjDwWQC+WzMyxPopU=; b=CSaD54BNzVcaEedCyY1xmQyHGOAy5RiGJ+WGdAK9ah754mlFL1/I+uFIa/2RGYhTv5 SNeUApy1SG8hcFsI/pKC9yIz+p5+tXuwRketYh3rNhGgG79f7GYblaFx8NvAMZnSlQic LLOQyV1/bz0j4JFcK6I95EnmOp0uXpxy/casU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=Tjv9ljZnCt95jOa7p7MlDIV4f3mjDwWQC+WzMyxPopU=; b=Gze0Hm+yJ1zzunRMDZG0/p0kNo1KtMluNbO1oOcZPGBI9O1I6U5zzoqf98S3i88NY9 7eGevYpHdXbBMLOSlBzpNaULFkANoS0ii9pPo5W9h6tBVrpBbZ/p1IIcEkqht+BBasih HfMbV/L//OO7v1Tae1CG6EcY9Pmh7A8LigEJ/zPHoumPCNmP9LiOjrqJjlaj+EATDJT+ UNxHwBGksgk/za0O7y0e22HqmvuAkJIjtFuFVA+E0759CIA7ybRSnqDf6GH9jy/W3oP6 SiqaQhozIpbKsu3mmbncMFKiljrveatEcrmLlmC4IWH16tEv6ITvcNCKaVQBK3ZP3fzP 2FMA== X-Gm-Message-State: AJcUukfkxSVTCALjUsWqtKK1DT2Q36Lq+AHEveNrzHy3uDAkvTWF4XPl loYY3xakzVy+AIpiQglmRWyiZF1sZ6jDXA== X-Google-Smtp-Source: ALg8bN7LApl7bD46xKfxKv6h5MoQuz6zb0fjyljqAKjOnEwgKw0rPOTdTIi8Uh4QBqIo9f29WL1GzQ== X-Received: by 2002:a0c:88a8:: with SMTP id 37mr46243216qvn.63.1546533857614; Thu, 03 Jan 2019 08:44:17 -0800 (PST) Received: from davidb.org (cn-co-b07400e8c3-142422-1.tingfiber.com. [64.98.48.55]) by smtp.gmail.com with ESMTPSA id z20sm22086418qkb.41.2019.01.03.08.44.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Jan 2019 08:44:16 -0800 (PST) Date: Thu, 3 Jan 2019 09:44:08 -0700 From: David Brown To: Martin Pagel Cc: Michael Richardson , "suit@ietf.org" , "dev-mcuboot@lists.runtime.co" Message-ID: <20190103164408.GA956@davidb.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [Suit] self-describing format vs fixed/binary manifest structure - pull parser X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2019 16:44:28 -0000 On Thu, Dec 20, 2018 at 02:05:14AM +0000, Martin Pagel wrote: >Yes, I am familiar with pull parsers, thanks to Brendan's example, >but I'm not sure what the advantage of CBOR encoding provides if you >build a custom parser for a particular fixed CBOR encoding/schema. >Seems more complicated (and therefore error-prone) to me than using a >packed binary structure which apparently MCUboot uses. If I >understand correctly, you believe that such encoding wouldn't be >appropriate as a manifest. I proposed to use such binary encoding in >https://tools.ietf.org/html/draft-pagel-suit-manifest-00. MCUboot does not use a packed binary structure. It uses its own custom TLV encoding which is basically a very limited subset of what can be described in CBOR. Effectively, the data is a single map. The parser for this TLV format vs a decoder that could decode an actual CBOR map are fairly insignificant. >I agree that there will be powerful and flexible MCUs which have >capabilities where a CBOR based flexibility would provide benefits, >but for simple constrained devices, I think there is a benefit to use >the same simple lean packed encoding for both the boot and update >process, or am I missing some important aspect? If so, can you >provide an example? In reality, MCUboot will likely continue to support its custom TLV format for quite some time, since the parsing code will still be smaller than a hand-written CBOR decoder. I see little advantage to an overly-specialized packed encoding format, especially if there is variation, especially when it comes to processing by external tools. I think most of the requirements for restricted code size can be handled by merely restricting what constitutes a valid manifest. Even with the most memory constrained devices in MCUboot, it has been useful to be able to extend the format of its manifest (by adding new tags) without having to disrupt a fixed structure. David From nobody Thu Jan 3 09:41:23 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD291311DE for ; Thu, 3 Jan 2019 09:41:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMW6LrNM1Dnp for ; Thu, 3 Jan 2019 09:41:19 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27B601311DD for ; Thu, 3 Jan 2019 09:41:19 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 359753808A; Thu, 3 Jan 2019 12:40:57 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id 8A9831A23; Thu, 3 Jan 2019 12:41:14 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 88A40A3A; Thu, 3 Jan 2019 12:41:14 -0500 (EST) From: Michael Richardson To: "suit\@ietf.org" , David Brown In-Reply-To: <20190103164408.GA956@davidb.org> References: <20190103164408.GA956@davidb.org> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Suit] self-describing format vs fixed/binary manifest structure - pull parser X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2019 17:41:21 -0000 --=-=-= Content-Type: text/plain David Brown wrote: > I think most of the requirements for > restricted code size can be handled by merely restricting what > constitutes a valid manifest. +1 > Even with the most memory constrained devices in MCUboot, it has been > useful to be able to extend the format of its manifest (by adding new > tags) without having to disrupt a fixed structure. Good to hear this. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlwuSToACgkQgItw+93Q 3WUVCQf/VcOny+BfDLjrOTMJLXR+RENtWsEeOAD2OIsTe/e/g6xWzfYyJQ6k0HnF ZlpY1dBtaAeO5kKHj1EH99sP0v0pMNXLjqrlNp02OMxPuwI3EpQga2JtxMuVDC2k 81tysBOtPCKM80+9rSfyL63rKx48YaBbXd//utSoeGxPuq0KVESNvyUqa3phcfIO iO7BRydeVW6dnONeo3wSdY/0+7Lb464IrblHBlgUNW/NqfnpOSJcq+RofrJ61odh JmGoPCM0r9mKwi0P9ftMBGzSPTXAb1TtVHUKE/jLoDuurYRKmIV8bHt2DjhopZgO h9n9pSOkAWmVpIYhQZCmYYB0ITiUxw== =L7gr -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jan 8 04:22:12 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DAB13116C for ; Tue, 8 Jan 2019 04:22:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lNyNH1glX4B4 for ; Tue, 8 Jan 2019 04:22:03 -0800 (PST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150041.outbound.protection.outlook.com [40.107.15.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D244E131144 for ; Tue, 8 Jan 2019 04:22:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qG3WVINsTWV4RVQOrJsf8OGiZiOTDUbqXDLEOYK0XlA=; b=ljGiFR9r+iYkrVF+T8M4Hpfccdp2zchQ34eaK6uEt/4tpDGdlfarNzDrZpNHCxxEYFJhfOksnLVBpZFcLvaAxYIxLrV4gaW4UUmCQLggz1tQVWB0a+AkDTT3iIgWxB93GcWT87Fl2zfc71znyU72u+gP8ZE9+S//wv5aP6DdkG8= Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1SPR00MB207.eurprd08.prod.outlook.com (10.173.75.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.9; Tue, 8 Jan 2019 12:21:59 +0000 Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::ec48:f7db:ee6d:c60]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::ec48:f7db:ee6d:c60%2]) with mapi id 15.20.1495.011; Tue, 8 Jan 2019 12:21:59 +0000 From: Hannes Tschofenig To: "suit@ietf.org" Thread-Topic: Architecture draft update Thread-Index: AdSnTJgyvYp0+p5RSNiHcIkiqRjXZQ== Date: Tue, 8 Jan 2019 12:21:59 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [80.92.119.167] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1SPR00MB207; 6:mkVWLn/zAPF8CVC7P47mGflf1yWDOaju2FQDXqEPe1XiH843DQ//Fb5DtDpMgcszR8PxIEpgowdMm6LgD5LhTJQIm57KuquxBFTMmOr00isWDK0OLdbHmAJ+L3EGywwvyQpfczPe80DWYdJdPAwN+Z/1U8MudajwRGmPKIY2vtVuHTTcpg5fxfKpYzI7pKnzCp9Bgc1TIDjJywlHwG/H9KrV4VnPpL9/S+AUuiN4dGPrCjf5o5mPudbd7nBMzJf7V5Rg2vVBF6iYvVlaCV7TwIdT3xZTTOtr1gDIV3H3kPIXs2+CxuUihM7f5jCXv7292gjzMKsJJO3GJx51xQo2S/uk7uhKjsQz5rWHFfkaMBtPVqXu4BQ6Xh1YJrlApMhUWpL1apWfj2ugu/xZOPV+gwJblFywqeOTDT+3I+2N5UXFGfsFtFzjWWq+7DMN4dtndZ7WRjBl+iamPVOK/PLLZQ==; 5:Y6kyhfNWflw9+lz6VmnXYnQRFVgVrbWywCkOx4oNuJMaLOnwSV3EcVzZjQVAJLiEZEBcO33khC3DboV1h4z+yaYAmzziYRZdpdmL2HKRpWiesDWvwVTI0SG563rH47eah4+Mho3D0Gs+2A52zChpmENa8zlOahfBD1MSUP9GAezascLx6mQP1DqSQnAtvlj34xmh9GKOp2kO3BDklUd/+g==; 7:IqE1/w0dFc2ziUPEqdM7+CaVeB1GK7UhT75WRh5jTI1hwE0j3LLIyUKNk7ysbRFFj790aVcCGmDwDfhg/U+7f4hkLEqJ0HXcISYHHeKuduBfUsNQxuW78uKhyEXaIdlcru/GRp8B+jAVdmyLhkC/ZA== x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 3a08f5dc-23a5-4a55-9a6b-08d67563e366 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1SPR00MB207; x-ms-traffictypediagnostic: VI1SPR00MB207: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(3231475)(944501520)(52105112)(93006095)(93001095)(6055026)(6041310)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:VI1SPR00MB207; BCL:0; PCL:0; RULEID:; SRVR:VI1SPR00MB207; x-forefront-prvs: 0911D5CE78 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(136003)(376002)(346002)(366004)(53754006)(40434004)(189003)(199004)(71200400001)(71190400001)(3480700005)(2351001)(2501003)(33656002)(966005)(105586002)(106356001)(55016002)(5640700003)(9686003)(7736002)(74316002)(6436002)(7696005)(486006)(5660300001)(6306002)(53936002)(236005)(66066001)(97736004)(15650500001)(2420400007)(8676002)(606006)(8936002)(1730700003)(81166006)(81156014)(7110500001)(14454004)(7116003)(54896002)(99286004)(68736007)(316002)(3846002)(6116002)(790700001)(10710500007)(2906002)(186003)(86362001)(14444005)(5024004)(256004)(6506007)(26005)(6346003)(476003)(72206003)(102836004)(25786009)(6916009)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1SPR00MB207; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: UHEThMU9qhYdM256rk9akkElqX7u0mlxd0Iaupqf5alpe5GnzR3ITyu8AuReTuJMiJd3GQJ+aLiAOBRqS0FDEVcNfNMbcgXrakZXogroaRo2lxYdajqTBc7c6xGMBtsL5FW0jDVnmRf1QMnjPU5562uU9Me+VAgPp+SOHiaES8hEaAjaBDcjQvS9mQP0o9GGKD7do2R5+qEU+S2Ap5P7M/IWJGUxz2OUimA6bzAtxLEKPCqiZf7TeZYBpeBygvxXQUH30w2RgDlTDiR5g1EPsSOZmQzC9cfhfmwVRD8TYdluWT8mTcbPKLoHvksOMU3I spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2112381411B5DC26CA5FAB1BFA8A0VI1PR0801MB2112_" MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3a08f5dc-23a5-4a55-9a6b-08d67563e366 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2019 12:21:59.5618 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1SPR00MB207 Archived-At: Subject: [Suit] Architecture draft update X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 12:22:12 -0000 --_000_VI1PR0801MB2112381411B5DC26CA5FAB1BFA8A0VI1PR0801MB2112_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, I have updated the terminology of the architecture draft based on the discu= ssions at the IETF#103 meeting. The request was to align it with the terms = used by the ITU-T, as explained in https://datatracker.ietf.org/meeting/103= /materials/slides-103-suit-liaison-statement-from-itu-t-sg17-00 Here is the pull request: https://github.com/suit-wg/architecture/pull/3 Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. --_000_VI1PR0801MB2112381411B5DC26CA5FAB1BFA8A0VI1PR0801MB2112_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi all,

 

I have updated the terminology of the architecture d= raft based on the discussions at the IETF#103 meeting. The request was to a= lign it with the terms used by the ITU-T, as explained in https://datatrack= er.ietf.org/meeting/103/materials/slides-103-suit-liaison-statement-from-it= u-t-sg17-00

 

Here is the pull request:

https://github.com/suit-wg/architecture/pull/3

 

Ciao

Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in any medium. Thank you. --_000_VI1PR0801MB2112381411B5DC26CA5FAB1BFA8A0VI1PR0801MB2112_-- From nobody Wed Jan 16 10:54:06 2019 Return-Path: X-Original-To: suit@ietf.org Delivered-To: suit@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 52862130E9B; Wed, 16 Jan 2019 10:54:04 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: suit@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.89.3 Auto-Submitted: auto-generated Precedence: bulk Reply-To: suit@ietf.org Message-ID: <154766484419.29454.14581967307039124127@ietfa.amsl.com> Date: Wed, 16 Jan 2019 10:54:04 -0800 Archived-At: Subject: [Suit] I-D Action: draft-ietf-suit-architecture-02.txt X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 18:54:05 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Software Updates for Internet of Things WG of the IETF. Title : A Firmware Update Architecture for Internet of Things Devices Authors : Brendan Moran Milosch Meriac Hannes Tschofenig David Brown Filename : draft-ietf-suit-architecture-02.txt Pages : 22 Date : 2019-01-16 Abstract: Vulnerabilities with Internet of Things (IoT) devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. This document lists requirements and describes an architecture for a firmware update mechanism suitable for IoT devices. The architecture is agnostic to the transport of the firmware images and associated meta-data. This version of the document assumes asymmetric cryptography and a public key infrastructure. Future versions may also describe a symmetric key approach for very constrained devices. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-suit-architecture/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-suit-architecture-02 https://datatracker.ietf.org/doc/html/draft-ietf-suit-architecture-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-suit-architecture-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Jan 16 10:57:17 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EE0E130EA2 for ; Wed, 16 Jan 2019 10:57:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.041 X-Spam-Level: X-Spam-Status: No, score=-2.041 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DL7Ek6shq6a6 for ; Wed, 16 Jan 2019 10:57:12 -0800 (PST) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140077.outbound.protection.outlook.com [40.107.14.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B15E130EA0 for ; Wed, 16 Jan 2019 10:57:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3tOYlvAzL7rqlXMJClcbzo22jZ2uyujlaApbToSFF/4=; b=jG+pc7s4t2DlGmS0sAU+6QYmqz2wi7C1HC4MUIWifrHNQmU2NFpfW12QP7M8b8dxTMuTXQkWiiIvxDD45vubCPg4TmY937Mvy8Ec9wgp9VK2CyBK9joa6LDHH0jygvvKl4hi49juyMXwM5hiQyMUscWtQ0fB3J4u4oUEt2PtMVQ= Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1565.eurprd08.prod.outlook.com (10.167.210.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.18; Wed, 16 Jan 2019 18:57:08 +0000 Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::ec48:f7db:ee6d:c60]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::ec48:f7db:ee6d:c60%2]) with mapi id 15.20.1516.019; Wed, 16 Jan 2019 18:57:08 +0000 From: Hannes Tschofenig To: "suit@ietf.org" CC: Henk Birkholz , "david.brown@linaro.org" Thread-Topic: draft-ietf-suit-architecture-02 Thread-Index: AdStzOOyCzXkrSsYQ6CAWiMFjfn7RQ== Date: Wed, 16 Jan 2019 18:57:08 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-originating-ip: [80.92.119.167] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1565; 6:hJ1yxAZ3sMxJetBYYIX+vh6LhEMO2MWYWxqx8g6OVJhoRxi7EF9umrL8oLaxaJ+xBvr0n+geg2wf6dV8exlKAa5NknCZhgEh27BRk04sjfsfq55UFpi2xhyEY1hLyDLvi+rCWNnU3fubqdC+qOgN9/037Ry1IHs+goSwde6a9rA9R+UinyJMQi93AFsOJMgUmAy4wSYtNhQ/6jACKeh/LRvqOdhCt3JPL+vrnLMktEI77sqMyJJ+ZYJUQb+PiT/07Onk0c9t/uOyr4tMF4uV7JNP9VKNbUBGbXc5KuWXFgs5lWqM3nyI7yu6SXNBmKGOxbAoTJsshQBkdGXjVmkgOa82a/gNiEqPsMuXb5LNQVaAhSljbBONWY6afEjpQmWc+kmoKgCQ+FjCTDpYRkxUDRI0EtCe619zvkA8OMDolbjnj24YSpEPHUdp+D1EoLVfdM5NwDUHxfi9HycOIF4kCg==; 5:dLYoP2SncvJYdNJDkST4XtzN3OVJqBWgEkvstEqvkTnd3y5bZdNon6lHTk/3SjV5otvIrT2cPgFSOOvMdL14OoZRbWgNlJN8N5lV7+CzOfddBGUV9Nxcesplwm6QeH6KG+6sYlDWgUSaLeE6scAxDGbThlkm5+p2iL2edM1KRiSgzcjvY3UHnUVMd88aNRBa7ZfW9OsOwslLtlQEVBiK9w==; 7:6PcOjpcNAp7yXStQ88AMir8rc0fyO6PNOGz2WlRram53fpzsr2EEjrY11tzeENayEgvcP7rYykwxSl4MI1fG5YBJKFSmWbxGNwmuUPPOcxjHoFU0sAvrocNljvDnVH0Y38TcftT6p7iDgNgSWAGi7A== x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: b420e284-8093-4ee8-b11b-08d67be46a6d x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1565; x-ms-traffictypediagnostic: VI1PR0801MB1565: x-microsoft-antispam-prvs: x-forefront-prvs: 091949432C x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(366004)(396003)(346002)(136003)(376002)(40434004)(199004)(189003)(53754006)(25786009)(33656002)(4744005)(6916009)(7696005)(105586002)(102836004)(6506007)(2351001)(26005)(66066001)(7736002)(2501003)(106356001)(5660300001)(256004)(97736004)(74316002)(14444005)(6436002)(2906002)(5024004)(55016002)(5640700003)(71200400001)(71190400001)(966005)(478600001)(606006)(14454004)(6306002)(8936002)(486006)(68736007)(54896002)(6116002)(186003)(9686003)(1730700003)(81166006)(476003)(81156014)(72206003)(8676002)(99286004)(316002)(236005)(86362001)(53936002)(4326008)(790700001)(3846002)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1565; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 6ccMWRCqAowagSsNUl9XUhU0EEyEoGIZUH33FOLQe5BNKtO2F1sfgexXGCqRvitJTi0MY0KR/PzXCSXw/hBzOrZPpI+Fiw13RwsKij3Oo7Tl0bldweJ/cZsuXhOf2oePRo9dvhGl5QpR5c5RWi+6+mrga6h5TKEyodu2+jPu7kkV4gIBV3i2i35WkmUluuaL2zewba0bWd89jjmuuAzcHJ3il1mT9sqPpcWzp7Rnrw07M3eUDvV+srhYz1/NSuvLaIQr2YXYEbgWNy5xX/1RaFj1qMdGODv5S23LQokAesWvCDXpP/qcqeWhi/M6jSDSyeyO3/EWO8KnA4fOZYFApS4DTPiQRPNNFbVr1sES3HuEbAKwlyNlO+0z7hoLML9K7DsA25V2fi8NbYqy3kH7py6fmgjY2ik0hUah68fxYGU= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB211274D5404565A05D8A1D42FA820VI1PR0801MB2112_" MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: b420e284-8093-4ee8-b11b-08d67be46a6d X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2019 18:57:08.6426 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1565 Archived-At: Subject: [Suit] draft-ietf-suit-architecture-02 X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 18:57:15 -0000 --_000_VI1PR0801MB211274D5404565A05D8A1D42FA820VI1PR0801MB2112_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, I have just submitted -02 of the architecture draft. I would like to thank = Henk and David for their review. Here is the link: https://tools.ietf.org/html/draft-ietf-suit-architecture-02 Here is the diff: https://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-suit-architecture-02.txt I hope that readability has been improved with the terminology changes. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. --_000_VI1PR0801MB211274D5404565A05D8A1D42FA820VI1PR0801MB2112_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi all,

 

I have just submitted -02 of the architecture draft.= I would like to thank Henk and David for their review.

 

Here is the link:

https://tools.ietf.org/html/draft-ietf-suit-architectur= e-02

 

Here is the diff:

https://tools.ietf.org/rfcdiff?url2=3Ddra= ft-ietf-suit-architecture-02.txt

 

I hope that readability has been improved with the t= erminology changes.

 

Ciao

Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in any medium. Thank you. --_000_VI1PR0801MB211274D5404565A05D8A1D42FA820VI1PR0801MB2112_-- From nobody Fri Jan 18 11:12:56 2019 Return-Path: X-Original-To: suit@ietf.org Delivered-To: suit@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E8617131304; Fri, 18 Jan 2019 11:12:54 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: suit@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.89.3 Auto-Submitted: auto-generated Precedence: bulk Reply-To: suit@ietf.org Message-ID: <154783877488.17316.6695274111828637949@ietfa.amsl.com> Date: Fri, 18 Jan 2019 11:12:54 -0800 Archived-At: Subject: [Suit] I-D Action: draft-ietf-suit-information-model-02.txt X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2019 19:12:55 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Software Updates for Internet of Things WG of the IETF. Title : Firmware Updates for Internet of Things Devices - An Information Model for Manifests Authors : Brendan Moran Hannes Tschofenig Henk Birkholz Filename : draft-ietf-suit-information-model-02.txt Pages : 32 Date : 2019-01-18 Abstract: Vulnerabilities with Internet of Things (IoT) devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. One component of such a firmware update is the meta-data, or manifest, that describes the firmware image(s) and offers appropriate protection. This document describes all the information that must be present in the manifest. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-suit-information-model/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-suit-information-model-02 https://datatracker.ietf.org/doc/html/draft-ietf-suit-information-model-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-suit-information-model-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Jan 18 15:26:16 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCA3131495 for ; Fri, 18 Jan 2019 15:26:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IoDzPqRC3u3G for ; Fri, 18 Jan 2019 15:26:12 -0800 (PST) Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 719EE127AC2 for ; Fri, 18 Jan 2019 15:26:12 -0800 (PST) Received: by mail-qk1-x72e.google.com with SMTP id 189so9015830qkj.8 for ; Fri, 18 Jan 2019 15:26:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=Sci9VcJdoOQGy2Ht3dh1+YoWFB5NDHEpTFgLiY064GU=; b=dSscAnun4tB9CsdFFK1xOhQ067fYyo2QYWL9XEoh/Nx7pFkJwLZdQlpPqamsTpB2lA AdwkeRz7WTQ6DYeXp/wJFJLwqzi3XLpRJIDXMaQfpClaWZlE6qI/npbGjMtxEhCTH0Oh PKXLhJuF9iubVdI9xeFEjfm4dHz/TikYjFn9I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=Sci9VcJdoOQGy2Ht3dh1+YoWFB5NDHEpTFgLiY064GU=; b=AbduRaLFwrHTsKxNounTmTnGL+HM4xBTRWNBv+C2Abire+wmEK8tgMO2/GjBD31C64 XUGPjeqCK/A/L49yf/AGJ5wzf54WuRd0HcPI0vQtLAGP0apl9ORn0h+gSEuYg+ZFtEMr pBkN0JdjGH0kjXcNrGIEsqrLGjUyhfMV4c6Qp9YdbsKO7DsYqDkXw7TCXGjJGfP8hyOt VEXbnKzXj37Gb+1QuUF2lq4x+73Fg5ibv4VPMRqJG6rNj9KTkJD+Blph9FMcuPdEO9py oSXOmh6vTZt8QlF4W2OMp5X2LDR2VeV8b2ADCpAenL+ZSwPqiaLZDgcQKwj2PnOqID07 YA4Q== X-Gm-Message-State: AJcUukfoQd7dyR4lvaQdxzMf0FJpmftu7FT8QrnesJnUJVVbVS9Umc8K Xa67uzn4yt2QF1+NG8ImVPz8yGGw6rwcxQ== X-Google-Smtp-Source: ALg8bN7mNbzF+CHwOVY8BKRBRVV1b3yf5Opgn+vuG6vMcN2TcY7S13zoivpu2QYjzsgzGA3krmGHFg== X-Received: by 2002:a37:9604:: with SMTP id y4mr17390157qkd.279.1547853971154; Fri, 18 Jan 2019 15:26:11 -0800 (PST) Received: from davidb.org (cn-co-b07400e8c3-142422-1.tingfiber.com. [64.98.48.55]) by smtp.gmail.com with ESMTPSA id r5sm49225263qke.33.2019.01.18.15.26.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Jan 2019 15:26:10 -0800 (PST) Date: Fri, 18 Jan 2019 16:26:08 -0700 From: David Brown To: "suit@ietf.org" Message-ID: <20190118232608.GA20669@davidb.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: [Suit] SUIT manifest draft 3 prototype implementation X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2019 23:26:14 -0000 I have been working on implementing draft 3 of the SUIT manifest in MCUboot, and have gotten to the point where it may be worth sharing this with others. https://github.com/JuulLabs-OSS/mcuboot/pull/391 Some notable features: - This preserves the existing small fixed header on the image used by MCUboot (but changes the magic number). There is a field (iv_build_num) in this header that is validated to match the sequence number in the SUIT manifest. - The SUIT manifest is appended to this image. I reused the old MCUboot manifest format (again changing the magic number), to have a way to indicate the length of this data. This could also have been done by encoding the data as a CBOR bstr, but this seemed easier. - The simulator (in the 'sim' directory) is able to generate a specific and narrowly defined signed manifest. Right now this is very hard coded, but I wanted to get an idea of sizes. - The decoder uses a template approach where the code contains a template manifest (or COSE signature) where certain values are #7.xx extension values (starting at 32). The decoder walks the two CBOR structures together, making sure they match exactly, except for the capture markers, and those pieces of data are stored off. - The code was written with keeping the decoder robust against even malicious CBOR data. I appreciate anyone finding a way that it can be exploited. - Compiled for a Cortex M4, the validation code with cbor parser and templates is 1228 bytes of code. This is in comparison with 628 bytes of code used to decode and validate the old MCUboot TLV manifest format. - This is not following any processing instructions or dependencies, merely trying to be equivalent to what MCUboot's existing code does. David From nobody Thu Jan 24 07:02:36 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4048412867A for ; Thu, 24 Jan 2019 07:02:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.042 X-Spam-Level: X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-qzsMoJPBim for ; Thu, 24 Jan 2019 07:02:31 -0800 (PST) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0618.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::618]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C3021277CC for ; Thu, 24 Jan 2019 07:02:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zbp10rYpLCkrjr298J19uSKzTLHt+aV12PONY83aqV8=; b=HE84/GJp5m58SNR/ybz+DXUkND9aTsm9ERJ5+AKAXMpCKiHjyEYJqQq2lA0JHdBpo95KsblbeRt+8xELnzaIpH0FOCZkToSnsiA0101hz2cIz/Omd9f55sD2kcSRUhoziJEVDYeGDUbaH6m8KpEs57xQgZfMiBDSdB0bO0BvZMg= Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com (10.168.84.137) by DB6PR0801MB1816.eurprd08.prod.outlook.com (10.169.227.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.16; Thu, 24 Jan 2019 15:02:28 +0000 Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::c93d:2e5c:6fc1:8c9a]) by DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::c93d:2e5c:6fc1:8c9a%2]) with mapi id 15.20.1558.016; Thu, 24 Jan 2019 15:02:28 +0000 From: Brendan Moran To: "suit@ietf.org" CC: "hannes.tschofenig@gmx.net" , Henk Birkholz Thread-Topic: Introducing draft-ietf-suit-information-model-02 Thread-Index: AQHUs/XSwMk2FYr4Vku4OsVPTpZ6cg== Date: Thu, 24 Jan 2019 15:02:28 +0000 Message-ID: <6BC41748-CF7E-4A2E-B382-D95E5F88E93F@arm.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.101.1) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; x-originating-ip: [217.140.106.51] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR0801MB1816; 6:+3muXoHaRrMNBSyPDPDvMNoJjRbTIJGh3tqQOcC+vU+ZpCP62R2DOqj6s+IPtSqE1Lt6lXlDToDi03d+4/h7OEQZEGRJ3auXUTPqRhlCmY9H1nN21e3FWdzaHiEgk1DjsvTK7wbZUJFzk0i2fCWtjOG5TuAHS1h+t46paeTz2RGq8dVOvQGlNL3l1jhB7QF53E+7Czvov/nT+W90PPQhzdK+6RP2yKVy9+cv608Hwgo6Ini5uROVyZM7mkSWsRrYQ2n4LnMNcLYbvX2m5QaYDwam0Wgolc8xwcUrLNxkfR4VfYD7DmxZv08AVF94fFOgdrYXhLDJaodYzKj0wlKu7PmXg9T7CkE0Ky6KWjl3sQiTQfaVs0BYUaJIttnZuwdxks0QysTQETM3q5Ol72Tv75BOu3L3j7K2yqVJeQ1ZWN3tAJjHm+5xKkLWoaDAiPMNhOpOtDsd7C2+tmczMNN0oA==; 5:2QSAknYrMTj7cpZeWqGzq38eTWzrUplf7VwNJuiYzEpd8de6C0VPI6AREY6b4CAa3FlIDZdpB/6vojsruVnvLRyR7l5AdLv2vAMf03jtYM9IDzg4ORHDoRxyxm7QFvMXBPoGqwlri+nr9CDSOV54Ypeu39QaAmvtJ4OdkCU/p7K8kLyKWb8PoXpvp86/5oqMaCEqIiX8CfUhgn6MSmU9Bg==; 7:cA2ZOLLxD5fmtIW3euCgxTDu0/kWXIiRzatKWE3zKLweP3LKAHBjT8alWlLn72YwB1UC3iv4in+yv1oiy2UtlEeGpBdnes4DTcJcJ53Bf+Q54qYUT32SHa6jAhbSAZX4bdtBYup2vIaa3/Ga2HMViw== x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: ed3a09f9-3e22-41b0-2a9e-08d6820cf55e x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB6PR0801MB1816; x-ms-traffictypediagnostic: DB6PR0801MB1816: x-microsoft-antispam-prvs: x-forefront-prvs: 0927AA37C7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(39860400002)(396003)(346002)(366004)(189003)(199004)(40434004)(25786009)(6512007)(8936002)(14454004)(478600001)(72206003)(966005)(4326008)(33656002)(6306002)(305945005)(81166006)(81156014)(7736002)(1730700003)(8676002)(105586002)(476003)(2616005)(106356001)(256004)(14444005)(5024004)(50226002)(2351001)(71190400001)(71200400001)(6116002)(3846002)(2906002)(486006)(83716004)(5640700003)(4744005)(53936002)(6486002)(2501003)(68736007)(99286004)(86362001)(26005)(6916009)(186003)(102836004)(66066001)(97736004)(6436002)(36756003)(54906003)(316002)(57306001)(82746002)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0801MB1816; H:DB6PR0801MB1879.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: AkroM2QCuUBplfwy4D/SrmlEDrI6GBOlBYwDb3JS2edLgSQBi0mBMGvBaiJ/33po4jqPa/VS07lv0GJOgcLVwufVQRKrKpBy86z31tmMUNMGfde8OaWqzqiwxKR8QfCYxaT5HKT8LLFbbcgwtRxs7E/yBTrqljy4j30D9XM94CyserahA4O5ATGi1TLtqewRnr4l6pS/TTyGbb7DgxR8kgFOUF4TmPlqif+wyddzrA+Gd7C+oXq4QuNqhOMlhm00bHPWc4C4Ehu64F2ZOibQSN3cJlMFgud3Vn8WbVMJVH9HRUOqzXwFc3zbTI+ox7pk5VEyfK1awC4crOLzVTV8sdFXbn8Rq8WdSK56fmNINzz/Y2VhPqxkCtXdvBdO+XjfV4DsaQy+NtUnx139+NdQJN2wC8sEB1WBStJtuzBZ5nE= Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: ed3a09f9-3e22-41b0-2a9e-08d6820cf55e X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2019 15:02:28.6200 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1816 Archived-At: Subject: [Suit] Introducing draft-ietf-suit-information-model-02 X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2019 15:02:34 -0000 We have now published the latest version of the information model. https://tools.ietf.org/html/draft-ietf-suit-information-model-02 The major changes are: 1. The information elements have been moved to the beginning of the documen= t. (Please note that this will cause substantial changes in rfcdiff output. 2. New threat, inline with the human rights review: Manifest Element Exposu= re 3. New user stories: 3.1 Secure boot using manifests 3.2 Decompress-on-load 3.3 Payload-in-manifest 3.4 Simple parsing Thanks, Brendan, Hannes, and Henk IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. From nobody Thu Jan 31 05:27:46 2019 Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A653129508 for ; Thu, 31 Jan 2019 05:27:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.043 X-Spam-Level: X-Spam-Status: No, score=-2.043 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IyXeQOd41lWD for ; Thu, 31 Jan 2019 05:27:42 -0800 (PST) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130041.outbound.protection.outlook.com [40.107.13.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C217F128CB7 for ; Thu, 31 Jan 2019 05:27:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6/V1voh4dVsR3FY0yP8QSPolA7G5GwNQPB1QKHiP+rs=; b=FpQgQk6Olo78TpZPfOtoL7cxQ5vjPL8OXc4kOHBsoAsS9oBTT1tBp/8Nvtn8YRwNC6XPQXu6xUzWIyauZ6Ii8/QyhUePAV0uDOToPCfwChnp+jEQTpgD4Xn7GtggznnHyidZTd+sjIfKwIRtnkeRxAaj9KL6gVCv3SwUEXIvbRA= Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com (10.168.84.137) by DB6PR0801MB2088.eurprd08.prod.outlook.com (10.168.87.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.17; Thu, 31 Jan 2019 13:27:39 +0000 Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::8d9b:bdb:585e:c212]) by DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::8d9b:bdb:585e:c212%3]) with mapi id 15.20.1580.017; Thu, 31 Jan 2019 13:27:39 +0000 From: Brendan Moran To: "suit@ietf.org" CC: "hannes.tschofenig@gmx.net" , Henk Birkholz Thread-Topic: Improvements to draft-moran-suit-manifest-03 Thread-Index: AQHUuWi8UixHuaseU0GRJA2HOUI10g== Date: Thu, 31 Jan 2019 13:27:39 +0000 Message-ID: <78FF2A20-1AF3-425F-B4BB-6F520E85DE46@arm.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.101.1) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; x-originating-ip: [217.140.106.49] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR0801MB2088; 6:srT1OAd6IcY8UzU38nwXVdMXHbRs/mubJNxMSfLiClqiy3oHZQ01YCE3TYeTkUm+PIYizd6Ixc4OErJswf1P+VbzwhiAyHlmuW2Bh6uavlNXHYF+XDY97jEpbJa3epbjuy9II8ZLyoie+UkZxBa1oz8dt/MHr/2TzO4+PVQXkiFqFOsW/KOAcxKcN8lyGa35R6rhh0X9n2BuKgWYsqIe9o4e4HpjdZUosngpNfNDLQbbysTBmW1zs2Fmwu2dY+mrwNIKeS8J4mXNCZx6nuGE7ycRwqH9RtGGK7stqTS4eerPjUtHtfoDK3PqUIDGpJNTtQ0+GDv/w+Ak1KGyagw5vQjBy2kbHZV0D1uYaRv4XO/9YcEZ4E9q2JexxqNp9lDcazEV1tEvvmfqCJAf8/3WDwa+x3C0yGvKYyEKMo0xYuP351dAC8mU31yH2EAiI+rOY9e+DZqMrX0Be64yeHSzfw==; 5:/8ec7cIX3XV+4VMPJlGr3O7BjphWOUnWiCBrCcBaKENyJyTzihFxSMuCj/qkjqTYIIfP0+Q7bKWNwhAEJR8qM29pIT1Mbqk8m+oYcId1WSqG2i83ZmVhwvpNjmiuVAqypxOw0Jee5NebIOcpE+tj+6XtIsA7fcqpPoxO3D7w398H/QlPg0vOTZR3Ydpgn9GDOGfGedyRa3eqqN+1Wgt2Sg==; 7:tbVUHfHm8FojF927lAOSKE1ESgXfjsP6mhg6gzNZyK9RAVVsvuV8Od/UA6raAL+U8+YnuVLyDntqw5OQUuv2FD4ZNNFlKSBoENDZ3blNC7LMHz5TibTQ6XBmUTMpRc1vIiATfSfM+O5h20UBYXIugQ== x-ms-office365-filtering-correlation-id: 4ffad7e5-bd35-4fba-a089-08d6877fdf18 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB6PR0801MB2088; x-ms-traffictypediagnostic: DB6PR0801MB2088: x-microsoft-antispam-prvs: x-forefront-prvs: 09347618C4 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(376002)(346002)(366004)(396003)(40434004)(189003)(199004)(2616005)(476003)(478600001)(2501003)(8936002)(6512007)(7736002)(57306001)(97736004)(6506007)(83716004)(4326008)(72206003)(14454004)(305945005)(486006)(86362001)(71190400001)(25786009)(66066001)(71200400001)(36756003)(68736007)(186003)(8676002)(99286004)(316002)(2351001)(3846002)(54906003)(81166006)(2906002)(26005)(33656002)(82746002)(106356001)(6116002)(5024004)(14444005)(256004)(5640700003)(6486002)(53936002)(102836004)(105586002)(1730700003)(50226002)(6916009)(6436002)(81156014)(290074003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0801MB2088; H:DB6PR0801MB1879.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ft0myC7xXc9E4pYv7tEslkVqofi8/VS1H+rmHWCgNaEzy3yf4FVZNG/sfFDZvQ7p8wA6sGeJZvZqCWvEahVAoHB4L4v9CTAWYFGS8qNP7D6FJukkBQNdOk5OTo/pMamEjn4WL5xLqHMkFvY1dX/rbBQXa04M9kX7Xuie0NWdA1slx4VBU1QQpgSuwuoElMxE9k//F1n5LFB66Rpnyj6aytenSLRAjNpRndIFC1yi9viXIJ3MGLzcMtzDNrjAsNGy9dT7HZUVVM3Ub1X3ZShk9pvUwvPySQOeSnTDIimiTakFu2ZJIqWm6ew5781wKtY5K6KcTSpZesxbXZoJ0RHwBgjt/MH/PJEjUcf97LCU/obbHQ0umKonNMftv4IVwpzwBZm6HdX2WpfEIlZ/6XVVCU74y7v80muMPPe5OS9/CYA= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4ffad7e5-bd35-4fba-a089-08d6877fdf18 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2019 13:27:39.1622 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB2088 Archived-At: Subject: [Suit] Improvements to draft-moran-suit-manifest-03 X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 13:27:44 -0000 Rm9sbG93aW5nIElFVEYxMDMsIEkgaGF2ZSBiZWVuIGNvbGxlY3RpbmcgbW9yZSB1c2UgY2FzZXMg YW5kIHVzZXIgc3RvcmllcyB0byBpbmZsdWVuY2UgdGhlIGRldmVsb3BtZW50IG9mIHRoZSBtYW5p ZmVzdC4NCg0KVGhyZWUgcG9pbnRzIGhhdmUgYmVjb21lIHZlcnkgY2xlYXI6DQoNCkZpcnN0LCB0 aGUgcHJvY2Vzc2luZyB0cmVlIGlzIHRvbyBjb21wbGljYXRlZC4gVGhlcmUgYXJlIG1hbnkgcG9z c2libGUgY29uZmlndXJhdGlvbnMgdGhhdCB3b3VsZCBuZXZlciBiZSB1c2VkLiBUaGVyZSBpcyBw bGVudHkgb2Ygcm9vbSBmb3IgZXJyb3IuIEluIHJlYWxpdHksIHRoZSBjb25maWd1cmF0aW9ucyB0 aGF0IHNlZW0gdG8gYmUgdXNhYmxlIGFyZSBhbGwgdGhlIGNvbWJpbmF0aW9ucyBvZiB0aGVzZSB0 aHJlZSBvcGVyYXRpb25zOg0KKiBkZWNyeXB0DQoqIGRlY29tcHJlc3MNCiogdW5wYWNrIChkZWx0 YSwgcmVsb2NhdGUsIGhleCwgZXRjLikNCg0KSSBoYXZlIHlldCB0byBmaW5kIGEgdXNlLWNhc2Ug d2hlcmUgdGhlc2Ugb3BlcmF0aW9ucyBkbyBub3QgYXBwZWFyIGluIHRoaXMgb3JkZXIsIG9yIHdo ZXJlIHRoZXJlIGlzIGFub3RoZXIgb3BlcmF0aW9uIHRoYXQgaXMgbWlzc2luZyBmcm9tIHRoaXMg bGlzdC4NCg0KVGhhdCBiZWluZyB0aGUgY2FzZSwgYSBwcm9jZXNzaW5nIHRyZWUsIHdoaWxlIHZl cnkgZ2VuZXJhbC1wdXJwb3NlIGlzIGV4dHJhIG92ZXJoZWFkIHRoYXQgaXMgbm90IG5lZWRlZC4g V2l0aCB0aGF0IGluIG1pbmQsIEkgd291bGQgbGlrZSB0byBwcm9wb3NlIGNoYW5naW5nIHRoZSBw YXlsb2FkIG1vZGVsIGJhY2sgdG8gc29tZXRoaW5nIG1vcmUgY29udmVudGlvbmFsLg0KDQpUaGUg cGF5bG9hZC1pbnN0YWxsYXRpb24taW5mbyBzdHJ1Y3R1cmUgY29udGFpbnMgaW5mb3JtYXRpb24g YWJvdXQNCiogd2hlcmUgdG8gc3RvcmUgdGhlIGZpcm13YXJlIGltYWdlIChpbnN0YWxsLWNvbXBv bmVudCksDQoqIHdoZXJlIHRvIHJldHJpZXZlIGl0ICh1cmlzKSwNCiogd2hldGhlciB0aGUgZmly bXdhcmUgaW1hZ2UgaXMgZW5jcnlwdGVkIGFuZCB3aXRoIHdoYXQgYWxnb3JpdGhtIChlbmNyeXB0 LWluZm8pLA0KKiB3aGV0aGVyIGEgY29tcHJlc3Npb24gYWxnb3JpdGhtIGhhcyBiZWVuIGFwcGxp ZWQgdG8gdGhlIGZpcm13YXJlIGltYWdlIGFuZCB3aGF0IGFsZ29yaXRobSBoYXMgYmVlbiB1c2Vk IChjb21wcmVzc2lvbi1hbGdvcml0aG0pLA0KKiB3aGV0aGVyIHRoZSBpbWFnZSBpcyBhIGJpbmFy eSBkaWZmIG9yIHJlcXVpcmVzIHJlbG9jYXRpb24gKHVucGFjayksIGFuZA0KKiBhbiBpbmRpY2F0 aW9uIHdoZXRoZXIgdGhlc2UgZmllbGRzIG1heSBiZSBvdmVycmlkZGVuIGJ5IGFuIGF1dGhvcml6 ZWQgcGFydHkgKGFsbG93LW92ZXJyaWRlKS4NCg0KSGVyZSBpcyBhIHByb3Bvc2VkIENEREwgc25p cHBldCBmb3IgZHJhZnQtbW9yYW4tc3VpdC1tYW5pZmVzdC0wNDoNCg0KcGF5bG9hZC1pbnN0YWxs YXRpb24taW5mbyA9IHsNCiAgIGluc3RhbGwtY29tcG9uZW50ID0+IGNvbXBvbmVudC1pZGVudGlm aWVyLA0KICAgPyBhbGxvdy1vdmVycmlkZSA9PiBib29sLA0KICAgPyB1cmlzID0+IHVyaS1saXN0 LA0KICAgPyBlbmNyeXB0LWluZm8gPT4gQ09TRV9FbmNyeXB0MCAvIENPU0VfRW5jcnlwdCwNCiAg ID8gY29tcHJlc3Npb24tYWxnb3JpdGhtID0+IGNvbXByZXNzaW9uLWFsZ29yaXRobS1pZHMsDQog ICA/IHVucGFjayA9PiBbDQogICAgICAgdW5wYWNrLWFsZ29yaXRobSA6IHVucGFjay1hbGdvcml0 aG0taWRzLCA7IGJpbmFyeSBkaWZmLCBvciByZWxvY2F0aW9uLCBvciBiaW5hcnktdG8tdGV4dCBh bGdvcml0aG0gaWRlbnRpZmllcg0KICAgICAgID8gdW5wYWNrLWFyZ3VtZW50cyA6IGJ5dGVzICAg ICAgICAgICAgICAgICA7IHByaXZhdGUgY29uZmlnIGZvciB0aGUgdW5wYWNrIGFsZ29yaXRobSBz ZWxlY3RlZA0KICAgXQ0KfQ0KDQpUaGlzIHNob3VsZCBiZSBtdWNoIGVhc2llciB0byB1bmRlcnN0 YW5kIGFuZCBpbXBsZW1lbnQuDQoNCg0KVGhlIHNlY29uZCBwb2ludCBpcyB0aGF0IHJlZ2VuLWlu Zm8gaXMgZnJlcXVlbnRseSBtaXN1bmRlcnN0b29kIGFuZCBtaXN1c2VkLiBBZnRlciBzb21lIGRp c2N1c3Npb24gd2l0aCBzdWl0IHBhcnRpY2lwYW50cywgaXTigJlzIGJlY29tZSBjbGVhciB0aGF0 IHRoZSByZWdlbi1pbmZvIGJsb2NrIHNob3VsZCBiZSByZXByZXNlbnRlZCBhcyBhIGRlZGljYXRl ZCDigJxkaWdlc3QgYWxnb3JpdGht4oCdIHdoaWNoIHNvbHZlcyB0aGUgc2FtZSBwcm9ibGVtIGFz IHRoZSByZWdlbi1pbmZvIGJsb2NrIGN1cnJlbnRseSBkb2VzLiBXaGVuIGluY29ycG9yYXRlZCB3 aXRoIHRoZSBjaGFuZ2VzIHJlY29tbWVuZGVkIGJ5IEppbSBTY2hhYWQsIHRoZSByZXN1bHQgaXMg dGhhdCB3ZSByZXBsYWNlIENPU0VfRGlnZXN0IHdpdGggU1VJVF9EaWdlc3QgYW5kIHdlIHJlbW92 ZSByZWdlbi1pbmZvLiBIZXJlIGlzIGEgQ0RETCBzbmlwcGV0IHRoYXQgcmVwcmVzZW50cyBTVUlU X0RpZ2VzdDoNCg0KU1VJVF9EaWdlc3QgPSBbDQogICBkaWdlc3QtYWxnb3JpdGhtLWlkOiBpbnQs DQogICBkaWdlc3Q6IGJ5dGVzLA0KICAgPyBkaWdlc3QtZXh0cmEtaW5mbzogYnl0ZXMNCl0NCg0K QW55IG5lZWRlZCByZWdlbi1pbmZvIGNhbiB0aGVuIGJlIGNvbnRhaW5lZCBpbiB0aGUgZGlnZXN0 LWV4dHJhLWluZm8gc2VjdGlvbiB3aXRoIGFuIGFwcHJvcHJpYXRlIGFsZ29yaXRobSBpZGVudGlm aWVyLg0KDQoNClRoZSB0aGlyZCBwb2ludCBvZiBjbGFyaXR5IGlzIHRoYXQgd2UgbmVlZCB0byBk byBzb21lIHdvcmsgaW4gbWFraW5nIHRoZSBtYW5pZmVzdCBlYXNpZXIgdG8gcGFyc2UgYW5kIHBy b2Nlc3MgaW4gYSBjb25zdHJhaW5lZCBlbnZpcm9ubWVudC4gSSBkb27igJl0IGhhdmUgYSBzaW1w bGUgY2hhbmdlIHRvIGVuYWJsZSB0aGF0LCBidXQgd2XigJlyZSB3b3JraW5nIG9uIGl0Lg0KDQpC ZXN0IFJlZ2FyZHMsDQpCcmVuZGFuDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2Yg dGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBh bHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQs IHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3Nl IHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3Nl LCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5 b3UuDQo=