You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current personalization data SUIT manifest distributes plaintext json as an example.
We can encrypt it, and deliver it with decryption keys using AES-KW and ECDH.
I'll create a PR after libcsuit support to encode it.
Plan for personalization data SUIT manifest
As the personalization data could be relatively small, we can reverage suit-parameter-content and suit-directive-write. They are like integrated payload and much easier for manifest parsers to process.
I will talk with @hannestschofenig and @bremoran extending suit-directive-write to consume the suit-parameter-encryption-info in draft-suit-firmware-encryption .
In my opinion suit-directive-fetch, suit-directive-copy and suit-directive-write MUST consume it.
The text was updated successfully, but these errors were encountered:
@dthaler
It took a while, but I made a SUIT manifest for encrypted Personalization Data with AES-KW .
The TEEP Protocol seems to use not AES-KW but ECDH, but current libcsuit doesn't support it now.
Please merge the PR #334 but keep this issue open.
Current personalization data SUIT manifest distributes plaintext json as an example.
We can encrypt it, and deliver it with decryption keys using AES-KW and ECDH.
I'll create a PR after libcsuit support to encode it.
Plan for personalization data SUIT manifest
As the personalization data could be relatively small, we can reverage suit-parameter-content and suit-directive-write. They are like integrated payload and much easier for manifest parsers to process.
I will talk with @hannestschofenig and @bremoran extending suit-directive-write to consume the suit-parameter-encryption-info in draft-suit-firmware-encryption .
In my opinion suit-directive-fetch, suit-directive-copy and suit-directive-write MUST consume it.
The text was updated successfully, but these errors were encountered: