You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The desire in TEEP, but which is not TEEP specific, is to have an EAT claim that states what version of a given component (e.g., firmware, or the OS, or OP-TEE, or whatever else) is installed. sw-name and sw-version are free-form text not machine readable nor guaranteed to change when a patch is done (i.e., it would rely on a human updating the sw-version value when software is patched).
Instead it seems more appropriate to reference a particular SUIT manifest / version.
However the manifests claim, while extensible, currently only allows a SUIT_Envelope which seems to imply it would have to have the entire SUIT manifest rather than just a reference to a SUIT manifest as a SUIT_Dependency would do. The thought is that if the SUIT_Dependency can be used in the manifests claim (or alternatively, a new claim) then one could easily and precisely reference the component manifest/version.
Use with the existing manifests claim would be doable if there is a content-type usable. The SUIT manifest spec defines application/suit-envelope but that again requires an entire SUIT_Envelope. Should we
a) define a content-type for a SUIT_Dependency
b) specify using some SUIT_Envelope which contains basically just a SUIT_Dependency
c) specify a new EAT claim for use with SUIT_Dependency. The disadvantage of this one is that it is specific to EAT, whereas the problem may exist in other contexts than just EAT.
?
The text was updated successfully, but these errors were encountered:
dthaler
changed the title
Hackathon114: How to use a SUIT_Dependency as content with a media type
Hackathon114: SUIT manifest reference in EAT manifests claim
Jul 26, 2022
The following question came up at the IETF 114 hackathon.
Currently the EAT spec has claims:
The desire in TEEP, but which is not TEEP specific, is to have an EAT claim that states what version of a given component (e.g., firmware, or the OS, or OP-TEE, or whatever else) is installed. sw-name and sw-version are free-form text not machine readable nor guaranteed to change when a patch is done (i.e., it would rely on a human updating the sw-version value when software is patched).
Instead it seems more appropriate to reference a particular SUIT manifest / version.
However the manifests claim, while extensible, currently only allows a SUIT_Envelope which seems to imply it would have to have the entire SUIT manifest rather than just a reference to a SUIT manifest as a SUIT_Dependency would do. The thought is that if the SUIT_Dependency can be used in the manifests claim (or alternatively, a new claim) then one could easily and precisely reference the component manifest/version.
Use with the existing manifests claim would be doable if there is a content-type usable. The SUIT manifest spec defines application/suit-envelope but that again requires an entire SUIT_Envelope. Should we
a) define a content-type for a SUIT_Dependency
b) specify using some SUIT_Envelope which contains basically just a SUIT_Dependency
c) specify a new EAT claim for use with SUIT_Dependency. The disadvantage of this one is that it is specific to EAT, whereas the problem may exist in other contexts than just EAT.
?
The text was updated successfully, but these errors were encountered: