From 1f4e16208e80f0ed6715d9e5703d947f094c1c29 Mon Sep 17 00:00:00 2001 From: marinamoore Date: Thu, 18 Jun 2020 11:00:56 -0700 Subject: [PATCH 1/4] Add initial POUF template --- POUF-template.md | 118 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 POUF-template.md diff --git a/POUF-template.md b/POUF-template.md new file mode 100644 index 0000000..fefc129 --- /dev/null +++ b/POUF-template.md @@ -0,0 +1,118 @@ +* POUF: +* Title: +* Version: +* Last-Modified: +* Author: +* Status: +* Uptane Version Implemented: +* Created: + +# Abstract + +# Protocols + +This section describes the protocols used to transmit data in the implementation. At a minimuc, this should answer the following questions: + +What encoding format is used? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#meta_structures) + +Are any files hosted? What protocol is used to transmit hosted files? + +## Message Handler Table + +What messages are sent by Uptane entities? + + +| Request | Sender | Receiver | Data | Response | Specification Reference | +| ------- | ------ | -------- | ---- | -------- | ----------------------- | + + +# Operations +This section includes descriptions of optional features from the standard, as +well as any additional features supported by the implementation. At a minimum, +this should include the following: + +Which ECU is used as the primary ECU? +* The primary ECU MAY be the same ECU that communicates with the server (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#rfc.section.5). + +What delegation features are supported (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#targets_role_delegations)? +* How does the implementation get a secure source of time? +* Are custom delegated targets roles supported? +* Are terminating delegations supported? +* Are multi-role delegations (TAP 3) supported? + +What value is used for the public key identifier? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#common_metadata) + +Does the root file support mapping roles to urls (TAP 5)? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#root_meta) + +Is there any additional or custom metadata included in targets metadata? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#targets_meta, https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#custom-metadata-about-images) + +How are the filenames for delegations listed? Are wildcards supported? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#delegations_meta) + +Does snapshot include the root filename and version number? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#snapshot_meta) + +How many repositories does the implementation use? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#repo_mapping_meta) + +How does the implementation specify repository mapping metadata? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#repo_mapping_meta) + +How do ECUs securely access the current time? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#server-repository-implementation-requirements) + +Is the image repository interface public? Does it require authentication? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) + +Is the director repository interface public? Does it support encryption? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) + +How does the director repository identify a vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#directing-installation-of-images-on-vehicles) + +Does the director repository make any additional checks? What does it do it a check fails? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#directing-installation-of-images-on-vehicles) + +What additional data about ECUs and vehicles is stored in the inventory database? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#inventory_db_) + +Is the ECU key symmetric? Is the same key used for encryption and signing? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#build-time-prerequisite-requirements-for-ecus) + +Does the implementation support sending diffs of the vehicle version manifest? If so, how can the director request the full manifest? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#construct_manifest_primary) + +Do any secondaries not have storage? If so, how will they request images from the primary and should they backup their previous working image? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#send_images_primary) + +What are the preconditions for installing an image? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#install_image) + +Does the primary write version reports to disk? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#create_version_report) + +Do full verification secondaries check that all metadata from the director and image repositories match? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) + +Does the primary ECU check that the targets metadata from the director repository only contains ECU ids present on the vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) + +Does the root, snapshot, timestamp, or targets verification process differ from the suggestions in the standard? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#check_root) + +# Usage + +What filesystem is used by the image repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) + +What filesystem is used by the director repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) + +What database system is used for the inventory database? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#inventory_db) + +How are keys managed? + +What steps are taken to initialize the image and directory repositories? + +Are ECUs registered with a repository? How does this work? + +## Data Table + +| Location | Data | +| -------- | ---- | +|Primary ECU | | +| Full verification secondary ECU | | +| Partial verification secondary ECU | | +| Director Repository | | +| Image Repository | | +| ... | | + +# Formats +This section details the data definitions used for files transmitted as part of Uptane. This should include at least the following: +* General metadata format (including signature header) +* Root metadata +* Snapshot metadata +* Timestamp metadata +* Targets metadata, including any custom fields +* Delegated targets metadata, if different than targets metadata +* ECU metadata and vehicle version manifest From 87dbe499c387e25af00e16afab3698c6eea8366a Mon Sep 17 00:00:00 2001 From: Marina Moore Date: Tue, 7 Jul 2020 10:30:53 -0700 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: Patrick Vacek --- POUF-template.md | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/POUF-template.md b/POUF-template.md index fefc129..0316a61 100644 --- a/POUF-template.md +++ b/POUF-template.md @@ -11,7 +11,7 @@ # Protocols -This section describes the protocols used to transmit data in the implementation. At a minimuc, this should answer the following questions: +This section describes the protocols used to transmit data in the implementation. At a minimum, this should answer the following questions: What encoding format is used? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#meta_structures) @@ -42,13 +42,13 @@ What delegation features are supported (https://uptane.github.io/papers/ieee-ist What value is used for the public key identifier? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#common_metadata) -Does the root file support mapping roles to urls (TAP 5)? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#root_meta) +Does the Root metadata support mapping roles to URLs (TAP 5)? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#root_meta) -Is there any additional or custom metadata included in targets metadata? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#targets_meta, https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#custom-metadata-about-images) +Is there any additional or custom metadata included in Targets metadata? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#targets_meta, https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#custom-metadata-about-images) How are the filenames for delegations listed? Are wildcards supported? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#delegations_meta) -Does snapshot include the root filename and version number? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#snapshot_meta) +Does Snapshot metadata include the Root filename and version number? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#snapshot_meta) How many repositories does the implementation use? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#repo_mapping_meta) @@ -56,43 +56,43 @@ How does the implementation specify repository mapping metadata? (https://uptane How do ECUs securely access the current time? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#server-repository-implementation-requirements) -Is the image repository interface public? Does it require authentication? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) +Is the Image repository interface public? Does it require authentication? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) -Is the director repository interface public? Does it support encryption? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) +Is the Director repository interface public? Does it support encryption? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) -How does the director repository identify a vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#directing-installation-of-images-on-vehicles) +How does the Director repository identify a vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#directing-installation-of-images-on-vehicles) -Does the director repository make any additional checks? What does it do it a check fails? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#directing-installation-of-images-on-vehicles) +Does the Director repository make any additional checks? What does it do it a check fails? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#directing-installation-of-images-on-vehicles) What additional data about ECUs and vehicles is stored in the inventory database? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#inventory_db_) Is the ECU key symmetric? Is the same key used for encryption and signing? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#build-time-prerequisite-requirements-for-ecus) -Does the implementation support sending diffs of the vehicle version manifest? If so, how can the director request the full manifest? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#construct_manifest_primary) +Does the implementation support sending diffs of the vehicle version manifest? If so, how can the Director request the full manifest? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#construct_manifest_primary) -Do any secondaries not have storage? If so, how will they request images from the primary and should they backup their previous working image? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#send_images_primary) +Do any Secondaries not have storage? If so, how will they request images from the Primary and should they backup their previous working image? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#send_images_primary) What are the preconditions for installing an image? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#install_image) -Does the primary write version reports to disk? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#create_version_report) +Does the Primary write version reports to disk? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#create_version_report) -Do full verification secondaries check that all metadata from the director and image repositories match? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) +Do full verification Secondaries check that all metadata from the Director and Image repositories match? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) -Does the primary ECU check that the targets metadata from the director repository only contains ECU ids present on the vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) +Does the Primary ECU check that the Targets metadata from the Director repository only contains ECU ids present on the vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) -Does the root, snapshot, timestamp, or targets verification process differ from the suggestions in the standard? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#check_root) +Does the Root, Snapshot, Timestamp, or Targets metadata verification process differ from the suggestions in the Standard? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#check_root) # Usage -What filesystem is used by the image repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) +What filesystem is used by the Image repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) -What filesystem is used by the director repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) +What filesystem is used by the Director repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) What database system is used for the inventory database? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#inventory_db) How are keys managed? -What steps are taken to initialize the image and directory repositories? +What steps are taken to initialize the Image and Directory repositories? Are ECUs registered with a repository? How does this work? @@ -101,10 +101,10 @@ Are ECUs registered with a repository? How does this work? | Location | Data | | -------- | ---- | |Primary ECU | | -| Full verification secondary ECU | | -| Partial verification secondary ECU | | -| Director Repository | | -| Image Repository | | +| Full verification Secondary ECU | | +| Partial verification Secondary ECU | | +| Director repository | | +| Image repository | | | ... | | # Formats @@ -114,5 +114,5 @@ This section details the data definitions used for files transmitted as part of * Snapshot metadata * Timestamp metadata * Targets metadata, including any custom fields -* Delegated targets metadata, if different than targets metadata +* Delegated Targets metadata, if different than Targets metadata * ECU metadata and vehicle version manifest From bf7adacd367812fb4955c0aa5ea0b34d72e5ad9d Mon Sep 17 00:00:00 2001 From: marinamoore Date: Tue, 7 Jul 2020 10:43:27 -0700 Subject: [PATCH 3/4] add some clarifications to the POUF template --- POUF-template.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/POUF-template.md b/POUF-template.md index 0316a61..05071f6 100644 --- a/POUF-template.md +++ b/POUF-template.md @@ -76,17 +76,17 @@ What are the preconditions for installing an image? (https://uptane.github.io/pa Does the Primary write version reports to disk? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#create_version_report) -Do full verification Secondaries check that all metadata from the Director and Image repositories match? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) +Do full verification Secondaries check that all metadata from the Director and Image repositories match or is this check done on the Primary? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) Does the Primary ECU check that the Targets metadata from the Director repository only contains ECU ids present on the vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) -Does the Root, Snapshot, Timestamp, or Targets metadata verification process differ from the suggestions in the Standard? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#check_root) +Does the Root, Snapshot, Timestamp, or Targets metadata verification process have any steps in addition to those required in the Standard? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#check_root) # Usage -What filesystem is used by the Image repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) +What kind of storage is used by the Image repository and which authorization mechanisms does it employ? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#image-repository) -What filesystem is used by the Director repository? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) +What kind of storage is used by the Director repository and which authorization mechanisms does it employ? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#director_repository) What database system is used for the inventory database? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#inventory_db) From 7b1a806f3e87b1046cd66985a9a450b281bf3020 Mon Sep 17 00:00:00 2001 From: marinamoore Date: Tue, 7 Jul 2020 10:47:15 -0700 Subject: [PATCH 4/4] clarify full verification --- POUF-template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/POUF-template.md b/POUF-template.md index 05071f6..4a615a1 100644 --- a/POUF-template.md +++ b/POUF-template.md @@ -76,7 +76,7 @@ What are the preconditions for installing an image? (https://uptane.github.io/pa Does the Primary write version reports to disk? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#create_version_report) -Do full verification Secondaries check that all metadata from the Director and Image repositories match or is this check done on the Primary? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) +Which ECUs perform full verification? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification) Does the Primary ECU check that the Targets metadata from the Director repository only contains ECU ids present on the vehicle? (https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html#full_verification)