draft-ietf-sacm-coswid-05.txt   draft-ietf-sacm-coswid-06.txt 
SACM Working Group H. Birkholz SACM Working Group H. Birkholz
Internet-Draft Fraunhofer SIT Internet-Draft Fraunhofer SIT
Intended status: Standards Track J. Fitzgerald-McKay Intended status: Standards Track J. Fitzgerald-McKay
Expires: September 22, 2018 Department of Defense Expires: January 4, 2019 Department of Defense
C. Schmidt C. Schmidt
The MITRE Corporation The MITRE Corporation
D. Waltermire D. Waltermire
NIST NIST
March 21, 2018 July 03, 2018
Concise Software Identifiers Concise Software Identifiers
draft-ietf-sacm-coswid-05 draft-ietf-sacm-coswid-06
Abstract Abstract
This document defines a concise representation of ISO/IEC This document defines a concise representation of ISO/IEC
19770-2:2015 Software Identification (SWID) tags that are 19770-2:2015 Software Identification (SWID) tags that are
interoperable with the XML schema definition of ISO/IEC 19770-2:2015 interoperable with the XML schema definition of ISO/IEC 19770-2:2015
and augmented for application in Constrained-Node Networks. Next to and augmented for application in Constrained-Node Networks. Next to
the inherent capability of SWID tags to express arbitrary context the inherent capability of SWID tags to express arbitrary context
information, Concise SWID (CoSWID) tags support the definition of information, Concise SWID (CoSWID) tags support the definition of
additional semantics via well-defined data definitions incorporated additional semantics via well-defined data definitions incorporated
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 22, 2018. This Internet-Draft will expire on January 4, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 36 skipping to change at page 2, line 36
2.3. The any-element-map Entry . . . . . . . . . . . . . . . . 13 2.3. The any-element-map Entry . . . . . . . . . . . . . . . . 13
2.4. The entity Object . . . . . . . . . . . . . . . . . . . . 13 2.4. The entity Object . . . . . . . . . . . . . . . . . . . . 13
2.5. The link Object . . . . . . . . . . . . . . . . . . . . . 14 2.5. The link Object . . . . . . . . . . . . . . . . . . . . . 14
2.6. The software-meta Object . . . . . . . . . . . . . . . . 16 2.6. The software-meta Object . . . . . . . . . . . . . . . . 16
2.7. The Resource Collection Definition . . . . . . . . . . . 19 2.7. The Resource Collection Definition . . . . . . . . . . . 19
2.7.1. The hash-entry Array . . . . . . . . . . . . . . . . 19 2.7.1. The hash-entry Array . . . . . . . . . . . . . . . . 19
2.7.2. The resource-collection Group . . . . . . . . . . . . 20 2.7.2. The resource-collection Group . . . . . . . . . . . . 20
2.7.3. The payload Object . . . . . . . . . . . . . . . . . 22 2.7.3. The payload Object . . . . . . . . . . . . . . . . . 22
2.7.4. The evidence Object . . . . . . . . . . . . . . . . . 23 2.7.4. The evidence Object . . . . . . . . . . . . . . . . . 23
2.8. Full CDDL Definition . . . . . . . . . . . . . . . . . . 24 2.8. Full CDDL Definition . . . . . . . . . . . . . . . . . . 24
3. CoSWID Indexed Label Values . . . . . . . . . . . . . . . . . 28 3. CoSWID Indexed Label Values . . . . . . . . . . . . . . . . . 29
3.1. Version Scheme . . . . . . . . . . . . . . . . . . . . . 28 3.1. Version Scheme . . . . . . . . . . . . . . . . . . . . . 29
3.2. Entity Role Values . . . . . . . . . . . . . . . . . . . 28 3.2. Entity Role Values . . . . . . . . . . . . . . . . . . . 29
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
4.1. SWID/CoSWID Version Schema Values Registry . . . . . . . 29 4.1. SWID/CoSWID Version Schema Values Registry . . . . . . . 30
4.2. SWID/CoSWID Entity Role Values Registry . . . . . . . . . 30 4.2. SWID/CoSWID Entity Role Values Registry . . . . . . . . . 31
5. Security Considerations . . . . . . . . . . . . . . . . . . . 31 5. Security Considerations . . . . . . . . . . . . . . . . . . . 32
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34
7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 33 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 34
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 35 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 36
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 36
9.1. Normative References . . . . . . . . . . . . . . . . . . 35 9.1. Normative References . . . . . . . . . . . . . . . . . . 36
9.2. Informative References . . . . . . . . . . . . . . . . . 36 9.2. Informative References . . . . . . . . . . . . . . . . . 37
Appendix A. CoSWID Attributes for Firmware (label 60) . . . . . 37 Appendix A. CoSWID Attributes for Firmware (label 60) . . . . . 38
Appendix B. Signed Concise SWID Tags using COSE . . . . . . . . 39 Appendix B. Signed Concise SWID Tags using COSE . . . . . . . . 44
Appendix C. CoSWID used as Reference Integrity Measurements Appendix C. CoSWID used as Reference Integrity Measurements
(CoSWID RIM) . . . . . . . . . . . . . . . . . . . . 40 (CoSWID RIM) . . . . . . . . . . . . . . . . . . . . 45
Appendix D. CBOR Web Token for Concise SWID Tags . . . . . . . . 41 Appendix D. CBOR Web Token for Concise SWID Tags . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45
1. Introduction 1. Introduction
SWID tags have several use-applications including but not limited to: SWID tags have several use-applications including but not limited to:
o Software Inventory Management, a part of the Software Asset o Software Inventory Management, a part of the Software Asset
Management [SAM] process, which requires an accurate list of Management [SAM] process, which requires an accurate list of
discernible deployed software components. discernible deployed software components.
o Vulnerability Assessment, which requires a semantic link between o Vulnerability Assessment, which requires a semantic link between
skipping to change at page 24, line 11 skipping to change at page 24, line 11
section 3.9) can be used to extend the evidence model, allowing section 3.9) can be used to extend the evidence model, allowing
well-formed extensions to be defined in additional CDDL well-formed extensions to be defined in additional CDDL
descriptions. descriptions.
2.8. Full CDDL Definition 2.8. Full CDDL Definition
In order to create a valid CoSWID document the structure of the In order to create a valid CoSWID document the structure of the
corresponding CBOR message MUST adhere to the following CDDL data corresponding CBOR message MUST adhere to the following CDDL data
definition. definition.
concise-software-identity = { concise-software-identity = {
global-attributes, global-attributes,
tag-id, tag-id,
tag-version, tag-version,
? corpus, ? corpus,
? patch, ? patch,
? supplemental, ? supplemental,
swid-name, swid-name,
? software-version, ? software-version,
? version-scheme, ? version-scheme,
? media, ? media,
? software-meta-entry, ? software-meta-entry,
? entity-entry, entity-entry,
? link-entry, ? link-entry,
? ( payload-entry / evidence-entry ), ? ( payload-entry // evidence-entry ),
? any-element-entry, ? any-element-entry,
} }
any-uri = text any-uri = text
label = text / int label = text / int
any-attribute = ( any-attribute = (
label => text / int / [ 2* text ] / [ 2* int ] label => text / int / [ 2* text ] / [ 2* int ]
) )
any-element-map = { any-element-map = {
global-attributes, global-attributes,
* label => any-element-map / [ 2* any-element-map ], * label => any-element-map / [ 2* any-element-map ],
} }
global-attributes = ( global-attributes = (
? lang, ? lang,
* any-attribute, * any-attribute,
) )
resource-collection = ( resource-collection = (
? directory-entry, ? directory-entry,
? file-entry, ? file-entry,
? process-entry, ? process-entry,
? resource-entry ? resource-entry
) )
file = { file = {
filesystem-item, filesystem-item,
? size, ? size,
? file-version, ? file-version,
? hash-entry, ? hash-entry,
} }
filesystem-item = ( filesystem-item = (
global-attributes, global-attributes,
? key, ? key,
? location, ? location,
fs-name, fs-name,
? root, ? root,
) )
directory = { directory = {
filesystem-item, filesystem-item,
path-elements, path-elements,
} }
process = { process = {
global-attributes, global-attributes,
process-name, process-name,
? pid, ? pid,
} }
resource = { resource = {
global-attributes, global-attributes,
type, type,
} }
entity = { entity = {
global-attributes, global-attributes,
entity-name, entity-name,
? reg-id, ? reg-id,
role, role,
? thumbprint, ? thumbprint,
extended-data, extended-data,
} }
evidence = { evidence = {
global-attributes, global-attributes,
resource-collection, resource-collection,
? date, ? date,
? device-id, ? device-id,
* $$evidence-extension * $$evidence-extension
} }
link = { link = {
global-attributes, global-attributes,
? artifact, ? artifact,
href, href,
? media ? media
? ownership, ? ownership,
rel, rel,
? media-type, ? media-type,
? use, ? use,
} }
software-meta = { software-meta = {
global-attributes, global-attributes,
? activation-status, ? activation-status,
? channel-type, ? channel-type,
? colloquial-version, ? colloquial-version,
? description, ? description,
? edition, ? edition,
? entitlement-data-required, ? entitlement-data-required,
? entitlement-key, ? entitlement-key,
? generator, ? generator,
? persistent-id, ? persistent-id,
? product, ? product,
? product-family, ? product-family,
? revision, ? revision,
? summary, ? summary,
? unspsc-code, ? unspsc-code,
? unspsc-version, ? unspsc-version,
} }
payload = { payload = {
global-attributes, global-attributes,
resource-collection, resource-collection,
* $$payload-extension * $$payload-extension
} }
tag-id = (0: text) tag-id = (0: text)
swid-name = (1: text) swid-name = (1: text)
entity-entry = (2: entity / [ 2* entity ]) entity-entry = (2: entity / [ 2* entity ])
evidence-entry = (3: evidence) evidence-entry = (3: evidence)
link-entry = (4: link / [ 2* link ]) link-entry = (4: link / [ 2* link ])
software-meta-entry = (5: software-meta / [ 2* software-meta ]) software-meta-entry = (5: software-meta / [ 2* software-meta ])
payload-entry = (6: payload) payload-entry = (6: payload)
any-element-entry = (7: any-element-map / [ 2* any-element-map ]) any-element-entry = (7: any-element-map / [ 2* any-element-map ])
corpus = (8: bool) corpus = (8: bool)
patch = (9: bool) patch = (9: bool)
media = (10: text) media = (10: [ + [ media-expression,
supplemental = (11: bool) ? [ media-operation,
tag-version = (12: integer) media-expression,
software-version = (13: text) ]
version-scheme = (14: text / int) ]
lang = (15: text) ])
directory-entry = (16: directory / [ 2* directory ]) media-operation = text
file-entry = (17: file / [ 2* file ]) media-expression = media-environment / [ media-prefix,
process-entry = (18: process / [ 2* process ]) media-environment,
resource-entry = (19: resource / [ 2* resource ]) media-attribute,
size = (20: integer) media-value,
file-version = (21: text) ]
key = (22: bool) media-prefix = text
location = (23: text) media-environment = text
fs-name = (24: text) media-attribute = text
root = (25: text) media-value = text
path-elements = (26: { * file-entry, supplemental = (11: bool)
* directory-entry, tag-version = (12: integer)
} software-version = (13: text)
) version-scheme = (14: text / int)
process-name = (27: text) lang = (15: text)
pid = (28: integer) directory-entry = (16: directory / [ 2* directory ])
type = (29: text) file-entry = (17: file / [ 2* file ])
extended-data = (30: any-element-map / [ 2* any-element-map ]) process-entry = (18: process / [ 2* process ])
entity-name = (31: text) resource-entry = (19: resource / [ 2* resource ])
reg-id = (32: any-uri) size = (20: integer)
role = (33: text / [2* text]) file-version = (21: text)
thumbprint = (34: hash-entry) key = (22: bool)
date = (35: time) location = (23: text)
device-id = (36: text) fs-name = (24: text)
artifact = (37: text) root = (25: text)
href = (38: any-uri) path-elements = (26: { * file-entry,
ownership = (39: "shared" / "private" / "abandon") * directory-entry,
rel = (40: text) }
media-type = (41: text) )
use = (42: "optional" / "required" / "recommended") process-name = (27: text)
activation-status = (43: text) pid = (28: integer)
channel-type = (44: text) type = (29: text)
colloquial-version = (45: text) extended-data = (30: any-element-map / [ 2* any-element-map ])
description = (46: text) entity-name = (31: text)
edition = (47: text) reg-id = (32: any-uri)
entitlement-data-required = (48: bool) role = (33: roles / [ 2* roles ] / text / [ 2* text ])
entitlement-key = (49: text) roles= aggregator / distributor / licensor / software-creator / tag-creator
generator = (50: text) aggregator=0
persistent-id = (51: text) distributor=1
product = (52: text) licensor=2
product-family = (53: text) software-creator=3
revision = (54: text) tag-creator=4
summary = (55: text) thumbprint = (34: [ hash-alg-id: int,
unspsc-code = (56: text) hash-value: bstr,
unspsc-version = (57: text)
hash-entry = (58: [ hash-alg-id: int, ]
hash-value: bstr, )
] date = (35: time)
) device-id = (36: text)
artifact = (37: text)
href = (38: any-uri)
ownership = (39: shared / private / abandon)
shared=0
private=1
abandon=2
rel = (40: rels / [ 2* rels ])
rels = ancestor / component / feature / installationmedia / packageinstaller / parent / patches / requires / see-also / supersedes / rel-supplemental
ancestor=0
component=1
feature=2
installationmedia=3
packageinstaller=4
parent=5
patches=6
requires=7
see-also=8
supersedes=9
rel-supplemental=10
media-type = (41: text)
use = (42: optional / required / recommended)
optional=0
required=1
recommended=2
activation-status = (43: text)
channel-type = (44: text)
colloquial-version = (45: text)
description = (46: text)
edition = (47: text)
entitlement-data-required = (48: bool)
entitlement-key = (49: text)
generator = (50: text)
persistent-id = (51: text)
product = (52: text)
product-family = (53: text)
revision = (54: text)
summary = (55: text)
unspsc-code = (56: text)
unspsc-version = (57: text)
hash-entry = (58: [ hash-alg-id: int,
hash-value: bstr,
]
)
3. CoSWID Indexed Label Values 3. CoSWID Indexed Label Values
3.1. Version Scheme 3.1. Version Scheme
The following are an initial set of values for use in the version- The following are an initial set of values for use in the version-
scheme item for the version schemes defined in the ISO/IEC scheme item for the version schemes defined in the ISO/IEC
19770-2:2015 [SWID] specification. Index value in parens indicates 19770-2:2015 [SWID] specification. Index value in parens indicates
the index value to use in the version-scheme item. the index value to use in the version-scheme item.
skipping to change at page 33, line 22 skipping to change at page 34, line 22
this, SWID tags can be created by any party and the SWID tags this, SWID tags can be created by any party and the SWID tags
collected from an endpoint could contain a mixture of vendor and non- collected from an endpoint could contain a mixture of vendor and non-
vendor created tags. For this reason, tools that consume SWID tags vendor created tags. For this reason, tools that consume SWID tags
ought to treat the tag contents as potentially malicious and should ought to treat the tag contents as potentially malicious and should
employ input sanitizing on the tags they ingest. employ input sanitizing on the tags they ingest.
6. Acknowledgments 6. Acknowledgments
7. Change Log 7. Change Log
Changes from version 05 to version 06:
o Improved quantities
o Included proposals for implicet enumerations that were NMTOKENS
o Added extension points
o Improved exemplary firmware-resource extension
Changes from version 04 to version 05: Changes from version 04 to version 05:
o Clarified language around SWID and CoSWID to make more consistant o Clarified language around SWID and CoSWID to make more consistant
use of these terms. use of these terms.
o Added language describing CBOR optimizations for single vs. arrays o Added language describing CBOR optimizations for single vs. arrays
in the model front matter. in the model front matter.
o Fixed a number of gramatical, spelling, and wording issues. o Fixed a number of gramatical, spelling, and wording issues.
skipping to change at page 37, line 8 skipping to change at page 38, line 14
[I-D.ietf-cbor-cddl] [I-D.ietf-cbor-cddl]
Birkholz, H., Vigano, C., and C. Bormann, "Concise data Birkholz, H., Vigano, C., and C. Bormann, "Concise data
definition language (CDDL): a notational convention to definition language (CDDL): a notational convention to
express CBOR data structures", draft-ietf-cbor-cddl-02 express CBOR data structures", draft-ietf-cbor-cddl-02
(work in progress), February 2018. (work in progress), February 2018.
[I-D.ietf-sacm-rolie-softwaredescriptor] [I-D.ietf-sacm-rolie-softwaredescriptor]
Waltermire, D. and S. Banghart, "Definition of the ROLIE Waltermire, D. and S. Banghart, "Definition of the ROLIE
Software Descriptor Extension", draft-ietf-sacm-rolie- Software Descriptor Extension", draft-ietf-sacm-rolie-
softwaredescriptor-01 (work in progress), March 2018. softwaredescriptor-02 (work in progress), March 2018.
[I-D.ietf-sacm-terminology] [I-D.ietf-sacm-terminology]
Birkholz, H., Lu, J., Strassner, J., Cam-Winget, N., and Birkholz, H., Lu, J., Strassner, J., Cam-Winget, N., and
A. Montville, "Security Automation and Continuous A. Montville, "Security Automation and Continuous
Monitoring (SACM) Terminology", draft-ietf-sacm- Monitoring (SACM) Terminology", draft-ietf-sacm-
terminology-14 (work in progress), December 2017. terminology-15 (work in progress), June 2018.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>. <https://www.rfc-editor.org/info/rfc4122>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
skipping to change at page 38, line 23 skipping to change at page 39, line 29
allow for an additional type of resource description--firmware- allow for an additional type of resource description--firmware-
entry--thereby increasing the self-descriptiveness and flexibility of entry--thereby increasing the self-descriptiveness and flexibility of
CoSWID. The optional use of the extension points "$$payload- CoSWID. The optional use of the extension points "$$payload-
extension" and "$$evidence-extension" in respect to firmware MUST extension" and "$$evidence-extension" in respect to firmware MUST
adhere to the following CDDL data definition. adhere to the following CDDL data definition.
<CODE BEGINS> <CODE BEGINS>
$$payload-extension //= (firmware-entry,) $$payload-extension //= (firmware-entry,)
$$evidence-extension //= (firmware-entry,) $$evidence-extension //= (firmware-entry,)
firmware = { firmware-manifest = {
firmware-name, ; inherited from RFC4108 firmware-manifest-id,
? firmware-version, firmware-manifest-creation-timestamp,
? firmware-package-identifier, ; inherited from RFC4108 firmware-manifest-version,
? dependency, ; inherited from RFC4108 firmware-manifest-description,
? component-index, ; equivalent to RFC4108 fwPkgType firmware-manifest-nonce,
? block-device-identifier, ? firmware-manifest-aliases,
? target-hardware-identifier, ; an RFC4108 alternative to model-label ? firmware-manifest-dependencies,
model-label, firmware-target-device-identifier,
? hash-entry, ; a hash for a single, incl. NI hash-algo index firmware-payload-entry,
? cms-firmware-package, ; RCF4108, experimental, this is an actual firmware blob! ? simple-firmware-manifest-extensions,
$$firmware-manifest-extensions,
} }
firmware-entry = (60: firmware / [ 2* firmware ]) firmware-payload = {
firmware-name = (61 : text) firmware-payload-id,
firmware-version = (62 : text / int) ? firmware-package-identifier,
component-index = (63 : int) firmware-payload-description,
model-label = (64 text / int) firmware-payload-format,
block-device-identifier = (65 : text / int) firmware-payload-size,
cms-firmware-package = (66: bstr) ? firmware-payload-simple-version,
firmware-package-identifier = (67: text) ? firmware-payload-version,
target-hardware-identifier = (68: text) firmware-payload-digests,
dependency = (69: { ? firmware-name, ? firmware-target-component-index,
? firmware-version, firmware-target-storage-identifier,
? firmware-package-identifier, firmware-payload-conditions,
} ? firmware-payload-directives,
) ? firmware-target-dependency,
? firmware-target-minimal-version,
? firmware-payload-relationships,
firmware-payload-package,
? simple-firmware-payload-extensions,
$$firmware-payload-extensions,
}
firmware-entry = (59: firmware-manifest / [ 2* firmware-manifest ])
firmware-payload-entry = (60: firmware-payload / [ 2* firmware-payload ])
firmware-payload-id = (61: bytes / text / uint)
firmware-package-identifier = (62: text)
firmware-manifest-id = (63: bytes / text / int)
firmware-manifest-creation-timestamp = (64: time)
firmware-manifest-version = (65: uint)
firmware-manifest-description = (66: text)
firmware-manifest-nonce = (67: bytes)
firmware-manifest-dependencies = (68: resource-reference)
firmware-manifest-aliases = (69: resource-reference)
resource-reference = [ + [ resource-reference-uri: uri,
resource-reference-digest: bytes,
],
]
firmware-payload-description = (70: text)
firmware-payload-format = (71: { firmware-payload-format-type,
? firmware-payload-format-guidance,
}
)
firmware-payload-format-type = (72: int)
firmware-payload-format-guidance = (73: bytes)
firmware-payload-size = (74: uint)
firmware-payload-package = (75: { ? firmware-package-compression-type,
? firmware-package-compression-guidance,
firmware-package,
}
)
firmware-package-compression-type = (76: text / int)
firmware-package-compression-guidance = (77: bytes)
firmware-package = (78: bytes)
firmware-target-component-index = (79: text)
firmware-target-storage-identifier = (80: bytes / text / int)
firmware-target-dependency = (81: [ ? { firmware-target-major-version,
version-comparison,
required-version,
},
? { firmware-target-minor-version,
version-comparison,
required-version,
},
? { firmware-target-revision-version,
version-comparison,
required-version,
},
? { firmware-target-build-version,
version-comparison,
required-version,
},
]
)
firmware-payload-relationships = (82: [ + { firmware-payload-relationship-type,
firmware-payload-ids,
},
]
)
firmware-payload-ids = (83: [ + ( bytes / text / int )])
firmware-payload-relationship-type = (84: $firmware-payload-relationship-types)
$firmware-payload-relationship-types /= patches-firmware
$firmware-payload-relationship-types /= requires-firmware
$firmware-payload-relationship-types /= supersedes-firmware
patches-firmware = 1
requires-firmware = 2
supersedes-firmware = 3
firmware-target-device-identifier = (85: { firmware-target-vendor-identifier,
? firmware-target-type-identifier,
firmware-target-model-identifier,
? firmware-target-class-identifier,
? firmware-target-rfc4122-identifier,
? firmware-target-8021AR-identifier,
$$firmware-target-identifier-extensions,
}
)
firmware-target-vendor-identifier = (86: text)
firmware-target-type-identifier = (87: text)
firmware-target-model-identifier = (88: text)
firmware-target-class-identifier = (89: text)
firmware-target-rfc4122-identifier = (90: text)
firmware-target-8021AR-identifier = (91: bytes)
firmware-target-minimal-version = (92: { firmware-target-major-version,
firmware-target-minor-version,
? firmware-target-revision-version,
? firmware-target-build-version,
? firmware-target-storage-identifier,
},
)
firmware-target-major-version = (93: uint)
firmware-target-minor-version = (94: uint)
firmware-target-revision-version = (95: uint)
firmware-target-build-version = (96: uint)
firmware-payload-digests = (97: [ + { firmware-digest-type,
? firmware-digest-config-guidance,
firmware-digest,
},
]
)
firmware-digest-type = (98: $firmware-digest-types)
$firmware-digest-types /= raw-payload-digest
$firmware-digest-types /= installed-payload-digest
$firmware-digest-types /= ciphertext-digest
$firmware-digest-types /= pre-image-digest
raw-payload-digest = 1
installed-payload-digest = 2
ciphertext-digest = 3
pre-image-digest = 4
firmware-digest-config-guidance = (99: bytes)
firmware-digest = (100: bytes)
firmware-payload-conditions = (101: [ + { firmware-payload-condition-type,
firmware-payload-condition-parameters,
},
]
)
firmware-payload-condition-parameters = (102: bytes)
firmware-payload-condition-type = (103: $firmware-payload-condition-types)
$firmware-payload-condition-types /= vendor-id-condition
$firmware-payload-condition-types /= class-id-condition
$firmware-payload-condition-types /= device-id-condition
$firmware-payload-condition-types /= best-before-condition
vendor-id-condition = 1
class-id-condition = 2
device-id-condition = 3
best-before-condition = 4
firmware-payload-directives = (104: [ + { firmware-payload-directive-type,
firmware-payload-directive-parameters,
},
]
)
firmware-payload-directive-parameters = (105: bytes)
firmware-payload-directive-type = (106: $firmware-payload-directive-types)
$firmware-payload-directive-types /= apply-immediately-directive
$firmware-payload-directive-types /= apply-after-directive
apply-immediately-directive = 1
apply-after-directive = 2
firmware-payload-simple-version = (107: uint)
firmware-payload-version = (108: { firmware-payload-major-version,
firmware-payload-minor-version,
? firmware-payload-revision-version,
? firmware-payload-build-version,
}
)
firmware-payload-major-version = (109: uint)
firmware-payload-minor-version = (110: uint)
firmware-payload-revision-version = (111: uint)
firmware-payload-build-version = (112: uint)
version-comparison = (113: eq / ne / lt / le / gt / ge)
required-version = (114: uint)
simple-firmware-manifest-extensions = (115: { + int => bytes })
simple-firmware-payload-extensions = (116: { + int => bytes })
eq = 0
ne = 1
lt = 2
le = 3
gt = 4
ge = 5
<CODE ENDS> <CODE ENDS>
The members of the firmware group that constitutes the content of the The members of the firmware group that constitutes the content of the
firmware-entry is based on the metadata about firmware Described in firmware-entry is based on the metadata about firmware Described in
[RFC4108]. As with every semantic differentiation that is supported [RFC4108]. As with every semantic differentiation that is supported
by the resource-collection type, the use of firmware-entry is by the resource-collection type, the use of firmware-entry is
optional. It is REQUIRED not to instantiate more than one firmware- optional. It is REQUIRED not to instantiate more than one firmware-
entry, as the firmware group is used in a map and therefore only entry, as the firmware group is used in a map and therefore only
allows for unique labels. allows for unique labels.
The optional cms-firmware-package member allows to include the actual The optional cms-firmware-package member allows to include the actual
firmware in the CoSWID tag that also expresses its metadata as a firmware in the CoSWID tag that also expresses its metadata as a
 End of changes. 28 change blocks. 
224 lines changed or deleted 442 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/