draft-ietf-teep-opentrustprotocol-02.txt   draft-ietf-teep-opentrustprotocol-03.txt 
TEEP M. Pei TEEP M. Pei
Internet-Draft Symantec Internet-Draft Symantec
Intended status: Informational A. Atyeo Intended status: Informational A. Atyeo
Expires: April 26, 2019 Intercede Expires: November 16, 2019 Intercede
N. Cook N. Cook
ARM Ltd. ARM Ltd.
M. Yoo M. Yoo
IoTrust IoTrust
H. Tschofenig H. Tschofenig
ARM Ltd. ARM Ltd.
October 23, 2018 May 15, 2019
The Open Trust Protocol (OTrP) The Open Trust Protocol (OTrP)
draft-ietf-teep-opentrustprotocol-02.txt draft-ietf-teep-opentrustprotocol-03.txt
Abstract Abstract
This document specifies the Open Trust Protocol (OTrP), a protocol This document specifies the Open Trust Protocol (OTrP), a protocol
that follows the Trust Execution Environment Provisioning (TEEP) that follows the Trust Execution Environment Provisioning (TEEP)
architecture and provides a message protocol that provisions and architecture and provides a message protocol that provisions and
manages Trusted Applications into a device with a Trusted Execution manages Trusted Applications into a device with a Trusted Execution
Environment (TEE). Environment (TEE).
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 26, 2019. This Internet-Draft will expire on November 16, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 6 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 6
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 6 3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 6
4. OTrP Entities and Trust Model . . . . . . . . . . . . . . . . 6 4. OTrP Entities and Trust Model . . . . . . . . . . . . . . . . 6
4.1. System Components . . . . . . . . . . . . . . . . . . . . 7 4.1. System Components . . . . . . . . . . . . . . . . . . . . 6
4.2. Trust Anchors in TEE . . . . . . . . . . . . . . . . . . 7 4.2. Trust Anchors in TEE . . . . . . . . . . . . . . . . . . 7
4.3. Trust Anchors in TAM . . . . . . . . . . . . . . . . . . 7 4.3. Trust Anchors in TAM . . . . . . . . . . . . . . . . . . 7
4.4. Keys and Certificate Types . . . . . . . . . . . . . . . 7 4.4. Keys and Certificate Types . . . . . . . . . . . . . . . 7
5. Protocol Scope and Entity Relations . . . . . . . . . . . . . 10 5. Protocol Scope and Entity Relations . . . . . . . . . . . . . 10
5.1. A Sample Device Setup Flow . . . . . . . . . . . . . . . 12 5.1. A Sample Device Setup Flow . . . . . . . . . . . . . . . 12
5.2. Derived Keys in The Protocol . . . . . . . . . . . . . . 12 5.2. Derived Keys in The Protocol . . . . . . . . . . . . . . 12
5.3. Security Domain Hierarchy and Ownership . . . . . . . . . 13 5.3. Security Domain Hierarchy and Ownership . . . . . . . . . 13
5.4. SD Owner Identification and TAM Certificate Requirements 13 5.4. SD Owner Identification and TAM Certificate Requirements 13
5.5. Service Provider Container . . . . . . . . . . . . . . . 14 5.5. Service Provider Container . . . . . . . . . . . . . . . 14
6. OTrP Broker . . . . . . . . . . . . . . . . . . . . . . . . . 15 6. OTrP Broker . . . . . . . . . . . . . . . . . . . . . . . . . 15
skipping to change at page 3, line 26 skipping to change at page 3, line 26
9.1.3.1. Supported Firmware Signature Methods . . . . . . 33 9.1.3.1. Supported Firmware Signature Methods . . . . . . 33
9.1.4. Post Conditions . . . . . . . . . . . . . . . . . . . 33 9.1.4. Post Conditions . . . . . . . . . . . . . . . . . . . 33
9.1.5. GetDeviceStateResponse Message . . . . . . . . . . . 33 9.1.5. GetDeviceStateResponse Message . . . . . . . . . . . 33
9.1.6. Error Conditions . . . . . . . . . . . . . . . . . . 38 9.1.6. Error Conditions . . . . . . . . . . . . . . . . . . 38
9.1.7. TAM Processing Requirements . . . . . . . . . . . . . 39 9.1.7. TAM Processing Requirements . . . . . . . . . . . . . 39
9.2. Security Domain Management . . . . . . . . . . . . . . . 40 9.2. Security Domain Management . . . . . . . . . . . . . . . 40
9.2.1. CreateSD . . . . . . . . . . . . . . . . . . . . . . 40 9.2.1. CreateSD . . . . . . . . . . . . . . . . . . . . . . 40
9.2.1.1. CreateSDRequest Message . . . . . . . . . . . . . 40 9.2.1.1. CreateSDRequest Message . . . . . . . . . . . . . 40
9.2.1.2. Request Processing Requirements at a TEE . . . . 43 9.2.1.2. Request Processing Requirements at a TEE . . . . 43
9.2.1.3. CreateSDResponse Message . . . . . . . . . . . . 44 9.2.1.3. CreateSDResponse Message . . . . . . . . . . . . 44
9.2.1.4. Error Conditions . . . . . . . . . . . . . . . . 46 9.2.1.4. Error Conditions . . . . . . . . . . . . . . . . 45
9.2.2. UpdateSD . . . . . . . . . . . . . . . . . . . . . . 46 9.2.2. UpdateSD . . . . . . . . . . . . . . . . . . . . . . 46
9.2.2.1. UpdateSDRequest Message . . . . . . . . . . . . . 46 9.2.2.1. UpdateSDRequest Message . . . . . . . . . . . . . 46
9.2.2.2. Request Processing Requirements at a TEE . . . . 49 9.2.2.2. Request Processing Requirements at a TEE . . . . 49
9.2.2.3. UpdateSDResponse Message . . . . . . . . . . . . 51 9.2.2.3. UpdateSDResponse Message . . . . . . . . . . . . 51
9.2.2.4. Error Conditions . . . . . . . . . . . . . . . . 52 9.2.2.4. Error Conditions . . . . . . . . . . . . . . . . 52
9.2.3. DeleteSD . . . . . . . . . . . . . . . . . . . . . . 53 9.2.3. DeleteSD . . . . . . . . . . . . . . . . . . . . . . 52
9.2.3.1. DeleteSDRequest Message . . . . . . . . . . . . . 53 9.2.3.1. DeleteSDRequest Message . . . . . . . . . . . . . 53
9.2.3.2. Request Processing Requirements at a TEE . . . . 55 9.2.3.2. Request Processing Requirements at a TEE . . . . 55
9.2.3.3. DeleteSDResponse Message . . . . . . . . . . . . 56 9.2.3.3. DeleteSDResponse Message . . . . . . . . . . . . 56
9.2.3.4. Error Conditions . . . . . . . . . . . . . . . . 58 9.2.3.4. Error Conditions . . . . . . . . . . . . . . . . 57
9.3. Trusted Application Management . . . . . . . . . . . . . 58 9.3. Trusted Application Management . . . . . . . . . . . . . 57
9.3.1. InstallTA . . . . . . . . . . . . . . . . . . . . . . 59 9.3.1. InstallTA . . . . . . . . . . . . . . . . . . . . . . 58
9.3.1.1. InstallTARequest Message . . . . . . . . . . . . 60 9.3.1.1. InstallTARequest Message . . . . . . . . . . . . 59
9.3.1.2. InstallTAResponse Message . . . . . . . . . . . . 62 9.3.1.2. InstallTAResponse Message . . . . . . . . . . . . 61
9.3.1.3. Error Conditions . . . . . . . . . . . . . . . . 64 9.3.1.3. Error Conditions . . . . . . . . . . . . . . . . 62
9.3.2. UpdateTA . . . . . . . . . . . . . . . . . . . . . . 64 9.3.2. UpdateTA . . . . . . . . . . . . . . . . . . . . . . 63
9.3.2.1. UpdateTARequest Message . . . . . . . . . . . . . 65 9.3.2.1. UpdateTARequest Message . . . . . . . . . . . . . 64
9.3.2.2. UpdateTAResponse Message . . . . . . . . . . . . 67 9.3.2.2. UpdateTAResponse Message . . . . . . . . . . . . 66
9.3.2.3. Error Conditions . . . . . . . . . . . . . . . . 69 9.3.2.3. Error Conditions . . . . . . . . . . . . . . . . 67
9.3.3. DeleteTA . . . . . . . . . . . . . . . . . . . . . . 69 9.3.3. DeleteTA . . . . . . . . . . . . . . . . . . . . . . 68
9.3.3.1. DeleteTARequest Message . . . . . . . . . . . . . 69 9.3.3.1. DeleteTARequest Message . . . . . . . . . . . . . 68
9.3.3.2. Request Processing Requirements at a TEE . . . . 71 9.3.3.2. Request Processing Requirements at a TEE . . . . 70
9.3.3.3. DeleteTAResponse Message . . . . . . . . . . . . 72 9.3.3.3. DeleteTAResponse Message . . . . . . . . . . . . 70
9.3.3.4. Error Conditions . . . . . . . . . . . . . . . . 73 9.3.3.4. Error Conditions . . . . . . . . . . . . . . . . 71
10. Response Messages a TAM May Expect . . . . . . . . . . . . . 73 10. Response Messages a TAM May Expect . . . . . . . . . . . . . 72
11. Basic Protocol Profile . . . . . . . . . . . . . . . . . . . 74 11. Basic Protocol Profile . . . . . . . . . . . . . . . . . . . 73
12. Attestation Implementation Consideration . . . . . . . . . . 75 12. Attestation Implementation Consideration . . . . . . . . . . 73
12.1. OTrP Trusted Firmware . . . . . . . . . . . . . . . . . 75 12.1. OTrP Trusted Firmware . . . . . . . . . . . . . . . . . 74
12.1.1. Attestation signer . . . . . . . . . . . . . . . . . 75 12.1.1. Attestation signer . . . . . . . . . . . . . . . . . 74
12.1.2. TFW Initial Requirements . . . . . . . . . . . . . . 75 12.1.2. TFW Initial Requirements . . . . . . . . . . . . . . 74
12.2. TEE Loading . . . . . . . . . . . . . . . . . . . . . . 76 12.2. TEE Loading . . . . . . . . . . . . . . . . . . . . . . 74
12.3. Attestation Hierarchy . . . . . . . . . . . . . . . . . 76 12.3. Attestation Hierarchy . . . . . . . . . . . . . . . . . 75
12.3.1. Attestation Hierarchy Establishment: Manufacture . . 77 12.3.1. Attestation Hierarchy Establishment: Manufacture . . 75
12.3.2. Attestation Hierarchy Establishment: Device Boot . . 77 12.3.2. Attestation Hierarchy Establishment: Device Boot . . 75
12.3.3. Attestation Hierarchy Establishment: TAM . . . . . . 77 12.3.3. Attestation Hierarchy Establishment: TAM . . . . . . 76
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 77 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 76
13.1. Error Code List . . . . . . . . . . . . . . . . . . . . 78 13.1. Error Code List . . . . . . . . . . . . . . . . . . . . 77
13.1.1. TEE Signed Error Code List . . . . . . . . . . . . . 78 13.1.1. TEE Signed Error Code List . . . . . . . . . . . . . 77
13.1.2. OTrP Broker Error Code List . . . . . . . . . . . . 79 14. Security Consideration . . . . . . . . . . . . . . . . . . . 78
14. Security Consideration . . . . . . . . . . . . . . . . . . . 79 14.1. Cryptographic Strength . . . . . . . . . . . . . . . . . 78
14.1. Cryptographic Strength . . . . . . . . . . . . . . . . . 79 14.2. Message Security . . . . . . . . . . . . . . . . . . . . 79
14.2. Message Security . . . . . . . . . . . . . . . . . . . . 80 14.3. TEE Attestation . . . . . . . . . . . . . . . . . . . . 79
14.3. TEE Attestation . . . . . . . . . . . . . . . . . . . . 80 14.4. TA Protection . . . . . . . . . . . . . . . . . . . . . 79
14.4. TA Protection . . . . . . . . . . . . . . . . . . . . . 80 14.5. TA Personalization Data . . . . . . . . . . . . . . . . 80
14.5. TA Personalization Data . . . . . . . . . . . . . . . . 81 14.6. TA Trust Check at TEE . . . . . . . . . . . . . . . . . 80
14.6. TA Trust Check at TEE . . . . . . . . . . . . . . . . . 81 14.7. One TA Multiple SP Case . . . . . . . . . . . . . . . . 81
14.7. One TA Multiple SP Case . . . . . . . . . . . . . . . . 82 14.8. OTrP Broker Trust Model . . . . . . . . . . . . . . . . 81
14.8. OTrP Broker Trust Model . . . . . . . . . . . . . . . . 82 14.9. OCSP Stapling Data for TAM Signed Messages . . . . . . . 81
14.9. OCSP Stapling Data for TAM Signed Messages . . . . . . . 82 14.10. Data Protection at TAM and TEE . . . . . . . . . . . . . 81
14.10. Data Protection at TAM and TEE . . . . . . . . . . . . . 82
14.11. Privacy Consideration . . . . . . . . . . . . . . . . . 82 14.11. Privacy Consideration . . . . . . . . . . . . . . . . . 82
14.12. Threat Mitigation . . . . . . . . . . . . . . . . . . . 83 14.12. Threat Mitigation . . . . . . . . . . . . . . . . . . . 82
14.13. Compromised CA . . . . . . . . . . . . . . . . . . . . . 83 14.13. Compromised CA . . . . . . . . . . . . . . . . . . . . . 83
14.14. Compromised TAM . . . . . . . . . . . . . . . . . . . . 84 14.14. Compromised TAM . . . . . . . . . . . . . . . . . . . . 83
14.15. Certificate Renewal . . . . . . . . . . . . . . . . . . 84 14.15. Certificate Renewal . . . . . . . . . . . . . . . . . . 83
15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 84 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 83
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 84 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 84
16.1. Normative References . . . . . . . . . . . . . . . . . . 84 16.1. Normative References . . . . . . . . . . . . . . . . . . 84
16.2. Informative References . . . . . . . . . . . . . . . . . 85 16.2. Informative References . . . . . . . . . . . . . . . . . 84
Appendix A. Sample Messages . . . . . . . . . . . . . . . . . . 85 Appendix A. Sample Messages . . . . . . . . . . . . . . . . . . 85
A.1. Sample Security Domain Management Messages . . . . . . . 85 A.1. Sample Security Domain Management Messages . . . . . . . 85
A.1.1. Sample GetDeviceState . . . . . . . . . . . . . . . . 85 A.1.1. Sample GetDeviceState . . . . . . . . . . . . . . . . 85
A.1.1.1. Sample GetDeviceStateRequest . . . . . . . . . . 85 A.1.1.1. Sample GetDeviceStateRequest . . . . . . . . . . 85
A.1.1.2. Sample GetDeviceStateResponse . . . . . . . . . . 86 A.1.1.2. Sample GetDeviceStateResponse . . . . . . . . . . 85
A.1.2. Sample CreateSD . . . . . . . . . . . . . . . . . . . 89 A.1.2. Sample CreateSD . . . . . . . . . . . . . . . . . . . 89
A.1.2.1. Sample CreateSDRequest . . . . . . . . . . . . . 89 A.1.2.1. Sample CreateSDRequest . . . . . . . . . . . . . 89
A.1.2.2. Sample CreateSDResponse . . . . . . . . . . . . . 92 A.1.2.2. Sample CreateSDResponse . . . . . . . . . . . . . 92
A.1.3. Sample UpdateSD . . . . . . . . . . . . . . . . . . . 93 A.1.3. Sample UpdateSD . . . . . . . . . . . . . . . . . . . 93
A.1.3.1. Sample UpdateSDRequest . . . . . . . . . . . . . 94 A.1.3.1. Sample UpdateSDRequest . . . . . . . . . . . . . 94
A.1.3.2. Sample UpdateSDResponse . . . . . . . . . . . . . 95 A.1.3.2. Sample UpdateSDResponse . . . . . . . . . . . . . 95
A.1.4. Sample DeleteSD . . . . . . . . . . . . . . . . . . . 95 A.1.4. Sample DeleteSD . . . . . . . . . . . . . . . . . . . 95
A.1.4.1. Sample DeleteSDRequest . . . . . . . . . . . . . 95 A.1.4.1. Sample DeleteSDRequest . . . . . . . . . . . . . 95
A.1.4.2. Sample DeleteSDResponse . . . . . . . . . . . . . 97 A.1.4.2. Sample DeleteSDResponse . . . . . . . . . . . . . 97
A.2. Sample TA Management Messages . . . . . . . . . . . . . . 99 A.2. Sample TA Management Messages . . . . . . . . . . . . . . 99
A.2.1. Sample InstallTA . . . . . . . . . . . . . . . . . . 99 A.2.1. Sample InstallTA . . . . . . . . . . . . . . . . . . 99
A.2.1.1. Sample InstallTARequest . . . . . . . . . . . . . 99 A.2.1.1. Sample InstallTARequest . . . . . . . . . . . . . 99
A.2.1.2. Sample InstallTAResponse . . . . . . . . . . . . 100 A.2.1.2. Sample InstallTAResponse . . . . . . . . . . . . 100
A.2.2. Sample UpdateTA . . . . . . . . . . . . . . . . . . . 102 A.2.2. Sample UpdateTA . . . . . . . . . . . . . . . . . . . 102
A.2.2.1. Sample UpdateTARequest . . . . . . . . . . . . . 102 A.2.2.1. Sample UpdateTARequest . . . . . . . . . . . . . 102
A.2.2.2. Sample UpdateTAResponse . . . . . . . . . . . . . 103 A.2.2.2. Sample UpdateTAResponse . . . . . . . . . . . . . 103
A.2.3. Sample DeleteTA . . . . . . . . . . . . . . . . . . . 106 A.2.3. Sample DeleteTA . . . . . . . . . . . . . . . . . . . 106
A.2.3.1. Sample DeleteTARequest . . . . . . . . . . . . . 106 A.2.3.1. Sample DeleteTARequest . . . . . . . . . . . . . 106
A.2.3.2. Sample DeleteTAResponse . . . . . . . . . . . . . 108 A.2.3.2. Sample DeleteTAResponse . . . . . . . . . . . . . 108
skipping to change at page 12, line 11 skipping to change at page 12, line 11
An OTrP Broker is used to bridge communication between a TAM and a An OTrP Broker is used to bridge communication between a TAM and a
TEE. The OTrP Broker doesn't need to know the actual content of OTrP TEE. The OTrP Broker doesn't need to know the actual content of OTrP
Messages except for the TEE routing information. Messages except for the TEE routing information.
5.1. A Sample Device Setup Flow 5.1. A Sample Device Setup Flow
Step 1: Prepare Images for Devices Step 1: Prepare Images for Devices
1. [TEE vendor] Deliver TEE Image (CODE Binary) to device OEM 1. [TEE vendor] Deliver TEE Image (CODE Binary) to device OEM
2. [CA] Deliver root CA Whitelist 2. [CA] Deliver root CA Whitelist
3. [Soc] Deliver TFW Image 3. [Soc] Deliver TFW Image
Step 2: Inject Key Pairs and Images to Devices Step 2: Inject Key Pairs and Images to Devices
1. [OEM] Generate Secure Boot Key Pair (May be shared among multiple 1. [OEM] Generate Secure Boot Key Pair (May be shared among multiple
devices) devices)
2. [OEM] Flash signed TFW Image and signed TEE Image onto devices 2. [OEM] Flash signed TFW Image and signed TEE Image onto devices
(signed by Secure Boot Key) (signed by Secure Boot Key)
Step 3: Setup attestation key pairs in devices Step 3: Setup attestation key pairs in devices
1. [OEM] Flash TFW Public Key and a bootloader key. 1. [OEM] Flash TFW Public Key and a bootloader key.
2. [TFW/TEE] Generate a unique attestation key pair and get a 2. [TFW/TEE] Generate a unique attestation key pair and get a
certificate for the device. certificate for the device.
Step 4: Setup trust anchors in devices Step 4: Setup trust anchors in devices
1. [TFW/TEE] Store the key and certificate encrypted with the eFuse 1. [TFW/TEE] Store the key and certificate encrypted with the eFuse
key key
2. [TEE vendor or OEM] Store trusted CA certificate list into 2. [TEE vendor or OEM] Store trusted CA certificate list into
skipping to change at page 38, line 43 skipping to change at page 38, line 43
ERR_TAM_NOT_TRUSTED The TEE needs to make sure whether the TAM is ERR_TAM_NOT_TRUSTED The TEE needs to make sure whether the TAM is
trustworthy by checking the validity of the TAM certificate and trustworthy by checking the validity of the TAM certificate and
OCSP stapling data and so on. If the TEE finds the TAM is not OCSP stapling data and so on. If the TEE finds the TAM is not
reliable, it returns this error code. reliable, it returns this error code.
ERR_TEE_FAIL If the TEE fails to process a request because of its ERR_TEE_FAIL If the TEE fails to process a request because of its
internal error but is able to sign an error response message, it internal error but is able to sign an error response message, it
will return this error code. will return this error code.
ERR_AGENT_TEE_FAIL The TEE failed to respond to a TAM request. The
OTrP Broker will construct an error message in responding to the
TAM's request. The error message will not be signed.
The response message will look like the following if the TEE signing The response message will look like the following if the TEE signing
can work to sign the error response message. can work to sign the error response message.
{ {
"GetDeviceTEEStateTBSResponse": { "GetDeviceTEEStateTBSResponse": {
"ver": "1.0", "ver": "1.0",
"status": "fail", "status": "fail",
"rid": "<the request ID from the request message>", "rid": "<the request ID from the request message>",
"tid": "<the transaction ID from the request message>", "tid": "<the transaction ID from the request message>",
"reason": {"error-code":"<error code>"} "reason": {"error-code":"<error code>"}
skipping to change at page 45, line 36 skipping to change at page 45, line 36
"CreateSDResponse": { "CreateSDResponse": {
"payload": "<CreateSDTBSResponse JSON above>", "payload": "<CreateSDTBSResponse JSON above>",
"protected": { "protected": {
"<BASE64URL of signing algorithm>" "<BASE64URL of signing algorithm>"
}, },
"signature": "<signature contents signed by the TEE device private "signature": "<signature contents signed by the TEE device private
key (BASE64URL)>" key (BASE64URL)>"
} }
} }
A response message type "status" will be returned when the TEE fails When the TEE fails to respond, the OTrP Broker will not provide a
to respond. The OTrP Broker is responsible to create this message. subsequent response to the TAM. The TAM should treat this as if the
device has gone offline where a response is never delivered back.
{
"status": {
"result": "fail",
"error-code": "ERR_AGENT_TEE_FAIL",
"error-message": "TEE fails to respond"
}
}
9.2.1.4. Error Conditions 9.2.1.4. Error Conditions
An error might occur if a request isn't valid or the TEE runs into An error might occur if a request isn't valid or the TEE runs into
some error. The list of possible errors are as follows. Refer to some error. The list of possible errors are as follows. Refer to
the Error Code List (Section 13.1) for detailed causes and actions. the Error Code List (Section 13.1) for detailed causes and actions.
ERR_AGENT_TEE_BUSY
ERR_AGENT_TEE_FAIL
ERR_AGENT_TEE_UNKNOWN
ERR_REQUEST_INVALID ERR_REQUEST_INVALID
ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_MSG_VERSION
ERR_UNSUPPORTED_CRYPTO_ALG ERR_UNSUPPORTED_CRYPTO_ALG
ERR_DEV_STATE_MISMATCH ERR_DEV_STATE_MISMATCH
ERR_SD_ALREADY_EXIST ERR_SD_ALREADY_EXIST
ERR_SD_NOT_FOUND ERR_SD_NOT_FOUND
ERR_SPCERT_INVALID ERR_SPCERT_INVALID
ERR_TEE_FAIL ERR_TEE_FAIL
skipping to change at page 52, line 16 skipping to change at page 52, line 16
"UpdateSDResponse": { "UpdateSDResponse": {
"payload": "<UpdateSDTBSResponse JSON above>", "payload": "<UpdateSDTBSResponse JSON above>",
"protected": { "protected": {
"<BASE64URL of signing algorithm>" "<BASE64URL of signing algorithm>"
}, },
"signature": "<signature contents signed by TEE device private "signature": "<signature contents signed by TEE device private
key (BASE64URL)>" key (BASE64URL)>"
} }
} }
A response message type "status" will be returned when the TEE fails When the TEE fails to respond, the OTrP Broker will not provide a
to respond. The OTrP Broker is responsible to create this message. subsequent response to the TAM. The TAM should treat this as if the
device has gone offline where a response is never delivered back.
{
"status": {
"result": "fail",
"error-code": "ERR_AGENT_TEE_FAIL",
"error-message": "<TEE fails to respond message>"
}
}
9.2.2.4. Error Conditions 9.2.2.4. Error Conditions
An error may occur if a request isn't valid or the TEE runs into some An error may occur if a request isn't valid or the TEE runs into some
error. The list of possible errors are as follows. Refer to the error. The list of possible errors are as follows. Refer to the
Error Code List (Section 13.1) for detailed causes and actions. Error Code List (Section 13.1) for detailed causes and actions.
ERR_AGENT_TEE_BUSY
ERR_AGENT_TEE_FAIL
ERR_AGENT_TEE_UNKNOWN
ERR_REQUEST_INVALID ERR_REQUEST_INVALID
ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_MSG_VERSION
ERR_UNSUPPORTED_CRYPTO_ALG ERR_UNSUPPORTED_CRYPTO_ALG
ERR_DEV_STATE_MISMATCH ERR_DEV_STATE_MISMATCH
ERR_SD_NOT_FOUND ERR_SD_NOT_FOUND
skipping to change at page 57, line 40 skipping to change at page 57, line 18
"DeleteSDResponse": { "DeleteSDResponse": {
"payload": "<DeleteSDTBSResponse JSON above>", "payload": "<DeleteSDTBSResponse JSON above>",
"protected": { "protected": {
"<BASE64URL of signing algorithm>" "<BASE64URL of signing algorithm>"
}, },
"signature": "<signature contents signed by TEE device "signature": "<signature contents signed by TEE device
private key (BASE64URL)>" private key (BASE64URL)>"
} }
} }
A response message type "status" will be returned when the TEE fails When the TEE fails to respond, the OTrP Broker will not provide a
to respond. The OTrP Broker is responsible to create this message. subsequent response to the TAM. The TAM should treat this as if the
device has gone offline where a response is never delivered back.
{
"status": {
"result": "fail",
"error-code": "ERR_AGENT_TEE_FAIL",
"error-message": "TEE fails to respond"
}
}
9.2.3.4. Error Conditions 9.2.3.4. Error Conditions
An error may occur if a request isn't valid or the TEE runs into some An error may occur if a request isn't valid or the TEE runs into some
error. The list of possible errors is as follows. Refer to the error. The list of possible errors is as follows. Refer to the
Error Code List (Section 13.1) for detailed causes and actions. Error Code List (Section 13.1) for detailed causes and actions.
ERR_AGENT_TEE_BUSY
ERR_AGENT_TEE_FAIL
ERR_AGENT_TEE_UNKNOWN
ERR_REQUEST_INVALID ERR_REQUEST_INVALID
ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_MSG_VERSION
ERR_UNSUPPORTED_CRYPTO_ALG ERR_UNSUPPORTED_CRYPTO_ALG
ERR_DEV_STATE_MISMATCH ERR_DEV_STATE_MISMATCH
ERR_SD_NOT_EMPTY ERR_SD_NOT_EMPTY
skipping to change at page 63, line 38 skipping to change at page 62, line 38
"InstallTAResponse": { "InstallTAResponse": {
"payload":"<InstallTATBSResponse JSON above>", "payload":"<InstallTATBSResponse JSON above>",
"protected": { "protected": {
"<BASE64URL of signing algorithm>" "<BASE64URL of signing algorithm>"
}, },
"signature": "<signature contents signed by TEE device "signature": "<signature contents signed by TEE device
private key (BASE64URL)>" private key (BASE64URL)>"
} }
} }
A response message type "status" will be returned when the TEE fails When the TEE fails to respond, the OTrP Broker will not provide a
to respond. The OTrP Broker is responsible to create this message. subsequent response to the TAM. The TAM should treat this as if the
device has gone offline where a response is never delivered back.
{
"status": {
"result": "fail",
"error-code": "ERR_AGENT_TEE_FAIL",
"error-message": "TEE fails to respond"
}
}
9.3.1.3. Error Conditions 9.3.1.3. Error Conditions
An error may occur if a request isn't valid or the TEE runs into some An error may occur if a request isn't valid or the TEE runs into some
error. The list of possible errors are as follows. Refer to the error. The list of possible errors are as follows. Refer to the
Error Code List (Section 13.1) for detailed causes and actions. Error Code List (Section 13.1) for detailed causes and actions.
ERR_AGENT_TEE_BUSY
ERR_AGENT_TEE_FAIL
ERR_AGENT_TEE_UNKNOWN
ERR_REQUEST_INVALID ERR_REQUEST_INVALID
ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_MSG_VERSION
ERR_UNSUPPORTED_CRYPTO_ALG ERR_UNSUPPORTED_CRYPTO_ALG
ERR_DEV_STATE_MISMATCH ERR_DEV_STATE_MISMATCH
ERR_SD_NOT_FOUND ERR_SD_NOT_FOUND
ERR_TA_INVALID ERR_TA_INVALID
ERR_TA_ALREADY_INSTALLED ERR_TA_ALREADY_INSTALLED
skipping to change at page 68, line 38 skipping to change at page 67, line 38
"UpdateTAResponse": { "UpdateTAResponse": {
"payload":"<UpdateTATBSResponse JSON above>", "payload":"<UpdateTATBSResponse JSON above>",
"protected": { "protected": {
"<BASE64URL of signing algorithm>" "<BASE64URL of signing algorithm>"
}, },
"signature": "<signature contents signed by TEE device "signature": "<signature contents signed by TEE device
private key (BASE64URL)>" private key (BASE64URL)>"
} }
} }
A response message type "status" will be returned when the TEE fails When the TEE fails to respond, the OTrP Broker will not provide a
to respond. The OTrP Broker is responsible to create this message. subsequent response to the TAM. The TAM should treat this as if the
device has gone offline where a response is never delivered back.
{
"status": {
"result": "fail",
"error-code": "ERR_AGENT_TEE_FAIL",
"error-message": "TEE fails to respond"
}
}
9.3.2.3. Error Conditions 9.3.2.3. Error Conditions
An error may occur if a request isn't valid or the TEE runs into some An error may occur if a request isn't valid or the TEE runs into some
error. The list of possible errors are as follows. Refer to the error. The list of possible errors are as follows. Refer to the
Error Code List (Section 13.1) for detailed causes and actions. Error Code List (Section 13.1) for detailed causes and actions.
ERR_AGENT_TEE_BUSY
ERR_AGENT_TEE_FAIL
ERR_AGENT_TEE_UNKNOWN
ERR_REQUEST_INVALID ERR_REQUEST_INVALID
ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_MSG_VERSION
ERR_UNSUPPORTED_CRYPTO_ALG ERR_UNSUPPORTED_CRYPTO_ALG
ERR_DEV_STATE_MISMATCH ERR_DEV_STATE_MISMATCH
ERR_SD_NOT_FOUND ERR_SD_NOT_FOUND
ERR_TA_INVALID ERR_TA_INVALID
ERR_TA_NOT_FOUND ERR_TA_NOT_FOUND
skipping to change at page 72, line 43 skipping to change at page 71, line 38
"DeleteTAResponse": { "DeleteTAResponse": {
"payload": "<DeleteTATBSResponse JSON above>", "payload": "<DeleteTATBSResponse JSON above>",
"protected": { "protected": {
"<BASE64URL of signing algorithm>" "<BASE64URL of signing algorithm>"
}, },
"signature": "<signature contents signed by TEE device "signature": "<signature contents signed by TEE device
private key (BASE64URL)>" private key (BASE64URL)>"
} }
} }
A response message type "status" will be returned when the TEE fails When the TEE fails to respond, the OTrP Broker will not provide a
to respond. The OTrP Broker is responsible to create this message. subsequent response to the TAM. The TAM should treat this as if the
device has gone offline where a response is never delivered back.
{
"status": {
"result": "fail",
"error-code": "ERR_AGENT_TEE_FAIL",
"error-message": "TEE fails to respond"
}
}
9.3.3.4. Error Conditions 9.3.3.4. Error Conditions
An error may occur if a request isn't valid or the TEE runs into some An error may occur if a request isn't valid or the TEE runs into some
error. The list of possible errors are as follows. Refer to the error. The list of possible errors are as follows. Refer to the
Error Code List (Section 13.1) for detailed causes and actions. Error Code List (Section 13.1) for detailed causes and actions.
ERR_AGENT_TEE_BUSY
ERR_AGENT_TEE_FAIL
ERR_AGENT_TEE_UNKNOWN
ERR_REQUEST_INVALID ERR_REQUEST_INVALID
ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_MSG_VERSION
ERR_UNSUPPORTED_CRYPTO_ALG ERR_UNSUPPORTED_CRYPTO_ALG
ERR_DEV_STATE_MISMATCH ERR_DEV_STATE_MISMATCH
ERR_SD_NOT_FOUND ERR_SD_NOT_FOUND
ERR_TA_NOT_FOUND ERR_TA_NOT_FOUND
ERR_TEE_FAIL ERR_TEE_FAIL
skipping to change at page 77, line 49 skipping to change at page 76, line 26
12.3.3. Attestation Hierarchy Establishment: TAM 12.3.3. Attestation Hierarchy Establishment: TAM
Before a TAM can begin operation in the marketplace to support Before a TAM can begin operation in the marketplace to support
devices of a given TEE, it must obtain a TAM certificate from a CA devices of a given TEE, it must obtain a TAM certificate from a CA
that is registered in the trust store of devices with that TEE. In that is registered in the trust store of devices with that TEE. In
this way, the TEE can check the intermediate and root CA and verify this way, the TEE can check the intermediate and root CA and verify
that it trusts this TAM to perform operations on the TEE. that it trusts this TAM to perform operations on the TEE.
13. IANA Considerations 13. IANA Considerations
There are two IANA requests: a media type and list of error codes.
This section first requests that IANA assign a media type:
application/otrp+json.
Type name: application
Subtype name: otrp+json
Required parameters: none
Optional parameters: none
Encoding considerations: Same as encoding considerations of
application/json as specified in Section 11 of [RFC7159]
Security considerations: See Section 12 of [RFC7159] and Section 14
of this document
Interoperability considerations: Same as interoperability
considerations of application/json as specified in [RFC7159]
Published specification: [TEEPArch]
Applications that use this media type: OTrP implementations
Fragment identifier considerations: N/A
Additional information:
Deprecated alias names for this type: N/A
Magic number(s): N/A
File extension(s): N/A
Macintosh file type code(s): N/A
Person to contact for further information: teep@ietf.org
Intended usage: COMMON
Restrictions on usage: none
Author: See the "Authors' Addresses" section of this document
Change controller: IETF
The error code listed in the next section will be registered. The error code listed in the next section will be registered.
13.1. Error Code List 13.1. Error Code List
This section lists error codes that could be reported by a TA or TEE This section lists error codes that could be reported by a TA or TEE
in a device in responding to a TAM request, and a separate list that in a device in responding to a TAM request, and a separate list that
OTrP Broker may return when the TEE fails to respond. OTrP Broker may return when the TEE fails to respond.
13.1.1. TEE Signed Error Code List 13.1.1. TEE Signed Error Code List
skipping to change at page 79, line 21 skipping to change at page 78, line 43
validity of the TAM certificate, etc. If the TEE finds that the validity of the TAM certificate, etc. If the TEE finds that the
TAM is not trustworthy, then it will return this error code. TAM is not trustworthy, then it will return this error code.
ERR_UNSUPPORTED_CRYPTO_ALG - This error will occur if a TEE receives ERR_UNSUPPORTED_CRYPTO_ALG - This error will occur if a TEE receives
a request message encoded with cryptographic algorithms that the a request message encoded with cryptographic algorithms that the
TEE doesn't support. TEE doesn't support.
ERR_UNSUPPORTED_MSG_VERSION - This error will occur if a TEE ERR_UNSUPPORTED_MSG_VERSION - This error will occur if a TEE
receives a message version that the TEE can't deal with. receives a message version that the TEE can't deal with.
13.1.2. OTrP Broker Error Code List
ERR_AGENT_TEE_UNKNOWN - This error will occur if the receiver TEE is
not supposed to receive the request. That will be determined by
checking the TEE name or device id in the request message.
ERR_AGENT_TEE_BUSY - The device TEE is busy. The request can be
generally sent again to retry.
ERR_AGENT_TEE_FAIL - The TEE fails to respond to a TAM request. The
OTrP Broker will construct an error message in responding to the
TAM's request.
14. Security Consideration 14. Security Consideration
14.1. Cryptographic Strength 14.1. Cryptographic Strength
The strength of the cryptographic algorithms, using the measure of The strength of the cryptographic algorithms, using the measure of
'bits of security' defined in NIST SP800-57 allowed for OTrP is: 'bits of security' defined in NIST SP800-57 allowed for OTrP is:
o At a minimum, 112 bits of security. The limiting factor for this o At a minimum, 112 bits of security. The limiting factor for this
is the RSA-2048 algorithm, which is indicated as providing 112 is the RSA-2048 algorithm, which is indicated as providing 112
bits of symmetric key strength in SP800-57. It is important that bits of symmetric key strength in SP800-57. It is important that
skipping to change at page 84, line 49 skipping to change at page 84, line 11
flow diagrams. We also thank the following people (in alphabetical flow diagrams. We also thank the following people (in alphabetical
order) for their input and review: Sangsu Baek, Rob Coombs, Dapeng order) for their input and review: Sangsu Baek, Rob Coombs, Dapeng
Liu, Dave Thaler, and Pengfei Zhao. Liu, Dave Thaler, and Pengfei Zhao.
16. References 16. References
16.1. Normative References 16.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997,
editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<https://www.rfc-editor.org/info/rfc4648>. <https://www.rfc-editor.org/info/rfc4648>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014, <https://www.rfc-editor.org/info/rfc7159>.
[RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
2015, <https://www.rfc-editor.org/info/rfc7515>. 2015, <https://www.rfc-editor.org/info/rfc7515>.
[RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
RFC 7516, DOI 10.17487/RFC7516, May 2015, RFC 7516, DOI 10.17487/RFC7516, May 2015,
<https://www.rfc-editor.org/info/rfc7516>. <https://www.rfc-editor.org/info/rfc7516>.
[RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517,
DOI 10.17487/RFC7517, May 2015, <https://www.rfc- DOI 10.17487/RFC7517, May 2015,
editor.org/info/rfc7517>. <https://www.rfc-editor.org/info/rfc7517>.
[RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, [RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518,
DOI 10.17487/RFC7518, May 2015, <https://www.rfc- DOI 10.17487/RFC7518, May 2015,
editor.org/info/rfc7518>. <https://www.rfc-editor.org/info/rfc7518>.
[TEEPArch] [TEEPArch]
Pei, M., Tschofenig, H., Atyeo, A., and D. Liu, "Trusted Pei, M., Tschofenig, H., Atyeo, A., and D. Liu, "Trusted
Execution Environment Provisioning (TEEP) Architecture", Execution Environment Provisioning (TEEP) Architecture",
2018, <https://tools.ietf.org/html/draft-ietf-teep- 2018, <https://tools.ietf.org/html/
architecture-01>. draft-ietf-teep-architecture-02>.
16.2. Informative References 16.2. Informative References
[GPTEE] Global Platform, "Global Platform, GlobalPlatform Device [GPTEE] Global Platform, "Global Platform, GlobalPlatform Device
Technology: TEE System Architecture, v1.0", 2013. Technology: TEE System Architecture, v1.0", 2013.
[GPTEECLAPI] [GPTEECLAPI]
Global Platform, "Global Platform, GlobalPlatform Device Global Platform, "Global Platform, GlobalPlatform Device
Technology: TEE Client API Specification, v1.0", 2013. Technology: TEE Client API Specification, v1.0", 2013.
 End of changes. 43 change blocks. 
186 lines changed or deleted 136 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/