Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EAT Measured Components as measurement values #381

Open
thomas-fossati opened this issue Feb 17, 2025 · 6 comments
Open

EAT Measured Components as measurement values #381

thomas-fossati opened this issue Feb 17, 2025 · 6 comments

Comments

@thomas-fossati
Copy link
Collaborator

thomas-fossati commented Feb 17, 2025
edited
Loading

EAT Measured Components (MC) are an extension to the EAT type system that can be used to model "measurable" objects of an attester's target environment, i.e., objects whose state can be sampled and digested.

Examples of such measured components include the invariant part of firmware loaded in memory at startup time, a run-time integrity check (RTIC), a file system object, or a CPU register.

MCs are defined as extensions of the EAT Measurement claim, alongside "payload" CoSWIDs.
Unlike CoSWID, these do not require an anchoring file system, making them more suitable for early boot components.

Arm PSA and CCA software components can be straightforwardly mapped to MCs.
Future attester technologies utilizing EAT will be able to use MCs seamlessly.

MCs reuse some parts of the CoRIM type systems (namely, digest and version) and have CBOR and JSON serialisations.

This issue tracks their addition to the measurement-values map.
@thomas-fossati
Copy link
Collaborator Author

thomas-fossati commented Feb 17, 2025
edited
Loading

The CBOR-only CDDL is as follows:

measured-component = {
  &(id: 1) => component-id
  &(measurement: 2) => digest
  ? &(signers: 3) => [ + bytes ]
  ? &(flags: 4) => bytes .size 4
}

where

component-id = [
  name: text
  ? version: version
]

The semantics of the fields are described in Section 4.1 of I-D.rats-eat-measured-component.

@deeglaze
Copy link
Collaborator

flags is not in your referenced document, so I can't assess what its meaning is.

It grinds my gears a little bit to see version as a 1- or 2-element array when we have version-map as a 1- or 2-entry map with the same value space. Oh well.

@thomas-fossati
Copy link
Collaborator Author

flags is not in your referenced document, so I can't assess what its meaning is.

Wrong link, sorry. Fixed now.

It grinds my gears a little bit to see version as a 1- or 2-element array when we have version-map as a 1- or 2-entry map with the same value space. Oh well.

You are right. I will align MC with CoRIM.

@thomas-fossati thomas-fossati mentioned this issue Feb 19, 2025
Open
@thomas-fossati
Copy link
Collaborator Author

It grinds my gears a little bit to see version as a 1- or 2-element array when we have version-map as a 1- or 2-entry map with the same value space. Oh well.

You are right. I will align MC with CoRIM.

On second thoughts, I've opened #384 .

@deeglaze
Copy link
Collaborator

profile-flags
"a 64-bit field with profile-defined semantics, see Section 4.1.3."

How do you fit 64 bits in 4 bytes? That document says at most 64 bits, not exactly. So why isn't this bytes .size 4 / bytes .size 5 / bytes .size 6 / bytes .size 7 / bytes .size 8?

@thomas-fossati
Copy link
Collaborator Author

profile-flags
"a 64-bit field with profile-defined semantics, see Section 4.1.3."

How do you fit 64 bits in 4 bytes? That document says at most 64 bits, not exactly. So why isn't this bytes .size 4 / bytes .size 5 / bytes .size 6 / bytes .size 7 / bytes .size 8?

Thanks for spotting it. It's fixed in the editors' copy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deeglaze @thomas-fossati