draft-ietf-rats-yang-tpm-charra-03.txt   draft-ietf-rats-yang-tpm-charra-04.txt 
RATS Working Group H. Birkholz RATS Working Group H. Birkholz
Internet-Draft M. Eckel Internet-Draft M. Eckel
Intended status: Standards Track Fraunhofer SIT Intended status: Standards Track Fraunhofer SIT
Expires: April 3, 2021 E. Voit Expires: June 19, 2021 S. Bhandari
S. Bhandari ThoughtSpot
E. Voit
B. Sulzen B. Sulzen
Cisco Cisco
L. Xia L. Xia
Huawei Huawei
T. Laffey T. Laffey
HPE HPE
G. Fedorkow G. Fedorkow
Juniper Juniper
September 30, 2020 December 16, 2020
A YANG Data Model for Challenge-Response-based Remote Attestation A YANG Data Model for Challenge-Response-based Remote Attestation
Procedures using TPMs Procedures using TPMs
draft-ietf-rats-yang-tpm-charra-03 draft-ietf-rats-yang-tpm-charra-04
Abstract Abstract
This document defines a YANG RPC and a minimal datastore required to This document defines a YANG RPC and a minimal datastore required to
retrieve attestation evidence about integrity measurements from a retrieve attestation evidence about integrity measurements from a
device following the operational context defined in device following the operational context defined in
[I-D.ietf-rats-tpm-based-network-device-attest]. Complementary [I-D.ietf-rats-tpm-based-network-device-attest]. Complementary
measurement logs are also provided by the YANG RPC originating from measurement logs are also provided by the YANG RPC originating from
one or more roots of trust of measurement. The module defined one or more roots of trust of measurement. The module defined
requires at least one TPM 1.2 or TPM 2.0 and corresponding Trusted requires at least one TPM 1.2 or TPM 2.0 and corresponding Trusted
skipping to change at page 1, line 48 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 19, 2021.
This Internet-Draft will expire on April 3, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 29
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3
2. The YANG Module for Basic Remote Attestation Procedures . . . 3 2. The YANG Module for Basic Remote Attestation Procedures . . . 3
2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3
2.2. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 6 2.2. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 6
2.2.1. ietf-tpm-remote-attestation . . . . . . . . . . . . . 6 2.2.1. ietf-tpm-remote-attestation . . . . . . . . . . . . . 6
2.2.2. ietf-tcg-algs . . . . . . . . . . . . . . . . . . . . 35 2.2.2. ietf-tcg-algs . . . . . . . . . . . . . . . . . . . . 30
3. IANA considerations . . . . . . . . . . . . . . . . . . . . . 51 3. IANA considerations . . . . . . . . . . . . . . . . . . . . . 46
4. Security Considerations . . . . . . . . . . . . . . . . . . . 51 4. Security Considerations . . . . . . . . . . . . . . . . . . . 46
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 52 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 47
6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 52 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 47
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 49
7.1. Normative References . . . . . . . . . . . . . . . . . . 53 7.1. Normative References . . . . . . . . . . . . . . . . . . 49
7.2. Informative References . . . . . . . . . . . . . . . . . 54 7.2. Informative References . . . . . . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50
1. Introduction 1. Introduction
This document is based on the terminology defined in the This document is based on the terminology defined in the
[I-D.ietf-rats-architecture] and uses the operational context defined [I-D.ietf-rats-architecture] and uses the operational context defined
in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the
interaction model and information elements defined in interaction model and information elements defined in
[I-D.birkholz-rats-reference-interaction-model]. The currently [I-D.ietf-rats-reference-interaction-models]. The currently
supported hardware security modules (HWM) are the Trusted Platform supported hardware security modules (HWM) are the Trusted Platform
Module (TPM) [TPM1.2] and [TPM2.0] specified by the Trusted Computing Module (TPM) [TPM1.2] and [TPM2.0] specified by the Trusted Computing
Group (TCG). One ore more TPMs embedded in the components of a Group (TCG). One ore more TPMs embedded in the components of a
composite device - sometimes also referred to as an aggregate device composite device - sometimes also referred to as an aggregate device
- are required in order to use the YANG module defined in this - are required in order to use the YANG module defined in this
document. A TPM is used as a root of trust for reporting (RTR) in document. A TPM is used as a root of trust for reporting (RTR) in
order to retrieve attestation evidence from a composite device (quote order to retrieve attestation evidence from a composite device (quote
primitive operation). Additionally, it is used as a root of trust primitive operation). Additionally, it is used as a root of trust
for storage (RTS) in order to retain shielded secrets and store for storage (RTS) in order to retain shielded secrets and store
system measurements using a folding hash function (extend primitive system measurements using a folding hash function (extend primitive
skipping to change at page 3, line 25 skipping to change at page 3, line 27
2. The YANG Module for Basic Remote Attestation Procedures 2. The YANG Module for Basic Remote Attestation Procedures
One or more TPMs MUST be embedded in the composite device that is One or more TPMs MUST be embedded in the composite device that is
providing attestation evidence via the YANG module defined in this providing attestation evidence via the YANG module defined in this
document. The ietf-basic-remote-attestation YANG module enables a document. The ietf-basic-remote-attestation YANG module enables a
composite device to take on the role of Claimant and Attester in composite device to take on the role of Claimant and Attester in
accordance with the Remote Attestation Procedures (RATS) architecture accordance with the Remote Attestation Procedures (RATS) architecture
[I-D.ietf-rats-architecture] and the corresponding challenge-response [I-D.ietf-rats-architecture] and the corresponding challenge-response
interaction model defined in the interaction model defined in the
[I-D.birkholz-rats-reference-interaction-model] document. A fresh [I-D.ietf-rats-reference-interaction-models] document. A fresh nonce
nonce with an appropriate amount of entropy MUST be supplied by the with an appropriate amount of entropy MUST be supplied by the YANG
YANG client in order to enable a proof-of-freshness with respect to client in order to enable a proof-of-freshness with respect to the
the attestation evidence provided by the attester running the YANG attestation evidence provided by the attester running the YANG
datastore. The functions of this YANG module are restricted to 0-1 datastore. The functions of this YANG module are restricted to 0-1
TPMs per hardware component. TPMs per hardware component.
2.1. Tree Diagram 2.1. Tree Diagram
module: ietf-tpm-remote-attestation module: ietf-tpm-remote-attestation
+--rw rats-support-structures +--rw rats-support-structures
+--rw compute-nodes! +--rw compute-nodes {tpm:TPMs}?
| +--ro compute-node* [node-id] | +--ro compute-node* [node-id]
| +--ro node-id string | +--ro node-id string
| +--ro node-physical-index? int32 {ietfhw:entity-mib}? | +--ro node-physical-index? int32 {ietfhw:entity-mib}?
| +--ro node-name? string | +--ro node-name? string
| +--ro node-location? string | +--ro node-location? string
+--rw tpms +--rw tpms
| +--rw tpm* [tpm-name] | +--rw tpm* [tpm-name]
| +--rw tpm-name string | +--rw tpm-name string
| +--ro hardware-based? boolean | +--ro hardware-based? boolean
| +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? | +--ro tpm-physical-index? int32 {ietfhw:entity-mib}?
| +--ro tpm-path? string | +--ro tpm-path? string
| +--ro compute-node compute-node-ref | +--ro compute-node compute-node-ref {tpm:TPMs}?
| +--ro tpm-manufacturer? string | +--ro tpm-manufacturer? string
| +--rw tpm-firmware-version identityref | +--rw tpm-firmware-version identityref
| +--rw TPM12-hash-algo? identityref | +--rw TPM12-hash-algo? identityref
| +--rw TPM12-pcrs* pcr | +--rw TPM12-pcrs* pcr
| +--rw tpm20-pcr-bank* [TPM20-hash-algo] | +--rw tpm20-pcr-bank* [TPM20-hash-algo]
| | +--rw TPM20-hash-algo identityref | | +--rw TPM20-hash-algo identityref
| | +--rw pcr-index* tpm:pcr | | +--rw pcr-index* tpm:pcr
| +--ro tpm-status enumeration | +--ro tpm-status enumeration
| +--rw certificates | +--rw certificates
| +--rw certificate* [certificate-name] | +--rw certificate* [certificate-name]
skipping to change at page 4, line 26 skipping to change at page 4, line 28
+--rw tpm12-hash* identityref {taa:TPM12}? +--rw tpm12-hash* identityref {taa:TPM12}?
+--rw tpm20-asymmetric-signing* identityref {taa:TPM20}? +--rw tpm20-asymmetric-signing* identityref {taa:TPM20}?
+--rw tpm20-hash* identityref {taa:TPM20}? +--rw tpm20-hash* identityref {taa:TPM20}?
rpcs: rpcs:
+---x tpm12-challenge-response-attestation {taa:TPM12}? +---x tpm12-challenge-response-attestation {taa:TPM12}?
| +---w input | +---w input
| | +---w tpm12-attestation-challenge | | +---w tpm12-attestation-challenge
| | +---w pcr-index* pcr | | +---w pcr-index* pcr
| | +---w nonce-value binary | | +---w nonce-value binary
| | +---w add-version? boolean
| | +---w certificate-name* certificate-name-ref | | +---w certificate-name* certificate-name-ref
| | {tpm:TPMs}?
| +--ro output | +--ro output
| +--ro tpm12-attestation-response* [] | +--ro tpm12-attestation-response* []
| +--ro certificate-name? certificate-name-ref | +--ro certificate-name certificate-name-ref
| +--ro up-time? uint32 | +--ro up-time? uint32
| +--ro node-id? string | +--ro TPM_QUOTE2? binary
| +--ro node-physical-index? int32
| | {ietfhw:entity-mib}?
| +--ro fixed? binary
| +--ro external-data? binary
| +--ro signature-size? uint32
| +--ro signature? binary
| +--ro (tpm12-quote)
| +--:(tpm12-quote1)
| | +--ro version* []
| | | +--ro major? uint8
| | | +--ro minor? uint8
| | | +--ro rev-Major? uint8
| | | +--ro rev-Minor? uint8
| | +--ro digest-value? binary
| | +--ro TPM_PCR_COMPOSITE* []
| | +--ro pcr-index* pcr
| | +--ro value-size? uint32
| | +--ro tpm12-pcr-value* binary
| +--:(tpm12-quote2)
| +--ro tag? uint8
| +--ro pcr-index* pcr
| +--ro locality-at-release? uint8
| +--ro digest-at-release? binary
+---x tpm20-challenge-response-attestation {taa:TPM20}? +---x tpm20-challenge-response-attestation {taa:TPM20}?
| +---w input | +---w input
| | +---w tpm20-attestation-challenge | | +---w tpm20-attestation-challenge
| | +---w nonce-value binary | | +---w nonce-value binary
| | +---w tpm20-pcr-selection* [] | | +---w tpm20-pcr-selection* []
| | | +---w TPM20-hash-algo? identityref | | | +---w TPM20-hash-algo? identityref
| | | +---w pcr-index* tpm:pcr | | | +---w pcr-index* tpm:pcr
| | +---w certificate-name* certificate-name-ref | | +---w certificate-name* certificate-name-ref
| | {tpm:TPMs}?
| +--ro output | +--ro output
| +--ro tpm20-attestation-response* [] | +--ro tpm20-attestation-response* []
| +--ro certificate-name? certificate-name-ref | +--ro certificate-name certificate-name-ref
| +--ro TPMS_QUOTE_INFO binary | +--ro TPMS_QUOTE_INFO binary
| +--ro quote-signature? binary | +--ro quote-signature? binary
| +--ro up-time? uint32 | +--ro up-time? uint32
| +--ro node-id? string
| +--ro node-physical-index? int32 {ietfhw:entity-mib}?
| +--ro unsigned-pcr-values* [] | +--ro unsigned-pcr-values* []
| +--ro TPM20-hash-algo? identityref | +--ro TPM20-hash-algo? identityref
| +--ro pcr-values* [pcr-index] | +--ro pcr-values* [pcr-index]
| +--ro pcr-index pcr | +--ro pcr-index pcr
| +--ro pcr-value? binary | +--ro pcr-value? binary
+---x log-retrieval +---x log-retrieval
+---w input +---w input
| +---w log-selector* [] | +---w log-selector* []
| | +---w tpm-name* string | | +---w tpm-name* string
| | +---w (index-type)? | | +---w (index-type)?
skipping to change at page 7, line 36 skipping to change at page 7, line 14
single Attestation key, knowledge of the certificate allows a single Attestation key, knowledge of the certificate allows a
specific TPM to be identified. specific TPM to be identified.
container <attester-supported-algos> - Identifies which TCG container <attester-supported-algos> - Identifies which TCG
algorithms are available for use the Attesting platform. This allows algorithms are available for use the Attesting platform. This allows
an operator to limit algorithms available for use by RPCs to just a an operator to limit algorithms available for use by RPCs to just a
desired set from the universe of all allowed by TCG. desired set from the universe of all allowed by TCG.
2.2.1.4. YANG Module 2.2.1.4. YANG Module
<CODE BEGINS> file ietf-tpm-remote-attestation@2020-09-18.yang <CODE BEGINS> file ietf-tpm-remote-attestation@2020-12-09.yang
module ietf-tpm-remote-attestation { module ietf-tpm-remote-attestation {
namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation"; namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";
prefix "tpm"; prefix "tpm";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
import ietf-hardware { import ietf-hardware {
prefix ietfhw; prefix ietfhw;
} }
skipping to change at page 8, line 16 skipping to change at page 7, line 41
organization organization
"IETF RATS (Remote ATtestation procedureS) Working Group"; "IETF RATS (Remote ATtestation procedureS) Working Group";
contact contact
"WG Web : <http://datatracker.ietf.org/wg/rats/> "WG Web : <http://datatracker.ietf.org/wg/rats/>
WG List : <mailto:rats@ietf.org> WG List : <mailto:rats@ietf.org>
Author : Eric Voit <evoit@cisco.com> Author : Eric Voit <evoit@cisco.com>
Author : Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Author : Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Author : Michael Eckel <michael.eckel@sit.fraunhofer.de> Author : Michael Eckel <michael.eckel@sit.fraunhofer.de>
Author : Shwetha Bhandari <shwethab@cisco.com> Author : Shwetha Bhandari <shwetha.bhandari@thoughtspot.com>
Author : Bill Sulzen <bsulzen@cisco.com> Author : Bill Sulzen <bsulzen@cisco.com>
Author : Liang Xia (Frank) <frank.xialiang@huawei.com> Author : Liang Xia (Frank) <frank.xialiang@huawei.com>
Author : Tom Laffey <tom.laffey@hpe.com> Author : Tom Laffey <tom.laffey@hpe.com>
Author : Guy Fedorkow <gfedorkow@juniper.net>"; Author : Guy Fedorkow <gfedorkow@juniper.net>";
description description
"A YANG module to enable a TPM 1.2 and TPM 2.0 based "A YANG module to enable a TPM 1.2 and TPM 2.0 based
remote attestation procedure using a challenge-response remote attestation procedure using a challenge-response
interaction model and the TPM 1.2 and TPM 2.0 Quote interaction model and the TPM 1.2 and TPM 2.0 Quote
primitive operations. primitive operations.
skipping to change at page 9, line 7 skipping to change at page 8, line 33
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
itself for full legal notices. itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 (RFC 2119) are to be interpreted as described in BCP 14 (RFC 2119)
(RFC 8174) when, and only when, they appear in all (RFC 8174) when, and only when, they appear in all
capitals, as shown here."; capitals, as shown here.";
revision "2020-09-18" { revision "2020-12-15" {
description description
"Initial version"; "Initial version";
reference reference
"draft-ietf-rats-yang-tpm-charra"; "draft-ietf-rats-yang-tpm-charra";
} }
/*****************/ /*****************/
/* Features */
/*****************/
feature TPMs {
description
"The device supports the remote attestation of multiple
TPM based cryptoprocessors.";
}
/*****************/
/* Typedefs */ /* Typedefs */
/*****************/ /*****************/
typedef pcr { typedef pcr {
type uint8 { type uint8 {
range "0..31"; range "0..31";
} }
description description
"Valid index number for a PCR. At this point 0-31 is viable."; "Valid index number for a PCR. At this point 0-31 is viable.";
} }
skipping to change at page 13, line 48 skipping to change at page 13, line 36
} }
} }
grouping certificate-name-ref { grouping certificate-name-ref {
description description
"Identifies a certificate in a keystore."; "Identifies a certificate in a keystore.";
leaf certificate-name { leaf certificate-name {
type certificate-name-ref; type certificate-name-ref;
description description
"Identifies a certificate in a keystore."; "Identifies a certificate in a keystore.";
mandatory true;
} }
} }
grouping tpm-name { grouping tpm-name {
description description
"A unique TPM on a device."; "A unique TPM on a device.";
leaf tpm-name { leaf tpm-name {
type string; type string;
description description
"Unique system generated name for a TPM on a device."; "Unique system generated name for a TPM on a device.";
skipping to change at page 14, line 27 skipping to change at page 14, line 16
type string; type string;
config false; config false;
description description
"Name of one or more unique TPMs on a device. If this object "Name of one or more unique TPMs on a device. If this object
exists, a selection should pull only the objects related to exists, a selection should pull only the objects related to
these TPM(s). If it does not exist, all qualifying TPMs that these TPM(s). If it does not exist, all qualifying TPMs that
are 'hardware-based' equals true on the device are selected."; are 'hardware-based' equals true on the device are selected.";
} }
} }
grouping compute-node-identifier {
description
"In a distributed system with multiple compute nodes
this is the node identified by name and physical-index.";
leaf node-id {
type string;
description
"ID of the compute node, such as Board Serial Number.";
}
leaf node-physical-index {
if-feature ietfhw:entity-mib;
type int32 {
range "1..2147483647";
}
config false;
description
"The entPhysicalIndex for the compute node.";
reference
"RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
}
}
grouping tpm12-pcr-info-short {
description
"This structure is for defining a digest at release when the only
information that is necessary is the release configuration.";
uses tpm12-pcr-selection;
leaf locality-at-release {
type uint8;
description
"This SHALL be the locality modifier required to release the
information (TPM 1.2 type TPM_LOCALITY_SELECTION)";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007
Section 8.6";
}
leaf digest-at-release {
type binary;
description
"This SHALL be the digest of the PCR indices and PCR values
to verify when revealing auth data (TPM 1.2 type
TPM_COMPOSITE_HASH).";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007
Section 5.4.1.";
}
}
grouping tpm12-version {
description
"This structure provides information relative the version of
the TPM.";
list version {
description
"This indicates the version of the structure
(TPM 1.2 type TPM_STRUCT_VER). This MUST be 1.1.0.0.";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007
Section 5.1.";
leaf major {
type uint8;
description
"Indicates the major version of the structure.
MUST be 0x01.";
}
leaf minor {
type uint8;
description
"Indicates the minor version of the structure.
MUST be 0x01.";
}
leaf rev-Major {
type uint8;
description
"Indicates the rev major version of the structure.
MUST be 0x00.";
}
leaf rev-Minor {
type uint8;
description
"Indicates the rev minor version of the structure.
MUST be 0x00.";
}
}
}
grouping tpm12-quote-info-common {
description
"These statements are within both quote variants of the TPM 1.2";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007,
Section 11.3 & 11.4.";
leaf fixed {
type binary;
description
"This SHALL always be the string 'QUOT' or 'QUO2'
(length is 4 bytes).";
}
leaf external-data {
type binary;
description
"160 bits of externally supplied data, typically a nonce.";
}
leaf signature-size {
type uint32;
description
"The size of TPM 1.2 'signature' value.";
}
leaf signature {
type binary;
description
"Signature over hash of tpm12-quote-info2'.";
}
}
grouping tpm12-quote-info {
description
"This structure provides the mechanism for the TPM to quote the
current values of a list of PCRs (as used by the TPM_Quote2
command).";
uses tpm12-version;
leaf digest-value {
type binary;
description
"This SHALL be the result of the composite hash algorithm using
the current values of the requested PCR indices
(TPM 1.2 type TPM_COMPOSITE_HASH.)";
}
}
grouping tpm12-quote-info2 {
description
"This structure provides the mechanism for the TPM to quote the
current values of a list of PCRs
(as used by the TPM_Quote2 command).";
leaf tag {
type uint8;
description
"This SHALL be TPM_TAG_QUOTE_INFO2.";
}
uses tpm12-pcr-info-short;
}
grouping tpm12-cap-version-info {
description
"TPM returns the current version and revision of the TPM 1.2 .";
list TPM_PCR_COMPOSITE {
description
"The TPM 1.2 TPM_PCRVALUEs for the pcr-indices.";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007, Section 8.2";
uses tpm12-pcr-selection;
leaf value-size {
type uint32;
description
"This SHALL be the size of the 'tpm12-pcr-value' field
(not the number of PCRs).";
}
leaf-list tpm12-pcr-value {
type binary;
description
"The list of TPM_PCRVALUEs from each PCR selected in sequence
of tpm12-pcr-selection.";
}
list version-info {
description
"An optional output parameter from a TPM 1.2 TPM_Quote2.";
leaf tag {
type uint16; /* This should be converted into an ENUM */
description
"The TPM 1.2 version and revision
(TPM 1.2 type TPM_STRUCTURE_TAG).
This MUST be TPM_CAP_VERSION_INFO (0x0030)";
}
uses tpm12-version;
leaf spec-level {
type uint16;
description
"A number indicating the level of ordinals supported.";
}
leaf errata-rev {
type uint8;
description
"A number indicating the errata version of the
specification.";
}
leaf tpm-vendor-id {
type binary;
description
"The vendor ID unique to each TPM manufacturer.";
}
leaf vendor-specific-size {
type uint16;
description
"The size of the vendor-specific area.";
}
leaf vendor-specific {
type binary;
description
"Vendor specific information.";
}
}
}
}
grouping tpm12-pcr-composite {
description
"The actual values of the selected PCRs (a list of TPM_PCRVALUEs
(binary) and associated metadata for TPM 1.2.";
list TPM_PCR_COMPOSITE {
description
"The TPM 1.2 TPM_PCRVALUEs for the pcr-indices.";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007, Section 8.2";
uses tpm12-pcr-selection;
leaf value-size {
type uint32;
description
"This SHALL be the size of the 'tpm12-pcr-value' field
(not the number of PCRs).";
}
leaf-list tpm12-pcr-value {
type binary;
description
"The list of TPM_PCRVALUEs from each PCR selected in sequence
of tpm12-pcr-selection.";
}
}
}
grouping node-uptime { grouping node-uptime {
description description
"Uptime in seconds of the node."; "Uptime in seconds of the node.";
leaf up-time { leaf up-time {
type uint32; type uint32;
description description
"Uptime in seconds of this node reporting its data"; "Uptime in seconds of this node reporting its data";
} }
} }
grouping tpm12-attestation { grouping tpm12-attestation {
description description
"Contains an instance of TPM1.2 style signed cryptoprocessor "Contains an instance of TPM1.2 style signed cryptoprocessor
measurements. It is supplemented by unsigned Attester measurements. It is supplemented by unsigned Attester
information."; information.";
uses node-uptime; uses node-uptime;
uses compute-node-identifier; leaf TPM_QUOTE2 {
uses tpm12-quote-info-common; type binary;
choice tpm12-quote {
mandatory true;
description description
"Either a tpm12-quote-info or tpm12-quote-info2, depending "Result of a TPM1.2 Quote2 operation. This includes PCRs,
on whether TPM_Quote or TPM_Quote2 was used signatures, locality, the provided nonce and other data which
(cf. input field add-verson)."; can be further parsed to appraise the Attester.";
case tpm12-quote1 { reference
description "TPM1.2 commands rev116 July 2007, Section 16.5";
"BIOS/UEFI event logs";
uses tpm12-quote-info;
uses tpm12-pcr-composite;
}
case tpm12-quote2 {
description
"BIOS/UEFI event logs";
uses tpm12-quote-info2;
}
} }
} }
grouping tpm20-attestation { grouping tpm20-attestation {
description description
"Contains an instance of TPM2 style signed cryptoprocessor "Contains an instance of TPM2 style signed cryptoprocessor
measurements. It is supplemented by unsigned Attester measurements. It is supplemented by unsigned Attester
information."; information.";
leaf TPMS_QUOTE_INFO { leaf TPMS_QUOTE_INFO {
mandatory true; mandatory true;
skipping to change at page 20, line 32 skipping to change at page 15, line 19
TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.12.1"; TPM-Rev-2.0-Part-2-Structures-01.38.pdf Section 10.12.1";
} }
leaf quote-signature { leaf quote-signature {
type binary; type binary;
description description
"Quote signature returned by TPM Quote. The signature was "Quote signature returned by TPM Quote. The signature was
generated using the key associated with the generated using the key associated with the
certificate-name."; certificate-name.";
} }
uses node-uptime; uses node-uptime;
uses compute-node-identifier;
list unsigned-pcr-values { list unsigned-pcr-values {
description description
"PCR values in each PCR bank. This often should not be "PCR values in each PCR bank. This might appear redundant with
necessary for TPM2, as the raw information needing the TPM2B_DIGEST, but that digest is calculated across multiple
signature and hash validation will be coming from PCRs. Having to verify across multiple PCRs does not
the 'quote' leaf"; necessarily make it easy for a Verifier to appraise just the
minimum set of PCR information which has changed since the last
received TPM2B_DIGEST. Put another way, why should a Verifier
reconstruct the proper value of all PCR Quotes when only a
single PCR has changed?
To help this happen, if the Attester does know specific PCR
values, the Attester can provide these individual values via
'unsigned-pcr-values'. By comparing this information to the
what has previously been validated, it is possible for a
Verifier to confirm the Attester's signature while eliminating
significant processing.";
uses TPM20-hash-algo; uses TPM20-hash-algo;
list pcr-values { list pcr-values {
key pcr-index; key pcr-index;
description description
"List of one PCR bank."; "List of one PCR bank.";
leaf pcr-index { leaf pcr-index {
type pcr; type pcr;
description description
"PCR index number."; "PCR index number.";
} }
skipping to change at page 26, line 14 skipping to change at page 21, line 11
attesting device."; attesting device.";
input { input {
container tpm12-attestation-challenge { container tpm12-attestation-challenge {
description description
"This container includes every information element defined "This container includes every information element defined
in the reference challenge-response interaction model for in the reference challenge-response interaction model for
remote attestation. Corresponding values are based on remote attestation. Corresponding values are based on
TPM 1.2 structure definitions"; TPM 1.2 structure definitions";
uses tpm12-pcr-selection; uses tpm12-pcr-selection;
uses nonce; uses nonce;
leaf add-version {
type boolean;
description
"Whether or not to include TPM_CAP_VERSION_INFO; if true,
then TPM_Quote2 must be used to create the response.";
reference
"TPM Main Part 2 TPM Structures v1.2 July 2007,
Section 21.6";
}
leaf-list certificate-name { leaf-list certificate-name {
if-feature "tpm:TPMs";
must "/tpm:rats-support-structures/tpm:tpms" + must "/tpm:rats-support-structures/tpm:tpms" +
"/tpm:tpm[tpm:tpm-firmware-version='taa:tpm12']" + "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm12']" +
"/tpm:certificates/" + "/tpm:certificates/" +
"/tpm:certificate[certificate-name-ref=current()]" { "/tpm:certificate[certificate-name-ref=current()]" {
error-message "Not an available TPM1.2 AIK certificate."; error-message "Not an available TPM1.2 AIK certificate.";
} }
type certificate-name-ref; type certificate-name-ref;
description description
"When populated, the RPC will only get a Quote for the "When populated, the RPC will only get a Quote for the
TPMs associated with these certificate(s)."; TPMs associated with these certificate(s).";
skipping to change at page 27, line 21 skipping to change at page 22, line 11
input { input {
container tpm20-attestation-challenge { container tpm20-attestation-challenge {
description description
"This container includes every information element defined "This container includes every information element defined
in the reference challenge-response interaction model for in the reference challenge-response interaction model for
remote attestation. Corresponding values are based on remote attestation. Corresponding values are based on
TPM 2.0 structure definitions"; TPM 2.0 structure definitions";
uses nonce; uses nonce;
uses tpm20-pcr-selection; uses tpm20-pcr-selection;
leaf-list certificate-name { leaf-list certificate-name {
if-feature "tpm:TPMs";
must "/tpm:rats-support-structures/tpm:tpms" + must "/tpm:rats-support-structures/tpm:tpms" +
"/tpm:tpm[tpm:tpm-firmware-version='taa:tpm20']" + "/tpm:tpm[tpm:tpm-firmware-version='taa:tpm20']" +
"/tpm:certificates/" + "/tpm:certificates/" +
"/tpm:certificate[certificate-name-ref=current()]" { "/tpm:certificate[certificate-name-ref=current()]" {
error-message "Not an available TPM2.0 AIK certificate."; error-message "Not an available TPM2.0 AIK certificate.";
} }
type certificate-name-ref; type certificate-name-ref;
description description
"When populated, the RPC will only get a Quote for the "When populated, the RPC will only get a Quote for the
TPMs associated with the certificates."; TPMs associated with the certificates.";
skipping to change at page 29, line 47 skipping to change at page 24, line 38
/**************************************/ /**************************************/
/* Config & Oper accessible nodes */ /* Config & Oper accessible nodes */
/**************************************/ /**************************************/
container rats-support-structures { container rats-support-structures {
description description
"The datastore definition enabling verifiers or relying "The datastore definition enabling verifiers or relying
parties to discover the information necessary to use the parties to discover the information necessary to use the
remote attestation RPCs appropriately."; remote attestation RPCs appropriately.";
container compute-nodes { container compute-nodes {
presence if-feature "tpm:TPMs";
"Indicates that more than one TPM exists on a device.";
description description
"Holds the set device subsystems/components in this composite "Holds the set device subsystems/components in this composite
device that support TPM operations."; device that support TPM operations.";
list compute-node { list compute-node {
key node-id; key node-id;
config false; config false;
min-elements 2; min-elements 2;
uses compute-node-identifier;
description description
"A components in this composite device that RATS which "A component in this composite device that
supports TPM operations."; supports TPM operations.";
leaf node-id {
type string;
description
"ID of the compute node, such as Board Serial Number.";
}
leaf node-physical-index {
if-feature ietfhw:entity-mib;
type int32 {
range "1..2147483647";
}
config false;
description
"The entPhysicalIndex for the compute node.";
reference
"RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
}
leaf node-name { leaf node-name {
type string; type string;
description description
"Name of the compute node."; "Name of the compute node.";
} }
leaf node-location { leaf node-location {
type string; type string;
description description
"Location of the compute node, such as slot number."; "Location of the compute node, such as slot number.";
} }
skipping to change at page 31, line 11 skipping to change at page 26, line 16
"RFC 6933: Entity MIB (Version 4) - entPhysicalIndex"; "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
} }
leaf tpm-path { leaf tpm-path {
type string; type string;
config false; config false;
description description
"Path to a unique TPM on a device. This can change agross "Path to a unique TPM on a device. This can change agross
reboots."; reboots.";
} }
leaf compute-node { leaf compute-node {
when "../../../compute-nodes"; if-feature "tpm:TPMs";
type compute-node-ref; type compute-node-ref;
config false; config false;
mandatory true; mandatory true;
description description
"When there is more that one TPM, this indicates for which "When there is more that one TPM, this indicates for which
compute node this TPM services."; compute node this TPM services.";
} }
leaf tpm-manufacturer { leaf tpm-manufacturer {
type string; type string;
config false; config false;
skipping to change at page 52, line 42 skipping to change at page 47, line 49
RPC: <log-retrieval> - Pulling lots of logs can chew up system RPC: <log-retrieval> - Pulling lots of logs can chew up system
resources. resources.
5. Acknowledgements 5. Acknowledgements
Not yet. Not yet.
6. Change Log 6. Change Log
Changes from version 03 to version 04:
o TPM1.2 Quote1 eliminated
o YANG model simplifications so redundant info isn't exposed
Changes from version 02 to version 03: Changes from version 02 to version 03:
o moved to tcg-algs o moved to tcg-algs
o cleaned up model to eliminate sources of errors o cleaned up model to eliminate sources of errors
o removed key establishment RPC o removed key establishment RPC
o added lots of XPATH which must all be scrubbed still o added lots of XPATH which must all be scrubbed still
o Descriptive text added on model contents. o Descriptive text added on model contents.
Changes from version 01 to version 02: Changes from version 01 to version 02:
o Extracted Crypto-types into a separate YANG file o Extracted Crypto-types into a separate YANG file
o Mades the algorithms explicit, not strings o Mades the algorithms explicit, not strings
o Hash Algo as key the selected TPM2 PCRs o Hash Algo as key the selected TPM2 PCRs
skipping to change at page 53, line 43 skipping to change at page 49, line 9
name to map it back to hardware inventory name to map it back to hardware inventory
o Relabeled name to tpm_name o Relabeled name to tpm_name
o Removed event-string in last-entry o Removed event-string in last-entry
7. References 7. References
7.1. Normative References 7.1. Normative References
[I-D.birkholz-rats-reference-interaction-model]
Birkholz, H., Eckel, M., Newton, C., and L. Chen,
"Reference Interaction Models for Remote Attestation
Procedures", draft-birkholz-rats-reference-interaction-
model-03 (work in progress), July 2020.
[I-D.ietf-netconf-keystore] [I-D.ietf-netconf-keystore]
Watsen, K., "A YANG Data Model for a Keystore", draft- Watsen, K., "A YANG Data Model for a Keystore", draft-
ietf-netconf-keystore-20 (work in progress), August 2020. ietf-netconf-keystore-20 (work in progress), August 2020.
[I-D.ietf-rats-architecture] [I-D.ietf-rats-architecture]
Birkholz, H., Thaler, D., Richardson, M., Smith, N., and Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
W. Pan, "Remote Attestation Procedures Architecture", W. Pan, "Remote Attestation Procedures Architecture",
draft-ietf-rats-architecture-06 (work in progress), draft-ietf-rats-architecture-08 (work in progress),
September 2020. December 2020.
[I-D.ietf-rats-reference-interaction-models]
Birkholz, H., Eckel, M., Newton, C., and L. Chen,
"Reference Interaction Models for Remote Attestation
Procedures", draft-ietf-rats-reference-interaction-
models-01 (work in progress), October 2020.
[I-D.ietf-rats-tpm-based-network-device-attest] [I-D.ietf-rats-tpm-based-network-device-attest]
Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM- Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM-
based Network Device Remote Integrity Verification", based Network Device Remote Integrity Verification",
draft-ietf-rats-tpm-based-network-device-attest-04 (work draft-ietf-rats-tpm-based-network-device-attest-06 (work
in progress), September 2020. in progress), December 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013, RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>. <https://www.rfc-editor.org/info/rfc6991>.
skipping to change at page 55, line 40 skipping to change at page 51, line 4
Email: henk.birkholz@sit.fraunhofer.de Email: henk.birkholz@sit.fraunhofer.de
Michael Eckel Michael Eckel
Fraunhofer SIT Fraunhofer SIT
Rheinstrasse 75 Rheinstrasse 75
Darmstadt 64295 Darmstadt 64295
Germany Germany
Email: michael.eckel@sit.fraunhofer.de Email: michael.eckel@sit.fraunhofer.de
Shwetha Bhandari
ThoughtSpot
Email: shwetha.bhandari@thoughtspot.com
Eric Voit Eric Voit
Cisco Systems Cisco Systems
Email: evoit@cisco.com Email: evoit@cisco.com
Shwetha Bhandari
Cisco Systems
Email: shwethab@cisco.com
Bill Sulzen Bill Sulzen
Cisco Systems Cisco Systems
Email: bsulzen@cisco.com Email: bsulzen@cisco.com
Liang Xia (Frank) Liang Xia (Frank)
Huawei Technologies Huawei Technologies
101 Software Avenue, Yuhuatai District 101 Software Avenue, Yuhuatai District
Nanjing, Jiangsu 210012 Nanjing, Jiangsu 210012
China China
 End of changes. 40 change blocks. 
337 lines changed or deleted 106 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/