draft-ietf-rats-yang-tpm-charra-15.txt   draft-ietf-rats-yang-tpm-charra-16.txt 
RATS Working Group H. Birkholz RATS Working Group H. Birkholz
Internet-Draft M. Eckel Internet-Draft M. Eckel
Intended status: Standards Track Fraunhofer SIT Intended status: Standards Track Fraunhofer SIT
Expires: 1 September 2022 S. Bhandari Expires: 3 September 2022 S. Bhandari
ThoughtSpot ThoughtSpot
E. Voit E. Voit
B. Sulzen B. Sulzen
Cisco Cisco
L. Xia L. Xia
Huawei Huawei
T. Laffey T. Laffey
HPE HPE
G. Fedorkow G. Fedorkow
Juniper Juniper
28 February 2022 2 March 2022
A YANG Data Model for Challenge-Response-based Remote Attestation A YANG Data Model for Challenge-Response-based Remote Attestation
Procedures using TPMs Procedures using TPMs
draft-ietf-rats-yang-tpm-charra-15 draft-ietf-rats-yang-tpm-charra-16
Abstract Abstract
This document defines YANG RPCs and a small number of configuration This document defines YANG RPCs and a small number of configuration
nodes required to retrieve attestation evidence about integrity nodes required to retrieve attestation evidence about integrity
measurements from a device, following the operational context defined measurements from a device, following the operational context defined
in TPM-based Network Device Remote Integrity Verification. in TPM-based Network Device Remote Integrity Verification.
Complementary measurement logs are also provided by the YANG RPCs, Complementary measurement logs are also provided by the YANG RPCs,
originating from one or more roots of trust for measurement (RTMs). originating from one or more roots of trust for measurement (RTMs).
The module defined requires at least one TPM 1.2 or TPM 2.0 as well The module defined requires at least one TPM 1.2 or TPM 2.0 as well
skipping to change at page 2, line 10 skipping to change at page 2, line 10
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 1 September 2022. This Internet-Draft will expire on 3 September 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 33 skipping to change at page 2, line 33
described in Section 4.e of the Trust Legal Provisions and are described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License. provided without warranty as described in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3
2. The YANG Module for Basic Remote Attestation Procedures . . . 3 2. The YANG Module for Basic Remote Attestation Procedures . . . 3
2.1. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 3 2.1. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 3
2.1.1. 'ietf-tpm-remote-attestation' . . . . . . . . . . . . 4 2.1.1. 'ietf-tpm-remote-attestation' . . . . . . . . . . . . 4
2.1.2. 'ietf-tcg-algs' . . . . . . . . . . . . . . . . . . . 33 2.1.2. 'ietf-tcg-algs' . . . . . . . . . . . . . . . . . . . 32
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48
4. Security Considerations . . . . . . . . . . . . . . . . . . . 49 4. Security Considerations . . . . . . . . . . . . . . . . . . . 49
5. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 51 5. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 50
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 52 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 51
6.1. Normative References . . . . . . . . . . . . . . . . . . 52 6.1. Normative References . . . . . . . . . . . . . . . . . . 51
6.2. Informative References . . . . . . . . . . . . . . . . . 57 6.2. Informative References . . . . . . . . . . . . . . . . . 57
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57
1. Introduction 1. Introduction
This document is based on the general terminology defined in the This document is based on the general terminology defined in the
[I-D.ietf-rats-architecture] and uses the operational context defined [I-D.ietf-rats-architecture] and uses the operational context defined
in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the
interaction model and information elements defined in interaction model and information elements defined in
[I-D.ietf-rats-reference-interaction-models]. The currently [I-D.ietf-rats-reference-interaction-models]. The currently
skipping to change at page 4, line 7 skipping to change at page 4, line 7
attacks. The method for communicating the relationship of each attacks. The method for communicating the relationship of each
individual TPM to specific measured component within the Composite individual TPM to specific measured component within the Composite
Device is out of the scope of this document. Device is out of the scope of this document.
2.1. YANG Modules 2.1. YANG Modules
In this section the several YANG modules are defined. In this section the several YANG modules are defined.
2.1.1. 'ietf-tpm-remote-attestation' 2.1.1. 'ietf-tpm-remote-attestation'
This YANG module imports modules from [RFC6991], [RFC8348], This YANG module imports modules from [RFC6991] with prefix 'yang',
[I-D.ietf-netconf-keystore], and ietf-tcg-algs.yang Section 2.1.2.3. [RFC8348] with prefix 'hw', [I-D.ietf-netconf-keystore] with prefix
'ks', and 'ietf-tcg-algs.yang' Section 2.1.2.3 with prefix 'taa'.
Additionally references are made to [RFC8032], [RFC8017], [RFC6933], Additionally references are made to [RFC8032], [RFC8017], [RFC6933],
[TPM1.2-Commands], [TPM2.0-Arch], [TPM2.0-Structures], [TPM2.0-Key], [TPM1.2-Commands], [TPM2.0-Arch], [TPM2.0-Structures], [TPM2.0-Key],
[TPM1.2-Structures], [bios-log], [ima-log], [BIOS-Log-Event-Type] and [TPM1.2-Structures], [bios-log], [ima-log], [BIOS-Log-Event-Type] and
[netequip-boot-log]. [netequip-boot-log].
2.1.1.1. Features 2.1.1.1. Features
This module supports the following features: This module supports the following features:
* 'TPMs': Indicates that multiple TPMs on the device can support * 'TPMs': Indicates that multiple TPMs on the device can support
skipping to change at page 10, line 11 skipping to change at page 10, line 11
+--ro node-location? string +--ro node-location? string
2.1.1.6. YANG Module 2.1.1.6. YANG Module
<CODE BEGINS> file "ietf-tpm-remote-attestation@2022-02-16.yang" <CODE BEGINS> file "ietf-tpm-remote-attestation@2022-02-16.yang"
module ietf-tpm-remote-attestation { module ietf-tpm-remote-attestation {
namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation"; namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";
prefix tpm; prefix tpm;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference
"RFC 6991: Common YANG Data Types.";
} }
import ietf-hardware { import ietf-hardware {
prefix hw; prefix hw;
reference
"RFC 8348: A YANG Data Model for Hardware Management.";
} }
import ietf-keystore { import ietf-keystore {
prefix ks; prefix ks;
reference
"draft-ietf-netconf-keystore:
A YANG Data Model for a Keystore.";
} }
import ietf-tcg-algs { import ietf-tcg-algs {
prefix taa; prefix taa;
reference
"RFC XXXX: A YANG Data Model for Challenge-Response-based
Remote Attestation Procedures using TPMs.";
} }
organization organization
"IETF RATS (Remote ATtestation procedureS) Working Group"; "IETF RATS (Remote ATtestation procedureS) Working Group";
contact contact
"WG Web : <https://datatracker.ietf.org/wg/rats/> "WG Web : <https://datatracker.ietf.org/wg/rats/>
WG List : <mailto:rats@ietf.org> WG List : <mailto:rats@ietf.org>
Author : Eric Voit <evoit@cisco.com> Author : Eric Voit <evoit@cisco.com>
Author : Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Author : Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Author : Michael Eckel <michael.eckel@sit.fraunhofer.de> Author : Michael Eckel <michael.eckel@sit.fraunhofer.de>
skipping to change at page 11, line 22 skipping to change at page 11, line 12
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
itself for full legal notices. itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here."; they appear in all capitals, as shown here.";
revision 2022-02-16 { revision 2022-03-02 {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: A YANG Data Model for Challenge-Response-based Remote "RFC XXXX: A YANG Data Model for Challenge-Response-based Remote
Attestation Procedures using TPMs"; Attestation Procedures using TPMs";
} }
/*****************/ /*****************/
/* Features */ /* Features */
/*****************/ /*****************/
skipping to change at page 53, line 9 skipping to change at page 52, line 33
Birkholz, H., Thaler, D., Richardson, M., Smith, N., and Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
W. Pan, "Remote Attestation Procedures Architecture", Work W. Pan, "Remote Attestation Procedures Architecture", Work
in Progress, Internet-Draft, draft-ietf-rats-architecture- in Progress, Internet-Draft, draft-ietf-rats-architecture-
15, 8 February 2022, <https://www.ietf.org/archive/id/ 15, 8 February 2022, <https://www.ietf.org/archive/id/
draft-ietf-rats-architecture-15.txt>. draft-ietf-rats-architecture-15.txt>.
[I-D.ietf-rats-tpm-based-network-device-attest] [I-D.ietf-rats-tpm-based-network-device-attest]
Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM- Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM-
based Network Device Remote Integrity Verification", Work based Network Device Remote Integrity Verification", Work
in Progress, Internet-Draft, draft-ietf-rats-tpm-based- in Progress, Internet-Draft, draft-ietf-rats-tpm-based-
network-device-attest-12, 23 February 2022, network-device-attest-13, 1 March 2022,
<https://www.ietf.org/archive/id/draft-ietf-rats-tpm- <https://www.ietf.org/archive/id/draft-ietf-rats-tpm-
based-network-device-attest-12.txt>. based-network-device-attest-13.txt>.
[IEEE-Std-1363-2000] [IEEE-Std-1363-2000]
"IEEE 1363-2000 - IEEE Standard Specifications for Public- "IEEE 1363-2000 - IEEE Standard Specifications for Public-
Key Cryptography", n.d., Key Cryptography", n.d.,
<https://standards.ieee.org/standard/1363-2000.html>. <https://standards.ieee.org/standard/1363-2000.html>.
[IEEE-Std-1363a-2004] [IEEE-Std-1363a-2004]
"1363a-2004 - IEEE Standard Specifications for Public-Key "1363a-2004 - IEEE Standard Specifications for Public-Key
Cryptography - Amendment 1: Additional Techniques", n.d., Cryptography - Amendment 1: Additional Techniques", n.d.,
<https://ieeexplore.ieee.org/document/1335427>. <https://ieeexplore.ieee.org/document/1335427>.
 End of changes. 14 change blocks. 
23 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/