Software Updates for Internet of Things (suit) Internet Drafts

      
 A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest
 
 draft-ietf-suit-manifest-25.txt
 Date: 05/02/2024
 Authors: Brendan Moran, Hannes Tschofenig, Henk Birkholz, Koen Zandberg, Oyvind Ronningstad
 Working Group: Software Updates for Internet of Things (suit)
 This specification describes the format of a manifest. A manifest is a bundle of metadata about code/data obtained by a recipient (chiefly the firmware for an IoT device), where to find the code/data, the devices to which it applies, and cryptographic information protecting the manifest. Software updates and Trusted Invocation both tend to use sequences of common operations, so the manifest encodes those sequences of operations, rather than declaring the metadata.
 Encrypted Payloads in SUIT Manifests
 
 draft-ietf-suit-firmware-encryption-19.txt
 Date: 03/03/2024
 Authors: Hannes Tschofenig, Russ Housley, Brendan Moran, David Brown, Ken Takayama
 Working Group: Software Updates for Internet of Things (suit)
 This document specifies techniques for encrypting software, firmware, machine learning models, and personalization data by utilizing the IETF SUIT manifest. Key agreement is provided by ephemeral-static (ES) Diffie-Hellman (DH) and AES Key Wrap (AES-KW). ES-DH uses public key cryptography while AES-KW uses a pre-shared key. Encryption of the plaintext is accomplished with conventional symmetric key cryptography.
 Secure Reporting of Update Status
 
 draft-ietf-suit-report-08.txt
 Date: 04/03/2024
 Authors: Brendan Moran, Henk Birkholz
 Working Group: Software Updates for Internet of Things (suit)
 The Software Update for the Internet of Things (SUIT) manifest provides a way for many different update and boot workflows to be described by a common format. However, this does not provide a feedback mechanism for developers in the event that an update or boot fails. This specification describes a lightweight feedback mechanism that allows a developer in possession of a manifest to reconstruct the decisions made and actions performed by a manifest processor.
 Update Management Extensions for Software Updates for Internet of Things (SUIT) Manifests
 
 draft-ietf-suit-update-management-06.txt
 Date: 04/03/2024
 Authors: Brendan Moran, Ken Takayama
 Working Group: Software Updates for Internet of Things (suit)
 This specification describes extensions to the SUIT manifest format defined in [I-D.ietf-suit-manifest]. These extensions allow an update author, update distributor or device operator to more precisely control the distribution and installation of updates to devices. These extensions also provide a mechanism to inform a management system of Software Identifier and Software Bill Of Materials information about an updated device.
 SUIT Manifest Extensions for Multiple Trust Domains
 
 draft-ietf-suit-trust-domains-06.txt
 Date: 04/03/2024
 Authors: Brendan Moran, Ken Takayama
 Working Group: Software Updates for Internet of Things (suit)
 This specification describes extensions to the SUIT Manifest format (as defined in [I-D.ietf-suit-manifest]) for use in deployments with multiple trust domains. A device has more than one trust domain when it enables delegation of different rights to mutually distrusting entities for use for different purposes or Components in the context of firmware or software update.
 Strong Assertions of IoT Network Access Requirements
 
 draft-ietf-suit-mud-08.txt
 Date: 04/03/2024
 Authors: Brendan Moran, Hannes Tschofenig
 Working Group: Software Updates for Internet of Things (suit)
 The Manufacturer Usage Description (MUD) specification describes the access and network functionality required for a device to properly function. This description has to reflect the software running on the device and its configuration. Because of this, the most appropriate entity for describing device network access requirements is the same as the entity developing the software and its configuration. A network presented with a MUD file by a device allows detection of misbehavior by the device software and configuration of access control. This document defines a way to link the Software Updates for Internet of Things (SUIT) manifest to a MUD file offering a stronger binding between the two.
 Mandatory-to-Implement Algorithms for Authors and Recipients of Software Update for the Internet of Things manifests
 
 draft-ietf-suit-mti-05.txt
 Date: 12/02/2024
 Authors: Brendan Moran, Oyvind Ronningstad, Akira Tsukamoto
 Working Group: Software Updates for Internet of Things (suit)
 This document specifies algorithm profiles for SUIT manifest parsers and authors to ensure better interoperability. These profiles apply specifically to a constrained node software update use case.

data-group-menu-data-url="/group/groupmenu.json">

Software Updates for Internet of Things (suit)

WG Name Software Updates for Internet of Things
Acronym suit
Area Security Area (sec)
State Active
Charter charter-ietf-suit-02 Approved
Status update Show Changed 2017-11-15
Document dependencies
Additional resources Issue tracker, Wiki, Zulip Stream
Personnel Chairs Akira Tsukamoto, David Waltermire
Area Director Deb Cooley
Mailing list Address suit@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/suit
Archive https://mailarchive.ietf.org/arch/browse/suit
Chat Room address https://zulip.ietf.org/#narrow/stream/suit

Charter for Working Group

Vulnerabilities in Internet of Things (IoT) devices have raised the need for a secure firmware update mechanism that is also suitable for constrained devices. Security experts, researchers, and regulators recommend that all IoT devices be equipped with such a mechanism. While there are many proprietary firmware update mechanisms in use today, there is no modern interoperable approach allowing secure updates to firmware in IoT devices. In June 2016, the Internet Architecture Board organized a workshop on 'Internet of Things (IoT) Software Update (IOTSU)', and RFC 8240 documents various requirements and challenges that are specific to IoT devices.

A firmware update solution consists of several components, including:
* A mechanism to transport firmware images to compatible devices.
* A manifest that provides meta-data about the firmware image (such as a
firmware package identifier, the hardware the package needs to run, and
dependencies on other firmware packages), as well as cryptographic
information for protecting the firmware image in an end-to-end fashion.
* The firmware image itself.

The SUIT WG is defining a firmware update solution (taking into account past learning from RFC 4108 and other proprietary firmware update solutions) that are usable on Class 1 (as defined in RFC 7228) devices, i.e., devices with ~10 KiB RAM and ~100 KiB flash. The solution may apply to more capable devices as well. The SUIT WG is not defining any new transport or discovery mechanisms, but may describe how to use existing mechanisms within the architecture.

The SUIT WG has already completed work on two documents:
* An IoT firmware update architecture.
* An information model for the SUIT manifest.

Now that the information model is complete, the SUIT WG has selected the CBOR serialization format and the associated COSE cryptographic mechanisms to encode the SUIT manifest. The SUIT WG may consider a small number of additional formats in the future; however, to reduce the complexity of a firmware management solution, a very small number of formats is preferred to enable SUIT maifest integration and interoperability with other IoT technologies and ecosystems. To support a wide range of deployment scenarios, the formats are expected to be expressive enough to allow the use of different firmware sources and permission models.

To enable SUIT Status Tracker functionality (per RFC9019), the SUIT WG is also defining extensions to determine if a particular manifest could be successfully deployed to a device and determine if an operation was successful.

In addition, the SUIT WG will work with the RATS WG to specify claims related to the SUIT Status Tracker that can be used to provide evidence in support of the RATS architecture.

The SUIT WG will continue to work with silicon vendors and OEMs that develop IoT operating systems to produce implementations based on SUIT WG specifications. In particular, the SUIT WG plans to continue to participate in IETF Hackathons.

The SUIT WG document deliverables are:
* A SUIT manifest format specification using CBOR.
* Extensions to the SUIT manifest for optional capabilities, including:
- firmware encryption,
- trust domains,
- update management, and
- inclusion of a file in the MUD format (RFC 8520).
* A secure method for an IoT device to report on firmware update status.

In addition, either the SUIT WG or the RATS WG will produce:
* A set of claims for attesting to firmware update status.

Milestones

Date Milestone Associated documents
Dec 2022 Submit SUIT Manifest MUD extension document to the IESG for publication as a Proposed Standard draft-ietf-suit-mud
Nov 2022 Submit SUIT Manifest trust domains document to the IESG for publication as a Proposed Standard draft-ietf-suit-trust-domains
Nov 2022 Submit SUIT Manifest update management document to the IESG for publication as a Proposed Standard draft-ietf-suit-update-management
Sep 2022 Submit SUIT Status Tracker document to the IESG for publication as a Proposed Standard draft-ietf-suit-report
Aug 2022 Submit firmware encryption document to the IESG for publication as a Proposed Standard draft-ietf-suit-firmware-encryption

Done milestones

Date Milestone Associated documents
Done Decide with RATS WG in which working group the 'set of claims for attesting to firmware update status' document should be produced draft-ietf-rats-eat
Done Adopt SUIT Manifest MUD extension document as WG item draft-ietf-suit-mud
Done Adopt SUIT Manifest update management document as WG item draft-ietf-suit-update-management
Done Adopt SUIT Manifest trust domains document as WG item draft-ietf-suit-trust-domains