Skip to content

Commit b3ff139

Browse files
yogeshbdeshpandeyogeshbdeshpande
committed
Add the Update Semantics
Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
1 parent 8d7f85a commit b3ff139

File tree

3 files changed

+39
-0
lines changed

3 files changed

+39
-0
lines changed

cddl/update-record.cddl

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
update-triple-record = [
2+
&(subj: 0) => $subject-type-choice
3+
& (mval: 1) => [+measurement-values-map] ; object of the update
4+
? &(authorized-by: 2) => [ + $crypto-key-type-choice ]
5+
&(action: 3) => $update-action-type-choice
6+
]
7+
8+
$subject-type-choice /= [+environment-map] ; One or more environment that comprise the subject
9+
$subject-type-choice /= [+stateful-environment-record] ; One or more stateful-environments that comprise the subject
10+
11+
$update-action-type-choice /= add ; The new triple causes a new revision identified by measurement-values-map , to be simply updated/added in Verifier
12+
$update-action-type-choice /= replaces ; The triple overwrites pre-existing reference-values/endorsements for the subject identified by $subject-type-choice

cddl/x-triples-record.cddl

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
x-ref-endors-triple-record = [
2+
&(subj: 0) => $subject-type-choice
3+
& (mval: 1) => [+measurement-values-map]
4+
&(reason: 2) => $reason-type-choice
5+
]
6+
7+
$reason-type-choice /= obsolete
8+
$reason-type-choice /= insecure

draft-ietf-rats-corim.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1249,6 +1249,25 @@ applies to all measurements in the triple, including those in `measurement-value
12491249
{::include cddl/conditional-endorsement-triple-record.cddl}
12501250
~~~
12511251

1252+
#### Update Triple {#sec-update-triple-rec}
1253+
During supply chain lifecycle it is often necessary that the Verifier Reference-Values or Endorsed Values for a subject needs an update. The below semantics provides a generic mechanism to allow update to existing Reference-Values and Endorsed-Values.
1254+
1255+
The CDDL below, provides a schema that describes the update flow.
1256+
1257+
~~~ cddl
1258+
{::include cddl/update-record.cddl}
1259+
~~~
1260+
1261+
#### X-Triples {#sec-x-triple-rec}
1262+
For the Supply Chain Systems where only incremental updates are possible, it is essential that obsolete or security vulnerable Reference Values and/or Endorsed Values must be removed using x-ref-endor-triple-record.
1263+
1264+
The CCDL below, provides schema for remving Reference Values and/or Endorsed Values from a Verifier.
1265+
1266+
~~~ cddl
1267+
{::include cddl/x-triples-record.cddl}
1268+
~~~
1269+
1270+
12521271
## Extensibility {#sec-extensibility}
12531272

12541273
The base CORIM schema is described using CDDL {{-cddl}} that can be extended

0 commit comments

Comments
 (0)