Add the Update Semantics

yogeshbdeshpande · yogeshbdeshpande · commit b3ff13976e38 · 2023-10-24T18:21:33.000-04:00
Signed-off-by: Yogesh Deshpande &lt;yogesh.deshpande@arm.com&gt;
diff --git a/cddl/update-record.cddl b/cddl/update-record.cddl
@@ -0,0 +1,12 @@
+update-triple-record = [
+&(subj: 0) => $subject-type-choice
+& (mval: 1) => [+measurement-values-map] ; object of the update
+? &(authorized-by: 2) => [ + $crypto-key-type-choice ]
+&(action: 3) => $update-action-type-choice
+]
+
+$subject-type-choice /= [+environment-map] ; One or more environment that comprise the subject
+$subject-type-choice /= [+stateful-environment-record] ;  One or more stateful-environments that comprise the subject
+
+$update-action-type-choice /= add ; The new triple causes a new revision identified by measurement-values-map , to be simply updated/added in Verifier
+$update-action-type-choice /= replaces ; The triple overwrites pre-existing reference-values/endorsements for the subject identified by $subject-type-choice
diff --git a/cddl/x-triples-record.cddl b/cddl/x-triples-record.cddl
@@ -0,0 +1,8 @@
+x-ref-endors-triple-record = [
+&(subj: 0) => $subject-type-choice
+& (mval: 1) => [+measurement-values-map]
+&(reason: 2) => $reason-type-choice
+]
+
+$reason-type-choice /= obsolete
+$reason-type-choice /= insecure
diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
@@ -1249,6 +1249,25 @@ applies to all measurements in the triple, including those in `measurement-value
 {::include cddl/conditional-endorsement-triple-record.cddl}
 ~~~
 
+#### Update Triple {#sec-update-triple-rec}
+During supply chain lifecycle it is often necessary that the Verifier Reference-Values or Endorsed Values for a subject needs an update. The below semantics provides a generic mechanism to allow update to existing Reference-Values and Endorsed-Values.
+
+The CDDL below, provides a schema that describes the update flow.
+
+~~~ cddl
+{::include cddl/update-record.cddl}
+~~~
+
+#### X-Triples {#sec-x-triple-rec}
+For the Supply Chain Systems where only incremental updates are possible, it is essential that obsolete or security vulnerable Reference Values and/or Endorsed Values must be removed using x-ref-endor-triple-record.
+
+The CCDL below, provides schema for remving Reference Values and/or Endorsed Values from a Verifier.
+
+~~~ cddl
+{::include cddl/x-triples-record.cddl}
+~~~
+
+
 ## Extensibility {#sec-extensibility}
 
 The base CORIM schema is described using CDDL {{-cddl}} that can be extended
