add a profile flags field

Signed-off-by: Thomas Fossati <[email protected]>
ietf-rats-wg · Feb 3, 2025 · dc21798 · dc21798
1 parent 0c6d4e6
commit dc21798
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 1 deletion.
diff --git a/cddl/ex1.diag b/cddl/ex1.diag
@@ -16,5 +16,6 @@
       1ca1ec',
     h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb814d6ff5
       7a8a5e'
-  ]
+  ],
+  / profile-flags / 4: h'00000101'
 }
diff --git a/cddl/ex2.diag b/cddl/ex2.diag
@@ -0,0 +1,15 @@
+{
+  / id / 1: [
+    / name / "boot loader X",
+    / version / [
+      "1.2.3rc2",
+      16384 / semver /
+    ]
+  ],
+  / measurement / 2: [
+    / alg / "sha-256",
+    / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31dbe7af4b37
+              3431fc7d319da3'
+  ],
+  / profile-flags / 4: h'00000101'
+}
diff --git a/cddl/mc.cddl b/cddl/mc.cddl
@@ -4,4 +4,5 @@ measured-component = {
   id-label => component-id
   measurement-label => corim.digest
   ? signers-label => [ + signer-type ]
+  ? flags-label => profile-flags
 }
diff --git a/cddl/measured-component.cddlc b/cddl/measured-component.cddlc
@@ -2,6 +2,7 @@ measured-component = {
   id-label => component-id
   measurement-label => corim.digest
   ? signers-label => [ + signer-type ]
+  ? flags-label => profile-flags
 }
 
 signer-type = bytes
@@ -25,9 +26,12 @@ corim.digest = [
   val: bytes
 ]
 
+profile-flags = bytes .size 4
+
 id-label = JC<"id", 1>
 measurement-label = JC<"measurements", 2>
 signers-label = JC<"signers", 3>
+flags-label = JC<"flags", 4>
 
 ; TODO import from rfc9711
 

diff --git a/draft-ietf-rats-eat-measured-component.md b/draft-ietf-rats-eat-measured-component.md
@@ -105,6 +105,8 @@ The information model of a "measured component" is described in {{tab-mc-info-el
 | Signers | One or more unique identifiers of entities signing the measured component. | OPTIONAL |
 {: #tab-mc-info-elems title="Measured Component Information Elements"}
 
+The format SHOULD also allow a limited amount of extensibility to accommodate profile-specific semantics.
+
 # Data Model
 
 The data model is inspired by the "PSA software component" claim ({{Section 4.4.1 of -psa-token}}), which has been refactored to take into account the recommendations about new EAT claims design in {{Appendix E of -rats-eat}}.
@@ -127,6 +129,9 @@ The data model is inspired by the "PSA software component" claim ({{Section 4.4.
 "signers" (index 3)
 : One or more signing entities, see {{signer}}.
 
+`profile-flags`
+: a 64-bit field with profile-defined semantics, see {{profile-flags}}.
+
 ### Component Identifier {#component-id}
 
 ~~~ cddl
@@ -161,6 +166,17 @@ If it is used, the profile MUST also specify what each of the entries in the `si
 {::include cddl/signer.cddl}
 ~~~
 
+### Profile Flags {#profile-flags}
+
+This field contains at most 64-bit of profile-defined semantics.
+
+~~~ cddl
+{::include cddl/profile-flags.cddl}
+~~~
+
+If an EAT profile ({{Section 6 of -rats-eat}}) uses measured components, it MUST specify whether the `profile-flags` field is used.
+If it is used, the profile MUST also specify how to interpret the 64 bits.
+
 ## EAT `measurements-format` Extensions
 
 The CDDL in {{fig-eat-plug}} extends the `$measurements-body-cbor` and `$measurements-body-json` EAT sockets to add support for `measured-component`s to the `Measurements` claim.
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,5 +16,6 @@ @@
 ca1ec',
         h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb814d6ff5
 a8a5e'
-      ]
+      ],
+      / profile-flags / 4: h'00000101'
     }