Skip to main content

Firmware Encryption with SUIT Manifests

Document Type Replaced Internet-Draft (suit WG)
Authors Hannes Tschofenig , Russ Housley , Brendan Moran
Last updated 2021-07-01 (Latest revision 2021-05-31)
Replaced by draft-ietf-suit-firmware-encryption
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-suit-firmware-encryption
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specifies a firmware update mechanism where the firmware image is encrypted. This mechanism uses the IETF SUIT manifest with key establishment provided by the hybrid public-key encryption (HPKE) scheme or AES Key Wrap (AES-KW) with a pre-shared key-encryption key. In either case, AES-GCM or AES-CCM is used for firmware encryption.


Hannes Tschofenig
Russ Housley
Brendan Moran

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)