TBD                                                          H. Birkholz
Internet-Draft                                            Fraunhofer SIT
Intended status: Standards Track                                M. Eckel
Expires: September 13, 2019                                       Huawei
                                                             S. Bhandari
                                                               B. Sulzen
                                                                 E. Voit
                                                                   Cisco
                                                             G. Fedorkow
                                                                 Juniper
                                                          March 12, 2019


   YANG Module for Basic Challenge-Response-based Remote Attestation
                               Procedures
                draft-birkholz-rats-basic-yang-module-00

Abstract

   This document defines a YANG RPC and a minimal datastore tree
   required to retrieve attestation evidence about integrity
   measurements from a composite device with one or more roots of trust
   for reporting.  Complementary measurement logs are also provided by
   the YANG RPC originating from one or more roots of trust of
   measurement.  The module defined requires a TPM 2.0 and corresponding
   Trusted Software Stack included in the device components of the
   composite device the YANG server is running on.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 13, 2019.







Birkholz, et al.       Expires September 13, 2019               [Page 1]


Internet-Draft                    BRAT                        March 2019


Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements notation . . . . . . . . . . . . . . . . . .   3
   2.  The YANG Module for Basic Remote Attestation Procedures . . .   3
     2.1.  Tree format . . . . . . . . . . . . . . . . . . . . . . .   3
     2.2.  Raw Format  . . . . . . . . . . . . . . . . . . . . . . .   6
   3.  IANA considerations . . . . . . . . . . . . . . . . . . . . .  20
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .  20
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  20
   6.  Change Log  . . . . . . . . . . . . . . . . . . . . . . . . .  20
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  20
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  21
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  21
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21

1.  Introduction

   This document is based on the terminology defined in the
   [I-D.birkholz-attestation-terminology] and uses the interaction model
   and information elements defined in the
   [I-D.birkholz-reference-ra-interaction-model] document.  The
   currently supported hardware security module (HWM) - sometimes also
   referred to as an embedded secure element(eSE) - is the Trusted
   Platform Module (TPM) 2.0 specified by the Trusted Computing Group
   (TCG).  One ore more TPM 2.0 embedded in the components of a
   composite device - sometimes also referred to as an aggregate device
   - are required in order to use the YANG module defined in this
   document.  A TPM 2.0 is used as a root of trust for reporting (RTR)
   in order to retrieve attestation evidence from a composite device.
   Additionally, it is used as a root of trust for measurement (RTM) in
   order to provide event logs - sometimes also referred to as
   measurement logs.



Birkholz, et al.       Expires September 13, 2019               [Page 2]


Internet-Draft                    BRAT                        March 2019


1.1.  Requirements notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in RFC
   2119, BCP 14 [RFC2119].

2.  The YANG Module for Basic Remote Attestation Procedures

   One or more TPM 2.0 MUST be embedded in the composite device that is
   providing attestation evidence via the YANG module defined in this
   document.  The ietf-basic-remote-attestation YANG module enables a
   composite device to take on the role of Claimant and Attester in
   accordance with the Remote Attestation Procedures (RATS) architecture
   [I-D.birkholz-attestation-terminology] and the corresponding
   challenge-response interaction model defined in the
   [I-D.birkholz-reference-ra-interaction-model] document.  A fresh
   nonce with an appropriate amount of entropy MUST be supplied by the
   YANG client in order to enable a proof-of-freshness with respect to
   the attestation evidence provided by the attester running the YANG
   datastore.  The functions of this YANG module are restricted to 0-1
   TPM 2.0 per hardware component.

2.1.  Tree format

<CODE BEGINS>
module: ietf-basic-remote-attestation
  +--ro rats-support-structures
     +--ro supported-algos*            uint16
     +--ro tpms* [tpm_name]
     |  +--ro tpm_name              string
     |  +--ro tpm-physical-index?   int32 {ietfhw:entity-mib}?
     +--ro compute-nodes* [node-name]
     |  +--ro node-name              string
     |  +--ro node-physical-index?   int32 {ietfhw:entity-mib}?
     +--ro endorsement-certificates
        +--ro certificate* [tpm_name]
           +--ro tpm_name                   string
           +--ro tpm-physical-index?        int32 {ietfhw:entity-mib}?
           +--ro endorsement-certificate    binary

  rpcs:
    +---x tpm2-challenge-response-attestation
    |  +---w input
    |  |  +---w tpm2-attestation-challenge
    |  |  |  +---w pcr-list* []
    |  |  |  |  +---w pcr
    |  |  |  |     +---w pcr-indices*                  uint8



Birkholz, et al.       Expires September 13, 2019               [Page 3]


Internet-Draft                    BRAT                        March 2019


    |  |  |  |     +---w (algo-registry-type)
    |  |  |  |        +--:(tcg)
    |  |  |  |        |  +---w tcg-hash-algo-id?       uint16
    |  |  |  |        +--:(ietf)
    |  |  |  |           +---w ietf-ni-hash-algo-id?   uint8
    |  |  |  +---w nonce-value                   binary
    |  |  |  +---w (signature-identifier-type)
    |  |  |  |  +--:(TPM_ALG_ID)
    |  |  |  |  |  +---w TPM_ALG_ID-value?       uint16
    |  |  |  |  +--:(COSE_Algorithm)
    |  |  |  |     +---w COSE_Algorithm-value?   int32
    |  |  |  +---w (key-identifier)?
    |  |  |     +--:(public-key)
    |  |  |     |  +---w pub-key-id?             binary
    |  |  |     +--:(uuid)
    |  |  |        +---w uuid-value?             binary
    |  |  +---w tpm_name?                     string
    |  |  +---w tpm-physical-index?           int32 {ietfhw:entity-mib}?
    |  +--ro output
    |     +--ro tpm2-attestation-response* [tpm_name]
    |        +--ro tpm_name               string
    |        +--ro tpm-physical-index?    int32 {ietfhw:entity-mib}?
    |        +--ro up-time?               uint32
    |        +--ro node-name?             string
    |        +--ro node-physical-index?   int32 {ietfhw:entity-mib}?
    |        +--ro tpms-attest
    |        |  +--ro pcrdigest?                   binary
    |        |  +--ro tpms-attest-result?          binary
    |        |  +--ro tpms-attest-result-length?   uint32
    |        +--ro tpmt-signature?        binary
    +---x basic-trust-establishment
    |  +---w input
    |  |  +---w nonce-value                   binary
    |  |  +---w (signature-identifier-type)
    |  |  |  +--:(TPM_ALG_ID)
    |  |  |  |  +---w TPM_ALG_ID-value?       uint16
    |  |  |  +--:(COSE_Algorithm)
    |  |  |     +---w COSE_Algorithm-value?   int32
    |  |  +---w tpm_name?                     string
    |  |  +---w tpm-physical-index?           int32 {ietfhw:entity-mib}?
    |  |  +---w certificate-name?             string
    |  +--ro output
    |     +--ro attestation-certificates* [tpm_name]
    |        +--ro tpm_name                   string
    |        +--ro tpm-physical-index?        int32 {ietfhw:entity-mib}?
    |        +--ro up-time?                   uint32
    |        +--ro node-name?                 string
    |        +--ro node-physical-index?       int32 {ietfhw:entity-mib}?



Birkholz, et al.       Expires September 13, 2019               [Page 4]


Internet-Draft                    BRAT                        March 2019


    |        +--ro certificate-name?          string
    |        +--ro attestation-certificate?   ietfct:end-entity-cert-cms
    |        +--ro (key-identifier)?
    |           +--:(public-key)
    |           |  +--ro pub-key-id?          binary
    |           +--:(uuid)
    |              +--ro uuid-value?          binary
    +---x log-retrieval
       +---w input
       |  +---w log-selector* [node-name]
       |  |  +---w node-name                 string
       |  |  +---w node-physical-index?      int32 {ietfhw:entity-mib}?
       |  |  +---w (index-type)?
       |  |     +--:(last-entry)
       |  |     |  +---w last-entry-value?   binary
       |  |     +--:(index)
       |  |     |  +---w index-number?       uint64
       |  |     +--:(timestamp)
       |  |        +---w timestamp?          yang:date-and-time
       |  +---w log-type              identityref
       |  +---w pcr-list* []
       |  |  +---w pcr
       |  |     +---w pcr-indices*                  uint8
       |  |     +---w (algo-registry-type)
       |  |        +--:(tcg)
       |  |        |  +---w tcg-hash-algo-id?       uint16
       |  |        +--:(ietf)
       |  |           +---w ietf-ni-hash-algo-id?   uint8
       |  +---w log-entry-quantity?   uint16
       +--ro output
          +--ro system-event-logs
             +--ro node-data* [node-name]
                +--ro node-name              string
                +--ro node-physical-index?   int32 {ietfhw:entity-mib}?
                +--ro up-time?               uint32
                +--ro tpm-updated* [tpm_name]
                |  +--ro tpm_name              string
                |  +--ro tpm-physical-index?   int32 {ietfhw:entity-mib}?
                +--ro log-result
                   +--ro (log-type)
                      +--:(bios)
                      |  +--ro bios-event-logs
                      |     +--ro bios-event-entry* [event-number]
                      |        +--ro event-number    uint32
                      |        +--ro event-type?     uint32
                      |        +--ro pcr-index?      uint16
                      |        +--ro digest-list* []
                      |        |  +--ro (algo-registry-type)



Birkholz, et al.       Expires September 13, 2019               [Page 5]


Internet-Draft                    BRAT                        March 2019


                      |        |  |  +--:(tcg)
                      |        |  |  |  +--ro tcg-hash-algo-id?       uint16
                      |        |  |  +--:(ietf)
                      |        |  |     +--ro ietf-ni-hash-algo-id?   uint8
                      |        |  +--ro digest*                       binary
                      |        +--ro event-size?     uint32
                      |        +--ro event-data*     uint8
                      +--:(ima)
                         +--ro ima-event-logs
                            +--ro ima-event-entry* [event-number]
                               +--ro event-number               uint64
                               +--ro ima-template?              string
                               +--ro filename-hint?             string
                               +--ro filedata-hash?             binary
                               +--ro template-hash-algorithm?   string
                               +--ro template-hash?             binary
                               +--ro pcr-index?                 uint16
                               +--ro signature?                 binary
<CODE ENDS>

2.2.  Raw Format

<CODE BEGINS>
module ietf-basic-remote-attestation {
  namespace "urn:ietf:params:xml:ns:yang:ietf-basic-remote-attestation";
  prefix "yang-brat";

  import ietf-yang-types {
    prefix yang;
  }
  import ietf-hardware {
      prefix ietfhw;
  }
  import ietf-crypto-types {
      prefix ietfct;
  }

  organization
   "Fraunhofer SIT";
  contact
   "Henk Birkholz
    Fraunhofer Institute for Secure Information Technology
    Email: henk.birkholz@sit.fraunhofer.de";
  description
    "A YANG module to enable a TPM 2.0 based remote attestation
     procedure.
     Copyright (C) Fraunhofer SIT (2018).";
  revision "2018-06-15" {



Birkholz, et al.       Expires September 13, 2019               [Page 6]


Internet-Draft                    BRAT                        March 2019


  description
    "Initial version";
  reference
    "draft-birkholz-yang-basic-remote-attestation";
  }

  grouping hash-algo {
    description
      "A selector for the hashing algorithm";
    choice algo-registry-type {
      mandatory true;
      description
        "Unfortunately, both IETF and TCG have registries here.
        Choose your weapon wisely.";
      case tcg {
        description
          "you chose the east door, the tcg space opens up to
          you.";
        leaf tcg-hash-algo-id {
          type uint16;
          description
            "This is an index referencing the TCG Algorithm
            Registry based on TPM_ALG_ID.";
        }
      }
      case ietf {
        description
          "you chose the west door, the ietf space opens up to
          you.";
        leaf ietf-ni-hash-algo-id {
          type uint8;
          description
            "This is an index referencing the Named Information
             Hash Algorithm Registry.";
        }
      }
    }
  }

  grouping hash {
    description
      "The hash value including hash-algo identifer";
    list hash-digests {
      description
        "The list of hashes.";
      container hash-digest {
        description
          "A hash value based on a hash algorithm registered by an



Birkholz, et al.       Expires September 13, 2019               [Page 7]


Internet-Draft                    BRAT                        March 2019


          SDO.";
        uses hash-algo;
        leaf hash-value {
          type binary;
          description
            "The binary representaion of the hash value.";
        }
      }
    }
  }

  grouping nonce {
    description
      "A nonce to show freshness and counter replays.";
    leaf nonce-value {
      type binary;
      mandatory true;
      description
        "This nonce SHOULD be generated via a registered
        cryptographic-strength algorithm. In consequence, the length
        of the nonce depends on the hash algorithm used. The algorithm
        used in this case is independent from the hash algorithm used to
        create the hash-value in the response of the attestor.";
    }
  }

  grouping pcr-selection {
    description
      "A Verifier can request one or more PCR values uses its
      individually created AC. The corresponding selection filter is
      represented in this grouping. Requesting a PCR value that is not in
      scope of the AC used, detailed exposure via error msg should be
      avoided.";
    list pcr-list {
      description
        "For each PCR in this list an individual list of banks (hash-algo)
        can be requested. It depends on the datastore, if every bank in
        this grouping is included per PCR (crude), or if each requested
        bank set is returned for each PCR individually (elegant).";
      container pcr {
        description
          "The composite of a PCR number and corresponding bank numbers.";
        leaf-list pcr-indices {
           type uint8;
           description
             "The number of the PCR. At the moment this is limited
             32";
        }



Birkholz, et al.       Expires September 13, 2019               [Page 8]


Internet-Draft                    BRAT                        March 2019


        uses hash-algo;
      }
    }
  }

  grouping pcr-selector {
    description
      "A Verifier can request the generation of an attestation
      certificate (a signed public attestation key
      (non-migratable, tpm-resident) wrt one or more PCR values.
      The corresponding creation input is represented in this grouping.
      Requesting a PCR value that is not supported results in an error,
      detailed exposure via error msg should be avoided.";
    list pcr-list {
      description
        "For each PCR in this list an individual hash-algo can be
        requested.";
      container pcr {
        description
          "The composite of a PCR number and corresponding bank numbers.";
        leaf-list pcr-index {
           type uint8;
           description
             "The numbers of the PCRs that are associated with
             the created key. At the moment the highest number is 32";
        }
        uses hash-algo;
      }
    }
  }

  grouping signature-scheme {
    description
      "The signature scheme used to sign the evidence.";
    choice signature-identifier-type {
      mandatory true;
      description
        "There are multiple ways to reference a signature type.
        This used to select the signature algo to sign the quote
        information response.";
      case TPM_ALG_ID {
        description
          "This references the indices of table 9 in the TPM 2.0 structure specification.";
        leaf TPM_ALG_ID-value {
          type uint16;
          description
            "The TPM Algo ID.";
        }



Birkholz, et al.       Expires September 13, 2019               [Page 9]


Internet-Draft                    BRAT                        March 2019


      }
      case COSE_Algorithm {
        description
          "This references the IANA COSE Algorithms Registry indices. Every index of this
          registry to be used must be mapable to a TPM_ALG_ID value.";
        leaf COSE_Algorithm-value {
          type int32;
          description
            "The TPM Algo ID.";
        }
      }
    }
  }

  grouping attestation-key-identifier {
    description
      "A selector for a suitable key identifier.";
    choice key-identifier {
      description
        "Identifier for the attestation key to use for signing
        attestation evidence.";
      case public-key {
        leaf pub-key-id {
          type binary;
          description
            "The value of the identifier for the public key.";
        }
      }
      case uuid {
        description
          "Use a YANG agent generated (and maintained) attestation
          key UUID.";
        leaf uuid-value {
          type binary;
          description
            "The UUID identifying the corresponding public key.";
        }
      }
    }
  }

 grouping tpm-name {
   description
     "In a system with multiple-TPMs get the data from a specific TPM
      identified by the name and physical-index.";
   leaf tpm_name {
      type string;
      description



Birkholz, et al.       Expires September 13, 2019              [Page 10]


Internet-Draft                    BRAT                        March 2019


      "Name of the TPM or All";
   }
   leaf tpm-physical-index {
       if-feature ietfhw:entity-mib;
       type int32 {
            range "1..2147483647";
       }
       config false;
       description
            "The entPhysicalIndex for the TPM.";
        reference
            "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
     }
 }
 grouping compute-node {
   description
     "In a distributed system with multiple compute nodes
      this is the node identified by name and physical-index.";
   leaf node-name {
      type string;
      description
      "Name of the compute node or All";
   }
   leaf node-physical-index {
       if-feature ietfhw:entity-mib;
       type int32 {
            range "1..2147483647";
       }
       config false;
       description
            "The entPhysicalIndex for the compute node.";
        reference
            "RFC 6933: Entity MIB (Version 4) - entPhysicalIndex";
     }
 }
 grouping node-uptime {
   description
     "Uptime in seconds of the node.";
   leaf up-time {
     type uint32;
     description
     "Uptime in seconds of this node reporting its data";
   }
 }
  identity log-type {
    description
      "The type of logs available.";
  }



Birkholz, et al.       Expires September 13, 2019              [Page 11]


Internet-Draft                    BRAT                        March 2019


  identity bios {
    base log-type;
    description
      "Measurement log created by the BIOS/UEFI.";
  }

  identity ima {
    base log-type;
    description
      "Measurement log created by IMA.";
  }

  grouping log-identifier {
    description
      "Identifier for type of log to be retrieved.";
    leaf log-type {
      type identityref {
        base log-type;
      }
      mandatory true;
      description
        "The corresponding measurement log type identity.";
    }
  }


grouping boot-event-log {
  description
    "Defines an event log corresponding to the event that extended the PCR";
  leaf event-number {
      type uint32;
      description
  "Unique event number of this event";
  }
  leaf event-type {
      type uint32;
      description
  "log event type";
  }
  leaf pcr-index {
     type uint16;
     description
 "Defines the PCR index that this event extended";
  }
  list digest-list {
    description "Hash of event data";
    uses hash-algo;
    leaf-list digest {



Birkholz, et al.       Expires September 13, 2019              [Page 12]


Internet-Draft                    BRAT                        March 2019


      type binary;
      description
      "The hash of the event data";
    }
  }
   leaf event-size {
     type uint32;
     description
     "Size of the event data";
   }
   leaf-list event-data {
     type uint8;
     description
     "the event data size determined by event-size";
   }
}

 grouping ima-event {
   description
     "Defines an hash log extend event for IMA measurements";
   leaf event-number {
       type uint64;
       description
  "Unique number for this event for sequencing";
     }
   leaf ima-template {
     type string;
     description
     "Name of the template used for event logs
     for e.g. ima, ima-ng";
   }
   leaf filename-hint {
       type string;
       description
   "File that was measured";
   }
   leaf filedata-hash {
       type binary;
       description
    "Hash of filedata";
   }
  leaf template-hash-algorithm {
    type string;
    description
     "Algorithm used for template-hash";
   }
   leaf template-hash {
  type binary;



Birkholz, et al.       Expires September 13, 2019              [Page 13]


Internet-Draft                    BRAT                        March 2019


  description
   " hash(filedata-hash, filename-hint)";
   }
   leaf pcr-index {
      type uint16;
      description
  "Defines the PCR index that this event extended";
   }
   leaf signature {
     type binary;
     description
     "The file signature";
   }
 }

  grouping bios-event-log {
    description
    "Measurement log created by the BIOS/UEFI.";
    list bios-event-entry {
      key event-number;
       description
       "Ordered list of TCG described event log
        that extended the PCRs in the order they
        were logged";
        uses boot-event-log;
     }
  }

  grouping ima-event-log {
    list ima-event-entry {
      key event-number;
      description
      "Ordered list of ima event logs by event-number";
       uses ima-event;
    }
    description
      "Measurement log created by IMA.";
  }

  grouping event-logs {
    description
      "A selector for the log and its type.";
    choice log-type {
      mandatory true;
      description
        "Event log type determines the event logs content.";

      case bios {



Birkholz, et al.       Expires September 13, 2019              [Page 14]


Internet-Draft                    BRAT                        March 2019


        description
          "BIOS/UEFI event logs";
        container bios-event-logs {
          description
            "This is an index referencing the TCG Algorithm
            Registry based on TPM_ALG_ID.";
          uses bios-event-log;
        }
      }
      case ima {
        description
          "IMA event logs";
        container ima-event-logs {
          description
            "This is an index referencing the TCG Algorithm
            Registry based on TPM_ALG_ID.";
          uses ima-event-log;
        }
      }
    }
  }


  rpc tpm2-challenge-response-attestation {
    description
      "This RPC accepts the input for TSS commands of the managed device.
      ComponentIndex from the hardware manager YANG module to refer to
      dedicated TPM in composite devices, e.g. smart NICs, is still a
      TODO.";
    input {
      container tpm2-attestation-challenge {
        description
          "This container includes every information element defined
           in the reference challenge-response interaction model for
           remote attestation. Corresponding values are based on
           TPM 2.0 structure definitions";
        uses pcr-selection;
        uses nonce;
        uses signature-scheme;
        uses attestation-key-identifier;
      }
      uses tpm-name;
    }
    output {
      list tpm2-attestation-response {
        key tpm_name;
        description
          "The binary output of TPM2b_Quote. An TPMS_ATTEST structure



Birkholz, et al.       Expires September 13, 2019              [Page 15]


Internet-Draft                    BRAT                        March 2019


          including a length, encapsulated in a signature";
        uses tpm-name;
        uses node-uptime;
        uses compute-node;
        container tpms-attest {
          leaf pcrdigest {
            type binary;
            description
              "split out value of TPMS_QUOTE_INFO for convenience";
          }
          leaf tpms-attest-result {
            type binary;
            description
              "The complete TPM generate structure including signature.";
          }
          leaf tpms-attest-result-length {
            type uint32;
            description
              "Length of attest result provided by the TPM structure.";
          }
          description
            "A composite of value and length and list of selected
            pcrs (original name: [type]attested)";
        }
        leaf tpmt-signature {
          type binary;
          description
             "Split out value of the signature for convenience. TODO: check for length values that complent binary value data node leafs.";
        }
      }
    }
  }

  rpc basic-trust-establishment {
    description
      "This RPC creates a tpm-resident, non-migratable key to be used
      in TPM_Quote commands, an attestation certificate.";
    input {
      uses nonce;
      uses signature-scheme;
      uses tpm-name;
      leaf certificate-name {
         type string;
         description
         "An arbitrary name for the identity certificate chain requested.";
      }
    }
    output {



Birkholz, et al.       Expires September 13, 2019              [Page 16]


Internet-Draft                    BRAT                        March 2019


    list attestation-certificates {
      key tpm_name;
      description
        "Attestation Certificate data from a TPM identified by the TPM name";
      uses tpm-name;
      uses node-uptime;
      uses compute-node;
      leaf certificate-name {
         type string;
         description
         "An arbitrary name for this identity certificate or certificate chain.";
      }
      leaf attestation-certificate {
        description
          "The binary signed certificate chain data for this identity certificate.";
        type ietfct:end-entity-cert-cms;
      }
      uses attestation-key-identifier;
    }
    }
  }

  rpc log-retrieval {
    description
      "Logs Entries are either identified via indices or via providing
      the last line received. The number of lines returned can be limited.
      The type of log is a choice that can be
      augmented.";
    input {
      list log-selector {
        key node-name;
        description
         "Selection of log entries to be reported.";
        uses compute-node;
        choice index-type {
          description
             "Last log entry received, log index number, or timestamp.";

          case last-entry {
            description
              "The last entry of the log already retrieved.";
            leaf last-entry-value {
              description
              "Content of an log event which matches 1:1 with a
              unique event record contained within the log.  Log
              entries subsequent to this will be passed to the
              requestor.  Note: if log entry values are not unique,
              this MUST return an error.";



Birkholz, et al.       Expires September 13, 2019              [Page 17]


Internet-Draft                    BRAT                        March 2019


              type binary;
            }
          }
          case index {
            description
              "Numeric index of the last log entry retrieved, or zero.";
            leaf index-number {
              description
              "The numeric index number of a log entry.  Zero means
              to start at the beginning of the log.   Entries
              subsequent to this will be passed to the
              requestor.";
              type uint64;
            }
          }
          case timestamp {
            leaf timestamp {
              type yang:date-and-time;
              description
                "Timestamp from which to start the extraction.  The next
                log entry subsequent to this timestamp is to be sent.";
            }
            description
              "Timestamp from which to start the extraction.";
          }
        }
      }
      uses log-identifier;
      uses pcr-selection;
      leaf log-entry-quantity {
        type uint16;
        description
         "The number of log entries to be returned. If omitted, it
         means all of them.";
      }
    }
    output {
      container system-event-logs {
         description
         "The requested data of the measurement event logs";
         list node-data {
           key node-name;
           description
           "Event logs of a node in a distributed system
            identified by the node name";
           uses compute-node;
           uses node-uptime;
           list tpm-updated {



Birkholz, et al.       Expires September 13, 2019              [Page 18]


Internet-Draft                    BRAT                        March 2019


             key tpm_name;
             description
             "TPM these events may have recorded data in";
             uses tpm-name;
           }
           container log-result {
             description
             "The requested entries of the corresponding log.";
             uses event-logs;
           }
         }
       }
     }
   }
  container rats-support-structures {
    leaf-list supported-algos {
      type uint16;
      description
        "Supported TPM_ALG_ID values for the TPM in question.
        Will include ComponentIndex soon.";
    }
  list tpms {
      key tpm_name;
      uses tpm-name;
      description
        "A list of TPMs in this composite
         device that rats can be conducted with.";
    }
  list compute-nodes {
      key node-name;
      uses compute-node;
      description
        "A list names of hardware components in this composite
         device that rats can be conducted with.";
   }
   container endorsement-certificates {
      list certificate {
        key tpm_name;
        uses tpm-name;
        description
          "The TPM's endorsement-certificate.";
        leaf endorsement-certificate {
          type binary;
          mandatory true;
          description
            "The signed pulic endorsement key (EK) and corresponding claims
             (EK Certificate). In a TPM 2.0 the EK Certificate resides in a
             well-defined NVRAM location by the TPM vednor.";



Birkholz, et al.       Expires September 13, 2019              [Page 19]


Internet-Draft                    BRAT                        March 2019


        }
      }
    description
      "Basic information elements to enable RATS.";
    }
  config false;
  }
}
<CODE ENDS>

3.  IANA considerations

   This document will include requests to IANA:

   To be defined yet.

4.  Security Considerations

   There are always some.

5.  Acknowledgements

   Not yet.

6.  Change Log

   Changes from version 00 to version 01:

   o  Addressed author's comments

   o  Extended complementary details about attestation-certificates

   o  Relabeled chunk-size to log-entry-quantity

   o  Relabeled location with compute-node or tpm-name where appropriate

   o  Added a valid entity-mib physical-index to compute-node and tpm-
      name to map it back to hardware inventory

   o  Relabeled name to tpm_name

   o  Removed event-string in last-entry

7.  References







Birkholz, et al.       Expires September 13, 2019              [Page 20]


Internet-Draft                    BRAT                        March 2019


7.1.  Normative References

   [I-D.birkholz-reference-ra-interaction-model]
              Birkholz, H. and M. Eckel, "Reference Interaction Model
              for Challenge-Response-based Remote Attestation", draft-
              birkholz-reference-ra-interaction-model-01 (work in
              progress), January 2019.

   [I-D.ietf-netconf-crypto-types]
              Watsen, K. and H. Wang, "Common YANG Data Types for
              Cryptography", draft-ietf-netconf-crypto-types-05 (work in
              progress), March 2019.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

7.2.  Informative References

   [I-D.birkholz-attestation-terminology]
              Birkholz, H., Wiseman, M., and H. Tschofenig, "Reference
              Terminology for Remote Attestation Procedures", draft-
              birkholz-attestation-terminology-02 (work in progress),
              July 2018.

Authors' Addresses

   Henk Birkholz
   Fraunhofer SIT
   Rheinstrasse 75
   Darmstadt  64295
   Germany

   Email: henk.birkholz@sit.fraunhofer.de


   Michael Eckel
   Huawei Technologies
   Feldbergstrasse 78
   Darmstadt  64293
   Germany

   Email: michael.eckel@huawei.com







Birkholz, et al.       Expires September 13, 2019              [Page 21]


Internet-Draft                    BRAT                        March 2019


   Shwetha Bhandari
   Cisco Systems

   Email: shwethab@cisco.com


   Bill Sulzen
   Cisco Systems

   Email: bsulzen@cisco.com


   Eric Voit
   Cisco Systems

   Email: evoit@cisco.com


   Guy C. Fedorkow
   Juniper Networks
   10 Technology Park Drive
   Westford, Massachusetts  01886

   Email: gfedorkow@juniper.de



























Birkholz, et al.       Expires September 13, 2019              [Page 22]