Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages
RFC 4108
Document | Type |
RFC - Proposed Standard
(August 2005; Errata)
Was draft-housley-cms-fw-wrap (individual in sec area)
|
|
---|---|---|---|
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4108 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Sam Hartman | ||
Send notices to | (None) |
Network Working Group R. Housley Request for Comments: 4108 Vigil Security Category: Standards Track August 2005 Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes the use of the Cryptographic Message Syntax (CMS) to protect firmware packages, which provide object code for one or more hardware module components. CMS is specified in RFC 3852. A digital signature is used to protect the firmware package from undetected modification and to provide data origin authentication. Encryption is optionally used to protect the firmware package from disclosure, and compression is optionally used to reduce the size of the protected firmware package. A firmware package loading receipt can optionally be generated to acknowledge the successful loading of a firmware package. Similarly, a firmware package load error report can optionally be generated to convey the failure to load a firmware package. Housley Standards Track [Page 1] RFC 4108 Using CMS to Protect Firmware Packages August 2005 Table of Contents 1. Introduction ....................................................3 1.1. Terminology ................................................5 1.2. Architectural Elements .....................................5 1.2.1. Hardware Module Requirements ........................7 1.2.2. Firmware Package Requirements .......................8 1.2.3. Bootstrap Loader Requirements .......................9 1.2.3.1. Legacy Stale Version Processing ...........11 1.2.3.2. Preferred Stale Version Processing ........12 1.2.4. Trust Anchors ......................................12 1.2.5. Cryptographic and Compression Algorithm Requirements .......................................13 1.3. Hardware Module Security Architecture .....................14 1.4. ASN.1 Encoding ............................................14 1.5. Protected Firmware Package Loading ........................15 2. Firmware Package Protection ....................................15 2.1. Firmware Package Protection CMS Content Type Profile ......18 2.1.1. ContentInfo ........................................18 2.1.2. SignedData .........................................18 2.1.2.1. SignerInfo ................................19 2.1.2.2. EncapsulatedContentInfo ...................20 2.1.3. EncryptedData ......................................20 2.1.3.1. EncryptedContentInfo ......................21 2.1.4. CompressedData .....................................21 2.1.4.1. EncapsulatedContentInfo ...................22 2.1.5. FirmwarePkgData ....................................22 2.2. Signed Attributes .........................................22 2.2.1. Content Type .......................................23 2.2.2. Message Digest .....................................24 2.2.3. Firmware Package Identifier ........................24 2.2.4. Target Hardware Module Identifiers .................25 2.2.5. Decrypt Key Identifier .............................26 2.2.6. Implemented Crypto Algorithms ......................26 2.2.7. Implemented Compression Algorithms .................27 2.2.8. Community Identifiers ..............................27 2.2.9. Firmware Package Information .......................29 2.2.10. Firmware Package Message Digest ...................30 2.2.11. Signing Time ......................................30 2.2.12. Content Hints .....................................31 2.2.13. Signing Certificate ...............................31 2.3. Unsigned Attributes .......................................32 2.3.1. Wrapped Firmware Decryption Key ....................33 3. Firmware Package Load Receipt ..................................34 3.1. Firmware Package Load Receipt CMS Content Type Profile ....36 3.1.1. ContentInfo ........................................36 Housley Standards Track [Page 2]Show full document text