datatracker.ietf.org
Sign in
Version 5.12.0.p2, 2015-03-02
Report a bug

Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages
RFC 4108

Document type: RFC - Proposed Standard (August 2005; Errata)
Was draft-housley-cms-fw-wrap (individual in sec area)
Document stream: IETF
Last updated: 2014-09-05
Other versions: plain text, pdf, html
IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned
IESG State: RFC 4108 (Proposed Standard)
Responsible AD: Sam Hartman
Send notices to: housley@vigilsec.com
Email Authors | IPR Disclosures | References | Referenced By | Check nits | History feed | Search Mailing Lists 
Network Working Group                                         R. Housley
Request for Comments: 4108                                Vigil Security
Category: Standards Track                                    August 2005

 Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes the use of the Cryptographic Message Syntax
   (CMS) to protect firmware packages, which provide object code for one
   or more hardware module components.  CMS is specified in RFC 3852.  A
   digital signature is used to protect the firmware package from
   undetected modification and to provide data origin authentication.
   Encryption is optionally used to protect the firmware package from
   disclosure, and compression is optionally used to reduce the size of
   the protected firmware package.  A firmware package loading receipt
   can optionally be generated to acknowledge the successful loading of
   a firmware package.  Similarly, a firmware package load error report
   can optionally be generated to convey the failure to load a firmware
   package.

Housley                     Standards Track                     [Page 1]
RFC 4108         Using CMS to Protect Firmware Packages      August 2005

Table of Contents

   1. Introduction ....................................................3
      1.1. Terminology ................................................5
      1.2. Architectural Elements .....................................5
           1.2.1. Hardware Module Requirements ........................7
           1.2.2. Firmware Package Requirements .......................8
           1.2.3. Bootstrap Loader Requirements .......................9
                  1.2.3.1. Legacy Stale Version Processing ...........11
                  1.2.3.2. Preferred Stale Version Processing ........12
           1.2.4. Trust Anchors ......................................12
           1.2.5. Cryptographic and Compression Algorithm
                  Requirements .......................................13
      1.3. Hardware Module Security Architecture .....................14
      1.4. ASN.1 Encoding ............................................14
      1.5. Protected Firmware Package Loading ........................15
   2. Firmware Package Protection ....................................15
      2.1. Firmware Package Protection CMS Content Type Profile ......18
           2.1.1. ContentInfo ........................................18
           2.1.2. SignedData .........................................18
                  2.1.2.1. SignerInfo ................................19
                  2.1.2.2. EncapsulatedContentInfo ...................20
           2.1.3. EncryptedData ......................................20
                  2.1.3.1. EncryptedContentInfo ......................21
           2.1.4. CompressedData .....................................21
                  2.1.4.1. EncapsulatedContentInfo ...................22
           2.1.5. FirmwarePkgData ....................................22
      2.2. Signed Attributes .........................................22
           2.2.1. Content Type .......................................23
           2.2.2. Message Digest .....................................24
           2.2.3. Firmware Package Identifier ........................24
           2.2.4. Target Hardware Module Identifiers .................25
           2.2.5. Decrypt Key Identifier .............................26
           2.2.6. Implemented Crypto Algorithms ......................26
           2.2.7. Implemented Compression Algorithms .................27
           2.2.8. Community Identifiers ..............................27
           2.2.9. Firmware Package Information .......................29
           2.2.10. Firmware Package Message Digest ...................30
           2.2.11. Signing Time ......................................30
           2.2.12. Content Hints .....................................31
           2.2.13. Signing Certificate ...............................31
      2.3. Unsigned Attributes .......................................32
           2.3.1. Wrapped Firmware Decryption Key ....................33
   3. Firmware Package Load Receipt ..................................34
      3.1. Firmware Package Load Receipt CMS Content Type Profile ....36
           3.1.1. ContentInfo ........................................36

[include full document text]