Below > On Aug 20, 2022, at 1:38 PM, Michael Richardson <[email protected]> wrote: > > Gyan Mishra via Datatracker <[email protected] <mailto:[email protected]>> > wrote: > >> Section 3 describes the environment of an attester. Section >> 3.2 clearly describes a layered environment, however section 3.3 >> describes a composite environment using a carrier grade router as an >> example. I think here the composite should be described just as is >> done in the layer environment section but not referencing an >> environment use case that may not be applicable to RAT. > > I guess I don't really follow what you are suggesting here. > >> So within a >> carrier grade router chassis the backplane communication is all done >> vendor proprietary no external elements so I don’t see how trust comes >> into play as well as the backplane communication is hardware bus >> elements for backplane throughput for the LC and then as well router OS >> software component for the backplane communication. I think maybe >> choosing a better example that applies to RAT composite environment >> would be better. > > Yes, the way in which the Evidence is relayed is vendor proprietary, but the > the Evidence and/or Attestation Results are then relayed to an external > verifier.
I don’t know anything about router architecture, but do about mobile phone architecture which I consider a candidate for composite attestation. A mobile phone based on a chip like a Qualcomm Snapdragon has many subsystems. Something like this: - A TEE and/or HW root of trust, perhaps controlled by the chip vendor, not the phone vendor - A Secure Element for payments or eSIM - A SIM card - The general purpose CPU running Android and is controlled by the phone vendor - A video playback subsystem that does content protection and is isolated from the main CPU - A cellular modem - A Bluetooth subsystem isolated from the modem - … There are several tiers of security and multiple vendors. LL
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
