ietf-rats-wg · henkbirkholz · Oct 12, 2023 · Nov 24, 2023 · henkbirkholz · Nov 29, 2023
diff --git a/cddl/corim-frags.mk b/cddl/corim-frags.mk
@@ -13,7 +13,8 @@ COMID_FRAGS += cose-label-and-value.cddl
 COMID_FRAGS += coswid-triple-record.cddl
 COMID_FRAGS += crypto-key-type-choice.cddl
 COMID_FRAGS += domain-dependency-triple-record.cddl
-COMID_FRAGS += domain-membership-triple-record.cddl
+COMID_FRAGS += group-membership-triple-record.cddl
+COMID_FRAGS += mec-endorsement-triple-record.cddl
 COMID_FRAGS += domain-type-choice.cddl
 COMID_FRAGS += endorsed-triple-record.cddl
 COMID_FRAGS += entity-map.cddl

diff --git a/cddl/domain-membership-triple-record.cddl b/cddl/domain-membership-triple-record.cddl
diff --git a/cddl/examples/comid-domain-mem.diag b/cddl/examples/comid-domain-mem.diag
@@ -8,107 +8,32 @@
   }
   ],
   / triples / 4 : {
-    / membership-triples / 5 : [
-      [ / domain - text / "XYZ_Root-of-trust",
-        [
-          / environment-map / {
-            / ** A Root of Trust module ** /
-            / comid.class / 0 : {
-                / comid.class-id / 0 :
-                  / tagged-oid-type / 111(h'0607517B010F6201'), / 2.1.123.1.15.98.1 /
-                / comid.vendor / 1 : "XYZ.example"
-            }
-          }
-        ]
-      ],
-      [ / domain - int / 1,
-        [
-          / environment-map / {
-            / ** Layer 1 loader module 1 ** /
-            / comid.class / 0 : {
-                / comid.class-id / 0 :
-                  / tagged-oid-type / 111(h'0607517B010F0801'), / 2.1.123.1.15.8.1 /
-                / comid.vendor / 1 : "LoadInc.example",
-                / comid.layer / 3 : 1
-            }
-          },
-          / environment-map / {
-            / ** Layer 1 loader module 2 ** /
-            / comid.class / 0 : {
-              / comid.class-id / 0 :
-                / tagged-oid-type / 111(h'0607517B010F0802'), / 2.1.123.1.15.8.2 /
-              / comid.vendor / 1 : "LoadInc.example",
-              / comid.layer / 3 : 1
-            }
+    / group-triples / 5 : [
+      [
+        / environment-map / {
+          / comid.class / 0 : {
+            / comid.class-id / 0 : / tagged-oid-type / 111(h'0607517B010F6201'), / 2.1.123.1.15.98.1 /
+            / comid.vendor / 1 : "ACME Ltd.",
+            / comid.model /  2 : "PSA RoT X"
           }
-        ]
-      ],
-      [ / domain - text / "L1-extension",
-        [
-          / environment-map / {
-            / ** L1 Extension module 1 ** /
-            / comid.class / 0 : {
-              / comid.class-id / 0 :
-                / tagged-oid-type / 111(h'0607517B010F0903'), / 2.1.123.1.15.9.3 /
-              / comid.vendor / 1 : "LoadInc.example",
-              / comid.layer / 3 : 1
-            }
-          }
-        ]
-      ],
-      [ / domain - tagged-uuid-type / 37(
-              h'67b28b6c34cc40a19117ab5b05911e37'
-            ),
-        [
-          / environment-map / {
-            / ** Layer 2 design module 1 ** /
-            / comid.class / 0 : {
-                / comid.class-id / 0 :
-                  / tagged-oid-type / 111(h'0607517B010F0401'), /  2.1.123.1.15.4.1 /
-                / comid.vendor / 1 : "FPGAsRuS.example",
-                / comid.layer / 3 : 2
-            }
-          },
-          / environment-map / {
-            / ** Layer 2 design module 2 ** /
-            / comid.class / 0 : {
-              / comid.class-id / 0 :
-                / tagged-oid-type / 111(h'0607517B010F0402'), / 2.1.123.1.15.4.2 /
-              / comid.vendor / 1 : "FPGAsRuS.example",
-              / comid.layer / 3 : 2
-            }
-          },
-          / environment-map / {
-            / ** Layer 2 design module 3 ** /
-            / comid.class / 0 : {
-              / comid.class-id / 0 :
-                / tagged-oid-type / 111(h'0607517B010F0403'), / 2.1.123.1.15.4.3 /
-              / comid.vendor / 1 : "FPGAsRuS.example",
-              / comid.layer / 3 : 2
-            }
-          }
-        ]
-      ],
-      [ / domain - tagged-oid-type / 111(h'6086480186F84D010F0401'), / 2.16.840.1.113741.1.15.4.1 /
+        },
         [
           / environment-map / {
-            / ** ISV App module 1 ** /
             / comid.class / 0 : {
-              / comid.class-id / 0 :
-                / tagged-oid-type / 111(h'0607517B010F046301'), / 2.1.123.1.15.4.99.1 /
-              / comid.vendor / 1 : "ISV-App.example"
+              / comid.class-id / 0 : 37(h'57057d658db1403b9e387f9f0fa604cf'),
+              / comid.vendor /   1 : "FW Manufacturer X",
+              / comid.model /    2 : "BL"
             }
           },
           / environment-map / {
-            / ** ISV App module 2 ** /
             / comid.class / 0 : {
-              / comid.class-id / 0 :
-                / tagged-oid-type / 111(h'0607517B010F046302'), / 2.1.123.1.15.4.99.2 /
-              / comid.vendor / 1 : "ISV-App.example"
+              / comid.class-id / 0 : 37(h'993a383a41134c999c333a13414a546d'),
+              / comid.vendor /   1 : "FW Manufacturer X",
+              / comid.model /    2 : "TF-M"
             }
           }
         ]
       ]
     ]
   }
-}
+}
diff --git a/cddl/group-membership-triple-record.cddl b/cddl/group-membership-triple-record.cddl
@@ -0,0 +1,4 @@
+environment-bundle-triple-record = [
+  lead: environment-map
+  subs: [ + environment-map ]
+]
diff --git a/cddl/mec-endorsement-triple-record.cddl b/cddl/mec-endorsement-triple-record.cddl
@@ -0,0 +1,5 @@
+multi-env-conditional-endorsement-triple-record = [
+  env: environment-map
+  ends: [ + measurement-values-map ]
+  cond: [ + stateful-environment-record ]
+]
-multi-env-conditional-endorsement-triple-record = [
-  env: environment-map
-  ends: [ + measurement-values-map ]
-  cond: [ + stateful-environment-record ]
-]
+multi-env-conditional-endorsement-triple-record = [
+  cond: [ + stateful-environment-record ]
+  env: environment-map
+  ends: [ + measurement-values-map ]
+]
-multi-env-conditional-endorsement-triple-record = [
-  env: environment-map
-  ends: [ + measurement-values-map ]
-  cond: [ + stateful-environment-record ]
-]
+multi-env-conditional-endorsement-triple-record = [
+  cond: [ + stateful-environment-record ]
+  env: environment-map
+  ends: [ + measurement-values-map ]
+]
diff --git a/cddl/triples-map.cddl b/cddl/triples-map.cddl
@@ -10,12 +10,14 @@ triples-map = non-empty<{
   ? &(dependency-triples: 4) =>
     [ + domain-dependency-triple-record ]
   ? &(membership-triples: 5) =>
-    [ + domain-membership-triple-record ]
+    [ + environment-bundle-triple-record ]
   ? &(coswid-triples: 6) =>
     [ + coswid-triple-record ]
   ? &(conditional-endorsement-series-triples: 8) =>
     [ + conditional-endorsement-series-triple-record ]
   ? &(conditional-endorsement-triples: 9) =>
     [ + conditional-endorsement-triple-record ]
+  ? &(mec-endorsement-triples: 10) =>
+    [ + multi-env-conditional-endorsement-triple-record ]
   * $$triples-map-extension
 }>
@@ -569,7 +569,7 @@ The following triples are currently defined:
 * Device Identity triples: containing cryptographic credentials - for example, an IDevID - uniquely identifying a device ({{sec-comid-triple-identity}}).
 * Attestation Key triples: containing cryptographic keys that are used to verify the integrity protection on the Evidence received from the Attester ({{sec-comid-triple-attest-key}}).
 * Domain dependency triples: describing trust relationships between domains, i.e., collection of related environments and their measurements ({{sec-comid-triple-domain-dependency}}).
-* Domain membership triples: describing topological relationships between (sub-)modules. For example, in a composite Attester comprising multiple sub-Attesters (sub-modules), this triple can be used to define the topological relationship between lead- and sub- Attester environments ({{sec-comid-triple-domain-membership}}).
+* Environment bundle triples: describing topological relationships between (sub-)modules. For example, in a composite Attester comprising multiple sub-Attesters (sub-modules), this triple can be used to define the topological relationship between lead- and sub- Attester environments ({{sec-comid-triple-environment-bundle}}).
 * CoMID-CoSWID linking triples: associating a Target Environment with existing CoSWID tags ({{sec-comid-triple-coswid}}).
 
 ## Structure
@@ -736,7 +736,7 @@ The following describes each member of the `triples-map`:
   between domains.  Described in {{sec-comid-triple-domain-dependency}}.
 
 * `membership-triples` (index 5): Triples describing topological relationships
-  between (sub-)modules.  Described in {{sec-comid-triple-domain-membership}}.
+  between (sub-)modules.  Described in {{sec-comid-triple-environment-bundle}}.
 
 * `coswid-triples` (index 6): Triples associating modules with existing CoSWID
   tags. Described in {{sec-comid-triple-coswid}}.
@@ -822,7 +822,7 @@ UEID, UUID, or cryptographic key identifier.
 {::include cddl/instance-id-type-choice.cddl}
 ~~~
 
-##### Group
+##### Group
 
 A group carries a unique identifier that is reliably bound to a group of
 Attesters, for example when a number of Attester are hidden in the same
@@ -1173,19 +1173,87 @@ trustworthiness properties of the subject domain exists.
 {::include cddl/domain-dependency-triple-record.cddl}
 ~~~
 
-#### Domain Membership Triple {#sec-comid-triple-domain-membership}
+#### Environmnent Bundle Triple {#sec-comid-triple-environment-bundle}
 
-A Domain Membership triple assigns domain membership to environments.  The
-subject identifies a domain ({{sec-comid-domain-type}}) that has a predicate
-relationship to the object containing one or more environments.  Endorsed
-environments ({{sec-comid-triple-endval}}) membership is conditional upon
-successful matching of Reference Values ({{sec-comid-triple-refval}}) to
-Evidence.
+In order to model hierarchical device composition, CoRIM authors need to identify all components in the composite device (see {{Section 3.3 of -rats-arch}}).
+An environment bundle describes all target environments that a certain attesting environment is generating evidence about.
+The parent-child relationship between the attesting environment and all target environments in question is expressed via the environment bundle triple:
 
 ~~~ cddl
-{::include cddl/domain-membership-triple-record.cddl}
+{::include cddl/group-membership-triple-record.cddl}
 ~~~
 
+In the example composite device in {{composite}}, `env-1` is the Attesting Environment for `env-2` and `env-3`, while `env-2` is the Attesting Environment for `env-4`.
+Appraisal starts from the top of the device hierarchy (`env-1`) and descends through all the sub-trees until all Target Environments have been visited.
+
+~~~ aasvg
+.-------.
+| env-1 |
+'---+---'
+    |  .-------.
+    +--+ env-2 |
+    |  '---+---'
+    |      |  .-------.
+    |      +--+ env-4 |
+    |         '-------'
+    |  .-------.
+    +--+ env-3 |
+       '-------'
+~~~
+{: #composite artwork-align="center" title="Example Environments Composition"}
+
+The two following group triples model the device hierarchy:
+
+* The top-level with `env-1` as lead attester:
+
+~~~
+environment-bundle-triple-record = [
+  lead: env-1
+  subs: [ env-2, env-3 ]
+]
+~~~
+
+* The sub-attester rooted at `env-2`:
+
+~~~
+environment-bundle-triple-record = [
+  lead: env-2
+  subs: [ env-4 ]
+]
+~~~
+
+The `lead` environment is the environment bundle name.
+Since it is expressed as an `environment-map`, it can itself appear as one of the `subs` elements of other `environment-bundle-triple-record`, thus allowing recursive composition.
+
+The scope of a single `environment-bundle-triple-record` encompasses exactly two adjacent layers in a layered Attester.
+
+#### Multi-Environment Conditional (MEC) Endorsements Triple {#sec-comid-triple-mec-endorsements}
+
+The semantics of the Multi-Environment Conditional (MEC) Endorsements Triple is as follows:
+
+> "IF accepted state matches the `cond` value, THEN `env` is associated with the endorsed value(s) `ends`."
+
+~~~ cddl
+{::include cddl/mec-endorsement-triple-record.cddl}
+~~~
+
+A `multi-env-conditional-endorsement-triple-record` has the following parameters:
+
+* `env`: the environment to which the endorsed value (conditionally) applies
+* `ends`: the endorsed value(s) associated with `env`
+* `cond`: all target environments, along with a specific state, that need to match in order for the endorsement(s) to apply
+
+All the entries in `cond` MUST match.
+
+The order in which MEC Endorsement triples are evaluated is important: different sorting may produce different end-results in the computed ACS.
+
+Therefore, the set of applicable MEC Endorsement triple MUST be topologically sorted based on the criterion that a MEC Endorsement triple is evaluated before another if its Target Environment and Endorsement pair is found in any of the stateful environments of the second triple.
+
+Notes:
+
+* In order to give the expected result, the condition must describe the expected context completely.
+* The scope of a single MEC triple encompasses an arbitrary amount of environments across all layers in an Attester.
+
 #### CoMID-CoSWID Linking Triple {#sec-comid-triple-coswid}
 
 A CoSWID triple relates reference measurements contained in one or more CoSWIDs