| rfc9019v2.txt | rfc9019.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) B. Moran | Internet Engineering Task Force (IETF) B. Moran | |||
| Request for Comments: 9019 H. Tschofenig | Request for Comments: 9019 H. Tschofenig | |||
| Category: Informational Arm Limited | Category: Informational Arm Limited | |||
| ISSN: 2070-1721 D. Brown | ISSN: 2070-1721 D. Brown | |||
| Linaro | Linaro | |||
| M. Meriac | M. Meriac | |||
| Consultant | Consultant | |||
| March 2021 | April 2021 | |||
| A Firmware Update Architecture for Internet of Things | A Firmware Update Architecture for Internet of Things | |||
| Abstract | Abstract | |||
| Vulnerabilities in Internet of Things (IoT) devices have raised the | Vulnerabilities in Internet of Things (IoT) devices have raised the | |||
| need for a reliable and secure firmware update mechanism suitable for | need for a reliable and secure firmware update mechanism suitable for | |||
| devices with resource constraints. Incorporating such an update | devices with resource constraints. Incorporating such an update | |||
| mechanism is a fundamental requirement for fixing vulnerabilities, | mechanism is a fundamental requirement for fixing vulnerabilities, | |||
| but it also enables other important capabilities such as updating | but it also enables other important capabilities such as updating | |||
| skipping to change at line 506 ¶ | skipping to change at line 506 ¶ | |||
| | ---- | --|- | | ---- | --|- | |||
| | //+----------+ | \\ | | //+----------+ | \\ | |||
| -+-- // | | | \ | -+-- // | | | \ | |||
| ----/ | ---- |/ | Firmware |<-+ | \ | ----/ | ---- |/ | Firmware |<-+ | \ | |||
| // | \\ | | Server | | | \ | // | \\ | | Server | | | \ | |||
| / | \ / | | + + \ | / | \ / | | + + \ | |||
| / | \ / +----------+ \ / | | / | \ / +----------+ \ / | | |||
| / +--------+--------+ \ / | | | / +--------+--------+ \ / | | | |||
| / | v | \ / v | | / | v | \ / v | | |||
| | | +------------+ | | | +----------------+ | | | | +------------+ | | | +----------------+ | | |||
| | | | Firmware | | | Device | | | | | | Firmware | | | | | Device | | | |||
| | | | Consumer | | | | | Management | | | | | | Consumer | | | | | Management | | | |||
| | | +------------+ | | | | | | | | | +------------+ | | | | | | | |||
| | | +------------+ | | | | +--------+ | | | | | +------------+ | | | | +--------+ | | | |||
| | | | Status |<-+--------------------+-> | | | | | | | | Status |<-+--------------------+-> | | | | | |||
| | | | Tracker | | | | | | Status | | | | | | | Tracker | | | | | | Status | | | | |||
| | | | Client | | | | | | Tracker| | | | | | | Client | | | | | | Tracker| | | | |||
| | | +------------+ | | | | | Server | | | | | | +------------+ | | | | | Server | | | | |||
| | | Device | | | | +--------+ | | | | | Device | | | | +--------+ | | | |||
| | +-----------------+ | \ | | / | | +-----------------+ | \ | | / | |||
| \ / \ +----------------+ / | \ / \ +----------------+ / | |||
| \ Network / \ / | \ Network / \ / | |||
| \ Operator / \ Device Operator / | \ Operator / \ Device Operator / | |||
| \\ // \ \ // | \\ // \\ // | |||
| ---- ---- ---- ---- | ---- ---- ---- ---- | |||
| ----- ----------- | ----- ----------- | |||
| Figure 1: Architecture | Figure 1: Architecture | |||
| Firmware images and manifests may be conveyed as a bundle or | Firmware images and manifests may be conveyed as a bundle or | |||
| detached. The manifest format must support both approaches. | detached. The manifest format must support both approaches. | |||
| For distribution as a bundle, the firmware image is embedded into the | For distribution as a bundle, the firmware image is embedded into the | |||
| manifest. This is a useful approach for deployments where devices | manifest. This is a useful approach for deployments where devices | |||
| skipping to change at line 1173 ¶ | skipping to change at line 1173 ¶ | |||
| [quantum-factorization] | [quantum-factorization] | |||
| Jiang, S., Britt, K.A., McCaskey, A.J., Humble, T.S., and | Jiang, S., Britt, K.A., McCaskey, A.J., Humble, T.S., and | |||
| S. Kais, "Quantum Annealing for Prime Factorization", | S. Kais, "Quantum Annealing for Prime Factorization", | |||
| Scientific Reports 8, December 2018, | Scientific Reports 8, December 2018, | |||
| <https://www.nature.com/articles/s41598-018-36058-z>. | <https://www.nature.com/articles/s41598-018-36058-z>. | |||
| [RATS-ARCH] | [RATS-ARCH] | |||
| Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | |||
| W. Pan, "Remote Attestation Procedures Architecture", Work | W. Pan, "Remote Attestation Procedures Architecture", Work | |||
| in Progress, Internet-Draft, draft-ietf-rats-architecture- | in Progress, Internet-Draft, draft-ietf-rats-architecture- | |||
| 11, 30 March 2021, <https://tools.ietf.org/html/draft- | 12, 23 April 2021, <https://tools.ietf.org/html/draft- | |||
| ietf-rats-architecture-11>. | ietf-rats-architecture-12>. | |||
| [RFC6024] Reddy, R. and C. Wallace, "Trust Anchor Management | [RFC6024] Reddy, R. and C. Wallace, "Trust Anchor Management | |||
| Requirements", RFC 6024, DOI 10.17487/RFC6024, October | Requirements", RFC 6024, DOI 10.17487/RFC6024, October | |||
| 2010, <https://www.rfc-editor.org/info/rfc6024>. | 2010, <https://www.rfc-editor.org/info/rfc6024>. | |||
| [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service | [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service | |||
| Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, | Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, | |||
| <https://www.rfc-editor.org/info/rfc6763>. | <https://www.rfc-editor.org/info/rfc6763>. | |||
| [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for | [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for | |||
| End of changes. 4 change blocks. | ||||
| 5 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||