Open orangecms opened 2 years ago
related analysis issues from Fiedka:
As pointed out by @twelho, the whole thing only makes sense when mandating reproducibility at least.
We should make this clear in the spec, and ideally, add bootstrappability as well.
Auditable Firmware Implementation
Goal
AFI aims to supply a standard for certifying firmware auditability.
Specification
AFI manifest struct v1:
Add length and type to each ref for flexibility, support multi-hash, signatures, etc, similar to TPM 2.0 log entries.
The refs must be resolvable, can be a QR code etc in a GUI or TUI provided
Providing sources, schematics and board view files under OSI/CC licenses and adding repository references is encouraged for sustainability and open auditability. At least there must be release notes with accompanying hashes (similar to checksums often found besides file downloads) to verify the AFI hashes against, which is one way to resolve the hashes.
At least one third party must provide a correspondig verification (attestation). Note: An external verifier reading a firmware image from an offline device is the only actual guarantee to check integrity. Such a verifier could be flashrom plus some extra tool, potentially Fiedka.
The SLSA framework addresses some of those issues a bit more. Key points lie in reasoning:
See also
Related Discussions