OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [virtio-comment] Re: [PATCH] Add virtio rpmb device specification


On Tue, Jul 30, 2019 at 05:51:24AM +0000, Huang, Yang wrote:
> > > +\item The device MUST authenticate write operation by MAC calculated
> > > +   by authentication key and monotonic write counter .
> > 
> > authenticate how?
> 
> 1. compare the monotonic write counter in RPMB frame with the one recorded in device. Make sure the two values are equal. This counter protects from replay attack.
> 2. calculate the MAC by RPMB key(recorded by device at the first program key request from guest) and the RPMB frame received from driver. Compare this MAC with the MAC in RPMB frame. Make sure the two MACs are same. It protects data from tampering by the attacks who doesn't have RPMB key.
> After 1&2 are authenticated, a write operation will be performed.
> 
> Should include these details into spec?

Looks more like validation.

So if you add a conformance statement you need
to explain what is the device supposed to do.

E.g if you talk about write counter define what it is previously.



-- 
MST


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]