diff --git a/tech-doc/tech-spec.tex b/tech-doc/tech-spec.tex index 5a80bf0..d9af664 100644 --- a/tech-doc/tech-spec.tex +++ b/tech-doc/tech-spec.tex @@ -1,5 +1,6 @@ \documentclass[twoside,a4paper]{article} +\usepackage{adjustbox} \usepackage{amsmath} \usepackage{amssymb} \usepackage{booktabs} @@ -154,9 +155,44 @@ In the most simplistic model, the boot procedure that will be performed is as fo The communication between the host device and the TBM follows a client-server model where the host devices sends requests to the TBM over serial. +\subsection{Design} + +\begin{figure}[H] +\centering +\begin{adjustbox}{width=\textwidth,center} +\begin{tikzpicture} +\draw[thick,draw=gray!70,->] (-0.2,0) node[left] {\tt\small\uppercase{TBM}} -- (15,0); +\draw[thick,draw=gray!70,->] (-0.2,4) node[left] {\tt\small\uppercase{ROTS}} -- (15,4); + +\draw[thick,draw=green!70!black,dashed] (0,0) -- ++(0,4) node[midway, sloped, below] {\tt\small\uppercase{trusted}}; + +\draw[thick,draw=blue!30,->] (1, 4) -- ++(.5,-4) node[midway, sloped, below] {\tt\small\uppercase{hi }}; +\draw[thick,draw=red!30,->] (1.75, 0) -- ++(.5,4) node[midway, sloped, below] {\tt\small\uppercase{hello }}; + +\draw[thick,draw=blue!30,->] (3, 4) -- ++(.5,-4) node[midway, sloped, below] {\tt\small\uppercase{ls certs}}; +\draw[thick,draw=red!30,->] (3.75, 0) -- ++(.5,4) node[midway, sloped, below] {\tt\small\uppercase{}}; + +\draw[thick,draw=blue!30,->] (5, 4) -- ++(.5,-4) node[midway, sloped, below] {\tt\small\uppercase{cat certs/cert.crt}}; +\draw[thick,draw=red!30,->] (5.75, 0) -- ++(.5,4) node[midway, sloped, below] {\tt\small\uppercase{}}; + +\draw[thick,draw=blue!30,->] (7, 4) -- ++(.5,-4) node[midway, sloped, below] {\tt\small\uppercase{time}}; +\draw[thick,draw=red!30,->] (7.75, 0) -- ++(.5,4) node[midway, sloped, below] {\tt\small\uppercase{1501842512}}; + +\draw[thick,draw=blue!30,->] (9, 4) -- ++(.5,-4) node[midway, sloped, below] {\tt\small\uppercase{booting }}; +\draw[thick,draw=red!30,->] (9.75, 0) -- ++(.5,4) node[midway, sloped, below] {\tt\small\uppercase{ok}}; + +\draw[thick,draw=red!70!black,dashed] (11, 0) -- ++(0, 4) node[midway, sloped, below] {\tt\small\uppercase{untrusted}}; + +\draw[thick,draw=blue!30,->] (12, 4) -- ++(.5,-4) node[midway, sloped, below] {\tt\small\uppercase{booting ok}}; +\draw[thick,draw=red!30,->] (12.75, 0) -- ++(.5,4) node[midway, sloped, below] {\tt\small\uppercase{ok}}; +\end{tikzpicture} +\end{adjustbox} +\caption{protocol diagram.} +\end{figure} + \subsection{Clock Drift} -To cope with clock drift the real-time clock has to be synchronised with an external clock. The most straight-forward method to support this within the protocol is to allow an absolute time to be set. However, this should only be allowed from the read-only trusted stage. An alternative method is to allow the clock to be corrected by introducing a limited amount of additional ticks or to stop the clock for a limited amount of ticks. By having limited correction, the clock can still be synchronised while an attacker cannot change the clock by more than a negligible factor each year. +To cope with clock drift the real-time clock has to be synchronised with an external clock. The most straight-forward method to support this within the protocol is to allow an absolute time to be set. However, this should only be allowed from the read-only trusted stage. An alternative method is to allow the clock to be corrected by introducing a limited amount of additional ticks or to stop the clock for a limited amount of ticks. By having limited correction, the clock can still be synchronised while an attacker cannot change the clock by more than a negligible factor each year. \section{Features}