ietf-rats-wg · deeglaze · Dec 18, 2024 · Jan 26, 2025 · Jan 29, 2025 · Jan 30, 2025
diff --git a/cddl/cbor-tags.txt b/cddl/cbor-tags.txt
@@ -15,3 +15,6 @@ tagged-bytes = #6.560(bytes)
 tagged-cert-path-thumbprint-type = #6.561(digest)
 tagged-pkix-asn1der-cert-type = #6.562(bstr)
 tagged-masked-raw-value = #6.563([
+tagged-int-eq = #6.564(int-eq)
+tagged-int-range = #6.565(int-range)
+
diff --git a/cddl/corim-frags.mk b/cddl/corim-frags.mk
@@ -23,6 +23,7 @@ COMID_FRAGS += group-id-type-choice.cddl
 COMID_FRAGS += identity-triple-record.cddl
 COMID_FRAGS += instance-id-type-choice.cddl
 COMID_FRAGS += ip-addr-type-choice.cddl
+COMID_FRAGS += linear-privilege-level.cddl
 COMID_FRAGS += linked-tag-map.cddl
 COMID_FRAGS += mac-addr-type-choice.cddl
 COMID_FRAGS += measured-element-type-choice.cddl
@@ -98,6 +99,7 @@ INTREP_FRAGS += flags-map.cddl
 INTREP_FRAGS += raw-value.cddl
 INTREP_FRAGS += tagged-masked-raw-value.cddl
 INTREP_FRAGS += tagged-bytes.cddl
+INTREP_FRAGS += linear-privilege-level.cddl
 INTREP_FRAGS += mac-addr-type-choice.cddl
 INTREP_FRAGS += ip-addr-type-choice.cddl
 INTREP_FRAGS += ueid.cddl

diff --git a/cddl/examples/comid-7.diag b/cddl/examples/comid-7.diag
@@ -0,0 +1,24 @@
+/ concise-mid-tag / {
+  / comid.tag-identity / 1 : {
+    / comid.tag-id / 0 : h'3827e03b25dd454cb36a679c923af51f'
+  },
+  / comid.entity / 2 : [ {
+    / comid.entity-name / 0 : "ACME Inc.",
+    / comid.reg-id / 1 : 32("https://acme.example"),
+    / comid.role / 2 : [ 0 ] / tag-creator /
+  } ],
+  / comid.triples / 4 : {
+    / comid.reference-triples / 0 : [ [
+      / environment-map / {
+        / comid.instance / 1 : / tagged-pkix-base64-key-type / 554("base64_key_X")
+      },
+      [
+        / measurement-map / {
+          / comid.mval / 1 : {
+            / comid.linear-privlevel / 15 : 565([/ min: / 1, / max: / Infinity])
+          }
+        }
+      ]
+    ] ]
+  }
+}
diff --git a/cddl/linear-privilege-level.cddl b/cddl/linear-privilege-level.cddl
@@ -0,0 +1,8 @@
+linear-privlevel-type-choice /= signed-integer-range-type-choice
+signed-integer-range-type-choice = int-eq / int-range / tagged-int-eq / tagged-int-range
+int-eq = int
+int-range = [min: inf-int, max: inf-int]
+tagged-int-eq = #6.564(int-eq)
+tagged-int-range = #6.565(int-range)
+inf-int = -Infinity / int / Infinity
+
diff --git a/cddl/measurement-values-map.cddl b/cddl/measurement-values-map.cddl
@@ -15,5 +15,6 @@ measurement-values-map = non-empty<{
   ? &(name: 11) => text
   ? &(cryptokeys: 13) => [ + $crypto-key-type-choice ]
   ? &(integrity-registers: 14) => integrity-registers
+  ? &(linear-privlevel: 15) => linear-privlevel-type-choice
   * $$measurement-values-map-extension
 }>
@@ -1118,6 +1118,21 @@ are acceptable states.
 Integrity Registers can be used to model the PCRs in a TPM or vTPM, in which case the identifier is the register index, or other kinds of vendor-specific measured objects.
 
 
+##### Linear Privilege Level {#sec-comid-linear-privlevel}
+
+A Linear Privilege Level describes an operating privilege for the target environment.
+The convention is that 0 is the highest privilege, and higher numbers correspond to fewer privileges.
+The semantics of the ordering indicate a total inclusion of all higher privilege levels.
+This means that there is no privilege strictly afforded to, e.g., privilege level 3 that isn't also available to privilege level 1.
+
+~~~ cddl
+{::include cddl/linear-privilege-level.cddl}
+~~~
+
+For environments that count privilege in the opposite order, it is recommended to represent the privilege levels with non-positive numbers, where 0 is the lowest privilege, and some negative integer is the highest.
+The full range if signed integers may be used.
+The signed integer range representation is an inclusive range unless either `min` or `max` are infinite, in which case, each infinity is necessarily exclusive.
+
 ##### Domain Types {#sec-comid-domain-type}
 
 A domain is a context for bundling a collection of related environments and their measurements.
@@ -2508,6 +2523,26 @@ If no entry is found, the comparison MUST return false.
 Instead, if an entry is found, the digest comparison proceeds as defined in {{sec-cmp-digests}} after equivalence has been found according to {{sec-comid-integrity-registers}}.
 Note that it is not required for all the entries in the candidate entry to be used during matching: the condition ECT could consist of a subset of the device's register space. In TPM parlance, a TPM "quote" may report all PCRs in Evidence, while a condition ECT could describe a subset of PCRs.
 
+##### Comparison for linear-privlevel entries
+
+The ACS entry value stored under `measurement-values-map` codepoint 15 is a linear privilege level, which must have type `linear-privlevel-type-choice`.
+
+If the entry `linear-privlevel-type-choice` is an `int` or an `int` tagged with #6.564, then comparison with the `int` named as PRIV is as follows.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an untagged `int` or an `int` tagged with #6.564 then an equality comparison is performed on the `int` components.
+The comparison MUST return true if the value of PRIV is equal to the `int` value in the condition ECT.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an `int-range` or an `int-range` tagged with #6.565 then a range inclusion comparison is performed.
+The comparison MUST return true if the value of PRIV is greater than or equal to the `min` value in the condition ECT AND the value of PRIV is less than or equal to than the `max` value in the condition ECT
+
+If the entry `linear-privilege-type-choice` is an `int-range` or `int-range` tagged with #6.565, then comparison with the pair of `inf-int` values MINPRIV and MAXPRIV is as follows.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an untagged `int` or an `int` tagged with #6.564 then the comparison MUST return true if and only if MINPRIV and MAXPRIV are equal and finite.
+
+*  If the condition ECT value for `measurement-values-map` codepoint 15 is an `int-range` or an `int-range` tagged with #6.565 then a range subsumption comparison is performed.
+The comparison MUST return true if the value of MINPRIV is greater than or equal to the `min` value of the condition ECT and the value of MAXPRIV is less than or equal to the `max` value of the condition ECT.
+In this case, -Infinity equals -Infinity and Infinity equals Infinity.
+
 ### Profile-directed Comparison {#sec-compare-profile}
 
 A profile MUST specify comparison algorithms for its additions to `$`-prefixed CoRIM CDDL codepoints when this specification does not prescribe binary comparison.
@@ -2638,7 +2673,9 @@ IANA is requested to allocate the following tags in the "CBOR Tags" registry {{!
 |     561 | `digest`            | tagged-cert-path-thumbprint-type, see {{sec-crypto-keys}}     | {{&SELF}} |
 |     562 | `bytes`             | tagged-pkix-asn1der-cert-type, see {{sec-crypto-keys}}        | {{&SELF}} |
 |     563 | `tagged-masked-raw-value` | tagged-masked-raw-value, see {{sec-comid-raw-value-types}} | {{&SELF}} |
-| 564-599 | `any`               | Earmarked for CoRIM                                           | {{&SELF}} |
+|     564 | `int`               | tagged-int-eq, see {{sec-comid-linear-privlevel}}             | {{&SELF}} |
+|     565 | `[int, int]`        | tagged-int-range, see {{sec-comid-linear-privlevel}}          | {{&SELF}} |
+| 566-599 | `any`               | Earmarked for CoRIM                                           | {{&SELF}} |
 
 Tags designated as "Earmarked for CoRIM" can be reassigned by IANA based on advice from the designated expert for the CBOR Tags registry.