|
1 | 1 | # <p align="center">The Update Framework Specification |
2 | 2 |
|
3 | | -Last modified: **9 June 2020** |
| 3 | +Last modified: **26 August 2020** |
4 | 4 |
|
5 | | -Version: **1.0.4** |
| 5 | +Version: **1.0.5** |
6 | 6 |
|
7 | 7 | We strive to make the specification easy to implement, so if you come across |
8 | 8 | any inconsistencies or experience any difficulty, do let us know by sending an |
@@ -1158,11 +1158,18 @@ as FILENAME.EXT. |
1158 | 1158 | file. If the new timestamp metadata file is not properly signed, discard it, |
1159 | 1159 | abort the update cycle, and report the signature failure. |
1160 | 1160 |
|
1161 | | - * **2.2**. **Check for a rollback attack.** The version number of the trusted |
1162 | | - timestamp metadata file, if any, must be less than or equal to the version |
1163 | | - number of the new timestamp metadata file. If the new timestamp metadata |
1164 | | - file is older than the trusted timestamp metadata file, discard it, abort the |
1165 | | - update cycle, and report the potential rollback attack. |
| 1161 | + * **2.2**. **Check for a rollback attack.** |
| 1162 | + |
| 1163 | + * **2.2.1**. The version number of the trusted timestamp metadata file, if |
| 1164 | + any, must be less than or equal to the version number of the new timestamp |
| 1165 | + metadata file. If the new timestamp metadata file is older than the |
| 1166 | + trusted timestamp metadata file, discard it, abort the update cycle, and |
| 1167 | + report the potential rollback attack. |
| 1168 | + |
| 1169 | + * **2.2.2**. The version number of the snapshot metadata file in the |
| 1170 | + trusted timestamp metadata file, if any, MUST be less than or equal to its |
| 1171 | + version number in the new timestamp metadata file. If not, discard the new |
| 1172 | + timestamp metadadata file, abort the update cycle, and report the failure. |
1166 | 1173 |
|
1167 | 1174 | * **2.3**. **Check for a freeze attack.** The latest known time should be |
1168 | 1175 | lower than the expiration timestamp in the new timestamp metadata file. If |
@@ -1194,23 +1201,19 @@ non-volatile storage as FILENAME.EXT. |
1194 | 1201 |
|
1195 | 1202 | * **3.3**. **Check for a rollback attack.** |
1196 | 1203 |
|
1197 | | - * **3.3.1**. Note that the trusted snapshot metadata file may be checked |
1198 | | - for authenticity, but its expiration does not matter for the following |
1199 | | - purposes. |
1200 | | - |
1201 | | - * **3.3.2**. The version number of the trusted snapshot metadata file, if |
| 1204 | + * **3.3.1**. The version number of the trusted snapshot metadata file, if |
1202 | 1205 | any, MUST be less than or equal to the version number of the new snapshot |
1203 | 1206 | metadata file. If the new snapshot metadata file is older than the trusted |
1204 | 1207 | metadata file, discard it, abort the update cycle, and report the potential |
1205 | 1208 | rollback attack. |
1206 | 1209 |
|
1207 | | - * **3.3.3**. The version number of the targets metadata file, and all |
| 1210 | + * **3.3.2**. The version number of the targets metadata file, and all |
1208 | 1211 | delegated targets metadata files (if any), in the trusted snapshot metadata |
1209 | 1212 | file, if any, MUST be less than or equal to its version number in the new |
1210 | 1213 | snapshot metadata file. Furthermore, any targets metadata filename that was |
1211 | 1214 | listed in the trusted snapshot metadata file, if any, MUST continue to be |
1212 | 1215 | listed in the new snapshot metadata file. If any of these conditions are |
1213 | | - not met, discard the new snaphot metadadata file, abort the update cycle, |
| 1216 | + not met, discard the new snapshot metadadata file, abort the update cycle, |
1214 | 1217 | and report the failure. |
1215 | 1218 |
|
1216 | 1219 | * **3.4**. **Check for a freeze attack.** The latest known time should be |
|
0 commit comments