Internet-Draft SCITT Hardware and Compute July 2026
Aoki Expires 8 January 2027 [Page]
Workgroup:
Supply Chain Integrity, Transparency, and Trust Working Group
Internet-Draft:
draft-nobuo-scitt-hardware-iot-cloud-use-cases-00
Published:
Intended Status:
Informational
Expires:
Author:
N. Aoki
The Graduate University for Advanced Studies (SOKENDAI)

Applying SCITT to Hardware, IoT Device, and Cloud Compute Resource Supply Chains

Abstract

This document describes how SCITT can be applied to supply chains that include hardware components, IoT devices, firmware, cloud compute resources, confidential-computing environments, accelerators, and related operational evidence. It gives use cases and scope guidance. It also explains how SCITT can work with RATS, COSE, TCG technologies, SBOM, HBOM, CBOM, and cloud attestation systems without replacing those technologies.

This document is informational. It does not define hardware assurance rules, cloud assurance rules, device identity systems, manufacturing requirements, or payload formats. Its purpose is to show where SCITT statements and receipts can provide transparency for heterogeneous supply-chain evidence, and where other standards or domain profiles should remain responsible.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://aoki-n1.github.io/draft-nobuo-scitt-hardware-iot-cloud-use-cases/draft-nobuo-scitt-hardware-iot-cloud-use-cases.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-nobuo-scitt-hardware-iot-cloud-use-cases/.

Discussion of this document takes place on the SCITT Working Group mailing list (mailto:scitt@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/scitt/. Subscribe at https://www.ietf.org/mailman/listinfo/scitt/.

Source for this draft and an issue tracker can be found at https://github.com/aoki-n1/draft-nobuo-scitt-hardware-iot-cloud-use-cases.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 8 January 2027.

Table of Contents

1. Introduction

SCITT [RFC9943] provides building blocks for registering signed supply-chain statements in Transparency Services and for verifying those statements later. Although SCITT started from software supply-chain problems, real computing systems often contain software, firmware, hardware, identity, deployment, and runtime evidence together.

An IoT device is not only a software package. It is a physical device with hardware components, firmware, bootloaders, operating system images, application containers, device identities, update policies, and operational state. A cloud compute resource is also not only a software image. It can include a VM image, hardware root of trust, confidential-computing environment, accelerator allocation, cloud-region policy, runtime attestation result, and operator authorization.

SCITT can help by making statements about these objects transparent and verifiable. SCITT does not need to define the internal format of every evidence type. It can register statements from manufacturers, software suppliers, cloud providers, auditors, device operators, and verifiers. A relying party can later verify receipts and evaluate the evidence under its own policy.

This document collects use cases and explains how to keep this work within a clear scope. It is intended to support future discussion of two possible building blocks:

2. Working Group Context

Recent SCITT discussions show both interest and caution for hardware and graph use cases. The OCP case study showed that software and firmware provenance can be expressed with SCITT and that similar questions arise for hardware components, HBOM data, device identity, end-of-life state, and circular-economy evidence.

The same discussion also made the scope question clear. Hardware supply-chain assurance can be outside the present charter if the WG tries to define hardware rules. However, hardware-related statements can still be carried as SCITT statements when another profile or venue defines their payload meaning and trust policy.

The IETF 122 discussion is also relevant. It noted that several organizations can make statements about the same subject, and that SCITT can link things by subjects and statements even though this is not inherent in the basic common layer. It also raised the value of statements about statements and reliable locators.

This document uses those points as design guidance. It does not ask SCITT to become a hardware standards body. It uses hardware, IoT, and cloud cases to show where a generic statement and graph layer may be useful.

3. Scope Position

This document is careful about the SCITT scope. Hardware supply-chain details can be outside the current charter if the WG tries to standardize them as a hardware assurance system. At the same time, statements about hardware can be registered and verified as SCITT statements when the payload format and trust policy are defined elsewhere.

Therefore, this document does not propose that SCITT define hardware assurance. It proposes that SCITT can provide transparency for signed statements about hardware, firmware, devices, and cloud resources, in the same way that SCITT can provide transparency for signed statements about software.

The important boundary is this:

4. Non-Goals

This document does not:

5. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This document uses the terms defined in SCITT [RFC9943] and RATS [RFC9334].

Hardware Component:

A physical component such as a chip, sensor, board, secure element, module, accelerator, or peripheral.

Device Instance:

A specific physical device, such as an IoT gateway, sensor, controller, or embedded system.

Device Class:

A product model, configuration, or type shared by several Device Instances.

Cloud Compute Resource:

A cloud-provisioned resource such as a virtual machine, container worker, managed node, GPU allocation, accelerator resource, or serverless execution context.

Confidential-Computing Environment:

A trusted execution environment, confidential VM, enclave, or similar execution environment that can produce attestation evidence or results.

Lifecycle Evidence:

Statements that describe a protected object during design, manufacturing, provisioning, deployment, operation, update, audit, repair, transfer, retirement, or decommissioning.

Device Lifecycle Evidence Graph:

A statement graph that connects lifecycle evidence for a Device Instance or Device Class.

TODO: Align these terms with TCG, RATS, cloud-provider, OCP, and existing IETF terminology.

6. Relationship to Existing Work

6.1. SCITT

SCITT provides the transparency and accountability layer for signed statements. In the use cases in this document, SCITT registers and verifies statements about hardware, firmware, device identity, cloud resources, and runtime evidence.

SCITT does not need to understand each payload. A hardware statement can use an HBOM payload. A firmware statement can use an SBOM payload. A runtime statement can use a RATS Attestation Result. SCITT can provide registration and receipt verification around those payloads.

6.2. RATS

RATS defines roles such as Attester, Verifier, and Relying Party. It defines a model for producing and evaluating evidence about a computing environment. SCITT can be used after or around that process. For example, a RATS Verifier can issue an Attestation Result and register it as a SCITT statement. A relying party can later verify that the result was signed and registered.

SCITT should not define the meaning of the attested measurements. That remains with RATS profiles, platform profiles, and verifier policy.

6.3. TCG, TPM, DICE, and Hardware Roots of Trust

Hardware roots of trust can provide device identity and measurements. These technologies can help create statements about device identity, boot state, firmware state, and platform configuration.

SCITT can make those statements transparent. It does not replace the hardware root of trust or the protocol that produces evidence.

TODO: Add exact references for TPM, DICE, CoRIM, and other relevant TCG work.

6.4. SBOM, HBOM, CBOM, and VEX

BOM formats describe components, dependencies, vulnerabilities, or hardware composition. These formats are payloads from the SCITT point of view. SCITT can register statements carrying or referring to these payloads, but SCITT does not need to define the payload formats.

TODO: Add references and examples for SPDX, CycloneDX, HBOM, CBOM, and VEX once the draft chooses the examples to include.

7. Use Case 1: Device-to-Cloud Firmware Provenance

A device manufacturer produces a device with firmware and identity material. A component or platform vendor produces an SBOM for firmware. An audit report is recorded. A metadata service or signing service produces a signed certificate or statement. A final device or data center operator can verify receipts and check that the expected evidence exists.

SCITT can help by registering statements for:

This use case is close to firmware and software supply-chain transparency. It also shows why hardware identifiers and device identity may appear in SCITT statements.

8. Use Case 2: Extending Provenance from Firmware to Hardware

Hardware supply-chain provenance can include hardware identifiers, component source, device identity, identity management, end-of-life state, repair state, and circular economy information. A hardware bill of materials can describe the hardware composition of a device, while firmware and software statements describe the software that runs on it.

SCITT can register statements that refer to HBOM or hardware provenance data. It should not define the HBOM format itself.

Example statements include:

The value of SCITT here is not that it knows whether a hardware claim is true. The value is that the claim is signed, registered, and can be linked to other claims and receipts.

9. How SCITT Can Represent a Lifecycle Graph

A lifecycle graph can be represented without changing the basic SCITT registration model.

One possible pattern is:

  1. Each evidence item is a SCITT Signed Statement.

  2. Each statement is registered with a Transparency Service and receives a receipt.

  3. A relationship statement or graph manifest links the statements.

  4. The graph manifest can itself be registered as a SCITT Signed Statement.

  5. A verifier checks statements, receipts, and graph edges under its policy.

This pattern lets different parties issue their own statements. A component supplier can issue a component statement. A manufacturer can issue a device identity statement. A software supplier can issue an SBOM statement. A RATS Verifier can issue an attestation result. An auditor can issue an audit statement.

The graph can be discovered in different ways. A deployment can use locators in statements, a graph manifest, a subject-based index, or an auxiliary service. The SCITT Reference API does not need to become a full graph API for this use case.

TODO: Decide which discovery pattern should be described as the main example and which should remain non-normative.

10. Use Case 3: Device Lifecycle Evidence Graph

An IoT device can be described by evidence over time. A Device Lifecycle Evidence Graph can connect those statements.

Device Instance
 ├─ manufacturedFrom  -> Hardware Component Statement
 ├─ provisionedWith   -> Device Identity Statement
 ├─ runsFirmware      -> Firmware SBOM or Firmware Signature Statement
 ├─ updatedBy         -> Firmware/software Update Authorization Statement
 ├─ measuredBy        -> RATS Attestation Result
 ├─ affectedBy        -> Vulnerability Status Statement
 ├─ mitigatedBy       -> Patch, Rollback, or Configuration Statement
 ├─ repairedBy        -> Repair Statement
 └─ decommissionedBy  -> End-of-Life Statement

The graph does not need a single monolithic payload. Each statement can be issued by the party that is responsible for it. A composite verifier can later check whether the graph has the evidence required by a policy.

This graph is not meant to be stored as one large payload. It can be built from separate statements and relationship statements. Earlier SCITT discussion raised the same idea through "statements about statements" and through reliable locators that can be used as pointers. The graph model in this document follows that direction.

11. Use Case 4: Cloud Compute Resource Integrity

A cloud compute resource can involve several layers:

SCITT can register statements about these layers. For example, a cloud provider can issue a statement about a VM image and its host platform. A verifier can issue an attestation result. A tenant or deployment controller can issue an authorization statement for a workload. An auditor can issue an audit result.

A composite verification profile can then check whether:

12. Use Case 5: Device Repair, Transfer, and End of Life

Devices can change hands, be repaired, or be retired. These events matter for supply-chain trust, especially for industrial IoT and enterprise hardware. These definitions are useful for meeting the industry's need for maintenance on a 10-year basis.

SCITT can register statements for:

This document does not define the operational policy for these events. It only shows that they can be represented as lifecycle statements and linked into a graph.

13. Scope Questions

Question: Does this document ask SCITT to publish hardware assurance rules?

Answer: No. It describes how SCITT statements and receipts can be used for hardware-related evidence. Hardware assurance rules, HBOM formats, and device identity policy should be defined elsewhere.

Question: If hardware supply chain is out of scope, why discuss hardware at all?

Answer: Because SCITT statements can carry or refer to hardware-related payloads. The useful SCITT question is not "how should hardware be built?" The useful SCITT question is "how can a signed hardware-related statement be registered, linked, and verified with other statements?"

Question: Should graph relationships be put in the payload or header?

Answer: This document does not decide that. It lists possible placements: payloads, protected metadata if later defined, graph manifest statements, or auxiliary services. A profile must say which placement is authoritative.

Question: Does a device lifecycle graph prove that the device is safe?

Answer: No. It helps a relying party see which statements exist and how they relate. The relying party still applies its own policy.

14. Common Evidence Types

The following evidence types appear across the use cases:

TODO: Decide which evidence types should be examples only and which should be registered in a future object-binding or relationship vocabulary document.

15. Scope Boundary Examples

The following table gives examples of what belongs in SCITT and what should stay outside SCITT.

Table 1
Topic SCITT role Other responsible work
Firmware SBOM register and receipt a signed statement SBOM format and tooling
HBOM register and receipt a signed statement HBOM format and hardware domain
TPM quote carry or refer to an attestation result TCG, RATS, platform profile
Cloud region claim register and link the signed claim cloud provider and policy profile
Device identity register statements and link evidence manufacturer, TCG, device profile
False hardware claim preserve signed evidence and audit trail issuer governance and legal process
Composite decision provide evidence and result structure relying-party policy

16. Possible Future Work

This document motivates two possible follow-on drafts.

First, a Protected Object Binding draft can define how a statement refers to a software, firmware, hardware, device, or cloud object. It can also define a small relationship vocabulary.

Second, a Composite Evidence Verification draft can define how a verifier asks for a graph-level decision and how the verifier reports missing, stale, or conflicting evidence.

Both follow-on drafts should keep payload definitions out of scope unless a separate charter or venue says otherwise.

17. Privacy Considerations

Hardware and cloud evidence can reveal sensitive information. Device identifiers can identify customers. Graph edges can reveal suppliers, cloud regions, tenants, repair history, or operational dependencies.

Deployments should avoid placing directly identifying information in public logs. They can use pseudonymous identifiers, salted commitments, encrypted payloads, access control, or selective disclosure. The chosen method should still allow the intended verifier to check the required evidence.

18. Security Considerations

The main risk is over-reading SCITT evidence. A valid receipt does not prove that a hardware claim is true. It proves that a signed statement was registered and that the receipt verifies under the relevant profile.

Relying parties must still decide:

Other risks include:

19. IANA Considerations

This document has no IANA actions.

20. References

20.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9943]
Birkholz, H., Delignat-Lavaud, A., Fournet, C., Deshpande, Y., and S. Lasker, "An Architecture for Trustworthy and Transparent Digital Supply Chains", RFC 9943, DOI 10.17487/RFC9943, , <https://www.rfc-editor.org/rfc/rfc9943>.

20.2. Informative References

[I-D.ietf-scitt-receipts-ccf-profile]
"CCF Profile for COSE Receipts", n.d., <https://datatracker.ietf.org/doc/draft-ietf-scitt-receipts-ccf-profile/>.
[I-D.ietf-scitt-scrapi]
"Supply Chain Integrity, Transparency, and Trust (SCITT) Reference APIs", n.d., <https://datatracker.ietf.org/doc/draft-ietf-scitt-scrapi/>.
[I-D.nobuo-scitt-composite-evidence-verification]
"Composite Evidence Verification for SCITT Statement Graphs", n.d., <https://aoki-n1.github.io/draft-nobuo-scitt-composite-evidence-verification/draft-nobuo-scitt-composite-evidence-verification.html>.
[I-D.nobuo-scitt-protected-object-binding]
"SCITT Statement Relationship and Protected Object Binding", n.d., <https://aoki-n1.github.io/draft-nobuo-scitt-protected-object-binding/draft-nobuo-scitt-protected-object-binding.html>.
[RFC9052]
Schaad, J., "CBOR Object Signing and Encryption (COSE): Structures and Process", STD 96, RFC 9052, DOI 10.17487/RFC9052, , <https://www.rfc-editor.org/rfc/rfc9052>.
[RFC9334]
Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", RFC 9334, DOI 10.17487/RFC9334, , <https://www.rfc-editor.org/rfc/rfc9334>.
[RFC9335]
Uberti, J., Jennings, C., and S. Murillo, "Completely Encrypting RTP Header Extensions and Contributing Sources", RFC 9335, DOI 10.17487/RFC9335, , <https://www.rfc-editor.org/rfc/rfc9335>.
[RFC9942]
Steele, O., Birkholz, H., Delignat-Lavaud, A., and C. Fournet, "CBOR Object Signing and Encryption (COSE) Receipts", RFC 9942, DOI 10.17487/RFC9942, , <https://www.rfc-editor.org/rfc/rfc9942>.
[TODO-OCP-SAFE]
"TODO - OCP S.A.F.E. Program", n.d., <https://www.opencompute.org/community/ocp-safe-program>.
[TODO-SBOM-HBOM-CBOM]
"TODO - Add SBOM, HBOM, CBOM, VEX, SPDX, and CycloneDX references as appropriate", n.d., <https://example.com/TODO>.
[TODO-TCG]
"TODO - Add Trusted Computing Group references such as TPM, DICE, CoRIM, and related profiles", n.d., <https://example.com/TODO>.

Open Questions

Design Notes for Future Revisions

This revision treats hardware and cloud compute as use cases for SCITT statements, not as a request for SCITT to define hardware or cloud assurance. That distinction is important for charter discussion.

This revision also adds the IETF 122 points on multi-party statements, statements about statements, reliable locators, and the limits of the basic common layer. These points support the Device Lifecycle Evidence Graph without requiring SCRAPI to become a graph API.

Acknowledgments

The author thanks the SCITT WG participants for discussion of OCP hardware assertions, generic APIs, graph building over opaque payloads, and the boundary between SCITT and domain-specific hardware or cloud profiles. The OCP case study helped identify the need to discuss hardware identifiers, device identity, HBOM provenance, end-of-life information, and circular-economy evidence without turning SCITT into a hardware assurance framework.

Author's Address

Nobuo Aoki
The Graduate University for Advanced Studies (SOKENDAI)
Japan