Archived TD0108: Residual Information in Memory in SVPP
The Assurance Activity for FDP_RIP_EXT.1 consists of two portions, a documentation portion and a testing portion. The testing portion requires an evaluator to examine memory from inside the Guest OS to ensure that the Virtualization System (VS) has cleared this memory prior to allocating it to the VM. This test fails to take into account the fact that the Guest OS may have altered that memory after the VS cleared it; therefore, the test does not adequately test the SFR.
The Assurance Activity for FDP_RIP_EXT.1 will be modified to remove the testing portion (AA 2.) and update the documentation portion (AA 1.). The Assurance Activity will then read:
The evaluator shall ensure that the TSS documents the process used for clearing physical memory prior to allocation to a Guest VM, providing details on when and how this is performed. Additionally, the evaluator shall ensure that the TSS documents the conditions under which physical memory is not cleared prior to allocation to a Guest VM, and describes when and how the memory is cleared.
This change updates the Assurance Activity to remove the invalid test, and expands what must be documented for this requirement.