TD0175: Revision of FCS_CKM_EXT.4 requirement in APP SW FE EP v1.0
FCS_CKM_EXT.4 currently does not support the use of a garbage collection function to clear volatile memory. Some TOEs rely on this function to clean up volatile memory.
For completeness, this requirement was replaced to be consistent with FCS_CKM.4.1(d) in the FDE AA and EE cPPs. The new requirement addresses garbage collection and other key destruction methods and variations. As such, replace FCS_CKM_EXT.4 in File Encryption Extended Package ver 1.0 with the following:
FCS_CKM_EXT.4 Extended: Cryptographic Key Destruction
FCS_CKM_EXT.4.1 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method [selection:
a) logically addresses the storage location of the key and performs a [selection: single, [assignment: ST author defined multi-pass]] overwrite consisting of [selection: zeroes, ones, pseudo-random pattern, a new value of a key of the same size, [assignment: any value that does not contain any CSP]];
b) instructs the underlying platform to destroy the abstraction that represents the key]
that meets the following: No Standard.
Application Note: The interface referenced in the requirement could take different forms, the most likely of which is an application programming interface to an OS kernel. There may be various levels of abstraction visible. For instance, in a given implementation, selection a, the application may have access to the file system details and may be able to logically address specific memory locations. In another implementation, selection b, the application may simply have a handle to a resource and can only ask the platform to delete the resource, as may be the case with a platforms secure key store. Selection b should only be used for the most restricted access. The level of detail to which the TOE has access will be reflected in the TSS section of the ST.
Several selections allow assignment of a ‘value that does not contain any CSP’. This means that the TOE uses some other specified data not drawn from a source that may contain key material or reveal information about key material, and not being any of the particular values listed as other selection options. The point of the phrase ‘does not contain any CSP’ is to ensure that the overwritten data is carefully selected, and not taken from a general ‘pool’ that might contain current or residual data that itself requires confidentiality protection.
The use of a garbage collection function in conjunction with other functions is an acceptable way to clear volatile memory. Replacing this requirement to be consistent with the corresponding FCS_CKM.4.1(d) requirement in the cPPs keeps it up-to-date for completeness.