Archived TD0310: FIT Technical Decision for Firmware Update Authentication
The FIT has issued a Technical Decision for Firmware Update Authentication.
The following is added to FDE EE cPP V2.0 Appendix F: Glossary:
Root of Trust for Update
An RTV that verifies the integrity and authenticity of an update payload before initiating the update process.
Root of Trust for Verification
An RoT that verifies an integrity measurement against a policy.
The following is added to FDE EE cPP V2.0 Appendix G: Acronyms:
RTU Root of Trust for Update
RTV Root of Trust for Verification
RoT Root of Trust
The Application Note in FDE EE cPP V2.0 for FPT_FUA_EXT.1.3 is changed to:
The firmware portion of TSF (e.g., RTU (key store and the signature verification algorithm)) shall be stored in a write protected area on the TOE. The firmware shall only be modifiable in a post-manufacturing state using the authenticated update mechanism described in FPT_FUA_EXT.1. The TSF is modifiable only by using the mechanisms specified in FPT_TUD_EXT.
For further information, please see the FIT interpretation here: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/FITDecision201802.pdf
See issue description.