TD0386: Platform-Provided Verification of Update
Publication Date
2019.02.07
Protection Profiles
PP_OS_V4.2, PP_OS_V4.2.1
Other References
FPT_TUD_EXT.1.2
Issue Description
There are cases where the TOE does not, itself, perform the cryptographic verification of updates to the OS software. There may be a hardware component (e.g., system on a chip “Security Processor”) on the hardware platforms required to be in the OE to support the secure operation of the TOE, which performs the verification of the OS software. While this implementation does not appear to meet the letter of the SFR (“The OS shall…”), it does meet the intent of the PP, which is to ensure the integrity of the TOE throughout its lifecycle. Resolution
05/01/2019 - Updated to also apply to GPOS PP v4.2.1. FPT_TUD_EXT.1.2 shall be modified as indicated by the underlined text: FPT_TUD_EXT.1.2 The OS shall [selection: cryptographically verify, invoke platform-provided functionality to cryptographically verify] updates to itself using a digital signature prior to installation using schemes specified in FCS_COP.1(3). Application Note: The intent of the requirement is to ensure that only digitally signed and verified TOE updates are applied to the TOE. Justification
See issue description. |