NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0386:  Platform-Provided Verification of Update

Publication Date

Protection Profiles
PP_OS_V4.2, PP_OS_V4.2.1

Other References

Issue Description

There are cases where the TOE does not, itself, perform the cryptographic verification of updates to the OS software. There may be a hardware component (e.g., system on a chip “Security Processor”) on the hardware platforms required to be in the OE to support the secure operation of the TOE, which performs the verification of the OS software. While this implementation does not appear to meet the letter of the SFR (“The OS shall…”), it does meet the intent of the PP, which is to ensure the integrity of the TOE throughout its lifecycle.


05/01/2019 - Updated to also apply to GPOS PP v4.2.1.

FPT_TUD_EXT.1.2 shall be modified as indicated by the underlined text:

FPT_TUD_EXT.1.2      The OS shall [selection: cryptographically verify, invoke platform-provided functionality to cryptographically verify] updates to itself using a digital signature prior to installation using schemes specified in FCS_COP.1(3).

Application Note: The intent of the requirement is to ensure that only digitally signed and verified TOE updates are applied to the TOE.


See issue description.

Site Map              Contact Us              Home