TD0415: Trusted Update Test 4 Conditional
FPT_TUD_EXT.1 test 4 requires the use of a certificate to digitally sign the update. The SFR text requires use of a digital signature for verification of TOE updates and does not call out use of X509 certificates. The Application Note for this SFR states that the digital signature can be any supported by FCS_COP.1(2), which also suggests that a simple digital signature is allowed. In FIA_X509_EXT.2, "code signing for TOE updates" is part of the selection (TD0276 applied), so if this is not selected, then Test 4 would not apply. Furthermore, there is a "[Conditional]" part of the TSS assurance activity related to verifying the CodeSigning EKU in a certificate that also suggests the use of a certificate to sign the update is not mandatory.
FPT_TUD_EXT.1 test 4 is modified as indicated by the underlined text:
Test 4 [conditional]: If the TOE supports use of X509 certificates for code signing, the evaluator shall digitally sign the update with a certificate that does not have the Code Signing purpose and verify that application installation fails. The evaluator shall repeat the test using a valid certificate and a certificate that contains the Code Signing purpose and verify that the application installation succeeds.
See issue description.