TD0443: FPT_VDP_EXT.1 Clarification for Assurance Activity
Some I/O port documentation may remain proprietary.
This TD supersedes TD0247.
The Assurance Activity for FPT_VDP_EXT.1 in PP_BASE_VIRTUALIZATION_V1.0 is replaced as follows:
The evaluator shall examine the TSS to ensure it lists all virtual devices accessible by the guest OS. The TSS, or a separate proprietary document, must also document all virtual device interfaces at the level of I/O ports -- including port number(s) (absolute or relative to a base), port name, and a description of legal input values. The documentation must be sufficient to enable the evaluator to effectively run the tests in FPT_DVD_EXT.1. The evaluator must ensure that there are no obvious or publicly known virtual I/O ports missing from the TSS.
Parameters passed from Guest VMs to virtual device interfaces are thoroughly validated and all illegal values (as specified in the TSS) are rejected. Additionally, parameters passed from Guest VMs to virtual device interfaces are not able to degrade or disrupt the functioning of other VMs, the VMM, or the Platform. Thorough testing and architectural design reviews have been conducted to ensure the accuracy of these claims, and there are no known design or implementation flaws that bypass or defeat the security of the virtual device interfaces.
This change clarifies that for FPT_VDP_EXT.1 the Guest-to-VMM interface must be documented only at the virtual I/O port level. Interfaces internal to the VS need not be documented for this SFR to be met. It is acceptable for the I/O port documentation to be proprietary.