TD0643: Data Signaling, Mgmt Function #24
Claritification is needed regarding management function 24 (enable/disable all data signaling over [USB]) with respect to USB Type-C. USB 1.1/2.0 defined only four pins: V+, GND, DataTx, DataRx; making this requirement fairly straightforward. However, Type C has additional pins beyond the SuperSpeed differential data transfer pins, namely the Configuration channel (CC1) and Sideband use (SBU1) pins. These pins allows for Power Delivery (PD) smart charging to occur. Some vendors have implemented this management function by restricting USB enumeration of devices (the second step after USB initialization) so that the phone never executes the USB software in which many of the exploited vulnerabilities lay. This may occur while still allowing communication over the CC1 pin (to allow smart charging).
Test 24 for Function 24 in FMT_SMF_EXT.1 in PP_MDF_V3.2 is modified as follows, with strikethrough denoting deletion and underline denoting addition:
Test 24: The evaluator shall exercise the TSF configuration to enable and disable data transfer capabilities over each externally accessible hardware ports (e.g. USB, SD card, HDMI) listed by the ST author. The evaluator shall use test equipment for the particular interface to ensure that no low-level signaling is occurring on all while the TOE may continue to receive data on the RX pins, it is not responding on TX pins used for data transfer when they are disabled. For each disabled data transfer capability, the evaluator shall repeat this test by rebooting the device into the normal operational mode and verifying that the capability is disabled throughout the boot and early execution stage of the device.
See issue description.