Open debwhite opened 8 months ago
ClarkCP
commented
8 months ago Note: Testing of cryptographic functions implemented in the Root of Trust for Secure Boot (FPT_SBT_EXT.1) may not be feasible and independent testing may not be available. In this situation, contact the Certification Body.
gcolunga
commented
8 months ago In a meeting between @ClarkCP, @Ryuichiro-Ohya-FX , @kwangwoo-lee , and @gcolunga held on 3/1 (US time), it was agreed to replace "Certification Body" with CC Scheme" in the suggested note.
Revised note: "Note: Testing of cryptographic functions implemented in the Root of Trust for Secure Boot (FPT_SBT_EXT.1) may not be feasible and independent testing may not be available. In this situation, contact the CC Scheme."
In the meeting, it was also agreed to implement the revised note in the SD Errata.
gcolunga
commented
8 months ago Fix implemented in the following commit: https://github.com/HCD-iTC/HCD-iTC-Template/commit/ede6920f39ec97af839fc41d29916a19b853ab01
SD General
WRT Note: The tests detailed below are not required to be performed for cryptographic functions implemented in the Root of Trust for Secure Boot (FPT_SBT_EXT.**1).**
Canada requires the use of CAVP validated cryptography. Traditionally this represents the algorithm testing required by the supporting documents. From the note, it appears there is no testing required.
Does this mean that any algorithms contained within a TPM do not require any algorithm testing(vs. self testing) to be performed if they are the root of trust?