FPT_AEX_EXT.1.4 - reword based on MDF PP requirement.

commoncriteria / operatingsystem

Protection Profile for Operating Systems

The Unlicense

9 stars 6 forks source link

FPT_AEX_EXT.1.4 - reword based on MDF PP requirement. #26

Closed jeffblank closed 9 years ago

jeffblank commented 9 years ago

Which has selection to capture how far the chain of trust goes.

bourdett commented 9 years ago

here is the req from MDF

FPT_TST_EXT.2.1 The TSF shall verify the integrity of the bootchain up through the Application Processor OS kernel, and [selection: all executable code stored in mutable media, [assignment: list of other executable code], no other executable code], stored in mutable media prior to its execution through the use of [selection: a digital signature using a hardware-protected asymmetric key, a hardware-protected hash].

jeffblank commented 9 years ago

It would be excellent to see this modified and added into the PP, to replace the AEX req. numbering would likely become TST_EXT.1.1 then.

bourdett commented 9 years ago

The OS shall verify the integrity of the bootchain up through the OS kernel and <selectables linebreak="yes"> <selectable>all executable code stored in mutable media</selectable> <selectable><assignable>list of other executable code</assignable></selectable> <selectable>no other executable code</selectable> </selectables> prior to its execution through the use of <selectables linebreak="yes"> <selectable>a digital signature using a hardware-protected asymmetric key</selectable> <selectable>a hardware-protected hash</selectable> </selectables>. do we want to keep the bit about hardware protected key/hash

jeffblank commented 9 years ago

sure, leave it in for now. we'll see if the TPM crowd rears up/

bourdett commented 9 years ago

http://common-criteria.rhcloud.com/operatingsystem/output/operatingsystem-release.html#FPT_TST_EXT.1.1