The numbering in requirement SSCO-06 is incorrect. Currently it reads:
"2. The Device SHALL verify that the firmware
came from the Vendor by verifying its
cryptographic signature against a trusted issuer.
In case the firmware storage medium is external
to the processor that is executing it (e.g.
external flash chip)
The Device bootloader SHALL verify that the
firmware signature is valid every time before
running it, and not run it if it is invalid"
Instead, it should read:
"2. The Device SHALL verify that the firmware
came from the Vendor by verifying its
cryptographic signature against a trusted issuer.
In case the firmware storage medium is external
to the processor that is executing it (e.g.
external flash chip), the Device bootloader SHALL
verify that the firmware signature is valid every
time before running it, and not run it if it is invalid"
Feedback per XFC Workgroup member:
The numbering in requirement SSCO-06 is incorrect. Currently it reads:
"2. The Device SHALL verify that the firmware came from the Vendor by verifying its cryptographic signature against a trusted issuer. In case the firmware storage medium is external to the processor that is executing it (e.g. external flash chip)
Instead, it should read:
"2. The Device SHALL verify that the firmware came from the Vendor by verifying its cryptographic signature against a trusted issuer.