HCD0010 - Clarification on
FPT_SBT_EXT.1 Root of Trust

Version: 1, Published: 2024-11-18

Impacted Documents
• CPP_HCD_V1.0e,
• SD_HCD_V1.0e

References
CPP, SD: FPT_SBT_EXT.1 Extended: Secure Boot

Issue Description
FPT_SBT_EXT.1 states that Root of Trust is implemented in immutable code or a HW-based write-
protection mechanism. HCD cPP provides no further description or additional detail on the
definition for the Root of Trust in terms of its protection. “Appendix G: Glossary” also fails to
provide further information on this matter.

SD includes a requirement that the TSS shall describe how the Root of Trust is immutable. However,
HCD cPP is not clear on how the immutable code or HW-based write-protection is defined. The SD
does not provide clear guidance on the level of assurance the evaluator shall take into
consideration to confirm a compliant Root of Trust protection mechanism.

Resolution
• Define "Immutable" term in Glossary consistent with definition in NIST SP800-193, "Platform

Firmware Resiliency Guidelines".
• Modify FPT_SBT_EXT.1 SFR to remove "HW-based write protection mechanism", relying on

newly added immutable definition.

CPP_HCD_V1.0e
• Add "Immutable" definition to cPP Appendix G: Glossary:

1

Immutabl
e

Unchangeable. In the context of this document, this refers only to the inability to make
changes in the field through manufacturer intended mechanisms and/or defined
interfaces. Note that a platform or device manufacturer may still be able to make
changes through manufacturing or service tools directly connected to a locally
(physically) present platform or device.

• Modify cPP FPT_SBT_EXT.1 SFR to remove "HW-based write protection mechanism":

Old: FPT_SBT_EXT.1.1 The TSF shall contain one or more chains of trust with each chain of trust
anchored in a Root of Trust that is implemented in immutable code or a HW-based write-
protection mechanism.

New
:

FPT_SBT_EXT.1.1 The TSF shall contain one or more chains of trust with each chain of trust
anchored in an immutable Root of Trust.

SD_HCD_V1.0e:
• Add "Immutable" definition to SD Appendix C: Glossary:

Immutabl
e

Unchangeable. In the context of this document, this refers only to the inability to make
changes in the field through manufacturer intended mechanisms and/or defined
interfaces. Note that a platform or device manufacturer may still be able to make
changes through manufacturing or service tools directly connected to a locally
(physically) present platform or device.

Tracking
Issue #25

2