Version: 1, Published: 2024-07-01

Impacted Documents

  • CPP_HCD_V1.0e,

  • SD_HCD_V1.0e

References

CPP, SD: FPT_SBT_EXT.1 Extended: Secure Boot

Issue Description

FPT_SBT_EXT.1 states that Root of Trust is implemented in immutable code or a HW-based write-protection mechanism. HCD cPP provides no further description or additional detail on the definition for the Root of Trust in terms of its protection. “Appendix G: Glossary” also fails to provide further information on this matter.

SD includes a requirement that the TSS shall describe how the Root of Trust is immutable. However, HCD cPP is not clear on how the immutable code or HW-based write-protection is defined. The SD does not provide clear guidance on the level of assurance the evaluator shall take into consideration to confirm a compliant Root of Trust protection mechanism.

Proposed Resolution

  • Define "Immutable" term in Glossary consistent with definition in NIST SP800-193, "Platform Firmware Resiliency Guidelines".

  • Modify FPT_SBT_EXT.1 SFR to remove "HW-based write protection mechanism", relying on newly added immutable definition.

Document(s) To be Updated

  • CPP_HCD_V1.0e,

  • SD_HCD_V1.0e

Proposed Updates

The cPP and SD are to be updated as follows:

  • Add "Immutable" definition to cPP Appendix G: Glossary,

  • Add "Immutable" definition to SD Appendix C: Glossary

Immutable

Unchangeable. In the context of this document, this refers only to the inability to make changes in the field through manufacturer intended mechanisms and/or defined interfaces. Note that a platform or device manufacturer may still be able to make changes through manufacturing or service tools directly connected to a locally (physically) present platform or device.

  • Modify cPP FPT_SBT_EXT.1 SFR to remove "HW-based write protection mechanism":

Old:

FPT_SBT_EXT.1.1 The TSF shall contain one or more chains of trust with each chain of trust anchored in a Root of Trust that is implemented in immutable code or a HW-based write-protection mechanism.

New:

FPT_SBT_EXT.1.1 The TSF shall contain one or more chains of trust with each chain of trust anchored in an immutable Root of Trust.

Tracking

Issue #25