Archived
TD0047: MDFPP v2.0 FCS_CKM_EXT.4 Update
Publication Date
2015.06.10
Protection Profiles
PP_MD_v2.0
Other References
PP_MD_v2.0, requirement FCS_CKM_EXT.4
Issue Description
Revision of TD0028 MDFPP v2.0 FCS_ CKM_EXT.4 Memory Clear and Read-verify needed to clarify selections.
Current wording states:
“FCS_CKM_EXT.4.1 The TSF shall destroy cryptographic keys in accordance with the specified cryptographic key destruction methods:
- by clearing the KEK encrypting the target key,
- in accordance with the following rules:
- For volatile memory, the destruction shall be executed by a single direct overwrite [selection: consisting of a pseudo-random pattern using the TSF’s RBG, consisting of zeroes].
- For non-volatile EEPROM, the destruction shall be executed by a single direct overwrite consisting of a pseudo random pattern using the TSF’s RBG (as specified in FCS_RBG_EXT.1), followed by a read-verify.
- For non-volatile flash memory, the destruction shall be executed [selection: by a single direct overwrite consisting of zeros followed by a read-verify, by a block erase followed by a read-verify].
- For non-volatile memory other than EEPROM and flash, the destruction shall be executed by overwriting three or more times with a random pattern that is changed before each write.”
Resolution
Revised wording:
“FCS_CKM_EXT.4.1 The TSF shall destroy cryptographic keys in accordance with the specified cryptographic key destruction methods:
- by clearing the KEK encrypting the target key,
- in accordance with the following rules:
- For volatile memory, the destruction shall be executed by a single direct overwrite [selection: consisting of a pseudo-random pattern using the TSF’s RBG, consisting of zeroes].
- For non-volatile EEPROM, the destruction shall be executed by a single direct overwrite consisting of a pseudo random pattern using the TSF’s RBG (as specified in FCS_RBG_EXT.1), followed by a read-verify.
- For non-volatile flash memory that is not wear-leveled, the destruction shall be executed [selection: by a single direct overwrite consisting of zeros followed by a read-verify, by a block erase followed by a read-verify].
- For non-volatile flash memory that is wear-leveled, the destruction shall be executed [selection: by a single direct overwrite consisting of zeros, by a block erase].
- For non-volatile memory other than EEPROM and flash, the destruction shall be executed by overwriting three or more times with a random pattern that is changed before each write.
Justification
This TD clarifies the FCS_CKM_EXT.4 requirement in PP_MD_v2.0.
|