TD0276: X.509 Code Signing on TOE Updates
Publication Date
2017.12.19
Protection Profiles
PP_CA_V2.1
Other References
FIA_X509_EXT.2.1
Issue Description
Requiring X.509v3 certs for "code signing for TOE updates" can not be met by products that execute on top of an OS and rely on the OS's update mechanism. Resolution
For FIA_X509_EXT.2.1, "authentication for code signing for TOE updates" is moved into the selection list and "integrity verification for TSF software and firmware" is removed. The SFR and application note are replaced with the following: Application Note: The ST author‘s selection of trusted communication channel is expected to match the selections in FTP_TRP.1.1 and FTP_ITC.1.1 (if FTP_ITC.1 is included in the ST). Certificates may optionally be used for integrity verification (FPT_TST_EXT.2) and other uses. "Authentication for code signing for TOE updates" is an objective requirement and will be mandatory in future PP versions. Justification
This change makes OS based updates acceptable and makes the CAPP commensurate with other PPs in its allowances for signed updates. |