Archived
TD0310: FIT Technical Decision for Firmware Update Authentication
Publication Date
2018.04.17
Protection Profiles
CPP_FDE_EE_V2.0
Other References
FPT_FUA_EXT.1
Issue Description
The FIT has issued a Technical Decision for Firmware Update Authentication. Resolution
The following is added to FDE EE cPP V2.0 Appendix F: Glossary: Root of Trust for Update An RTV that verifies the integrity and authenticity of an update payload before initiating the update process. Root of Trust for Verification An RoT that verifies an integrity measurement against a policy. The following is added to FDE EE cPP V2.0 Appendix G: Acronyms: RTU Root of Trust for Update RTV Root of Trust for Verification RoT Root of Trust The Application Note in FDE EE cPP V2.0 for FPT_FUA_EXT.1.3 is changed to: The firmware portion of TSF (e.g., RTU (key store and the signature verification algorithm)) shall be stored in a write protected area on the TOE. The firmware shall only be modifiable in a post-manufacturing state using the authenticated update mechanism described in FPT_FUA_EXT.1. The TSF is modifiable only by using the mechanisms specified in FPT_TUD_EXT. For further information, please see the FIT interpretation here: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/FITDecision201802.pdf Justification
See issue description. |