Merge branch '117-has56-add-title-and-introduction-5-3-4' into 'main'

### 5.3.4 Secure updates

The update of a system has to be done often enough to keep the number of known vulnerabilities in minimum.

Therefore, it is important to test all system upgrades and design the upgrade procedure in a way, that keeps the system within the set [5.3.8 High Availability] targets.

The update of a system has to be done often enough to keep the number of known vulnerabilities in minimum. A wide variety of threats related to secure update may appear both prior to an update and during the update process and the product shall mitigate both of these types of threat.

Pre-Update Acquisition & Distribution:

Pre-update acquisition & distribution secure update threats:

- Tampered update packages during storage or transmission

- Update retrieved from an untrusted or unauthenticated source

- Use of revoked or compromised signing keys

Installation & Execution:

Threats to secure update during installation & execution:

- Authenticity or integrity verification bypass

- Downgrade to a vulnerable version

- Rollback protections bypass

- Loss of availability if update fails or is interrupted

Therefore, it is important to test all system upgrades and design the upgrade procedure in a way, that keeps the system within the set [5.3.8 High Availability] targets.

Requirements:

- **[REQ-UPDATES-0]:** The product shall verify the authenticity and integrity of update packages using a cryptographic digital signature verification prior to installation.

- **[REQ-UPDATES-1]:** The product shall maintain a monotonic version counter or equivalent mechanism to prevent installation of updates with an older vulnerable version.