_Should you need a step-by-step guide for drafting an ETSI deliverable, please consult the "_[_Principles for Drafting ETSI Deliverables_ ](_Principles for Drafting ETSI Deliverables_ )_" document. Otherwise you may contact us at_ [_edithelp@etsi.org_ ](mailto:edithelp@etsi.org).
Association à but non lucratif enregistrée à la<br/>
Sous-préfecture de Grasse (06) N° w061004871<br/>
</div>
<br/>
<divalign="center">
**_Important notice_**
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI deliverable is the one made publicly available in PDF format on [ETSI deliver](ETSI deliver) repository.
@@ -92,19 +72,14 @@ Any software contained in this deliverable is provided "AS IS" with no warrantie
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media.
@@ -113,7 +88,6 @@ IPRs essential or potentially essential to normative deliverables may have been
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
@@ -153,11 +127,8 @@ In the present document "**should** ", "**should not** ", "**may** ", "**need no
"**must** " and "**must not** " are **NOT** allowed in ETSI deliverables except when used in direct citation.
# Executive summary
# Introduction
The present document is a European harmonised standard that defines cybersecurity requirements for products whose primary purpose is providing a boot manager. Demonstrating compliance with this standard is not necessary, but doing so provides a presumption of conformity with Regulation (EU) 2024/2847, the Cyber Resilience Act (CRA).
@@ -168,6 +139,7 @@ This standard does not apply to products that contain a boot managers but whose
The present document specifies cybersecurity requirements for boot managers as products with digital elements under Regulation (EU) 2024/2847 (Cyber Resilience Act). It addresses boot managers identified in Annex III, Point 8 as Important Products with Digital Elements (Class I) and as specified in Standardisation Request C(2025) 618, line item 23.
## 1.2 In-scope products
Products in scope include boot management software that may be integrated into firmware, or provided as components for integration into other products, regardless of their distribution model. This category includes but is not limited to:
- Universal bootloaders for multiple hardware platforms
@@ -205,20 +177,23 @@ While type I hypervisors may contain boot management functionality, they are des
<mark>FIXME relationship with other verticals as diagram?</mark>
## 1.4 Composite products
This standard only applies to boot managers as products put on the market. Products integrating boot manager functionality may:
- apply this standard to boot manager components only
- Demonstrate conformance through composite evaluation
- Reference relevant requirements without claiming full conformance
<mark>FIXME add examples of composite products and how this work. Maybe move into an Annex or extra guidance document.</mark>
<mark>FIXME add examples of composite products including boot managers and how this works. Maybe move into Annex or extra guidance document.</mark>
# 2 References
## 2.1 Normative references
Normative references are not applicable in the present document.
## 2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or nonspecific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies.
> NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.
@@ -262,6 +237,7 @@ For the purposes of the present document, the [following] terms [given in ... an
<mark>FIXME Terms</mark>
## 3.2 Abbreviations
For the purposes of the present document, the [following] abbreviations [given in ... and the following] apply:
- BIOS: Basic Input/Output System
@@ -280,9 +256,11 @@ For the purposes of the present document, the [following] abbreviations [given i
# 4 Product context
## 4.1 General
The product context identifies the operational characteristics, deployment environments, and functional boundaries that determine applicable security requirements.
## 4.2 Product overview
Boot managers implement various architectural patterns based on platform requirements:
- Single-stage: Direct loading of operating system
@@ -293,6 +271,7 @@ Boot managers implement various architectural patterns based on platform require
Integration occurs through firmware, storage interfaces, and hardware security modules.
## 4.3 Essential functions
### 4.3.1 Core functions
- Loading and execution of target OS kernel or next stage
@@ -328,11 +307,10 @@ Integration occurs through firmware, storage interfaces, and hardware security m
Requirements in Section 5 are organized as:
- Fundamental requirements: All boot managers
- Function-specific requirements: Only when function is implemented
- Platform-dependent requirements: Only when specific hardware capabilities are available
<mark>FIXME Add when functionasl categories defined.</mark>
### 4.4.2 Applicable requirements
To determine which requirements apply:
- Fundamental requirements (applies to all boot managers)
@@ -345,7 +323,6 @@ To determine which requirements apply:
<mark>FIXME Test procedures for component-level verification</mark>
## 4.5 Deployment context
- Consumer devices (laptops, desktops)
@@ -355,15 +332,16 @@ To determine which requirements apply:
- IoT and embedded devices
- Development/test environments
<mark>FIXME Other deployment contexts; add details</mark>
<mark>FIXME Other deployment contexts?</mark>
## 4.6 Users and their interactions
Boot managers operate in many cases without traditional user interaction during normal operation.
Users with direct interaction
- Manufacturers for initial provisioning during production
- System integrators for customization or deployment
- System integrators for customization or deployment, including OEMs
- System administrators for configuration in enterprise context
- End users to selection boot options when permitted
@@ -377,13 +355,18 @@ NOTE: Security decisions are predetermined by configuration, not made by users a
<mark>FIXME Repair shops with the need to support end users or small businesses?</mark>
<mark>FIXME GDPR: Boot managers collect hardware identifiers (MAC addresses, TPM IDs) that may be PII when correlated by third parties, especially for remote attestation.</mark>
## 4.7 Threat considerations
<mark>FIXME Threats and mitigations to Annex C?</mark>
### 4.7.1 Supply chain threats
Boot manager code injection during development or distribution, affecting integrity before deployment.
### 4.7.2 Runtime manipulation
Attempts to bypass or replace boot manager during operation, including:
- Bootloader bypass attacks
@@ -404,17 +387,17 @@ Requirements apply based on implemented functions. If a function is not implemen
<mark>FIXME Legacy implementations for existing boot managers</mark>
<mark>FIXME Define minimum acceptable test environment specifications</mark>
<mark>FIXME Minimum acceptable test environment specifications</mark>
### 4.8.2 Composite products
When boot manager functionality is part of a larger product (semiconductor, OS, hypervisor, device), conformance is demonstrated as part of the composite product evaluation.
When boot manager functionality is part of a larger product (semiconductor, OS, hypervisor, embedded device), conformance is demonstrated as part of the composite product evaluation.
<mark>FIXME Add infos here or move to Annex for guidance/examples</mark>
# 5 Requirements
<mark>FIXME Formal requirement with SHALL statements; add requirement identifiers </mark>
@@ -484,7 +467,6 @@ The present document has been prepared under the Commission's standardisation re
Once the present document is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of the present document given in Table A.1 confers, within the limits of the scope of the present document, a presumption of conformity with the corresponding requirements of that Regulation and associated EFTA regulations.
| No | Description | Requirements of Regulation | Clause(s) of the present document | U/C | Condition |
