Commit 65f87a48 authored by Christian Horchert's avatar Christian Horchert
Browse files

minor changes

parent 870793bf

EN-304-623.md

+6 −6
Original line number Diff line number Diff line
@@ -180,7 +180,7 @@ NOTE: Components that cannot be updated post-manufacture are addressed with spec 


## 1.4 Composite products



When boot manager functionality is integrated into larger products (such as operating systems, hypervisors, or embedded devices), the product manufacturer demonstrates conformance through evaluation of the complete product, with boot manager requirements may assessed as part of the whole.

When boot manager functionality is integrated into larger products (such as operating systems, hypervisors, or embedded devices), the product manufacturer demonstrates conformance through evaluation of the complete product, with boot manager requirements assessed as part of the whole.



Products integrating boot manager functionality may:
@@ -623,7 +623,7 @@ Each category determines baseline security expectations, with specific requireme 


### 4.8.1 Assets



Boot managers protect critical system assets including boot chain integrity, cryptographic keys and certificates, boot configuration and security policies, measurement logs, and update mechanisms. Compromise of these assets can undermine the entire system's security posture.

Boot managers protect critical system assets including boot chain integrity, cryptographic keys and certificates, boot configuration and security policies, measurement logs, and update mechanisms. Compromise of these assets can undermine the entire system's security posture. An overview of boot manager assets is provided in Annex C.



### 4.8.2 Threat landscape
@@ -1658,13 +1658,13 @@ For each requirement defined in Clause 5, this clause provides assessment proced 
Each assessment in this clause follows a standardized format:



1. Applicability: Identifies which boot managers must comply (all or conditional based on capabilities).

2. Assessment objective: Defines the security property or capability being verified.

3. Assessment preparation: Describes the environment, setup, hardware requirements, and preconditions, including:

2. Objective: Defines the security property or capability being verified.

3. Preparation: Describes the environment, setup, hardware requirements, and preconditions, including:

  - Test environment (hardware, software, network setup)

  - Preconditions (configurations, credentials, operational states)

  - Required tools (testing software, analyzers, debuggers)

  - Vendor documentation references

4. Assessment activities: Provides step-by-step execution procedures, which may include:

4. Activities: Provides step-by-step execution procedures, which may include:

  - Documentation review

  - Security functional or penetration testing

  - Code or binary analysis
@@ -2143,7 +2143,7 @@ Verify that the boot manager implements anti-rollback protection that prevents i 
  - Review documentation of version tracking implementation

  - Identify where version information is stored:

    - Non-volatile memory location

    - Hardware security component (TPM, secure element)

    - Hardware security component

    - Protected storage mechanism

    - One-time programmable storage

  - Confirm mechanism type: