Loading EN-304-623.md +12 −8 Original line number Diff line number Diff line Loading @@ -415,14 +415,16 @@ When boot manager functionality is part of a larger product (semiconductor, OS, <mark>FIXME Map threats to mitigation requirements (here or Annex C)</mark> Basic security requirements (all boot managers) ## 5.1 Basic security requirements Applies to all boot managers - Protect boot code against unauthorized modification - Prevent bypass of boot sequence - No default passwords or backdoors - Fail securely on error conditions Integrity and verification ## 5.2 Integrity and verification - Verify component signatures before execution - Verify entire boot chain Loading @@ -432,12 +434,12 @@ Integrity and verification <mark>FIXME Requirements when TPM/HSM available</mark> Access control ## 5.3 Access control - Restrict configuration changes - Authenticate administrative access Update security ## 5.4 Update security - Authenticated updates only over secured update channel - Update integrity verification Loading @@ -449,9 +451,9 @@ Update security <mark>FIXME Proper engagement with community-maintained projects when using open source software</mark> Attack resistance ## 5.5 Attack resilience - Resist debug interface exploitation - Debug interface exploitation - Time-bounded operations to prevent delays - Clear sensitive data after use - Protect against fault injection where feasible Loading @@ -462,7 +464,7 @@ Attack resistance <mark>FIXME Physical attack countermeasures</mark> Operational security ## 5.6 Operational security - Security functions enabled by default - Secure key storage Loading @@ -471,7 +473,9 @@ Operational security <mark>FIXME How to verify "secure key storage" without access to internals?</mark> Vendor neutrality ## 5.6 Neutrality <mark>FIXME Better term for "n"eutrality"</mark> - Support for multiple certificate authorities - User-enrollable keys Loading Loading
EN-304-623.md +12 −8 Original line number Diff line number Diff line Loading @@ -415,14 +415,16 @@ When boot manager functionality is part of a larger product (semiconductor, OS, <mark>FIXME Map threats to mitigation requirements (here or Annex C)</mark> Basic security requirements (all boot managers) ## 5.1 Basic security requirements Applies to all boot managers - Protect boot code against unauthorized modification - Prevent bypass of boot sequence - No default passwords or backdoors - Fail securely on error conditions Integrity and verification ## 5.2 Integrity and verification - Verify component signatures before execution - Verify entire boot chain Loading @@ -432,12 +434,12 @@ Integrity and verification <mark>FIXME Requirements when TPM/HSM available</mark> Access control ## 5.3 Access control - Restrict configuration changes - Authenticate administrative access Update security ## 5.4 Update security - Authenticated updates only over secured update channel - Update integrity verification Loading @@ -449,9 +451,9 @@ Update security <mark>FIXME Proper engagement with community-maintained projects when using open source software</mark> Attack resistance ## 5.5 Attack resilience - Resist debug interface exploitation - Debug interface exploitation - Time-bounded operations to prevent delays - Clear sensitive data after use - Protect against fault injection where feasible Loading @@ -462,7 +464,7 @@ Attack resistance <mark>FIXME Physical attack countermeasures</mark> Operational security ## 5.6 Operational security - Security functions enabled by default - Secure key storage Loading @@ -471,7 +473,9 @@ Operational security <mark>FIXME How to verify "secure key storage" without access to internals?</mark> Vendor neutrality ## 5.6 Neutrality <mark>FIXME Better term for "n"eutrality"</mark> - Support for multiple certificate authorities - User-enrollable keys Loading
