Commit ccf68b66 authored by Christian Horchert's avatar Christian Horchert
Browse files

make ready for early draft

parent 422e56dc

EN-304-623.md

+39 −13
Original line number Diff line number Diff line 
©<div align="center">



**ETSI EN-304-623 0.0.0 (2025-08)**

<div align="center">

**ETSI EN-304-623 0.0.1 (2025-08)**

![](media/etsi-coverpage-logo.png)



CYBER; CRA;<br />
@@ -21,12 +20,12 @@ _Should you need a step-by-step guide for drafting an ETSI deliverable, please c 
<br />

<br />



<div align="center">



<div style="text-align: center;">

Reference<br />

&lt;Workitem><br />

Keywords<br />

&lt;keywords><br />



ETSI<br />

650 Route des Lucioles<br />

F-06921 Sophia Antipolis Cedex - FRANCE<br />
@@ -36,7 +35,7 @@ Association à but non lucratif enregistrée à la<br /> 
Sous-préfecture de Grasse (06) N° w061004871<br />

</div>



<br />

<div style="text-align: center;">



**_Important notice_**
@@ -44,7 +43,7 @@ The present document may be made available in electronic versions and/or in prin 


Users should be aware that the present document may be revised or have its status changed, this information is available in the [Milestones listing](Milestones listing).



If you find errors in the present document, please send your comments to<br />the relevant service listed under [Committee Support Staff](Committee Support Staff).

If you find errors in the present document, please send your comments to the relevant service listed under [Committee Support Staff](Committee Support Staff).



If you find a security vulnerability in the present document, please report it through our
@@ -72,10 +71,12 @@ Any software contained in this deliverable is provided "AS IS" with no warrantie 


No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media.



&copy; ETSI 2025.

&copy; ETSI yyyy.



All rights reserved.<br />



</div>



# Contents



<br />
@@ -134,6 +135,8 @@ The present document is a European harmonised standard that defines cybersecurit 


This standard does not apply to products that contain a boot managers but whose primary purpose is something else. But this standard may be useful as part of the process of demonstrating compliance for a product containing a boot manager as component.



<!-- 01-scope.md -->



# 1 Scope

## 1.1 General 

The present document specifies cybersecurity requirements for boot managers as products with digital elements under Regulation (EU) 2024/2847 (Cyber Resilience Act). It addresses boot managers identified in Annex III, Point 8 as Important Products with Digital Elements (Class I) and as specified in Standardisation Request C(2025) 618, line item 23.
@@ -154,7 +157,7 @@ NOTE: This includes updatable platform initialization components that participat 


<mark>FIXME Is the scope sufficient?</mark>



<mark>FIXME Add boot sequence diagrams from power-on to handover by the operating system.</mark>

<mark>FIXME Add boot sequence diagrams (from power-on to handover by the operating system)</mark>



## 1.3 Out-of-scope products
@@ -184,7 +187,9 @@ This standard only applies to boot managers as products put on the market. Produ 
- Demonstrate conformance through composite evaluation

- Reference relevant requirements without claiming full conformance



<mark>FIXME add examples of composite products including boot managers and how this works. Maybe move into Annex or extra guidance document.</mark>

<mark>FIXME add examples of composite products including boot manager. Maybe move into Annex or extra guidance document.</mark>



<!-- 02-03-refs-terms.md -->



# 2 References
@@ -253,6 +258,8 @@ For the purposes of the present document, the [following] abbreviations [given i 


<mark>FIXME Abbreviations</mark>



<!-- 04-context.md -->



# 4 Product context



## 4.1 General
@@ -381,11 +388,10 @@ Attempts to bypass or replace boot manager during operation, including: 
- using manufacturer's reference implementation

- using documented test interfaces



<mark>FIXME What constitutes "documented test interfaces"?</mark>

<mark>FIXME What constitute a "documented test interface"?</mark>



Requirements apply based on implemented functions. If a function is not implemented, associated requirements do not apply.



<mark>FIXME Legacy implementations for existing boot managers</mark>



<mark>FIXME Minimum acceptable test environment specifications</mark>
@@ -393,8 +399,12 @@ Requirements apply based on implemented functions. If a function is not implemen 


When boot manager functionality is part of a larger product (semiconductor, OS, hypervisor, embedded device), conformance is demonstrated as part of the composite product evaluation. 



<mark>FIXME Legacy implementations for existing boot managers as part of a composite product</mark>



<mark>FIXME Add infos here or move to Annex for guidance/examples</mark>



<!-- 05-requirements.md -->



# 5 Requirements 



<mark>FIXME Proper grouping, formal requirement with SHALL statements;  add requirement identifiers </mark>
@@ -461,6 +471,16 @@ Operational security 


<mark>FIXME How to verify "secure key storage" without access to internals?</mark>



Vendor neutrality



- Support for multiple certificate authorities

- User-enrollable keys

- Alternative boot paths



<mark>FIXME Develop requirements ensuring boot managers don't create vendor lock-in</mark>



<!-- annex-a-cra.md -->



# Annex A (normative): Relationship between the present document and the essential requirements of EU Regulation 2024/2847



The present document has been prepared under the Commission's standardisation request C(2025) 618 final to provide one voluntary means of conforming to the requirements of Regulation (EU) No 2024/2847 (Cyber Resilience Act).
@@ -473,6 +493,7 @@ Once the present document is cited in the Official Journal of the European Union 
| X                                                |             | Annex I, Part I(1)         | X                                 | X   |           |

| **Part II: Vulnerability Handling Requirements** |             |                            |                                   |     |           |

| X                                                |             | Annex I, Part II(2)        | X                                 | X   |           |



: Relationship between the present document and the requirements of the CRA



<mark>FIXME Table relationship to CRA</mark>
@@ -491,6 +512,8 @@ Once the present document is cited in the Official Journal of the European Union 
- **U/C**: Indicates whether the requirement is unconditionally applicable (U) or is conditional upon the manufacturer's claimed functionality of the equipment (C).

- **Condition**: Explains the conditions when the requirement is or is not applicable for a requirement which is classified "conditional".



<!-- annex-b-relationships.md -->



# Annex B (informative): Relationship between the present document and any related ETSI standards



## B.1 Relationship to ETSI standards
@@ -501,10 +524,13 @@ Once the present document is cited in the Official Journal of the European Union 
| EN 304 626        | Operating Systems   | Boot managers transfer control to OS; boundary at kernel initialization    |

| EN 304 635        | Hypervisors and CRS | Hypervisors may include boot functionality; boot managers load hypervisors |

| XXX               | XXX                 | XXX                                                                        |



: Relationship between the present document and related ETSI standards



<mark>FIXME Table relationship to ETSI Standards </mark>



<!-- annex-c-risk.md -->



# Annex C (informative): Risk identification and assessment methodology



<mark>FIXME Annex C Risks</mark>