Commit 25e4abc4 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Reword compiler flags and move to secure design and development

parent d858d377

EN-304-625.md

+32 −31
Original line number Diff line number Diff line
@@ -894,46 +894,21 @@ The manufacturer shall identify which input fields may produce memory errors in 
* Result: no memory errors

* Documentation: documentation of identified inputs and what inputs were boundary testing



#### 5.2.X.x MI-SCF Secure Compilation Flags



FIXME make more specific



The manufacturer shall ensure that all security-relevant firmware and software are compiled with secure compilation flags and options appropriate to the target platform and language.



Secure compilation flags shall include, but are not limited to:



FIXME add documentation



FIXME describe the concepts behind these in a language indepedent way



* Stack protection (e.g., -fstack-protector, -fstack-protector-strong)

* Buffer overflow protection (e.g., -D_FORTIFY_SOURCE=2)

* Position-independent code (-fPIC)

* Control Flow Integrity (CFI) options, if available

* Compiler warnings as errors (-Werror)

* Address Sanitizer or other runtime checks, where feasible



The manufacturer shall document the compilation flags used, their rationale, and any exceptions or limitations.



* Test: run a source code analysis tool, e.g. checksec binary, on the relevant parts of the network interface firmware and software.

* Result: no warnings, or present warnings are justified by technical documentation

* Documentation: output of the source code analysis checker, list of compliation flags and options used, documentation of any suppressed warnings or disabled flags with justifications.



#### 5.2.X.x Mapping of mitigations to risk factors and security profiles



Mitigations satisfy technical requirements only under when they mitigate the relevant risks appropriately. Risk factors are used to determine this. The below table shows which mitigations are appropriate to which use cases or security profiles based on the risk factors determined in the risk assessment.



| Risk factors        | Requires mitigations           |

|---------------------|--------------------------------|

| NET = 0             | SCF                            |

| NET <= 0 or COM = 0 | SSCA and SCF                   |

| NET > 0 and COM > 0 | SCF and (FZ95 or ETIN or IMSL) |

| NET = 0             | None                           |

| NET <= 0 or COM = 0 | SSCA                           |

| NET > 0 and COM > 0 | FZ95 or ETIN or IMSL           |



| Security Profile    | Requires mitigations           |

|---------------------|--------------------------------|

| VI-1                | SCF                            |

| WD-2                | SSCA and SCF                   |

| all others          | SCF and (FZ95 or ETIN or IMSL) |

| VI-1                | None                           |

| WD-2                | SSCA                           |

| all others          | FZ95 or ETIN or IMSL           |



### 5.2.X TR-MDNF: Mitigate disabling of network functions
@@ -1272,6 +1247,32 @@ FIXME define RSKL/M/H as a function of other risk factors 


Need to specify encryption related stuff that is not covered by ACM.



### 5.X.Y **TR-SDDV**: Secure design and development



The manufacturer shall use best practices for secure design and development.



#### 5.2.X.x **MI-SCFS**: Secure compilation flags



The manufacturer shall ensure that all security-relevant firmware and software are compiled with secure compilation flags and options appropriate to the target platform and language. The manufacturer shall document the compilation flags used, their rationale, and any exceptions or limitations. Any exceptions to the flags or warnings shall be documented as to why they do not affect the security of the system.



  * Applicability: (for requirements that depend on a feature)

  * Reference: TR-SDDV

  * Objective: Secure design and development

  * Preparation: Document which flags should be used

  * Activities: Review compilation flags, warnings, and documentation for exceptions

  * Verdict: Documentation of flags exists, all warnings and exceptions are documented

  * Evidence: Documentation of flags, build system files, documentation of warnings and exceptions



[Any other mitigations available]



| Risk factors        | Requires mitigations |

|---------------------|----------------------|

| all                 | SCFS                 |



| Security Profile    | Requires mitigations |

|---------------------|----------------------|

| all                 | SCFS                 |



> Copy-n-paste mitigation format



### 5.X.Y **TR-XXXX**: