@@ -709,11 +709,12 @@ The product shall be checked for memory errors by running a tool that exercises
The manufacturer shall implement the network interface firmware and/or software in a memory-safe language. The manufacturer shall document any use of unsafe memory features to explain why they are necessary and do not present a security risk.
TBD: define memory-safe language
* Test: review source code to determine its language and what exceptions to memory safety exists
* Result: source code is in a memory-safe language and the documentation of all uses of unsafe memory features convincingly demonstrates that each one of them does not present a security risk
* Documentation: source code and documentation of use of unsafe features
* Reference: TR-IMEM
* Objective: Prevent unauthorized memory access
* Preparation: None
* Activities: Review source code to determine its language and what exceptions to memory safety exist
* Verdict: Source code is in a memory-safe language and the documentation of all uses of unsafe memory features convincingly demonstrates that each one of them does not present a security risk => PASS, otherwise FAIL
* Evidence: Source code, documentation of unsafe memory features
#### 5.2.X.x MI-MERR Memory error mitigations for device drivers
