* Receive and transmit data between host and network at data link layer
* Execute host commands (power, config, tx/rx)
* Send commands/data to host hardware (wake on LAN)
* Keep and report network statistics
* Update firmware with image provided by host
Optional:
A physical network interface is the link between the physical transmission media and the host system. The product's ost essential function is to transfer data between the network and the host.
* Send commands/trigger actions on host (e.g. wake on network messages)
* Packet processing (receive/transmit) at layers higher than data link
* Packet encryption at data link layer
* Packet encryption at higher layer
* Manage firmware update autonomously (image received from the network)
The product supports configuration of itself by the host. The host system may configure settings related to transmitting data, encryption, or features like waking the host after a packet arrives at the network interface.
### 4.2.2 Device driver essential functions
The product may keep and report statistics about network traffic or its internal functions.
* Bridge between network device interface and host software
* Handle interrupts, set up tx/rx, copy statistics, etc.
* Configure the network interface
* Set up and execute firmware update/load with image provided by host software
* Monitor device interface and network interface health
The product may update or load its own firmware. The host system may be able to update or load firmware to the product.
Optional:
The product may be able to take actions that affect the entire host system, such as power cycling or reading any part of memory.
* Support optional features of the underlying device hardware or software
### 4.2.2 Device driver essential functions
### 4.2.3 Virtual interface essential functions
A device driver manages the network interface on behalf of the host system, often presenting a standardized network device driver interface to the host operating system. It manages the transfer of data from the network interface to and from host memory. It carries out requests by the host software, such as configuration or loading firmware. It may keep and report statistics about network traffic.
* Bridge between host device driver interface and other software
Other functionality is generally implemented outside of the device driver.
A virtual network interface presents a network device driver interface to the rest of the host software. It may encrypt, filter, transform, route, discard, or otherwise modify network traffic entering the interface. The network traffic may then be directed to another virtual network interface on the same host, to another executable on the host, or to a physical network interface.
## 4.3 Product architecture
@@ -361,7 +347,7 @@ A wired network interface transmits data via a specific physical medium such as
Wireless network interfaces often have an independent real-time operating system on the network interface itself. Wireless medium access often requires real-time response to manage the radio frequency transmissions properly. The network interface must also prevent improper settings of radio frequency transmission parameters, which is often implemented by having the internal firmware set the parameters, rather than exposing them to the host. The complexity of this firmware may increase the risk of a wireless interface.
A virtual interface emulates the device driver interface of a network interface to a host's device driver API. Instead of a physical network interface, it may send and receive packets to a hypervisor, a container, another device driver, another part of the network stack, an application, or other software.
A virtual network interface emulates the device driver interface of a network interface to a host's device driver API. Instead of a physical network interface, it may send and receive packets to a hypervisor, a container, another device driver, another part of the network stack, an application, or other software.
> FIXME add hypervisor or other software to diagram
@@ -371,7 +357,7 @@ A virtual interface emulates the device driver interface of a network interface
The device driver communicates with the host software or firmware by means of a network device driver API. This API abstracts the implementation details of the underlying network interface. Such network device driver API is typically defined by the host operating system or other software and is used by the host network stack to send or receive data through the network interface.
Physical interfaces require device drivers to make use of the physical hardware through a device driver interface. Virtual interfaces are effectively device drivers only, since they are made of software only without underlying hardware.
Physical network interfaces require device drivers to make use of the physical hardware through a device driver interface. Virtual network interfaces are effectively device drivers only, since they are made of software only without underlying hardware.
The device driver often needs elevated privileges to read and write memory. Device drivers for physical network interfaces often must have access also to the network interface control registers, directly or via host memory address space mapped to them; sometimes device drivers must as well enable or disable interrupts or other host hardware functions. This usually requires that the device driver has a high level of privilege on the host system.
@@ -571,28 +557,28 @@ FIXME renumber
### 4.7.3 Virtual network interface use cases
* UC-VI-1 Virtual interface for internal use on private device
* UC-VI-1 Virtual network interface for internal use on private device
* E.g. loopback, containers, tunnel to local application
* Packets only from other applications/users on host
* Users limited to owner and who they trust
* Very simple device driver
* Professional administration
* UC-VI-2 Virtual interface for external use on private device
* UC-VI-2 Virtual network interface for external use on private device
* Virtio on hypervisors, VPN interfaces, tunnel interfaces
* Exposed to entire internet
* Users limited to owner and who they trust
* Highly complex packet filtering, processing, encryption, etc.
* Non-professional administration
* UC-VI-3 Virtual interface for external use on enterprise device
* UC-VI-3 Virtual network interface for external use on enterprise device
* Virtio on hypervisors, VPN interfaces, tunnel interfaces
* Exposed to entire internet
* Users are company employees
* Highly complex packet filtering, processing, encryption, etc.
* Professional administration
* UC-VI-4 Virtual interface for external use on public server
* UC-VI-4 Virtual network interface for external use on public server
* Virtio on hypervisors, VPN interfaces, tunnel interfaces
* Exposed to entire internet
* Users are untrusted
@@ -941,7 +927,7 @@ The product shall be accompanied by documentation for all interfaces for the pro
Guidance: This requirement gives the user or integrator of the product the necessary information they need to implement an appropriate level of access control in the host system. This requirement does not specify how the host implements access control.
* Applicability: Physical interface
* Applicability: Physical network interface
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation: Define a method that can be used to find all interfaces on the product accessible from the host
@@ -955,12 +941,12 @@ All debug interfaces accessible to someone with physical access to the device sh
Guidance: This is for the use case of selling to an integrator.
* Applicability: Physical interface
* Applicability: Physical network interface
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation: Physically examine the device for interfaces
* Activities: Compare the physical interfaces of the device with the documentation
* Verdict: All physical interfaces are documented as to how to disable or protect them => PASS, otherwise => FAIL
* Activities: Compare the physical network interfaces of the device with the documentation
* Verdict: All physical network interfaces are documented as to how to disable or protect them => PASS, otherwise => FAIL
* Evidence: Pictures of the device, list of discovered interfaces, comparison with documentation, notes as to which are documented how to disable/protect
#### 5.2.X.x **MI-SDEE-2**: Physical access to debug interface
@@ -969,7 +955,7 @@ All debug interfaces accessible to someone with physical access to the device sh
Guidance: This is for the use case of an end user in use cases where physical access is possible for a threat actor.
* Applicability: Physical interface
* Applicability: Physical network interface
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation for the person testing the product, not the manufacturer: Physically examine the device for interfaces, read documentation
@@ -983,7 +969,7 @@ All debug/remote management interfaces accessible via the network shall be prote
Guidance: For use case of end user depending on network access by threat actors.
* Applicability: Physical interface
* Applicability: Physical network interface
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation:
@@ -997,7 +983,7 @@ All debug/remote management interfaces accessible via the network shall be prote
Guidance: For use case of end user for backwards compatibility with insecure protocols.
* Applicability: Physical interface
* Applicability: Physical network interface
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation:
@@ -1377,13 +1363,13 @@ All sources of data processed by the product in its secure-by-default configurat
The product shall be securely updateable by the user.
> FIXME add versions for device driver and virtual interface.
> FIXME add versions for device driver and virtual network interface.
#### 5.2.X.x **MI-SCFM**: Secure update of firmware
The product shall provide a method of updating its firmware from the host system.
* Applicability: Product is a physical interface
* Applicability: Product is a physical network interface
* Reference: TR-SCUD
* Objective: Secure updates
* Preparation: Prepare a new firmware image with a different version number from the currently installed firmware
@@ -1393,7 +1379,7 @@ The product shall provide a method of updating its firmware from the host system
#### 5.2.X.x **MI-SCDC**: Documentation of secure update of firmware
The product shall be accompanied by documentation of the secure update methods for the physical interface.
The product shall be accompanied by documentation of the secure update methods for the physical network interface.
* Reference: TR-SCUD
* Objective: Secure updates
@@ -1405,7 +1391,7 @@ The product shall be accompanied by documentation of the secure update methods f
The device driver shall provide a method of updating the firmware on the device.
* Applicability: Device driver supplied with physical interface
* Applicability: Device driver supplied with physical network interface
* Reference: TR-SCUD
* Preparation: Prepare a new firmware image with a different version number from the currently installed firmware
* Activities: Check the firmware version, install the new firmware, and check the firmware version
@@ -1563,11 +1549,7 @@ Need to specify encryption related stuff that is not covered by ACM.
