Loading EN-304-625.md +29 −17 Original line number Diff line number Diff line Loading @@ -905,14 +905,15 @@ Security profile to risk mapping for construction above tables ### C.1.1 Data > What data is stored on the product? #### C.1.1.1 Physical network interfaces * Firmware * Device identity (MAC address etc.) * Device configuration (transmit power/channel configuration/options) * Statistics * Security keys (firmware encryption/decryption, MAC level encryption/decryption) * Security keys for validation of access to itself (firmware, management access) * Security keys for packet encryption or network access * All accessible host data #### C.1.1.2 Virtual network interfaces or device drivers Loading @@ -920,6 +921,7 @@ Security profile to risk mapping for construction above tables * Interface configuration that is not stored by the host * Statistics * Security keys * All accessible host data ### C.1.2 Product functions Loading @@ -927,43 +929,53 @@ Security profile to risk mapping for construction above tables FIXME copy back to Essential Functions when done Copied from Section 4.7 Essential Functions. #### C.1.2.2 Physical interface essential functions * Receive and transmit data between host and network at data link layer * Execute host commands (power, config, tx/rx) * Send commands/data to host hardware (wake on LAN) * Keep and report network statistics * Update firmware with image provided by host * Execute commands from the host (power, config, tx/rx) * Read/write/etc host resources accessible from card Optional: * Send commands/trigger actions on host (e.g. wake on network messages) * Packet processing (receive/transmit) at layers higher than data link * Offload of packet processing at layers higher than data link * Packet encryption at data link layer * Packet encryption at higher layer * Keep and report network statistics * Update firmware with image provided by host * Manage firmware update autonomously (image received from the network) FIXME add in system bus related risks * Provide remote management interface * Implement/support network boot ### C.1.2.2 Device driver essential functions * Bridge between network device interface and host software * Handle interrupts, set up tx/rx, copy statistics, etc. * Copy data between network device interface and host memory * Handle interrupts, set up tx/rx, keep/copy statistics, etc. * Configure the network interface * Set up and execute firmware update/load with image provided by host software * Monitor device interface and network interface health * Interact with operating system and user programs Optional: * Set up and execute firmware update/load with image provided by host software * Support optional features of the underlying device hardware or software * Provision keys to device (network access, management, packet encryption) * Generate log messages * Use debug interfaces ### C.1.2.3 Virtual interface essential functions * Bridge between host device driver interface and other software * Process/move around data sent to virtual interface * Interact with operating system * Configure the network interface * Keep and report network statistics * Read/write/etc host resources accessible from device driver Other functionality is generally implemented outside of the device driver. Optional: * Packet encryption * Provision keys (network access, management, packet encryption) * Generate log messages ## C.2 Threats Loading Loading
EN-304-625.md +29 −17 Original line number Diff line number Diff line Loading @@ -905,14 +905,15 @@ Security profile to risk mapping for construction above tables ### C.1.1 Data > What data is stored on the product? #### C.1.1.1 Physical network interfaces * Firmware * Device identity (MAC address etc.) * Device configuration (transmit power/channel configuration/options) * Statistics * Security keys (firmware encryption/decryption, MAC level encryption/decryption) * Security keys for validation of access to itself (firmware, management access) * Security keys for packet encryption or network access * All accessible host data #### C.1.1.2 Virtual network interfaces or device drivers Loading @@ -920,6 +921,7 @@ Security profile to risk mapping for construction above tables * Interface configuration that is not stored by the host * Statistics * Security keys * All accessible host data ### C.1.2 Product functions Loading @@ -927,43 +929,53 @@ Security profile to risk mapping for construction above tables FIXME copy back to Essential Functions when done Copied from Section 4.7 Essential Functions. #### C.1.2.2 Physical interface essential functions * Receive and transmit data between host and network at data link layer * Execute host commands (power, config, tx/rx) * Send commands/data to host hardware (wake on LAN) * Keep and report network statistics * Update firmware with image provided by host * Execute commands from the host (power, config, tx/rx) * Read/write/etc host resources accessible from card Optional: * Send commands/trigger actions on host (e.g. wake on network messages) * Packet processing (receive/transmit) at layers higher than data link * Offload of packet processing at layers higher than data link * Packet encryption at data link layer * Packet encryption at higher layer * Keep and report network statistics * Update firmware with image provided by host * Manage firmware update autonomously (image received from the network) FIXME add in system bus related risks * Provide remote management interface * Implement/support network boot ### C.1.2.2 Device driver essential functions * Bridge between network device interface and host software * Handle interrupts, set up tx/rx, copy statistics, etc. * Copy data between network device interface and host memory * Handle interrupts, set up tx/rx, keep/copy statistics, etc. * Configure the network interface * Set up and execute firmware update/load with image provided by host software * Monitor device interface and network interface health * Interact with operating system and user programs Optional: * Set up and execute firmware update/load with image provided by host software * Support optional features of the underlying device hardware or software * Provision keys to device (network access, management, packet encryption) * Generate log messages * Use debug interfaces ### C.1.2.3 Virtual interface essential functions * Bridge between host device driver interface and other software * Process/move around data sent to virtual interface * Interact with operating system * Configure the network interface * Keep and report network statistics * Read/write/etc host resources accessible from device driver Other functionality is generally implemented outside of the device driver. Optional: * Packet encryption * Provision keys (network access, management, packet encryption) * Generate log messages ## C.2 Threats Loading
