**Principle of Least Privilege:** Users, processes, and interfaces are granted only the minimum level of permission necessary to perform their legitimate functions, and nothing more.
FIXME define "Platform"
## 3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
@@ -913,10 +915,13 @@ Each mitigation is described with the following fields where necessary:
Optional:
* Applicability: under which conditions this technical requirement is necessary
* False negative/positive prevention: if necessary, a way to prove that the test distinguishes between conformant and non-conformant products
* Requirements: features of the product as placed on the market necessary to run the test that aren't already required by some other technical requirement
* Documentation: any documentation the manufacturer must save for provision to the MSA in addition to the documentation required for every test
Applicability is based on the technical capabilities of the expected platform of deployment, as documented in TR-DPCP.
@@ -940,7 +945,7 @@ Result: test output matches expected output for that test
Output: the expected output of the test
Documentation: how to enable testing and collection of the test output, why any barrier to doing so is necessary
#### 5.2.X.x **MI-TDOC**: Test documentation
#### 5.2.X.x **MI-TDOC**: Test the documentation for enabling testing
For any technical requirement which includes a test, the manufacturer shall document the instructions for setting up and running the test in addition to those described in MI-TEST, as well as what output of the test indicates passing of the test. Documentation shall include source code if available and usage documentation for each test, along with the options or inputs necessary to run the tests.
@@ -948,6 +953,30 @@ For any technical requirement which includes a test, the manufacturer shall docu
All mitigations for TR-TEST are required for all products.
The manufacturer shall document which platforms the operating system may run on during foreseeable use. For each of these platforms, the manufacturer shall document which of the following capabilities the platform possesses:
* CPU privilege levels
* MMU
* Combinations of read, write, and execute permissions on memory
* All features which permits microarchitectural side channel attacks via software executing on the platform
Test:
Result:
Output:
Documentation:
#### 5.2.X.x **MI-TDOC**: Test documentation
For any technical requirement which includes a test, the manufacturer shall document the instructions for setting up and running the test in addition to those described in MI-TEST, as well as what output of the test indicates passing of the test. Documentation shall include source code if available and usage documentation for each test, along with the options or inputs necessary to run the tests.
### 5.2.X **TR-MISO**: Prevent local unauthorized access of memory-addressable security-relevant data
