@@ -156,7 +156,7 @@ The present document describes how to demonstrate compliance with requirements i
## 1.2 Products in scope
Products in scope are products whose core function and intended or reasonabily foreseeable use or misuse is as an operating system. Operating systems include software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals.
Products in scope are products whose core function and intended or reasonabily foreseeable use or misuse is as an operating system. Operating systems include software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals. The underlying hardware may be virtualized to some degree, as when an operating system is running on a hypervisor.
This category includes but is not limited to:
@@ -196,15 +196,18 @@ This standard does not cover parts of the operating system that are not security
This standard does not cover:
* hypervisors or containers
* boot managers or boot loaders
* hardware, microcode, or special purpose device firmware
* device drivers not shipped with the operating system, including those stored on devices
* Hypervisors or containers
* Boot managers or boot loaders
* Hardware, microcode, or special purpose device firmware
* Device drivers not shipped with the operating system, including those stored on devices
* Usermode "operating systems," applications which emulate parts of an operating system on top of another operating system's user API
While hypervisors abstract the underlying hardware and may provide services similar to operating systems such as resource management and scheduling, the set of services they supply to clients are far more limited than those of an operating system. Hypervisors provide clients an emulated hardware platform rather than a set of abstract operating system services.
Containers are a set of process isolation features provided by operating systems. They are an operating system feature, not an operating system.
Usermode "operating systems" are applications simulating an operating system in an application, implemented on top of another operating system's user API. These applications are often used to learn about, develop, or emulate the parts of operating systems that do not directly interface with with underlaying hardware. They do not and cannot provide the core functions of an operating system as defined for the purposes of this standard.
Boot managers have the primary purpose of initializing the hardware after power on or reset with the goal of choosing, loading, and/or transferring execution to an operating system or other program. While many boot managers provide some or all of the services of an operating system (or are literally operating systems adapted for use as a boot manager), they are designed and intended primarily to transfer control to an operating system or other program, rather than continuously operate and provide services.
Firmware running on a device is an operating system if its core function is to abstract the hardware platform and control the execution of software that uses services it provides. Otherwise it is special purpose device-specific firmware.
