Clarification is needed about algorithm verification of Root of Trust in the Test Assurance activities for the Secure Boot SFR

[ansukert]

This is a comment from Ryuichiro Ohya-san:

Section 2.6.1 FPT_SBT_EXT.1 Extended: Secure Boot, 2.6.1.3 Tests, pg. 59:
Add a note in this section saying that the algorithm verification for Root of Trust should be avoided, because authenticity check in Root of Trust should be performed by some kind of immutable code, so the algorithm verification tests should be difficult to perform.

[gcolunga]

This issue was submitted against the SD in GH issue #348.

The HCD iTC accepted the GH issue #348. See issue #9 / #348 in the "SD Final Draft" tab in the "HCD iTC Master Comments-Matrix_20221011.xlsx" file.

HCD iTC Master Comments-Matrix_20221011.xlsx

I updated the SD to address GH issue #348 in commit 362b10f. However, commit 362b10f was not made on time for version 1.0 of the SD. As a result, commit 3974476 was made to revert the SD changes to address the issue.

This issue has already been accepted by the HCD iTC and should be addressed in a future version of the SD.

[Ryuichiro-Ohya-FX]

I've checked the SD changes Jerry-san proposed, and found no problem.
Thank you for your efforts on making proposal, Jerry-san.

[gcolunga]

This issue is addressed by the following TD:

• HCD0001

The TD above is located at the following location:

• https://github.com/HCD-iTC/HCD-iTC-Template/tree/Working/TD