Skip to content

Commit

Permalink
Merge pull request #22 from andreabolognani/secure-boot
Browse files Browse the repository at this point in the history
Spell out some Secure Boot requirements
  • Loading branch information
andreiw authored Jul 29, 2024
2 parents cdba014 + a7d52dc commit c7750ca
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion server_platform_requirements.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -154,13 +154,15 @@ PCIe devices or be compliant to rules for SoC-integrated PCIe devices (cite:[Ser

Security requirements straddle hardware and firmware.

TBD: it is expected the high-level RoT / boot flow requirements will come from the platform security spec.
TBD: it is expected the high-level root of trust / boot flow requirements will come from the platform security spec.

[width=100%]
[%header, cols="5,25"]
|===
| ID# ^| Requirement
| `SEC_010` | MUST implement UEFI Secure Boot and Driver Signing (cite:[UEFI] Section 32)
| `SEC_011` | It MUST be possible for a physically present user to disable Secure Boot enforcement, thus allowing unsigned code to be executed.
| `SEC_012` | It MUST be possible for a physically present user to fully manage the contents of all Secure Boot key stores (PK, KEK, db and dbx). This includes the ability to delete all factory-provided keys, enrolling their own custom keys, and resetting all key stores to their factory state.
| `SEC_020` | MUST back the UEFI Authenticated Variables implementation with
a mechanism that cannot be accessed or tampered by an unauthorized
software or hardware agent.
Expand Down

0 comments on commit c7750ca

Please sign in to comment.