Software/firmware update validation


Explanation: The aim is to enable valid updates to operational software while minimizing the possibility that the update mechanisms can be subverted to install fraudulent updates.

Vulnerabilities addressed: Addresses installation of fraudulent software updates and loss of accountability to the system producer.

Developer resources required: Developer (or third party) needs a signing key, to protect that key, and to compute and store digital signatures for the updates it produces.

Evaluator resources required: Evaluator needs to assure the integrity of signing and operational mechanisms for signature verification.