|
244 | 244 | <term full="Exclusive Or" abbr="XOR"/> |
245 | 245 | <term full="eXtensible Configuration Checklist Description Format" abbr="XCCDF"/> |
246 | 246 | </tech-terms> |
247 | | - <section title="Compliant Targets of Evaluation" id="TOEdescription"/> |
| 247 | + <section title="Compliant Targets of Evaluation" id="TOEdescription"> |
| 248 | + |
| 249 | + This Protection Profile for General-Purpose Computing Platforms (GPCP) specifies security requirements |
| 250 | + for general-purpose computing platforms. A GPCP is is a hardware device that is capable of hosting one or more |
| 251 | + general-purpose operating systems as defined by the Protection Profile for General Purpose |
| 252 | + Operating Systems, one or more virtualization systems as defined by the Protection Profile for |
| 253 | + Virtualization, or more than one application. Typical platform |
| 254 | + implementations include servers, PC clients, laptops, and tablets.<h:p/> |
| 255 | + This Protection Profile applies only to platforms that support firmware update. <h:p/> |
| 256 | + Mobile Device platforms as defined in the Protection Profile for Mobile Device Fundamentals and |
| 257 | + Network Device platforms as defined in the collaborative Protection Profile for Network Devices |
| 258 | + are out of scope of this PP. Mobile Device and Network Device platforms must be evaluated |
| 259 | + against the more specific requirements in their respective specialized PPs.<h:p/> |
| 260 | + Likewise, hardcopy devices such as printers, scanners, copiers, and fax machines are out of scope of this |
| 261 | + Protection Profile and should be evaluated instead against the Protection Profile for Hardcopy Devices.<h:p/> |
| 262 | + Finally, platforms for sharing and isolation of peripheral devices across domains, such as KVM Switches and Isolators, should |
| 263 | + be evaluated against the Protection Profile for Peripheral Sharing Devices.<h:p/> |
| 264 | + The core security features of GPCPs include protected firmware and a boot integrity processes. Platform firmware |
| 265 | + must be protected such that it is not permitted to execute if it has been modified outside of authorized and |
| 266 | + authenticated update processes. Other use-case-specific features include audit capabilities, Administrator |
| 267 | + authentication, and protections against physical tampering. |
| 268 | + |
| 269 | + |
| 270 | + |
| 271 | + <sec:TOE_Boundary> |
| 272 | + The TOE comprises the hardware and firmware necessary for the hosting of tenant software. Generally, |
| 273 | + tenant software is an operating system or virtualization system, but may also be "bare-metal" applications. |
| 274 | + Tenant software is outside the TOE boundary.<h:p/> |
| 275 | + For example, for a PC Client platform, the hardware and firmware responsible for booting the platform and |
| 276 | + operation of platform devices (such as BIOS, device controller firmware, and platform management firmware would all |
| 277 | + be included in the TOE. Operating systems and application software is outside the TOE.<h:p/> |
| 278 | + For server-class hardware, any management controller responsible for updating platform firmware (such as a |
| 279 | + baseboard management controller) is expressly included within the TOE.<h:p/> <figure entity="images/arch.png" title="High-Level Architecture of a Generic Platform" id="toe"/><h:p/> |
| 280 | + Figure 1 (taken from <h:a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf"> |
| 281 | + NIST SP 800-193</h:a>) shows a high-level system architecture for a typical generic computing platform. |
| 282 | + Tenant software (operating system/virtualization system and applications) is shown in orange. |
| 283 | + The tenant-specific software responsible for booting the tenant (Master Boot Record, etc.) is shown |
| 284 | + in grey. Platform components are in blue.<h:p/> |
| 285 | + In general, the TOE consists of the platform components represented |
| 286 | + by the blue boxes, along with their associated firmware. Any particular platform may have |
| 287 | + additional hardware components, or fewer than those illustrated.<h:p/> |
| 288 | + If the GPCP includes Full Drive Encryption (FDE), and the FDE component has been previously evaluated against |
| 289 | + the FDE cPPs, or will be evaluated against the FDE cPPs concurrently with the GPCP evaluation, then the FDE component may be |
| 290 | + excluded from the TOE for purposes of the GPCP evaluation. |
| 291 | +</sec:TOE_Boundary> |
| 292 | + <sec:TOE_Operational_Environment> |
| 293 | + The TOE has no platform since it is itself a platform, but the TOE does have an operational |
| 294 | + environment. The OE consists of the physical environment in which the TOE operates (e.g., |
| 295 | + data center, enterprise office, vehicle, outdoors) and any networks to which the TOE may |
| 296 | + be connected. Different use cases may invoke different requirements depending on the |
| 297 | + operational environment. |
| 298 | + </sec:TOE_Operational_Environment> |
| 299 | + </section> |
248 | 300 | <sec:Use_Cases> |
249 | 301 |
|
250 | 302 | This Protection Profile supports several use cases. The cases |
|
0 commit comments