Giter Club home page Giter Club logo

Comments (4)

scriptingxss avatar scriptingxss commented on July 20, 2024

Unsure if I am following the question. There are several secure JTAG implementations (platform / board dependent) that do require authentication and sometimes have the ability to monitor the JTAG bus for electrical pulses to disallow debugger connections. The problem is that there is not a secure JTAG standard that is followed.

FPGAs do have debug capabilities. See the following:
https://www.xilinx.com/products/intellectual-property/debug-bridge.html
https://www.xilinx.com/products/design-tools/vivado/debug.html#remote

from iot-security-verification-standard-isvs.

cetome avatar cetome commented on July 20, 2024

I wasn't clear: I suggest that the clause 1.2.5. applies to all debug capabilities, and not only FPGAs. This includes "administrative backdoors". The authentication part should be covered by 1.2.4.

From what I understand, the current requirement only targets FGPAs. We can imagine a device externalizing the development of its web panel to a 3rd party that leaves HTTP Trace enabled.

Again: the suggestion is to extend the clause to all interfaces beyond FPGA :)

from iot-security-verification-standard-isvs.

scriptingxss avatar scriptingxss commented on July 20, 2024

Ah, I see. Debug capabilities or features may always exist in some form. 2.2.4 and 1.4.1 overlap a bit but cover security controls around debug functionality beyond hardware.

I think we would want to add a little more to this FPGA requirement such as:
Verify that debug capabilities in FPGAs are disabled on production PCBs.

Other thoughts:
Add a level 3 requirement around FPGA bitstream encryption.
Verify that FPGA bitstreams are encrypted.

Might make sense to move 1.2.4 and 1.2.5 out to chapter 5. @cbassem Thoughts?

from iot-security-verification-standard-isvs.

scriptingxss avatar scriptingxss commented on July 20, 2024

Applied updates to 1.2.5 and added an L3 in chapter 5 for FPGA bitstream encryption

from iot-security-verification-standard-isvs.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.