Platforms Declaration - commoncriteria/pp-template GitHub Wiki

5 December 2023

This section allows the PP Author to allow the ST Author to declare the platforms (or Operational Environments) on which the particular TOE instance under evaluation operates on. So far, this construct is used only by the Application Software PP to allow different EAs for different operating systems on which the Application is tested.

Below is the actual Platforms declaration section from the App PP.

  <section title="Platforms with Specific EAs" id="sec-platforms">
    <choice prefix="Platforms:" >
        This PP includes platform-specific EAs for the below-listed operating system platforms. For "bare-metal" applications, 
        applications that run on other OS platforms, and applications that run in software-based execution environments contact the
        Technical Community for guidance.<h:p/>
      <selectables linebreak="yes">
        <selectable id="android"><h:b><snip>Android</snip></h:b>: <h:i>Mobile operating systems based on Google Android.</h:i></selectable>
        <selectable id="windows"><h:b><snip>Microsoft Windows</snip></h:b>: <h:i>Microsoft Windows operating systems.</h:i></selectable>
        <selectable id="ios"><h:b><snip>Apple iOS</snip></h:b>: <h:i>Apple's mobile operating system for iPhones.</h:i></selectable>
        <selectable id="linux"><h:b><snip>Linux</snip></h:b>: <h:i>Linux-based operating systems other than Android.</h:i></selectable>
        <selectable id="Solaris"><h:b><snip>Oracle Solaris</snip></h:b>: <h:i>Oracle's enterprise operating system.</h:i></selectable>
        <selectable id="mac"><h:b><snip>Apple macOS</snip></h:b>: <h:i>Apple's operating system for MACs.</h:i></selectable>
      </selectables> 
     </choice>
  </section>

The Automation system will use this construct to allow the ST Author to select the platforms that the TOE will be tested on.

The platform identifier is used in a <depends> element to indicate tests that are dependent on the Platform on which the TOE is being tested. For example:

  <Tests>
    The following are the per-platform list of acceptable APIs:
    <h:div><depends ref="android"/> 
      The evaluator shall verify that the application uses at least one of <h:code>javax.crypto.KeyGenerator</h:code> 
      class or the <h:code>java.security.SecureRandom</h:code> class or <h:code>/dev/random
      </h:code> or <h:code>/dev/urandom</h:code>.
    </h:div>
      .
      .
  </Tests>

The semantics of the <depends> element is that if the any of its attributes are defined, then the enclosing element is included in the Security Target. So in this case, if the platform "android" has been selected by the ST Author, then the text within the <h:div> element would be included in the Security Target. Naturally, if the "android" is not selected, then the text would not be included.

⚠️ **GitHub.com Fallback** ⚠️