I reviewed all the sections except the "Integrity check" part. I will do it later if time permits.
My review comments are below. -Krishna ------------------------------------------------------------------------------------------------------------------------- KY-0 - I recommend numbering the sections to make it easier for reviewers. - Consider having the integrity check design in a separate design doc. That way, other groups or projects (like validated execution) can review that design on its own. KY-1 FIPS 140-2 Level 2 So, we need the Solaris release to be evaluated in order to get level 2. That would be a dependency for this project. So, is there another project to get the Solaris release evaluated? And which release? KY-2 Self-Tests - what happens during the failure case? This is similar to the comment I made while reviewing the RNG code. The FIPS 140-2 spec has the following text - " If a cryptographic module fails a self-test, the module shall enter an error state and output an error indicator via the status output interface. The cryptographic module shall not perform any cryptographic operations while in an error state. All data output via the data output interface shall be inhibited when an error state exists. " How does your design meet this requirement? For example, do you start failing the future operations once a self test fails. KY-3 Key Management I don't see any section on key management. Describe how the framework meets the fips requirements, even if no work needs to be done here. KY-4 Mitigation of Other Attacks (fips doc section 4.11) I don't believe EF has any security methods to mitigate attacks like timing analysis on RSA. I suggest finding out if it is a requirement to have such methods in place for the certification. KY-5 kcfd section It says "If any of the checks fail, all parts of the framework will be unloaded and kcfd will be shutdown. " Related to KY-2. You will need a mechanism to prevent them from reloading. Also, note that it is not possible to unload some kernel modules. So, you will need some other mechanism to prevent their use. KY-6 kcfd section It says "kcfd will perform the following operations to validate the boundary. 1) An integrity check on all binaries in the boundary. " So, who will verify kcfd? How do you avoid the bootstrap problem? KY-7 kcf section and the next section See KY-5. Some of the kernel modules (e.g. sha1) are loaded by the time kcfd starts since they are needed very early on during boot. So, you will need some other mechanism to do POST checks on them. KY-8 Administration section You will need to audit the CRYPTO_FIPS_SET ioctl. I suggest checking the FIPS 140-2 spec to see if there are other actions that need to be audited which are not already covered by the existing Solaris audit events. KY-9 RNG section Do we need to fix 6770268 Implement changes described in FIPS 186-2 Change Notice 1 for the certification? I guess this falls under "mitigation of other attacks" from KY-4 :-).
