Add ACA policy to ignore component revision within the Platform Cerificate #707

iadgovuser26 · 2024-02-08T14:08:08Z

Within the ComponentIdentifier of the Platform Certificates is a componentRevision field. While an exact match should be required for most Supply Chain scenarios there are use cases in which the Platform Certificate may be used for system monitoring use cases which must accommodate for component firmware updates. Component revisions (e.g. System BIOS revision) get systematically updated and a verification of the component will currently fail.

Proposed ACA Policy addition:

Platform Credential Validation:
* Ignore component revisions: Disabled

Default should be set to Disabled

cyrus-dev · 2024-03-07T21:14:33Z

This is also reference in #705

[#707 #705] Delta Component compare part 2 and Policy Addition

cyrus-dev self-assigned this Mar 7, 2024

cyrus-dev mentioned this issue Mar 7, 2024

Investigating ACA UI Functionality #705

Open

cyrus-dev added enhancement New feature or request server labels Mar 8, 2024

cyrus-dev mentioned this issue Mar 13, 2024

[#707 #705] Delta Component compare part 2 and Policy Addition #733

Merged

cyrus-dev added a commit that referenced this issue Mar 15, 2024

Merge pull request #733 from nsacyber/v3_issue-ignore-revision

35ccce2

[#707 #705] Delta Component compare part 2 and Policy Addition

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ACA policy to ignore component revision within the Platform Cerificate #707

Add ACA policy to ignore component revision within the Platform Cerificate #707

iadgovuser26 commented Feb 8, 2024

cyrus-dev commented Mar 7, 2024

Add ACA policy to ignore component revision within the Platform Cerificate #707

Add ACA policy to ignore component revision within the Platform Cerificate #707

Comments

iadgovuser26 commented Feb 8, 2024

cyrus-dev commented Mar 7, 2024