The evaluation activity for FDP_DAR_EXT.1 states evaluators should “inventory the filesystem locations where the application may write data. The evaluator shall run the application and attempt to store sensitive data. The evaluator shall then inspect those areas of the filesystem to note where data was stored (if any), and determine whether it has been encrypted.” After that it has platform specific instructions for TOEs which use platform Full Disk Encryption. The problem is that there is no straightforward way to verify that data is encrypted if Full Disk Encryption provided by the platform is used.

In PP_APP_V1.4, the following change is made to Paragraph 2 of the Tests Evaluation Activity for FDP_DAR_EXT.1, with red highlighted strikethrough denoting deletion and green highlighted underlines denoting addition:

If "implement functionality to encrypt sensitive data as defined in the PP-Module for File Encryption" or "protect sensitive data in accordance with FCS_STO_EXT.1" is selected, Tthe evaluator shall inventory the filesystem locations where the application may write data. The evaluator shall run the application and attempt to store sensitive data. The evaluator shall then inspect those areas of the filesystem to note where data was stored (if any), and determine whether it has been encrypted.

This section will be also flagged for analysis in the next PP revision.

See issue description.