Test Assertions for VVSG 1.1, Volume 1, Section 7.4.1, September 23, 2016

VVSG 1.1, Vol 1, Requirement 7.4.1: Software and Firmware Installation

The system shall meet the following requirements for installation of software, including hardware with embedded firmware.

1. If software is resident in the system as firmware, the manufacturer shall require and state in the system documentation that every device is to be retested to validate each ROM prior to the start of elections operations.
2. To prevent alteration of executable code, no software shall be permanently installed or resident in the voting system unless the system documentation states that the jurisdiction must provide a secure physical and procedural environment for the storage, handling, preparation, and transportation of the system hardware.
3. The voting system bootstrap, monitor, and device-controller software may be resident permanently as firmware, provided that this firmware has been shown to be inaccessible to activation or control by any means other than by the authorized initiation and execution of the vote counting program, and its associated exception handlers.
4. The election-specific programming may be installed and resident as firmware, provided that such firmware is installed on a component (such as a computer chip) other than the component on which the operating system resides.
5. After initiation of election day testing, no source code or compilers or assemblers shall be resident or accessible.

Test Assertions

TA741a-1: IF any voting system software is resident in the voting system as firmware THEN every device SHALL verify the integrity of each programmable read only memory device (including but not limited to ROM, EPROM, EEPROM, embedded flash).

TA741a-1-1: The TDP SHALL maintain a list of installed software that accurately reflects the set of software actually installed on the voting system.

TA741b-1: IF any voting system software is unalterably resident in the voting system THEN the system documentation, contained within the TDP, SHALL state that the jurisdiction SHALL provide a secure physical environment for the storage, handling, preparation, and transportation of the system hardware.

TA741b-2: IF any voting system software is unalterably resident in the voting system THEN the system documentation, contained within the TDP, SHALL state that the jurisdiction SHALL provide a secure procedural environment for the storage, handling, preparation, and transportation of the system hardware.

TA741c-1: IF the system bootstrap is unalterably resident as firmware, THEN software other than the vote-counting-program and associated exception handlers SHALL NOT be able to tamper with the system bootstrap.

TA741c-2: IF the system monitor is unalterably resident as firmware, THEN software other than the vote-counting-program and associated exception handlers SHALL NOT be able to tamper with the system monitor.

TA741c-3: IF the device-controller software is unalterably resident as firmware, THEN software other than the vote-counting-program and associated exception handlers SHALL NOT be able to tamper with the device-controller software.

TA741d-1: IF election-specific programming is resident as firmware THEN such firmware SHALL NOT be installed on the component on which the operating system resides.

TA741e-1: The voting system SHALL have a trusted build, as defined in the current version of the EAC’s Voting System Testing and Certification Program Manual.

TA741e-2: IF the source code is compiled, THEN source code SHALL NOT be resident in the trusted build.

TA741e-3: IF the source code is compiled, THEN compilers SHALL NOT be resident in the trusted build.

TA741e-4: IF the source code is compiled, THEN assemblers SHALL NOT be resident in the trusted build.

Operational Definitions

Election-specific Programming – Data and/or logic that’s been programmed or installed on the system for a particular election.

Firmware – Computer programming stored in programmable read-only memory thus becoming a permanent part of the computing device. It is created and tested like software.

Resident Software – Software that’s been programmed or installed on the system.