Draft Details

The present document specifies technical cybersecurity product requirements and corresponding assessment criteria for 
boot managers. The products with digital elements in scope, there after "the products": 
• are specified within the technical description of the category of product number 8 by the Commission 
Implementing Regulation (EU) 2025/2392 [i.2] as: - 
"Software products with digital elements that manage the process of initial system startup after power 
on/restart by initialising hardware, loading or transferring control to the operating system environment or 
system resources, and selecting boot options. This category includes but is not limited to UEFI firmware, 
single-stage and multi-stage boot loaders." 
• are only covered within the product context described in clause 4. 
The scope covers software and firmware components that manage the boot process from power-on through 
establishment of the chain of trust to handoff to the boot target. Products in scope include boot management software 
and firmware regardless of distribution model or integration level. These are: 
• System firmware that performs hardware initialisation and boot management. 
• Bootloaders that manage boot target selection, verification, and loading. 
• Embedded boot firmware in IoT and embedded devices. 
• Network boot implementations enabling remote boot capabilities. 
• Boot managers that integrate with hardware security components for chain of trust establishment. 
NOTE 1: Boot managers may be single-stage (direct loading) or multi-stage (staged verification). 
NOTE 2: For microcontrollers (MCUs) and microprocessors (MPUs): 
• Silicon-integrated immutable firmware: Mask ROM, fused code, or boot firmware integrated during chip 
manufacturing is assessed as part of MCU/MPU hardware under semiconductor standards. 
• Updateable boot managers: Boot software in flash storage (including OTP programmed post-manufacture) is 
assessed using the present document when distinctly identifiable or independently updatable. 
NOTE 3: Runtime services executing after boot target handoff (such as secure monitor mode handlers or attestation 
services) are in scope only if they provide verification or attestation services to the boot process itself, not 
to the boot target. 
The present document covers those products to demonstrate compliance with essential cybersecurity requirements in the 
Regulation (EU) 2024/2847 [i.1], Annex I Part I under the conditions identified in Annex A.