Program Guide for Certification v1.1
Click here to download as pdf.
The purpose of this document is to define the requirements for products participating in the prpl Certification Program. The document does not define specific test cases, but rather referencing how the test requirements MUST be used to achieve certification.
This document also defines other operational aspects of the prpl Certification Program, such as certification of similar products, maintenance of the program test plans, documentation, and how the certification may be used by companies with certified products.
prpl Standard Flash Layout V1.0
Click here to download as pdf.
This document provides a common understanding of flash memory layout design and optimization strategies for prpl’s use cases.
prpl High-Level API Test Plan
Click here to download as pdf.
This document organizes certification tests by group based on related test methodology or goals. Each group begins with a brief set of comments pertaining to all tests within that group. This is followed by a series of description blocks; each block describes a single test.
prpl Intro to Secure Boot v1.0
Click here to download as pdf.
The document will describe what a secure boot process is, and which prerequisites need to be considered. It further explains the major principles, how they could be applied to all prpl-compliant products, and to align on the implementation efforts of a prpl compliant bootloader. This documentwill explain how, by starting with a typically hardware SoC-based Root of Trust, a Chain of Trust can be provided (even with an Open-Source bootloader) by leveraging chipset hardware. The resulting boot process launches execution of authenticated and authorized Firmware.
prpl Secure Manufacturing Data Standard v1.1
Click here to download as pdf.
This document standardizes the formats and methods of securing certificates, encryption keys and other sensitive data embedded in CPE devices at the time of manufacture.
prpl Secure Boot Requirements v1.0
Click here to download as pdf.
This document presents high level specifications and requirements for a gateway bootloader implementation that are derived from an operator’s internal bootloader specifications.
It will explain how to use classical open-source bootloader and chipset hardware to correctly establish a Root of Trust that will expand security after the boot phase.
prpl Program Guide for Certification Tests v1.0
Click here to download as pdf.
The purpose of this document is to define the requirements for products participating in the prpl Certification Program. The document does not define specific test cases, but rather referencing how the test requirements MUST be used to achieve certification.
This document also defines other operational aspects of the prpl Certification Program, such as certification of similar products, maintenance of the program test plans, documentation, and how the certification may be used by companies with certified products.
prpl Device Security Requirements Version 1.0
Click here to download as pdf.
This document describes requirements to assure security of CPE Devices. The requirements span both hardware and software components, and their suppliers, such as SoC silicon vendors, BSPs, OEM system integrators, middleware providers, router operating systems, and high-level application developers.
LL API: Low Level API Recommendations from prpl Foundation
Click here to download as pdf.
This document identifies low-level APIs recommended by prpl to promote harmonization and convergence among SW platforms. The recommended APIs should be supported by BSPs in order to best leverage the efforts from open-source software communities.
prpl Proposal for Enabling Micro/Internal Services with USP
Click here to download as pdf.
The CPE WAN Management Protocol (CWMP/TR-069) offered a standard mechanism for service providers to manage their devices remotely, ranging from basic device identification, firmware management or configuration of individual services, but mostly focused on provisioning and activation.
Having a well-established protocol, with a rich set of data-models, it rapidly started to be adopted for other purposes, including analytics, telemetry, troubleshooting and even in some cases Mobile Applications. However, despite the increasing number of use-cases, the solution was not scalable as all communication has to be managed by a central unit the ACS, or alternatively proxied by an intermediate entity often provided by proprietary means.
In order to cope with this problem, USP/TR-369 (the natural successor of CWMP/TR-069) hosts the ability for the CPE to be remotely managed by multiple controllers, whilst also introducing other important optimisation and security mechanisms, such as ACLs. All these additions, resulted into the creation of a solid foundation, named the “User Services Platform”, which enables third-party software companies to build services on top of CPEs managed by ISPs.
Popular use-cases include Wi-Fi Cloud Controllers, enhanced device type recognition capabilities, Smart-Home, Parental Controls and Security related propositions, i.e. a set of services, which typically require significant computing power, seldom available on constrained devices such as the CPE.
prpl LCM Proposal v1.0.A
Click here to download as pdf.
This document aims to describe how carriers can enable their already existing set of remote managed home-gateways to support the Software Life Cycle Management (LCM) of services residing within their Home-Gateways, whilst maintaining the ability to:
1) Dynamically launch and manage new services without having to replace the existing firmware or breaking core functionalities.
2) Run services in isolated and constrained environments, without coming across security or stability issues.
3) TakeadvantageofstandardizedAPIsandmodulararchitectures,whichpromotereusability and ease of integration across different software stacks.
4) Trigger these operations both remotely and locally.
Prpl High Level API Principles
Click here to download as pdf.
Customer demand for ever more features has led carriers, manufacturers and retail brands to apply more and more software customization to gateways, access points, and routers.
Unfortunately, keeping all this software customization in sync across different devices and models quickly turns into a technical nightmare. The main reason is the large fragmentation of embedded operating systems and middleware stacks across the different manufacturers and suppliers.
To overcome this, the prpl membership, a diverse group of industry players ranging from carriers to middleware vendors, from manufacturers to test laboratories, has come together to address this issue and finally standardize intra-device communication with a common API and data model.
Obsolete Documents
Smart Home Report 2016
Click here to download as pdf.
Even just a decade ago, few people could have predicted the impact the Internet of Things (IoT) would have on our lives. Networks of ‘smart’ internet-connected sensors and embedded computers exchanging information with each other may not sound particularly exciting to those outside the technology industry, but the use cases are virtually limitless.
prplSecurity Framework Application Note, July 2016
Click here to download as pdf.
This technical note describes how to build and run a secure application according to the principles set forth by the prpl Security Guidance for Critical Areas of Embedded Computing – see here. It demonstrates a real world implementation of the multi-domain security provided by the prplSecurity™ framework including: the prplHypervisor™, prplSecureInterVM™ communications, and prplPUF™ APIs.
Security Guidance Report
Click here to download as pdf.
Security is a core requirement for manufacturers, developers, service providers and other stakeholders who produce and use connected devices.Securing these is a major challenge, and failure to do so can result in significant harm to individuals, businesses and to nations. This guidance focuses on a new hardware-led approach to create stronger security for embedded systems. We propose three general areas of guidance. These are not the only areas that require attention, but they will help to establish a base of action as stakeholders begin addressing security in earnest.