Xerox® Security Guide for Light Production Mono Class Products
When a security control is compromised, the control is no longer trustworthy, and a system is at risk of
further compromise. In such a scenario, security products may either fail safe [open] or fail secure
[closed].
An example from physical security is a door. If power is lost the door may either:
Unlock and
‘fail safe’ to an open state (likely for safety reasons such as in a public building).
Lock and
‘fail secure’ for security reasons (such as a bank vault).
Pre-Boot Security
BIOS
The BIOS used in Legacy (4110/4112/4127) and D-Series® Copier/Printer products is embedded and
cannot be accessed directly. Unlike devices such as Desktop and Laptop computers that have a BIOS
that can be accessed via a keystroke on startup, the BIOS of Legacy and D-Series® products is not
accessible.
Many devices can be cleared to factory defaults (including passwords and security settings) by
depressing a reset button using a paperclip or similar method. For security reasons, Legacy and D-
Series® products do not offer such a method to clear or reset the BIOS. (Note that configuration settings
may be reset to factory defaults by an authorized administrator, however this does not impact BIOS
settings).
BIOS updates are applied by device firmware updates. Firmware is protected from tampering by use of
digital signatures (discussed later in this section).
The BIOS is designed to fail secure. An integrity check is performed immediately when power is applied.
If verification is successful, the system proceeds with OS kernel boot. If the integrity check fails, the
system will fail secure.
Embedded Encryption
AES encryption is used to protect the system, user data, and configuration (including security settings)
from being retrieved or modified. Each device uses its own unique key that is securely generated.
Encryption is enabled by default. Media encryption and sanitization are discussed in Section
Boot Process Security
Firmware Integrity
Unlike open operating systems such as servers and user workstations in which software may be installed
by users, Xerox products are based on embedded systems and the contents are managed by Xerox. The
only means of modifying the contents of a device is by applying a firmware update package.
Firmware updates use a special format and each firmware update is digitally signed to protect the
integrity of the contents. Firmware that is corrupt or has been illicitly modified will be rejected.
This
security control cannot be disabled.
Legacy and D-Series® products include a built-in firmware software validation. This is a file integrity
monitor that compares the security hashes of currently installed firmware to a secured whitelist that was
installed when the signed firmware was installed.