Xerox® Security Guide for Light Production Mono Class Products
4 Device Security: BIOS, Firmware, OS, Runtime, and
Operational security controls
Legacy (4110/4112/4127) and D-Series® products have robust security features that are designed
to protect the system from a wide range of threats. Below is a summary of some of the key
security controls.
The Marking Engines for the product contains the
-iTRON 4.0 operating system.
These systems have no networking capability. The Controller uses the VxWorks realtime operating
system. Typical Unix functions such as rsh, telnet and finger do not operate under the OS. User must
note that the VxWorks operating system is not accessible. All logons to the product are to application
software and not to the VxWorks OS. Hence the VxWorks OS is not accessible to the user.
Pre-Boot BIOS Protection
BIOS
The BIOS is inaccessible and cannot be cleared or reset.
The BIOS can only be modified by a firmware update, which is digitally signed.
BIOS will fail secure, locking the system if integrity is compromised.
Embedded Encryption
Configuration Settings (including security settings) and User Data are encrypted by AES.
Each device is encrypted using its own unique key.
Boot Process Integrity
Firmware Integrity & Verification
Firmware is digitally signed.
Firmware is verified against a whitelist using cryptographic hashing.
Event Monitoring & Logging
The Audit Log feature records security-related events.
Continuous Operational Security
Firmware and Diagnostic Security Controls
Firmware installation controls limit who can install firmware and from where.
Customer defined service technician (CSE) restrictions add an additional layer of protection to
prevent unauthorized access and/or modification of Legacy and D-Series® products.
Continuous logging
Fail Secure Vs Fail Safe
Legacy (4110/4112/4127) and D-Series® products are designed to fail secure.
