Aug 29, 2024
1
FIPS 140‐3 Non-Proprietary Security Policy for:
KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC
Crypto Sub-Chip
KIOXIA CORPORATION
Rev 3.3.0
Aug 29, 2024
2
SECTION 1 - GENERAL........................................................................................................................... 3
SECTION 1.1 - ACRONYMS ............................................................................................................................... 3
SECTION 2 – CRYPTOGRAPHIC MODULE SPECIFICATION............................................................ 4
SECTION 2.1 – PRODUCT VERSION .................................................................................................................. 4
SECTION 2.2 – SECURITY FUNCTIONS.............................................................................................................. 4
SECTION 2.3 – MODULE CONFIGURATION ........................................................................................................ 6
SECTION 3 – CRYPTOGRAPHIC MODULE INTERFACE .................................................................... 6
SECTION 4 – ROLES SERVICES AND AUTHENTICATION ............................................................... 7
SECTION 4.1 – ROLES AND AUTHENTICATION................................................................................................... 9
SECTION 4.2 – SERVICES............................................................................................................................... 10
SECTION 5 – SOFTWARE/FIRMWARE SECURITY.......................................................................... 13
SECTION 6 – OPERATIONAL ENVIRONMENT ................................................................................. 14
SECTION 7 – PHYSICAL SECURITY .................................................................................................. 14
SECTION 8 – NON-INVASIVE SECURITY......................................................................................... 15
SECTION 9 – SENSITIVE SECURITY PARAMETER MANAGEMENT ............................................. 15
SECTION 10 – SELF TESTS ................................................................................................................. 18
SECTION 11 – LIFE-CYCLE ASSURANCE.......................................................................................... 20
SECTION 12 – MITIGATION OF OTHER ATTACKS.......................................................................... 21
Aug 29, 2024
3
Section 1 - General
This document explains precise specification of the security rules about KIOXIA FIPS
TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip. The Cryptographic Module (CM) meets
the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security
level detail.
Section Level
1. General 2
2. Cryptographic Module Specification 2
3. Cryptographic Module Interfaces 2
4. Roles, Services, and Authentication 2
5. Software/Firmware Security 2
6. Operational Environment N/A
7. Physical Security 2
8. Non-invasive Security N/A
9. Sensitive Security Parameter Management 2
10. Self-tests 2
11. Life-cycle Assurance 2
12. Mitigation of Other Attacks N/A
Overall Level 2
Table 1 ‐ Security Levels
This document is non-proprietary and may be reproduced in its original entirety.
Section 1.1 - Acronyms
AES Advanced Encryption Standard
CM Cryptographic Module
SSP Sensitive Security Parameter
DRBG Deterministic Random Bit Generator
HMAC The Keyed-Hash Message Authentication code
KAT Known Answer Test
POST Power on Self-Test
CAST Cryptographic Algorithm Self-Test
PSID Printed SID
SED Self-Encrypting Drive
SHA Secure Hash Algorithm
SID Security ID
TCG Trusted Computing Group
Aug 29, 2024
4
Section 2 – Cryptographic Module Specification
KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip (listed in Section2.1 Product
Version) is used for solid state drive (SSD) data security. The CM is a single chip hardware
module implemented as a sub-chip compliant with IG 2.3.B in the TC58NC1137GTC 0001 SoC
and TC58NC1138GTC 0001 SoC (see Figure 1 in Section 7). Overall Security Rating of the CM is
Level2 (See Table 1 in Section 1 for individual security area levels). The CM is embedded in TCG
OPAL compliant SSD controllers which provides user data encryption/decryption through
build-in HW engines.
The CM provides various cryptographic services using approved algorithms. The CM has
multiple functions, but they do not support the degraded operation. The physical boundary of
the CM is the TC58NC1137GTC 0001 SoC and TC58NC1138GTC 0001 SoC, and the logical
boundary of the CM is TC58NC1137GTC/TC58NC1138GTC CRPT module.
The CM has one approved mode of operation and CM is always in approved mode of operation
after initial operations are performed (See Section 11). In approved mode, the CM provides
services defined in Table 7 in Section 4.2.
Section 2.1 – Product Version
The CM is validated with the following versions:
Physical single-chip
The sub-chip cryptographic
subsystem soft circuitry core
The associated
firmware
TC58NC1137GTC 0001
TC58NC1138GTC 0001
TC58NC1137GTC/TC58NC1138GTC
CRPT module 0001
SC01DN
Table 2 ‐ Cryptographic Module Tested Configuration
Section 2.2 – Security Functions
The CM executes following approved algorithms:
CAVP Cert
Algorithm and
Standard
Mode/
Method
Description/Key
Size(s)/ Key
Strength(s)
Use/Function
#A2837
AES256
(FIPS 197 / SP800-38A)
CBC
Key Size: 256 bits/
Key Strength: 256 bits
Data and Key
Encryption/
Decryption
Aug 29, 2024
5
#A2837
AES256
(FIPS 197 / SP800-38E)
XTS1 Key Size: 256 bits/
Key Strength: 256 bits
Data Encryption/
Decryption
(only be used for
storage)
#A2837
SHA2-256/SHA2-384
(FIPS 180-4)
N/A N/A
Hashing
messages
#A2837
HMAC-SHA2-256
(FIPS 198-1)
N/A
Key Size: 256 bits/
Key Strength: 256 bits
Message
Authentication
Code
#A2837
RSASSA-PKCS#1-v1_5
(FIPS 186-4)
N/A
Key Size: 3072 bits/
Key Strength: 128 bits
Signature
verification
#A2883
ECDSA
(FIPS 186-4)
N/A
Curve: P-384/
Key Strength: 192 bits
Signature
generation/
verification
#A2862
Hash_DRBG
(SP800-90A Rev.1)
N/A
Hash based:
SHA2-256
Deterministic
Random Bit
Generation
#A2861
KBKDF
(SP800-108 Revised)
Counter
MACs:
HMAC-SHA2-256/
Key Size: 256 bits/
Key Strength: 256 bits
Key derivation
#A2837
KTS
(IG D.G)
N/A
Combination of
AES256 CBC Mode and
HMAC-SHA2-256 /
Key Size: 256 bits/
Key Strength: 256 bits
Key Transport
Scheme
Vendor
Affirmation
CKG
(SP800-133 Rev.2)
N/A
Methods described in
section 4 of the
SP800-133 Rev.2
Cryptographic
Key Generation
ENT(P)
Entropy Source
(SP800-90B)
N/A N/A
Hardware RNG
used to seed the
approved
Hash_DRBG.
Table 3 ‐ Approved Algorithm
The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of
Operation.
1
ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the
Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different
according to IG C.I.
Aug 29, 2024
6
Section 2.3 – Module Configuration
Overview block diagram of the CM is shown below.
Figure 1 – Configuration of module and peripheral components
Components of the CM is shown with gray background include processor and memories (volatile
and non-volatile memory) and HW circuitry for cryptographic processing. Physical ports
bordering outside the CM’s boundary and the data passing over them are also indicated (see
Section 3 for details on physical ports and interfaces).
Section 3 – Cryptographic Module Interface
Physical port Logical
Interface
Data that passes over port/interface
Mailbox
AES circuit
DMAC
Lock Checker
Data Input Mailbox input parameter.
User data.
Read/Write destination address information.
Mailbox
AES circuit
DMAC
Data Output Mailbox output parameter.
User data.
Mailbox
Lock Checker
Control Input Mailbox command information.
Lock status confirmation request signal.
Mailbox
Lock Checker
Status Output Mailbox command result.
Lock status confirmation result signal.
Power PIN Power Input Power
Note: Control output is omitted in the table above because the CM does not implement this type of interface.
Table 4 ‐ Ports and Interface
Aug 29, 2024
7
Section 4 – Roles Services and Authentication
The relation between Roles and Services in this CM is shown below.
Role Service Input Output
FIPS Crypto Officer
(AdminSP.SID)
Download Port Lock/Unlock
Mailbox command Mailbox command result
Firmware Download2
Set PIN (for AdminSP.SID and
AdminSP.Admin1)
Authority Enable/Disable
Revert
Data Locking protection Enable
Sanitize
Format Namespace
Namespace Create/Delete
FIPS Crypto Officer
(AdminSP.Admin1)
Set PIN (for AdminSP.Admin1)
Mailbox command Mailbox command result
Revert
Sanitize
Format Namespace
Namespace Create/Delete
FIPS Crypto Officer
(LockingSP.Admin1-4)
Band Lock/Unlock
Mailbox command Mailbox command result
Cryptographic Erase
Cryptographic Erase and Initialize
Band State
Set Band position and Size,
Set Band position and Size for Band
of Single User Mode
Set PIN(for LockingSP.Admin1-4
and LockingSP.User1-192)
Authority Enable/Disable
Revert
Data Locking protection Enable
Sanitize
Format Namespace
Namespace Create/Delete
Band Set Enable
Band Set Disable
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
FIPS Crypto Officer
(LockingSP.User1)
Band Lock/Unlock for Band of
Single User Mode (for GlobalRange)
Mailbox command Mailbox command result
Cryptographic Erase for Band of
Single User Mode (for GlobalRange)
2
“Firmware Download” service is controlled by AdminSP.SID role and signature of downloaded
external firmware is verified (RSASSA-PKCS#1-v1_5).
Aug 29, 2024
8
Cryptographic Erase and Initialize
Band State (for GlobalRange)
Set Band position and Size for Band
of Single user Mode (for
GlobalRange
Set PIN (for LockingSP.User1),
Set PIN for Band of Single User
Mode (for LockingSP.Use1)
Format Namespace
Namespace Create/Delete
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
FIPS Crypto Officer
(LockingSP.User2)
Band Lock/Unlock for Band of
Single User Mode (for Band1)
Cryptographic Erase for Band of
Single User Mode (for Band1)
Mailbox command Mailbox command result
Cryptographic Erase and Initialize
Band State (for Band1)
Set Band position and Size for Band
of Single user Mode (for Band1)
Set PIN (for LockingSP.User2),
Set PIN for Band of Single User
Mode (for LockingSP.User2)
Format Namespace
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
… … … …
FIPS Crypto Officer
(LockingSP.User192)
Band Lock/Unlock for Band of
Single User Mode (for Band191)
Mailbox command Mailbox command result
Cryptographic Erase for Band of
Single User Mode (for Band191)
Cryptographic Erase and Initialize
Band State (for Band191)
Set Band position and Size for Band
of Single user Mode (for Band191)
Set PIN (for LockingSP.User192),
Set PIN for Band of Single User
Mode (for LockingSP.User192)
Format Namespace
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
None
Firmware Verification
Mailbox command Mailbox command result
Random Number Generation
Show Status
Zeroisation
Signature Generation
Signature Verification
Calculate Hash Digest
Check Lock State Read/Write Command Lock state of each Band
Aug 29, 2024
9
Reset Power N/A
Table 5 ‐ Roles, Service Commands, Input and output
The CM supports the configuration of roles and services. The authenticated operator is expected
to configure locked bands for data storage, the associated role and the lock-based
authentication data (PIN) per Table 5 (refer to section 11 for detail settings to maintain secure
operation). Bands that are not configured are considered unprotected or plaintext. This
configuration enables Data Read/Write service using the lock-based authentication model (IG
4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with
appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the
bands must be controlled by a trusted operator outside of the module who has authenticated
the associated role until powered off. The module prevents Data read/write service for locked
bands. If Read and Write access needs to be inhibited prior to power off, the operator who
authenticates the role must set the bands to the locked state again.
Section 4.1 – Roles and Authentication
This section describes roles, authentication method, and strength of authentication.
Role Name Role Type
Type of
Authentication
Authentication
Authentication
Strength
Multi Attempt
strength
AdminSP.SID
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000
60,000 / 264
< 1 /
100,000
AdminSP.Admin1
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000
60,000 / 264
< 1 /
100,000
LockingSP.Admin1-4
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000
60,000 / 264
< 1 /
100,000
LockingSP.User1
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000
60,000 / 264
< 1 /
100,000
LockingSP.User2
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000
60,000 / 264
< 1 /
100,000
… … … … … …
LockingSP.User192
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000
60,000 / 264
< 1 /
100,000
Table 6 ‐ Identification and Authentication Policy
The CM performs role authentication by comparing whether the PIN entered by the user
matches the information stored inside the CM. PINs are hashed with SHA2-256 to store them
on the CM. The PIN entered by the user is hashed and compared to the stored PIN hash.
PINs can be changed by executing the Set PIN Service (see Section4.2) with appropriate roles
authenticated. The CM refuses to set a PIN less than 8 bytes, and responds with an error if such
Aug 29, 2024
10
a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264
< 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 1ms
when authentication attempt fails, so the maximum number of authentication attempts is
60,000 times in 1 min. Therefore, the probability that random attempts in 1min will succeed is
60,000 / 264
< 1 / 100,000.
The Roles of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set initial
authentication data to null (means data of length 0). These role’s authentication data are need
to be replaced upon the first-time authentication. Otherwise, the operator who assumes these
roles cannot execute services except Set PIN and services that does not need authorized roles.
Section 4.2 – Services
This section describes services which the CM provides.
Service Description
Approved
Security
Function
Keys and/or
SSPs
Role(s)
Access
rights to
Keys
and/or
SSPs3
Indicator
Band Lock/Unlock Lock or unlock read /
write of user data in a
band.
KBKDF KDK
MEKs
LockingSP.Admin
1-4
E
G
Mailbox
command result
HMAC-SHA2-256 System MAC Key E
Band Lock/Unlock
for Band of Single
User Mode
Lock or unlock read /
write of user data in
band ”X” of single user
mode.
LockingSP.User”X
+1”
Check Lock State Check a lock state of
band that read / write
user data.
N/A N/A None N/A
Band Lock state
Data Read/Write Encryption /
decryption of user
data to/from unlocked
band of SSD4
.
AES256-XTS MEKs LockingSP.Admin
1-4
LockingSP.User1-
192
E Readable/Writab
le signal
from lock check
module
Cryptographic
Erase
Erase user data (in
cryptographic means)
by changing the key
that derives the data
encryption key.
CKG (Hash_DRBG) KDK LockingSP.Admin
1-4
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Cryptographic
Erase for Band of
Single User Mode
Erase user data in
band ”X” of single user
mode (in
cryptographic means)
by changing the key
that derives the data
encryption key.
LockingSP.user”X
+1”
3
The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively.
4
The band has to be unlocked by the corresponding role beforehand.
Aug 29, 2024
11
Cryptographic
Erase and Initialize
Band State
Erase user data in
band ”X” of single user
mode (in
cryptographic means)
by changing the key
that derives the data
encryption key, and
initialize the band
state.
CKG (Hash_DRBG) KDK LockingSP.Admin
1-4
LockingSP.user”X
+1”
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Download Port
Lock/Unlock
Lock / unlock firmware
download.
N/A N/A AdminSP.SID N/A
Mailbox
command result
Firmware
Verification
Digital signature
verification for
firmware outside the
CM.
RSASSA-PKCS#1-
v1_5
Public Key
embedded on
the
CM’s code
None E
Mailbox
command result
Firmware
Download
Download a firmware
image5
.
SHA2-384 PubKey1 AdminSP.SID W, E
Mailbox
command result
RSASSA-PKCS#1-
v1_5
PubKey1 E
Random Number
Generation
Provide a random
number generated by
the CM.
Hash_DRBG DRBG Internal
Value
None E
Mailbox
command result
Set Band Position
and Size
Set the location and
size of the band.
CKG (Hash_DRBG) KDK LockingSP.Admin
1-4
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Set Band Position
and Size for Band
of Single User Mode
Set the location and
size of the band ”X” of
single user mode.
LockingSP.Admin
1-4
LockingSP.User”X
+1”
Set PIN Set PIN
(authentication data).
SHA2-256 PINs AdminSP.SID,
AdminSP.Admin1
LockingSP.Admin
1-4
LockingSP.User1-
192
W, E
Mailbox
command result
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS PINs W, R
Set PIN for Band of
Single User Mode
Set PIN
(authentication
data) of authority for
band ”X” of single use
mode
LockingSP.User1-
192
Authority
Enable/Disable
Enable/Disable the
authority.
HMAC-SHA2-256 System MAC Key AdminSP.SID
LockingSP.Admin
1-4
E
Mailbox
command result
AES256-CBC System Enc Key E
Revert Initialize the band
State and disable band
lock setting.
SHA2-256 PINs AdminSP.SID,
AdminSP.Admin1
LockingSP.Admin
1-4
G, E
Mailbox
command result
CKG (Hash_DRBG) KDK G, Z
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
5
Only the CMVP validated version is to be used. This service only replaces firmware image
(User Code).
Aug 29, 2024
12
KTS PINs
KDK
W, R
W, R
Data Locking
Protection Enable
Enable Data protection
with band lock setting.
SHA2-256 PINs AdminSP.SID
LockingSP.Admin
1-4
G, E
Mailbox
command result
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS PINs W, R
Sanitize Erase all user data (in
cryptographic means)
by changing the key
that derives the data
encryption key.
CKG (Hash_DRBG) KDK AdminSP.SID,
AdminSP.Admin1
,
LockingSP.Admin
1-4
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Format Namespace Erase user data (in
cryptographic means)
on Namespace by
changing the key that
derives the data
encryption key.
CKG (Hash_DRBG) KDK AdminSP.SID,
AdminSP.Admin1
LockingSP.Admin
1-4
LockingSP.User1-
192
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Namesapace
Create/Delete
Create and delete
Namespace.
CKG (Hash_DRBG) KDK AdminSP.SID
AdminSP.Admin1
LockingSP.Admin
1-4
LockingSP.User1
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Band Set Enable Set the location, size
and lock state of the
band.
CKG (Hash_DRBG) KDK LockinSP.Admin1
-4
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Band Set Disable Initialize the location,
size and lock state of
the band.
CKG (Hash_DRBG) KDK LockingSP.Admin
1-4
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Signature
Generation
Generate a signature
of the data by using a
private key entered
from outside of the
CM.
ECDSA Key Pair Private
Key
None W, E, Z
Mailbox
command result
Signature
Verification
Verify input signature
by using a public key
entered from outside
of the CM.
ECDSA Key Pair Public
Key
None W, E, Z
Mailbox
command result
Calculate Hash
Digest
Hash the data entered
from outside of the
CM.
SHA2-256 or
SHA2-384
N/A None N/A
Mailbox
command result
Show Status Report status of the
CM and versioning
information.
N/A N/A None N/A
Mailbox
command result
Aug 29, 2024
13
Zeroisation Erase SSPs. N/A RKey None6
Z
Mailbox
command result
KDK Z
MEKs Z
PINs Z
System MAC Key Z
System Enc Key Z
DRBG Internal
Value
Z
Reset Power-OFF:
Delete SSPs in RAM.
N/A System MAC Key None Z
N/A
System Enc Key Z
KDK Z
MEKs Z
PINs Z
DRBG Internal
Value
Z
PubKey1 Z
Power-ON:
Runs various self-tests
to be performed at
power-on ( POSTs,
CASTs, Firmware Load
test ) and generate /
import some SSPs.
RSASSA-PKCS#1-
v1_5
PubKey1 W, E
KBKDF RKey
System MAC Key
System Enc Key
E
G
G
Entropy Source DRBG Seed G
Hash_DRBG DRBG Seed
DRBG Internal
Value
E, Z
G
HMAC-SHA2-256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK
PINs
W
W
Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key.
Table 7 ‐ Approved services
Section 5 – Software/Firmware Security
Firmware Security of components in this CM is shown below.
ROM Code:
・ Form of the executable code: ELF format
・ Integrity verification method: 32bit CRC
・ Method for integrity test on demand: Power cycling
Firmware image (User Code):
・ Form of the executable code: ELF format
・ Integrity verification method: Approved signature verification (RSASSA-PKCS#1-v1_5, see table 3)
・ Method for integrity test on demand: Power cycling
6
Need to input PSID, which is public drive-unique value used for the zeroisation service.
Aug 29, 2024
14
Section 6 – Operational Environment
Operational Environment requirements are not applicable because the CM does not employ
operating systems and operates in a non-modifiable environment that is the CM cannot be
modified and no code can be added or deleted. Any firmware/software loaded into this module
that is not shown on the module certificate, is out of the scope of this validation and requires a
success of firmware load test and a separate FIPS 140-3 validation.
Section 7 – Physical Security
The CM is a sub-chip enclosed in a single chip that is an opaque package. And the CM consists
of production-grade components. Gathering information of the module’s internal construction
or components is impossible without forcing the package to open. In this case, it is confirmed
package damage as a tamper-evidence. Operators of the CM can ensure that the physical
security is maintained to confirm the package has no obvious attack damage. If the operator
discovers tamper evidence, the CM should be removed.
Front Back
Figure 1.1 - TC58NC1137GTC 0001 SoC
Front Back
Aug 29, 2024
15
Figure 1.2 - TC58NC1138GTC 0001 SoC
Physical Security Mechanism
Recommended Frequency of
Inspection/Test
Inspection/Test Guidance Detail
Passivated opaque package Every month or every two months Confirmation that there is no visual damage
Table 8 ‐ Physical Security Inspection Guidelines
Section 8 – Non-invasive security
The CM does not apply Non-invasive security.
Section 9 – Sensitive security parameter management
The CM uses keys and SSPs in the following table.
Key/SSP
Name/Ty
pe
Strength
(bit)
Security
Function
and Cert
Number
Generation
Import/
Export
Establishment Storage Zeroisation
Use & related
keys
Critical Security Parameters (CSPs)
RKey 256 KBKDF
(#A2861)
Hash_DRBG
(Method
SP800-133
Rev.2 Section
4)
N/A Manufacturing Plaintext in
OTP
Explicit
Zeroisation
service
Derivation of System
Enc Key and System
MAC Key
System Enc
Key
256 AES-CBC
(#A2837)
KDF in Counter
Mode
N/A Power-On Plaintext in
RAM
Explicit
Zeroisation
service
Data and Key
Encryption /
Decryption for KTS
Implicit
Power-Off
System MAC
Key
256 HMAC
(#A2837)
KDF in Counter
Mode
N/A Power-On Plaintext in
RAM
Explicit
Zeroisation
service
Message
Authentication Code
generation and
verification for KTS
Implicit
Power-Off
Aug 29, 2024
16
KDK 256 KBKDF
(#A2861)
Hash_DRBG
(Method
SP800-133
Rev.2 Section
4)
Electric
Imported
and
Exported
by KTS
(see Table
3)
Key update
services7
Plaintext in
RAM
Encrypted
in System
Area
outside the
module
using the
Approved
KTS
Explicit
Zeroisation
service,
Key update
services
Derivation of MEKs
Implicit
Power-Off
MEKs 256 AES-XTS
(#A2837)
KDF in Counter
Mode
N/A Band Lock/Unlock
service,
Key update
services
Plaintext in
AES
register
Explicit
Zeroisation
service,
Key update
services
Data Encryption /
Decryption
Implicit
Power-Off
PINs Referred to
in Section
4.1 (Table
6)
SHA2-256
(#A2837)
Electric input Electric
Imported
and
Exported
by KTS
(see Table
3)
Set PIN service Hashed in
RAM
Hashed +
Encrypted
in System
Area
outside the
module
using the
Approved
KTS
Explicit
Zeroisation
service
User authentication
Implicit
Power-Off
Key Pair
Private Key
192 ECDSA
(#A2883)
Electric input Electric
Imported
during
Signature
Generation service
Plaintext in
RAM
Implicit
Immediately
after use8
Signature generation
for arbitrary data
7
The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of
Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set
Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace,
Namespace Create/Delete and Band Set Enable.
Aug 29, 2024
17
Signature
Generation
Service
DRBG
Internal
Value
V: 440 bits
C: 440 bits
Hash_DRBG
(#A2862)
SP800-90A
Instantiation of
Hash_DRBG
N/A Power-On Plaintext in
RAM
Explicit
Zeroisation
service
Random number
generation
Implicit
Power-Off
DRBG Seed Entropy
Input
String and
Nonce:
1024 bits
Hash_DRBG
(#A2862)
Entropy
collected from
Entropy Source
at instantiation
(Minimum
entropy of 8
bits: 5.67)
N/A Power-On Plaintext in
RAM
Implicit
Immediately
after use8
Random number
generation
Public Security Parameters (PSPs)
PubKey1 128 RSA
(#A2837)
Electric input Electric
Imported
during FW
load.
Power-on
FW Download
service
Plaintext in
RAM
Hashed in
OTP
Implicit
Power-Off
(Data in RAM)
Signature verification.
Key Pair
Public Key
192 ECDSA
(#A2883)
Electric input Electric
Imported
during
Signature
Verification
Service
Signature
Verification service
Plaintext in
RAM
Implicit
Immediately
after use8
Signature verification
for arbitrary data
Table 9 ‐ SSPs
8
Zeroised after input to related algorithm.
Aug 29, 2024
18
Entropy source Minimum
number of bits
of entropy
Details
Entropy Source9
Minimum
entropy of 8 bits
is 5.67.
Hardware RNG used to seed the approved
Hash_DRBG.
Table 10 ‐ Non-Deterministic Random Number Generation Specification
For the Entropy Source listed in the table above, self-tests are performed each time before data
is obtained (see Section 10 for details of these self-tests). When these tests detect that the
Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error
state. The CM can be recovered from the error state by rebooting the module, and the obtaining
of Entropy data is attempted again. If the CM continuously enters in error state in spite of
several trials of reboot, the CM may be sent back to factory to recover from error state.
Section 10 – Self Tests
The CM runs self-tests in the following table.
Function Self-Test Type Execution
Condition
Abstract Failure Behavior
AES256-CBC Conditional Power-On Encrypt and Decrypt KAT Enters Boot Error State.
(Indicated Error Code: 0x24)
AES256-XTS Conditional Power-On Encrypt and Decrypt KAT Enters Boot Error State.
(Indicated Error Code: 0x23)
SHA2-256/
SHA2-384
Conditional Power-On Digest KAT Enters Boot Error State.
(Indicated Error Code: 0x25)
HMAC-SHA2-256 Conditional Power-On Digest KAT Enters Boot Error State.
(Indicated Error Code: 0x26)
Hash_DRBG Conditional Power-On DRBG KAT Enters Boot Error State.
(Indicated Error Code:
0x18/0x19)
RSASSA-PKCS#1-
v1_5
Conditional Power-On Signature verification KAT Enters Boot Error State.
(Indicated Error Code: 0x27)
ECDSA Conditional Before first
use
Signature generation KAT Enters Error State
(Indicated Error Code: 0x36)
9
The Entropy Source is a hardware module inside the CM boundary. The Entropy Source
supplies the Hash_DRBG with 1024 bits entropy input. From Table 10 this input contains about
725 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.
Aug 29, 2024
19
ECDSA Conditional Before first
use
Signature verification KAT Enters Error State
(Indicated Error Code: 0x36)
KDF in Counter
Mode
Conditional Power-On KDF KAT Enters Boot Error State
(Indicated Error Code: 0x28)
Entropy Source
(Health tests of noise
source at startup.)
Conditional Power-On Verify not deviating from
the intended behavior of the
noise source by Repetition
Count Test and Adaptive
Proportion Test specified in
SP800-90B.
Enters Boot Error State
(Indicated Error Code:
0x2C/0x2D)
Entropy Source
(Continuous noise
source health tests
during operation.)
Conditional Entropy output
request
Verify not deviating from
the intended behavior of the
noise source by Repetition
Count Test and Adaptive
Proportion Test specified in
SP800-90B.
Enters Error State.
(Indicated Error Code:
0x2C/0x2D)
Firmware load test Conditional10
Power-On Verify signature of loaded
firmware image by
RSASSA-PKCS#1-v1_5
Enters Power Up Load Test Error
State
(Indicated Error Code: 0x13)
FW download Verify signature of
downloaded firmware
image by
RSASSA-PKCS#1-v1_5
Enters Conditional Load Test
Error State. After reporting
Error code, transition from error
state to normal state and
continue to operate with FW
before download.
(Indicated Error Code: 0x13)
Firmware integrity
test
Pre-operational Power-On Verify ROM code integrity
with 32bit CRC.
Enters Boot Error State
(Implicit error reporting by
stopping the startup sequence)
Table 11 ‐ Self Tests
As shown in the table above, self-tests are performed automatically at the CM startup and
before execution certain security functions. Operator can also initiate self-test on-demand for
periodic testing by using the Reset service which is automatically invoked when the module is
powered-off and powered-on (rebooted).
10
Firmware load test is also run at the time of Power-up, and the integrity of the Firmware
loaded into the CM can be confirmed.
Aug 29, 2024
20
If the self-tests fail, the CM reports error status and enters to the error state. In this case, the
CM must be powered-off to clear error condition. When power-on is executed again, self-tests
are also executed like an on-demand operator reset. If the CM continuously enters in error state
in spite of several trials of reboot, the CM may be sent back to factory to recover from error
state.
Section 11 – Life-cycle Assurance
In the SSD’s manufacturing process, installation is executed as below:
1. The Firmware described in Section 2.1 is downloaded into the CM.
2. Initial SSPs are generated.
3. Initial authentication information is set to the CM.
4. System area including SSPs generated in Step2 and Step3 are encrypted and calculated
message authentication code.
Initial operations to setup this CM are following:
1. Load Firmware into the CM.
2. Load system area including SSPs into the CM.
3. Execute range state setting method.
4. Execute download port setting method.
5. Execute service execution state setting method.
6. Execute namespace setting method.
The CM switches to approved mode after the initial operation success. When the initial
operation succeeds, the CM indicates success on the Status Output interface. Operators can
confirm that the CM is in approved mode by executing Show Status service and checking that
the startup is successfully completed.
For secure operation, the following settings must be maintained:
 Data Locking Protection is Enabled
 Each Band is set to be locked when power-on. Bands that are not configured are considered
unprotected or plaintext.
(Refer to SSD setting procedure11
)
11
For maintaining secure condition, the SSD needs several setting at least.
Owners of the SSD that embeds the CM must use it securely according to the followings:
1. TCG LockingSP is enabled by Activate method.
2. Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included
GlobalRange) and it must not be modified.
Aug 29, 2024
21
As described in Section 2, the CM is used by being embedded in SSDs. Therefore, there are no
maintenance requirements for the CM alone. More detailed guidance for this module is provided
to the SSDs developers that embed the CM.
Section 12 – Mitigation of Other Attack
The CM does not mitigate other attacks beyond the scope of FIPS 140-3 requirements.
3. For each band, "Power Cycle" of LockOnReset setting is not change.
4. If the LockingSP has been made disabled, the Activate method is re-executed before
PowerCycle is performed.