Advanced Micro Devices (AMD)
AMD ASP Cryptographic CoProcessor ("Strix 1" and "Krackan 1")
FIPS 140-3 Non-Proprietary Security Policy
Prepared by:
atsec information security corporation
4516 Seton Center Pkwy, Suite 250
Austin, TX 78759 Document version: 1.1
www.atsec.com Last update: 2026-04-06
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 2 of 43
Table of Contents
List of Tables.............................................................................................................................................4
1 General.......................................................................................................................................................5
1.1 Overview .............................................................................................................................................5
1.2 Security Levels....................................................................................................................................5
2 Cryptographic Module Specification ..........................................................................................................6
2.1 Description ..........................................................................................................................................6
2.2 Tested and Vendor Affirmed Module Version and Identification.........................................................8
2.3 Excluded Components........................................................................................................................8
2.4 Modes of Operation.............................................................................................................................8
2.5 Algorithms ...........................................................................................................................................8
2.6 Security Function Implementations...................................................................................................12
2.7 Algorithm Specific Information ..........................................................................................................14
2.8 RBG and Entropy..............................................................................................................................14
2.9 Key Generation .................................................................................................................................15
2.10 Key Establishment ..........................................................................................................................15
2.11 Industry Protocols ...........................................................................................................................15
3 Cryptographic Module Interfaces .............................................................................................................16
3.1 Ports and Interfaces..........................................................................................................................16
4 Roles, Services, and Authentication ........................................................................................................17
4.1 Authentication Methods.....................................................................................................................17
4.2 Roles .................................................................................................................................................17
4.3 Approved Services............................................................................................................................17
4.4 Non-Approved Services ....................................................................................................................24
4.5 External Software/Firmware Loaded.................................................................................................24
5 Software/Firmware Security.....................................................................................................................25
5.1 Integrity Techniques..........................................................................................................................25
5.2 Initiate on Demand............................................................................................................................25
6 Operational Environment .........................................................................................................................26
6.1 Operational Environment Type and Requirements...........................................................................26
6.2 Configuration Settings and Restrictions............................................................................................26
7 Physical Security......................................................................................................................................27
7.1 Mechanisms and Actions Required ..................................................................................................27
8 Non-Invasive Security ..............................................................................................................................28
9 Sensitive Security Parameters Management...........................................................................................29
9.1 Storage Areas ...................................................................................................................................29
9.2 SSP Input-Output Methods ...............................................................................................................29
9.3 SSP Zeroization Methods .................................................................................................................29
9.4 SSPs .................................................................................................................................................30
9.5 Transitions.........................................................................................................................................32
10 Self-Tests ...............................................................................................................................................33
10.1 Pre-Operational Self-Tests .............................................................................................................33
10.2 Conditional Self-Tests.....................................................................................................................33
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 3 of 43
10.3 Periodic Self-Test Information.........................................................................................................35
10.4 Error States .....................................................................................................................................36
10.5 Operator Initiation of Self-Tests ......................................................................................................37
11 Life-Cycle Assurance .............................................................................................................................38
11.1 Installation, Initialization, and Startup Procedures..........................................................................38
11.2 Administrator Guidance...................................................................................................................38
11.3 Non-Administrator Guidance...........................................................................................................38
11.4 Design and Rules............................................................................................................................38
11.5 Maintenance Requirements ............................................................................................................38
11.6 End of Life .......................................................................................................................................38
12 Mitigation of Other Attacks.....................................................................................................................39
A Glossary and Abbreviations.....................................................................................................................40
B References ..............................................................................................................................................42
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 4 of 43
List of Tables
Table 1: Security Levels................................................................................................................................5
Table 2: Tested Module Identification – Hardware .......................................................................................8
Table 3: Modes List and Description.............................................................................................................8
Table 4: Approved Algorithms.....................................................................................................................11
Table 5: Non-Approved, Allowed Algorithms with No Security Claimed.....................................................12
Table 6: Non-Approved, Not Allowed Algorithms .......................................................................................12
Table 7: Security Function Implementations...............................................................................................14
Table 8: Entropy Certificates.......................................................................................................................14
Table 9: Entropy Sources............................................................................................................................14
Table 10: Ports and Interfaces....................................................................................................................16
Table 11: Roles ...........................................................................................................................................17
Table 12: Approved Services......................................................................................................................23
Table 13: Non-Approved Services ..............................................................................................................24
Table 14: Mechanisms and Actions Required ............................................................................................27
Table 15: Storage Areas .............................................................................................................................29
Table 16: SSP Input-Output Methods .........................................................................................................29
Table 17: SSP Zeroization Methods ...........................................................................................................30
Table 18: SSP Table 1................................................................................................................................31
Table 19: SSP Table 2................................................................................................................................32
Table 20: Pre-Operational Self-Tests .........................................................................................................33
Table 21: Conditional Self-Tests.................................................................................................................35
Table 22: Pre-Operational Periodic Information..........................................................................................35
Table 23: Conditional Periodic Information.................................................................................................36
Table 24: Error States.................................................................................................................................36
List of Figures
Figure 1: AMD Ryzen AI 9 HX PRO 370 (left), AMD Ryzen AI 7 PRO 350 (right).......................................7
Figure 2: Block Diagram................................................................................................................................7
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 5 of 43
1 General
1.1 Overview
This document is the non-proprietary FIPS 140-3 Security Policy for the AMD ASP Cryptographic
CoProcessor (“Strix 1” and “Krackan 1”) cryptographic module. It contains the security rules under which
the module must operate and describes how this module meets the requirements as specified in FIPS PUB
140-3 (Federal Information Processing Standards) for an overall Security Level 1 module.
This Non-Proprietary Security Policy may be reproduced and distributed, but only whole and intact and
including this notice.
1.2 Security Levels
Section Title Security Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A
Overall Level 1
Table 1: Security Levels
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 6 of 43
2 Cryptographic Module Specification
2.1 Description
Purpose and Use:
The AMD ASP Cryptographic CoProcessor (“Strix 1” and “Krackan 1”) cryptographic module (hereafter
referred to as “the module”) is defined as a sub-chip hardware module in a single chip embodiment, with
hardware and firmware components implementing general purpose cryptographic algorithms.
Module Type: Hardware
Module Embodiment: Single Chip
Module Characteristics: SubChip
Cryptographic Boundary:
The module consists primarily of the ARM Cortex-A5, Random Bit Generation hardware, Security
Infrastructure Block, Cryptographic CoProcessor, and OTP fuses. These hardware components are sub-
components of the Ryzen SoC.
OTP fuses are used to persistently store FIPS support enablement and versioning information, security
state information, end-of-life information, and Entropy Source configuration values (sample rate, sample
count, RCT and APT cutoffs).
In addition, there is a ROM firmware component (“libROM”) permanently stored inside the Ryzen SoC, and
an overlay firmware component (“overlay firmware”) permanently stored inside SPI flash storage, outside
the SoC, which is loaded into the SRAM on startup.
The block diagram in Figure 2 shows the design of the module when the module is operational and the
firmware components are loaded into the SRAM. In this diagram, the physical boundary of the module,
defined by the perimeter of the Ryzen SoC (i.e., the enclosure of the SoC), is indicated by a dashed purple
line. The cryptographic boundary is represented by the components painted in orange blocks. Solid orange
lines indicate the flow of data within the cryptographic module (i.e., internal paths). Dashed green lines are
used to denote the logical interfaces defined in Section 3.
Components in white are only included in the diagram for informational purposes. They are not included in
the cryptographic boundary (and therefore not part of the module’s validation).
Tested Operational Environment’s Physical Perimeter (TOEPP):
The TOEPPs are the Ryzen SoCs (shown in Figure 1), which are rectangular enclosures, each measuring
approximately 25.0 mm x 40.0 mm x 1.31 mm.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 7 of 43
Figure 1: AMD Ryzen AI 9 HX PRO 370 (left), AMD Ryzen AI 7 PRO 350 (right)
Figure 2: Block Diagram
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 8 of 43
2.2 Tested and Vendor Affirmed Module Version and Identification
Tested Module Identification – Hardware:
Model and/or Part Number Hardware
Version
Firmware
Version
Processors Features
AMD Ryzen AI 9 HX PRO 370 B0-1-3E14 003E0115 ARM Cortex-A5 N/A
AMD Ryzen AI 7 PRO 350 A0-1-3E14 003E0115 ARM Cortex-A5 N/A
Table 2: Tested Module Identification – Hardware
2.3 Excluded Components
There are no components excluded from the requirements of the FIPS 140-3 standard.
2.4 Modes of Operation
Modes List and Description:
Mode Name Description Type Status Indicator
Approved
mode
Automatically entered
whenever an approved service
is requested
Approved Equivalent to the indicator of the
requested service (FipsIndicatorStatus
is set to 2)
Non-
approved
mode
Automatically entered
whenever a non-approved
service is requested
Non-
Approved
Equivalent to the indicator of the
requested service (FipsIndicatorStatus
is not set to 2)
Table 3: Modes List and Description
After passing all pre-operational self-tests and conditional self-tests executed on startup, the module
automatically transitions to the approved mode. No operator intervention is required to reach this point. In
the operational state, the module accepts service requests from calling applications through its logical
interfaces. The operator can verify that the module is operational by requesting the RL_ARCL_GetState
service and comparing the returned ArclState value with 4.
Mode Change Instructions and Status:
The module automatically switches between the approved and non-approved modes depending on the
services requested by the operator. The status indicator of the mode of operation is equivalent to the
indicator of the service that was requested.
2.5 Algorithms
Approved Algorithms:
Algorithm CAVP
Cert
Properties Reference
AES-CBC A6633 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A6634 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CMAC A6633 Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A6634 Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 9 of 43
Algorithm CAVP
Cert
Properties Reference
AES-CTR A6633 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A6634 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A6633 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A6634 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A7003 Direction - Encrypt
Key Length - 256
SP 800-38A
AES-ECB A7004 Direction - Encrypt
Key Length - 256
SP 800-38A
Conditioning Component AES-
CBC-MAC SP800-90B
A5337 Key Length - 256 SP 800-90B
Counter DRBG A7003 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
Counter DRBG A7004 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
HMAC-SHA-1 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA-1 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-224 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-224 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-256 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-256 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-384 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-384 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-512 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA2-512 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-224 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 10 of 43
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA3-224 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-256 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-256 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-384 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-384 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-512 A6633 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
HMAC-SHA3-512 A6634 Key Length - Key Length: 112-
524288 Increment 8
FIPS 198-1
KDF SP800-108 A6633 KDF Mode - Counter
Supported Lengths - Supported
Lengths: 112-4096 Increment 8
SP 800-108
Rev. 1
KDF SP800-108 A6634 KDF Mode - Counter
Supported Lengths - Supported
Lengths: 112-4096 Increment 8
SP 800-108
Rev. 1
RSA SigVer (FIPS186-2) A6633 Signature Type - PKCSPSS
Modulo - 1536
FIPS 186-4
RSA SigVer (FIPS186-2) A6634 Signature Type - PKCSPSS
Modulo - 1536
FIPS 186-4
RSA SigVer (FIPS186-4) A6633 Signature Type - PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-4) A6634 Signature Type - PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-5) A6633 Modulo - 2048, 3072, 4096
Signature Type - pss
FIPS 186-5
RSA SigVer (FIPS186-5) A6634 Modulo - 2048, 3072, 4096
Signature Type - pss
FIPS 186-5
SHA-1 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA-1 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-224 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-224 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-256 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 11 of 43
Algorithm CAVP
Cert
Properties Reference
SHA2-256 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-384 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-384 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-512 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA2-512 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 180-4
SHA3-224 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-224 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-256 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-256 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-384 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-384 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-512 A6633 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHA3-512 A6634 Message Length - Message Length:
0-65536 Increment 8
FIPS 202
SHAKE-128 A6633 Output Length - Output Length: 1344 FIPS 202
SHAKE-128 A6634 Output Length - Output Length: 1344 FIPS 202
SHAKE-256 A6633 Output Length - Output Length: 1088 FIPS 202
SHAKE-256 A6634 Output Length - Output Length: 1088 FIPS 202
Table 4: Approved Algorithms
Vendor-Affirmed Algorithms:
N/A for this module.
Non-Approved, Allowed Algorithms:
N/A for this module.
Non-Approved, Allowed Algorithms with No Security Claimed:
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 12 of 43
Name Caveat Use and Function
AES-ECB using the
non-approved key.
Allowed per IG
2.4.A example
2.
De-obfuscate data using the non-approved RTL key for a
non-security relevant purpose (RL_ARCL_RtlDeobfuscate
service).
Table 5: Non-Approved, Allowed Algorithms with No Security Claimed
Non-Approved, Not Allowed Algorithms:
Name Use and Function
HMAC with key
lengths less than
112 bits
Message authentication
RSA (pre-hashed
message)
Signature verification
SHA-384 with non-
standard initial
hash value
PCR-based memory measurement
CCP_HAL
algorithm
Message digest (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224,
SHA3-256, SHA3-384, SHA3-512), XOF (SHAKE128, SHAKE256), encryption,
decryption (AES, ECB, CBC, OFB, CFB, CTR, GCTR, IAPM, XTS), message
authentication (AES CMAC)
SIB_HAL algorithm Random number generation
Table 6: Non-Approved, Not Allowed Algorithms
2.6 Security Function Implementations
Name Type Description Properties Algorithms
Encryption BC-UnAuth Encrypt a plaintext AES-CBC:
(A6633, A6634)
AES-CTR:
(A6633, A6634)
AES-ECB:
(A6633, A6634)
Decryption BC-UnAuth Decrypt a
ciphertext
AES-CBC:
(A6633, A6634)
AES-CTR:
(A6633, A6634)
AES-ECB:
(A6633, A6634)
Message digest SHA Compute a
message digest
SHA-1: (A6633,
A6634)
SHA2-224:
(A6633, A6634)
SHA2-256:
(A6633, A6634)
SHA2-384:
(A6633, A6634)
SHA2-512:
(A6633, A6634)
SHA3-224:
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 13 of 43
Name Type Description Properties Algorithms
(A6633, A6634)
SHA3-256:
(A6633, A6634)
SHA3-384:
(A6633, A6634)
SHA3-512:
(A6633, A6634)
XOF XOF Compute an
extendable output
message digest
SHAKE-128:
(A6633, A6634)
SHAKE-256:
(A6633, A6634)
MAC MAC Compute a MAC
tag
AES-CMAC:
(A6633, A6634)
HMAC-SHA-1:
(A6633, A6634)
HMAC-SHA2-224:
(A6633, A6634)
HMAC-SHA2-256:
(A6633, A6634)
HMAC-SHA2-384:
(A6633, A6634)
HMAC-SHA2-512:
(A6633, A6634)
HMAC-SHA3-224:
(A6633, A6634)
HMAC-SHA3-256:
(A6633, A6634)
HMAC-SHA3-384:
(A6633, A6634)
HMAC-SHA3-512:
(A6633, A6634)
Random number
generation
DRBG Generate random
bytes
Conditioning
Component AES-
CBC-MAC
SP800-90B:
(A5337)
AES-ECB:
(A7003, A7004)
Counter DRBG:
(A7003, A7004)
Key derivation KBKDF Derive a key from
a key derivation
key
KDF SP800-108:
(A6633, A6634)
Signature
verification
DigSig-SigVer Verify a digital
signature
RSA SigVer
(FIPS186-5):
(A6634, A6633)
Signature
verification
(legacy)
DigSig-SigVer Verify a digital
signature
RSA SigVer
(FIPS186-2):
(A6633, A6634)
RSA SigVer
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 14 of 43
Name Type Description Properties Algorithms
(FIPS186-4):
(A6633, A6634)
Table 7: Security Function Implementations
2.7 Algorithm Specific Information
SHA-1:
Digital signature generation using SHA-1 is non-approved and not allowed in approved services. Digital
signature verification using SHA-1 is allowed for legacy use only. Other usages of SHA-1 that do not require
collision resistance (e.g., standalone or in HMAC) are allowed through December 31, 2030.
RSA:
For RSA signature verification, the module supports sizes 2048, 3072, and 4096 bits. Additionally, the
module supports a modulus size of 1024 and 1536 bits for RSA signature verification. All supported
modulus sizes have been CAVP tested and are conformant to FIPS 140-3 IG C.F.
Legacy Use:
In compliance with FIPS 140-3 IG C.K, the digital signature algorithm implementations have been CAVP
tested against FIPS 186-5 where possible.
FIPS 186-2 CAVP testing was performed for RSA signature verification with a 1536-bit modulus. FIPS 186-
4 CAVP testing was performed for digital signature verification using SHA-1 and RSA signature verification
with a 1024-bit modulus. These algorithms are allowed for legacy use only.
2.8 RBG and Entropy
Cert
Number
Vendor
Name
E173 AMD
Table 8: Entropy Certificates
Name Type Operational Environment Sample
Size
Entropy
per
Sample
Conditioning
Component
AMD TRNG
Entropy
Source
Physical AMD Strix1 OPN 100-
000001569; AMD Krackan1 OPN
100-000000713
128 128 AES-CBC-MAC
(A5337)
Table 9: Entropy Sources
The module provides an SP800-90Ar1-compliant Deterministic Random Bit Generator (DRBG) using
CTR_DRBG mechanism with AES-256 for generation of key components of asymmetric keys, and random
number generation. The module complies with the Public Use Document for ESV certificate E173 by
reading entropy data from the 2048-bit FIFO, which corresponds to the GetEntropy() function. This function
outputs 128 bits of entropy. The module constructs the 384-bit entropy input for the DRBG by requesting
GetEntropy() three times and concatenating the result.
The DRBG does not employ a derivation function, does not support a personalization string, and does not
support additional input. Consequently, the 384-bit entropy input is used directly as the DRBG seed, for
both seeding and reseeding.
The Strix 1 and Krackan 1 operational environments on the ESV certificate are identical to the tested SoCs.
The ESV certificate covers Strix1 OPN 100-000001569 and Krackan1 OPN 100-000000713, which
respetively correspond to the tested Ryzen AI 9 HX PRO 370 and Ryzen AI 7 PRO 350 SoCs. Thus, the
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 15 of 43
module is compliant with scenario 1 of IG 9.3.A. There are no maintenance requirements for the entropy
source.
2.9 Key Generation
The module does not implement a key generation service, it only includes a key derivation service.
Specifically, the module implements an SP 800-108r1 compliant KBKDF, using the HMAC SHA-256 PRF
and a 32-bit counter. This implementation can be used to derive secret keys when provided with a pre-
existing key-derivation key.
The resulting SSPs can be stored by the module in the Key Storage Block (if specified by the operator) or
output as an API output parameter.
2.10 Key Establishment
The module does not implement any automated key establishment methods.
2.11 Industry Protocols
The module does not implement any industry protocol.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 16 of 43
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces
Physical
Port
Logical
Interface(s)
Data That Passes
SRAM Data Input API input parameters for data.
SRAM Data Output API output parameters for data.
SRAM Control Input API function calls, API input parameters for control.
SRAM Status Output API return codes, status values.
Power port Power Power port or pin on the SoC.
Table 10: Ports and Interfaces
The logical interfaces are logically separated from each other by the API design. The module does not
implement a control output interface. The power interface is physically separated from any other interface.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 17 of 43
4 Roles, Services, and Authentication
4.1 Authentication Methods
The module does not implement any authentication methods.
4.2 Roles
Name Type Operator Type Authentication Methods
Crypto Officer Role CO None
Table 11: Roles
No support is provided for multiple concurrent operators.
4.3 Approved Services
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
RL_ARCL_Sha Generate a
(extendabl
e output)
message
digest
2 Message,
output length
(XOF)
Message
digest
Messa
ge
digest
XOF
Crypto
Officer
RL_ARCL_Aes Perform an
AES
operation
(encrypt/de
crypt)
2 Plaintext/ciph
ertext, AES
key, IV (if
applicable)
Plaintext/cip
hertext
Encryp
tion
Decryp
tion
Crypto
Officer
- AES
key:
W,E
RL_ARCL_Mac Generate a
MAC tag
2 Message,
AES/HMAC
key
MAC tag MAC Crypto
Officer
- AES
key:
W,E
-
HMAC
key:
W,E
RL_ARCL_Verify Verify a
message
signature
2 Message,
hash
algorithm,
signature,
public key
Pass/fail Signat
ure
verifica
tion
Signat
ure
verifica
tion
(legacy
)
Crypto
Officer
- RSA
public
key:
W,E
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 18 of 43
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
RL_ARCL_DeriveKeyUsingP
RF
Derive a
key using
SP 800-
108r1 KDF
2 Key-
derivation-
key, derived
key length
Derived key Key
derivati
on
Crypto
Officer
- Key-
deriva
tion
key:
W,E
-
Derive
d key:
G,R
RL_ARCL_GenerateRando
m
Generate
random
bytes
2 Output length Random
bytes
Rando
m
numbe
r
genera
tion
Crypto
Officer
-
Entrop
y
input:
G,E,Z
-
DRBG
seed:
G,E,Z
-
Intern
al
state
(V,
Key):
G,W,E
RL_ARCL_FwImageLoadVal
idateWithKey
Verify the
signature
of a
firmware
image
using a
provided
key
2 Firmware
image, public
key
Pass/fail Signat
ure
verifica
tion
Crypto
Officer
- RSA
public
key:
W,E
RL_ARCL_FwImageLoadVal
idate
Verify the
signature
of a
firmware
image
using an
embedded
key
2 Firmware
image
Pass/fail Signat
ure
verifica
tion
Crypto
Officer
- RSA
public
key:
W,E
RL_ARCL_KeyDbInstall Verify the
signature
of a key
2 Key
database
image
Pass/fail Signat
ure
Crypto
Officer
- RSA
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 19 of 43
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
database
image
using an
embedded
key
verifica
tion
public
key:
W,E
RL_ARCL_KeyImageValidat
e
Verify the
signature
of a key
image
using an
embedded
key
2 Key image Pass/fail Signat
ure
verifica
tion
Crypto
Officer
- RSA
public
key:
W,E
RL_ARCL_SelfTest Perform
on-demand
self-tests
2 None Pass/fail None Crypto
Officer
RL_ARCL_RtlDeobfuscate De-
obfuscate
some data
using the
RTL key
2 Obfuscated
input data
De-
obfuscated
output data
None Crypto
Officer
RL_ARCL_Reconfig Update the
ASP
register
base
address
None Register
base address
None None Crypto
Officer
RL_ARCL_GetState (Show
Status / Show Version)
Show the
module
status,
version,
and service
indicator
None None Module
status,
version,
service
indicator
None Crypto
Officer
RL_ARCL_Scrap Zeroize the
KSB and
prepare the
module for
end-of-life
None None None None Crypto
Officer
- AES
key: Z
-
HMAC
key: Z
- Key-
deriva
tion
key: Z
-
Derive
d key:
Z
- RSA
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 20 of 43
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
public
key: Z
RL_ARCL_Shutdown Zeroize the
KSB and
shut down
the module
None None None None Crypto
Officer
- AES
key: Z
-
HMAC
key: Z
- Key-
deriva
tion
key: Z
-
Derive
d key:
Z
- RSA
public
key: Z
RL_ARCL_KeyDbRetire Disable the
installed
key
database
image
None None None None Crypto
Officer
RL_ARCL_ReinitHw Reinitialize
CCP
hardware
None None None None Crypto
Officer
RL_ARCL_GetShaInfo Get SHA
IV,
message
block size,
and output
hash length
None SHA type IV, message
block size,
output hash
length
None Crypto
Officer
RL_ARCL_ModExp Perform a
modular
exponentiat
ion
None Base,
exponent,
modulus
Result None Crypto
Officer
RL_ARCL_RtlDisableKeyUs
age
Disable
usage of
the RTL
key
None None None None Crypto
Officer
RL_ARCL_AddAddressMap Register a
new device
address
map
None Device
address map
None None Crypto
Officer
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 21 of 43
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
RL_ARCL_GetRuntimeProfil
e
Get the
runtime
profile
address
None None Runtime
profile
address
None Crypto
Officer
RL_ARCL_GetReadOnlyRe
gions
Get list of
read-only
regions
None None List of read-
only regions
None Crypto
Officer
RL_ARCL_CcpDma Copy data
from a
source to a
destination
using the
CCP
None SRAM
address or
KSB slot
handle
SRAM
address or
KSB slot
handle
None Crypto
Officer
- AES
key:
R,W
-
HMAC
key:
R,W
- Key-
deriva
tion
key:
R,W
-
Derive
d key:
R
- RSA
public
key:
R,W
RL_ARCL_KsbAlloc Allocate a
slot in the
KSB
None Length,
allocation
type
KSB slot
handle
None Crypto
Officer
RL_ARCL_KsbChangeUsag
e
Change
attributes
for a KSB
slot
None KSB slot,
attributes
None None Crypto
Officer
RL_ARCL_KsbGetAttributes Retrieve
attributes
for a KSB
slot
None KSB slot Attributes None Crypto
Officer
RL_ARCL_KsbClear Set the first
64 bytes of
a KSB slot
to zero
None KSB slot None None Crypto
Officer
RL_ARCL_KsbLock Lock a
KSB slot
None KSB slot None None Crypto
Officer
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 22 of 43
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
RL_ARCL_KsbFree Free and
zeroize a
previously
allocated
KSB slot
None KSB slot None None Crypto
Officer
- AES
key: Z
-
HMAC
key: Z
- Key-
deriva
tion
key: Z
-
Derive
d key:
Z
- RSA
public
key: Z
RL_ARCL_ZlibDecompress Decompres
s zlib data
None Compressed
data
Uncompress
ed data
None Crypto
Officer
RL_ARCL_ClearInterrupt Clear CCP
interrupt for
the flags
None Flags None None Crypto
Officer
RL_ARCL_GetInterruptState Check if
CCP
interrupt is
signaled for
the flags
None Flags Interrupt
state
None Crypto
Officer
RL_ARCL_EnableInterrupt Enable
CCP
interrupt for
the flags
None Flags None None Crypto
Officer
RL_ARCL_GetKeyUsageHis
tory
Check key
usage
since boot
time
None None Key usage
counters
None Crypto
Officer
RL_ARCL_RngReinit Reinitialize
the Entropy
Source and
DRBG
None None None Rando
m
numbe
r
genera
tion
Crypto
Officer
-
Entrop
y
input:
G,E,Z
-
DRBG
seed:
G,E,Z
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 23 of 43
Name Descriptio
n
Indica
tor
Inputs Outputs Securi
ty
Functi
ons
SSP
Acces
s
-
Intern
al
state
(V,
Key):
G
RL_ARCL_RngReseed Reseed the
DRBG
None None None Rando
m
numbe
r
genera
tion
Crypto
Officer
-
Entrop
y
input:
G,E,Z
-
DRBG
seed:
G,E,Z
-
Intern
al
state
(V,
Key):
G,W,E
RL_ARCL_DeInitVcq Disable
and clear
the virtual
queue
VCQ0
None None None None Crypto
Officer
Table 12: Approved Services
For the above table, the convention below applies when specifying the access permissions (type) that the
service has for each SSP.
 Generate (G): The module generates or derives the SSP.
 Read (R): The SSP is read from the module (e.g., the SSP is output).
 Write (W): The SSP is updated, imported, or written to the module.
 Execute (E): The module uses the SSP in performing a cryptographic operation.
 Zeroize (Z): The module zeroizes the SSP.
 N/A: The module does not access any SSP or key during its operation.
The module provides three different API layers, each with distinct services:
1. The HAL layer, which is the low-level interface for CCP and SIB hardware.
a. The HAL CCP API provides non-approved cryptographic functionality.
b. The HAL SIB API provides functionality to interact with the Key Storage block, DRBG, and
Security State.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 24 of 43
2. The ARCL layer, which provides high-level cryptographic (both approved and non-approved) and
non-cryptographic functionality.
3. The Firmware image processing layer, which is implemented on top of the ARCL API and provides
high-level functionalities, such as firmware image validation and key database management.
The ARCL API layer provides the RL_ARCL_GetState function which returns the ArclState, ArclVersion,
and FipsIndicatorStatus values:
 The ArclState value serves as the module’s status indicator and is used to indicate the error states.
 The ArclVersion value contains the module’s versioning information.
 The FipsIndicatorStatus value services as the approved service indicator. If this value is set to 2,
the previously requested ARCL service was approved. If this value is set to any other value, the
service was not approved. The HAL CCP API and HAL SIB API only provide non-approved
services.
4.4 Non-Approved Services
Name Description Algorithms Role
RL_ARCL_Mac Generate a MAC tag HMAC with key lengths
less than 112 bits
Crypto
Officer
RL_ARCL_RsaPssVerifySignature Verify a pre-hashed
message signature
RSA (pre-hashed
message)
Crypto
Officer
RL_ARCL_MeasureMemoryPerPcr PCR-based memory
measurement
SHA-384 with non-
standard initial hash
value
Crypto
Officer
CCP_HAL API Any API in the
CCP_HAL API layer
CCP_HAL algorithm Crypto
Officer
SIB_HAL API Any API in the SIB_HAL
API layer
SIB_HAL algorithm Crypto
Officer
Table 13: Non-Approved Services
4.5 External Software/Firmware Loaded
Upon startup, the libROM firmware component loads the overlay firmware from external storage (SPI flash)
into the sub-chip cryptographic subsystem. The integrity of the overlay firmware is determined by verifying
an RSA-PSS 4096 with SHA-384 signature stored in the overlay firmware that was computed at build time.
If the signature verification fails, the overlay firmware load test fails. The public key used to verify this
signature is stored inside the libROM firmware component of the module, the private key associated with
this public key is controlled by the vendor.
All data output is inhibited during the execution of the overlay firmware load test and the overlay firmware
loading process.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 25 of 43
5 Software/Firmware Security
5.1 Integrity Techniques
The integrity of the libROM component of the module is verified by comparing a SHA-384 digest value
calculated at runtime with the SHA-384 digest value stored in the module that was computed at build time.
The load test on the overlay firmware component of the module is discussed in Section 4.5.
5.2 Initiate on Demand
The module provides the RL_ARCL_SelfTest service to perform self-tests on demand. Among those self-
tests is the integrity test, as part of the pre-operational self-tests. More details on the API are provided by
the vendor in its developer’s manual.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 26 of 43
6 Operational Environment
6.1 Operational Environment Type and Requirements
Type of Operational Environment: Limited
How Requirements are Satisfied:
Any SSPs contained within the module are protected by the hardware and firmware restrictions
implemented by the Key Storage Block. Only the module has access to these SSPs, and access is only
possible through the defined interfaces.
6.2 Configuration Settings and Restrictions
No configuration of the operational environment is required for the module to operate in an approved mode.
Therefore, there are no rules, settings, or restrictions to the configuration of the operational environment.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 27 of 43
7 Physical Security
7.1 Mechanisms and Actions Required
Mechanism Inspection Frequency Inspection Guidance
Opaque sealing
coat
No actions are required to maintain the
physical security of the module
No actions are required to maintain the
physical security of the module
Table 14: Mechanisms and Actions Required
The module provides no additional physical security techniques.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 28 of 43
8 Non-Invasive Security
The module does not implement any non-invasive security mechanisms.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 29 of 43
9 Sensitive Security Parameters Management
9.1 Storage Areas
Storage Area Name Description Persistence
Type
Hardware registers Hardware registers store the SSPs used by the hardware
DRBG
Dynamic
Key Storage Block
(KSB)
Hardware block used to securely store SSPs while the module
is operational
Dynamic
SRAM Temporary storage for SSPs used by the module as part of
service execution
Dynamic
Table 15: Storage Areas
The Key Storage Block maintains internal separation of the SSPs (including CSPs) in the approved and
non-approved modes of operation using a “virtual queue” mechanism: virtual queue 0 is exclusively used
for approved services, whereas virtual queue 1 is always used for non-approved services. The HAL SIB
API provides functionality to interact with the Key Storage Block for queue 1 only.
The module does not perform persistent storage of SSPs; SSPs in use by the module exist in volatile
memory only.
9.2 SSP Input-Output Methods
Name From To Format
Type
Distribution
Type
Entry
Type
SFI or
Algorithm
API input
parameters
Operator calling
application
(TOEPP)
Cryptographic
module
Plaintext Manual Electronic
API output
parameters
Cryptographic
module
Operator calling
application
(TOEPP)
Plaintext Manual Electronic
Table 16: SSP Input-Output Methods
9.3 SSP Zeroization Methods
Zeroization Method Description Rationale Operator Initiation
RL_ARCL_KsbFree Zeroize a single
KSB slot
Memory occupied by the SSP
is overwritten with zeroes,
which renders the SSP value
irretrievable. Completion of the
function indicates that the
zeroization procedure
succeeded.
By calling the
RL_ARCL_KsbFree
function
RL_ARCL_Shutdown Zeroize all data
stored in the KSB
Memory occupied by the SSPs
is overwritten with zeroes,
which renders the SSP values
irretrievable. Completion of the
function indicates that the
By calling the
RL_ARCL_Shutdown
function
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 30 of 43
Zeroization Method Description Rationale Operator Initiation
zeroization procedure
succeeded.
RL_ARCL_Scrap Zeroize all data
stored in the KSB
Memory occupied by the SSPs
is overwritten with zeroes,
which renders the SSP values
irretrievable. Completion of the
function indicates that the
zeroization procedure
succeeded.
By calling the
RL_ARCL_Scrap
function
Remove power from
the SoC
De-allocates the
volatile memory
used to store
SSPs
Volatile memory used by the
module is overwritten within
nanoseconds when power is
removed
By removing power
Automatic Automatically
zeroized by the
module when no
longer needed
Every service overwrites its
temporary memory upon
completion, which renders any
SSP values used by the service
irretrievable. Completion of the
service indicates that the
zeroization procedure
succeeded.
N/A
Table 17: SSP Zeroization Methods
All data output is inhibited during zeroization.
9.4 SSPs
Name Description Size -
Strength
Type -
Category
Generated
By
Established
By
Used By
AES key Symmetric key
used for AES
operations
128, 192,
256 bits -
128, 192,
256 bits
Symmetric
- CSP
Encryption
Decryption
MAC
HMAC
key
Symmetric key
used for HMAC
operations
112-256 bits
- 112-256
bits
Symmetric
- CSP
MAC
Key-
derivation
key
Symmetric key
used to derive
other
symmetric
keys
112-256 bits
- 112-256
bits
Symmetric
- CSP
Key
derivation
Derived
key
Symmetric key
derived from a
key-derivation
key
112-256 bits
- 112-256
bits
Symmetric
- CSP
Key
derivation
Entropy
input
Entropy input
used to seed
the DRBG
384 bits -
384 bits
Entropy
input -
CSP
Random
number
generation
Random
number
generation
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 31 of 43
Name Description Size -
Strength
Type -
Category
Generated
By
Established
By
Used By
DRBG
seed
DRBG seed
derived from
entropy input
384 bits -
256 bits
DRBG
seed -
CSP
Random
number
generation
Random
number
generation
Internal
state (V,
Key)
Internal state
of the
CTR_DRBG
instance
384 bits -
256 bits
Internal
state -
CSP
Random
number
generation
Random
number
generation
RSA
public key
Public key
used for RSA
1024, 1536,
2048, 3072,
4096 bits -
80, 96, 112,
128, 150 bits
Public key
- PSP
Signature
verification
Table 18: SSP Table 1
Name Input -
Output
Storage Storage
Duration
Zeroization Related
SSPs
AES key API input
parameters
API output
parameters
Key Storage
Block
(KSB):Plaintext
SRAM:Plaintext
KSB: until
explicitly
removed or
the module
ends its
operation;
SRAM: for the
duration of the
service
RL_ARCL_KsbFree
RL_ARCL_Shutdown
RL_ARCL_Scrap
Remove power from
the SoC
Automatic
HMAC
key
API input
parameters
API output
parameters
Key Storage
Block
(KSB):Plaintext
SRAM:Plaintext
KSB: until
explicitly
removed or
the module
ends its
operation;
SRAM: for the
duration of the
service
RL_ARCL_KsbFree
RL_ARCL_Shutdown
RL_ARCL_Scrap
Remove power from
the SoC
Automatic
Key-
derivation
key
API input
parameters
API output
parameters
Key Storage
Block
(KSB):Plaintext
SRAM:Plaintext
KSB: until
explicitly
removed or
the module
ends its
operation;
SRAM: for the
duration of the
service
RL_ARCL_KsbFree
RL_ARCL_Shutdown
RL_ARCL_Scrap
Remove power from
the SoC
Automatic
Derived
key
API output
parameters
Key Storage
Block
(KSB):Plaintext
SRAM:Plaintext
KSB: until
explicitly
removed or
the module
ends its
RL_ARCL_KsbFree
RL_ARCL_Shutdown
RL_ARCL_Scrap
Remove power from
Key-
derivation
key:Derived
From
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 32 of 43
Name Input -
Output
Storage Storage
Duration
Zeroization Related
SSPs
operation;
SRAM: for the
duration of the
service
the SoC
Automatic
Entropy
input
Hardware
registers:Plaintext
From
generation
until DRBG
seed is
created
Remove power from
the SoC
DRBG
seed
Hardware
registers:Plaintext
While the
DRBG is
instantiated
Remove power from
the SoC
Entropy
input:Derived
From
Internal
state (V,
Key)
Hardware
registers:Plaintext
From DRBG
instantiation
until DRBG
termination
Remove power from
the SoC
DRBG
seed:Derived
From
RSA
public key
API input
parameters
API output
parameters
Key Storage
Block
(KSB):Plaintext
SRAM:Plaintext
KSB: until
explicitly
removed or
the module
ends its
operation;
SRAM: for the
duration of the
service
RL_ARCL_KsbFree
RL_ARCL_Shutdown
RL_ARCL_Scrap
Remove power from
the SoC
Automatic
Table 19: SSP Table 2
9.5 Transitions
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January
1, 2031.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 33 of 43
10 Self-Tests
While the module is executing the self-tests, services are not available, and data output (via the data output
interface) is inhibited until the tests are successfully completed. The module does not return control to the
calling application until the tests are completed.
10.1 Pre-Operational Self-Tests
Algorith
m or
Test
Test
Propertie
s
Test
Method
Test
Type
Indicator Details
SHA2-
384
N/A Messag
e digest
SW/F
W
Integrit
y
ArclState is set to
ARCL_STATE_VALIDATED_OPERATION
AL
Integrity
test on the
libROM
firmware
componen
t at power
up
Table 20: Pre-Operational Self-Tests
The pre-operational firmware integrity test on the libROM firmware component is performed automatically
when the module is initialized. If this test fails, the module transitions to the Hard Error state.
10.2 Conditional Self-Tests
As part of the initialization, the libROM firmware component loads the overlay firmware component and
performs the firmware load test on the overlay firmware. Only if this test succeeds, will the module move to
the operational state. Similar to the pre-operational integrity test, if the firmware load test fails, the module
transitions to the Hard Error state.
Algorit
hm or
Test
Test
Properti
es
Test
Method
Test
Type
Indicator Details Conditio
ns
RSA
SigVer
(FIPS18
6-5)
4096-bit
key,
SHA-
384
Signatur
e
verificati
on
SW/F
W
Load
ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Firmwar
e load
test on
the
overlay
firmware
compone
nt
Power up
SHA-1 0-bit
messag
e
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Message
digest
Prior to
first
approved
use of
SHA-1
SHA2-
256
0-bit
messag
e
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Message
digest
Prior to
first
approved
use of
SHA-224
or SHA-
256
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 34 of 43
Algorit
hm or
Test
Test
Properti
es
Test
Method
Test
Type
Indicator Details Conditio
ns
SHA2-
512
0-bit
messag
e
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Message
digest
Prior to
libROM
firmware
integrity
test
SHA3-
512
0-bit
messag
e
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Message
digest
Prior to
first
approved
use of
SHA-3 or
SHAKE
AES-
ECB
128-bit
key
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Encrypti
on
Prior to
first
approved
use of
AES
ECB,
CBC, or
CTR
AES-
ECB
128-bit
key
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Decrypti
on
Prior to
first
approved
use of
AES
ECB,
CBC, or
CTR
AES-
CMAC
128-bit
key
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
MAC tag
generati
on
Prior to
first
approved
use of
AES
CMAC
HMAC-
SHA2-
384
384-bit
key,
SHA-
384
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
MAC tag
generati
on
Prior to
first
approved
use of
HMAC
KDF
SP800-
108
256-bit
key-
derivatio
n key,
128-bit
derived
key
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Key-
based
key
derivatio
n
Prior to
first
approved
use of
KBKDF
Entropy
Source
Cutoff: 5
samples
RCT CAST Entropy Source is operational SP 800-
90B
Initializati
on of the
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 35 of 43
Algorit
hm or
Test
Test
Properti
es
Test
Method
Test
Type
Indicator Details Conditio
ns
start-up
health
test ran
over
4096
samples
Entropy
Source
Entropy
Source
Cutoff:
16
samples
APT CAST Entropy Source is operational SP 800-
90B
start-up
health
test ran
over
4096
samples
Initializati
on of the
Entropy
Source
Entropy
Source
Cutoff: 5
samples
RCT CAST Entropy Source produces entropy SP 800-
90B
continuo
us health
test
DRBG
seeding
Entropy
Source
Cutoff:
16
APT CAST Entropy Source produces entropy SP 800-
90B
continuo
us health
test
DRBG
seeding
Counter
DRBG
AES-
256
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
SP 800-
90Ar1
(instantia
te,
reseed,
generate
) health
test
Prior to
first
approved
use of the
CTR_DR
BG
RSA
SigVer
(FIPS18
6-5)
2048-bit
key with
SHA-
384
KAT CAST ArclState is set to
ARCL_STATE_VALIDATED_OPER
ATIONAL
Signatur
e
verificati
on
Prior to
overlay
firmware
load test
Table 21: Conditional Self-Tests
10.3 Periodic Self-Test Information
Algorithm or
Test
Test Method Test Type Period Periodic Method
SHA2-384 Message digest SW/FW Integrity On demand Manually
Table 22: Pre-Operational Periodic Information
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 36 of 43
Algorithm or
Test
Test Method Test Type Period Periodic Method
RSA SigVer
(FIPS186-5)
Signature
verification
SW/FW Load On demand Manually
SHA-1 KAT CAST On demand Manually
SHA2-256 KAT CAST On demand Manually
SHA2-512 KAT CAST On demand Manually
SHA3-512 KAT CAST On demand Manually
AES-ECB KAT CAST On demand Manually
AES-ECB KAT CAST On demand Manually
AES-CMAC KAT CAST On demand Manually
HMAC-SHA2-384 KAT CAST On demand Manually
KDF SP800-108 KAT CAST On demand Manually
Entropy Source RCT CAST On demand Manually
Entropy Source APT CAST On demand Manually
Entropy Source RCT CAST Every sample Manually
Entropy Source APT CAST Every sample Manually
Counter DRBG KAT CAST On demand Manually
RSA SigVer
(FIPS186-5)
KAT CAST On demand Manually
Table 23: Conditional Periodic Information
10.4 Error States
Name Description Conditions Recovery Method Indicator
Soft
Error
The module only
responds to status,
zeroization, and self-
test service requests
Cryptographic algorithm self-
test error after operational
state.
Invoke
RL_ARCL_SelfTest
service
ArclState
= 8
Hard
Error
The module does not
respond to any service
requests and must be
reset
FW integrity test error, FW
load test error, or
cryptographic algorithm self-
test error before operational
state.
Power off the module ArclState
= 16
Table 24: Error States
In the Soft Error state, the module outputs the error type through the status indicator and status output
interface. Moreover, the data input and data output interfaces are inhibited, and the module only accepts
control input.
In the Hard Error state, no input or output is possible at all.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 37 of 43
10.5 Operator Initiation of Self-Tests
The operator can request on-demand self-tests by invoking the RL_ARCL_SelfTest service. This service
executes all self-tests listed above.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 38 of 43
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures
To detect any potential tampering during delivery of the module, the user can verify the Thermoform or
JEDEC tray is securely strapped, and vacuum sealed in the moisture barrier bag. Additionally, the SoC
itself provides tamper evidence as specified in Section 7.
Upon delivery, no further installation or configuration is required for the hardware to operate as the validated
module in conformance with the rules in this Security Policy document. The module implicitly transitions
between the approved mode and the non-approved mode when appropriate.
11.2 Administrator Guidance
All the functions, ports and logical interfaces described in this document are available to the Crypto Officer.
The module implicitly transitions between the approved mode and the non-approved mode contingent on
the service that is invoked. Therefore, there are no special procedures to administer the approved or non-
approved modes.
11.3 Non-Administrator Guidance
The module implements only the Crypto Officer. There are no requirements for non-administrator operators.
11.4 Design and Rules
Not applicable.
11.5 Maintenance Requirements
Not applicable.
11.6 End of Life
The process for performing “End of Life” occurs at the chronological point of 10 years starting from
manufacturing date of the module.
The module does not possess persistent storage of SSPs. The SSP value only exists in volatile memory
and that value vanishes when the module is powered off. The procedure for secure sanitization of the
module at the end of life is achieved in the following way:
 The Crypto Officer issues a call to RL_ARCL_Scrap which releases any resources held by the
module, cleans up global workspace, and zeroizes any SSPs. Upon completion of this service, all
SSPs are removed from the module, so that the module may either be distributed to other operators
or disposed.
After sanitization, the Crypto Officer should blow the “scrap” (end-of-life) fuse to render the module non-
operational.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 39 of 43
12 Mitigation of Other Attacks
The module does not implement security mechanisms to mitigate other attacks.
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 40 of 43
A Glossary and Abbreviations
AES Advanced Encryption Standard
API Application Programming Interface
ARCL AMD Root of Trust Crypto Library
ASP AMD Secure Processor
CAST Cryptographic Algorithm Self-Test
CAVP Cryptographic Algorithm Validation Program
CBC Cipher Block Chaining
CBC-MAC Cipher Block Chaining Message Authentication Code
CCP Cryptographic Co-Processor
CFB Cipher Feedback
CMAC Cipher-based Message Authentication Code
CMVP Cryptographic Module Validation Program
CSP Critical Security Parameter
CTR Counter
DRBG Deterministic Random Bit Generator
ECB Electronic Code Book
FIPS Federal Information Processing Standards
GCTR Galois Counter
HAL Hardware Abstraction Layer
HMAC Keyed-Hash Message Authentication Code
IAPM Integrity-Aware Parallelizable Mode
IG International Guidance
IV Initialization Vector
JEDEC Joint Electron Device Engineering Council
KAT Known Answer Test
KSB Key Storage Block
MAC Message Authentication Code
NIST National Institute of Science and Technology
OFB Output Feedback
OTP One-Time Programmable
PCT Pair-wise Consistency Test
PKI Public Key Infrastructure
PSP Public Security Parameter
PSS Probabilistic Signature Scheme
ROM Read-Only Memory
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 41 of 43
RSA Rivest Shamir Adleman
RTL Register-Transfer Level
SHA Secure Hash Algorithm
SHAKE Secure Hash Algorithm with Keccak
SIB Security Infrastructure Block
SoC System on Chip
SRAM Static Random-Access Memory
SSP Sensitive Security Parameter
TOEPP Tested Operational Environment’s Physical Perimeter
TRNG True Random Number Generator
XOF Extendable Output Function
XTS XEX-based Tweaked-codebook mode with cipher text Stealing
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 42 of 43
B References
FIPS 140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules
March 2019
https://doi.org/10.6028/NIST.FIPS.140-3
FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic
Module Validation Program
https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-
program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
FIPS 180-4 Secure Hash Standard (SHS)
August 2015
https://doi.org/10.6028/NIST.FIPS.180-4
FIPS 186-2 Digital Signature Standard (DSS)
January 2000
https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf
FIPS 186-4 Digital Signature Standard (DSS)
July 2013
https://doi.org/10.6028/NIST.FIPS.186-4
FIPS 186-5 Digital Signature Standard (DSS)
February 2023
https://doi.org/10.6028/NIST.FIPS.186-5
FIPS 197 Advanced Encryption Standard (AES)
November 2001; Updated May 2023
https://doi.org/10.6028/NIST.FIPS.197-upd1
FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC)
July 2008
https://doi.org/10.6028/NIST.FIPS.198-1
FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output
Functions
August 2015
https://doi.org/10.6028/NIST.FIPS.202
SP 800-38A Recommendation for Block Cipher Modes of Operation: Methods and
Techniques
December 2001
https://doi.org/10.6028/NIST.SP.800-38A
SP 800-38B Recommendation for Block Cipher Modes of Operation: the CMAC Mode
for Authentication
May 2005; Updated October 2016
https://doi.org/10.6028/NIST.SP.800-38B
SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter
Mode (GCM) and GMAC
November 2007
https://doi.org/10.6028/NIST.SP.800-38D
SP 800-38E Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode
for Confidentiality on Storage Devices
January 2010
https://doi.org/10.6028/NIST.SP.800-38E
AMD ASP Cryptographic CoProcessor ("Strix 1" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy
© 2026 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 43 of 43
SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic
Random Bit Generators
June 2015
https://doi.org/10.6028/NIST.SP.800-90Ar1
SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation
January 2018
https://doi.org/10.6028/NIST.SP.800-90B
SP 800-108r1 Recommendation for Key Derivation Using Pseudorandom Functions
August 2022; Updated February 2024
https://doi.org/10.6028/NIST.SP.800-108r1-upd1
SP 800-131Ar2 Transitioning the Use of Cryptographic Algorithms and Key Lengths
March 2019
https://doi.org/10.6028/NIST.SP.800-131Ar2
SP 800-133r2 Recommendation for Cryptographic Key Generation
June 2020
https://doi.org/10.6028/NIST.SP.800-133r2
SP 800-140Br1 Cryptographic Module Validation Program (CMVP) Security Policy
Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and
ISO/IEC 19790 Annex B
November 2023
https://doi.org/10.6028/NIST.SP.800-140Br1