Secure Boot Processor (SBP) Crypto Engine

Certificate #4518

Webpage information ?

Status active
Validation dates 10.05.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Single Chip
Caveat When operated in FIPS mode.
Exceptions
  • Mitigation of Other Attacks: N/A
Description The Secure Boot Processor operates a secure enclave within the Fungible DPU, and implements a hardware rooted chain of trust for authenticating all software, firmware and configuration files used in the DPU. The SBP also manages a number of asymmetric key cryptography accelerators within the enclave, and implements APIs for invoking these accelerators. The APIs are used by the DPU operating system (FunOS) modules to offload public key cryptography operations.
Version (Hardware) F1 1.0.0 and S1 1.0.1
Version (Firmware) 95b53165a1
Tested configurations
  • Fungible F1 rev A0
  • Fungible S1 rev A0
Vendor Fungible, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-, HMAC, HMAC-SHA-256, HMAC-SHA-512, CMAC
Asymmetric Algorithms
ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA1, SHA-1, SHA224, SHA256, SHA384, SHA512, SHA-512
Schemes
PKE, Key Agreement
Randomness
TRNG, DRBG
Elliptic Curves
P-224, P-256, P-384, P-521, P-192, B-233, B-283, K-283, B-409, K-409, B-571, K-571, Ed25519
Block cipher modes
ECB, CBC, CTR, GCM

JavaCard API constants
X448

Security level
Level 1

Standards
FIPS 140-2, FIPS 140, FIPS 197, FIPS 198-1, FIPS 180-4, FIPS 186-4, FIPS PUB 140-2, SP 800-38A, SP 800-38B, SP 800-38D, SP 800-90B, SP 800-90A, SP 800-108, SP 800-135, NIST SP 800-56B, NIST SP 800-38D, SP 800-56A, SP 800-56B, SP 800-132, PKCS#8, PKCS1, RFC 3278

File metadata

Author Ryan Thomas
Creation date D:20230331200128-07'00'
Modification date D:20230331200128-07'00'
Pages 23
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 26.06.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf.
  • 18.05.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4518,
  "dgst": "408750da3f14b5c8",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES#A2318",
        "KTS#A2318",
        "DSA#A2350",
        "RSA#A2350",
        "AES#A2322",
        "SHS#A2320",
        "KTS#A2323",
        "RSA#A2349",
        "CVL#A2350",
        "KBKDF#A2342",
        "CVL#A2342",
        "DSA#A2349",
        "DRBG#A2342",
        "KTS-RSA#A2350",
        "HMAC#A2320",
        "KAS-SSC#A2349",
        "CVL#A2349",
        "KTS-RSA#A2349",
        "SHS#A2319",
        "AES#A2323",
        "ECDSA#A2349",
        "AES#A2321",
        "KAS-SSC#A2350",
        "ECDSA#A2350",
        "HMAC#A2319"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.0.0",
        "1.0.1"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 7
          },
          "ECDH": {
            "ECDH": 15
          },
          "ECDSA": {
            "ECDSA": 9
          },
          "EdDSA": {
            "EdDSA": 1
          }
        },
        "FF": {
          "DH": {
            "DH": 13,
            "Diffie-Hellman": 6
          },
          "DSA": {
            "DSA": 6
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        },
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 7
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "PKE": {
          "PKE": 11
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Edwards": {
          "Ed25519": 1
        },
        "NIST": {
          "B-233": 2,
          "B-283": 2,
          "B-409": 2,
          "B-571": 2,
          "K-283": 2,
          "K-409": 2,
          "K-571": 2,
          "P-192": 2,
          "P-224": 16,
          "P-256": 22,
          "P-384": 16,
          "P-521": 16
        }
      },
      "eval_facility": {
        "Acumen": {
          "Acumen Security": 1
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-GCM 21": 1,
          "HMAC-SHA-1": 2,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-512": 2,
          "HMAC-SHA1": 2,
          "HMAC-SHA224": 2,
          "HMAC-SHA256": 2,
          "HMAC-SHA512": 2,
          "PKCS#8": 24,
          "PKCS1": 1,
          "RSA PKCS1": 1,
          "SHA 512": 1,
          "SHA-1": 4,
          "SHA-512": 2,
          "SHA1": 1,
          "SHA2- 256": 1,
          "SHA2- 384": 5,
          "SHA2-224": 7,
          "SHA2-256": 6,
          "SHA2-384": 2,
          "SHA2-512": 6,
          "SHA2-5122": 1,
          "SHA224": 1,
          "SHA256": 1,
          "SHA384": 1,
          "SHA512": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 4
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 4,
            "SHA1": 1
          },
          "SHA2": {
            "SHA-512": 2,
            "SHA224": 1,
            "SHA256": 1,
            "SHA384": 1,
            "SHA512": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "X448": 1
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 18
        },
        "TRNG": {
          "TRNG": 11
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 4,
          "FIPS 140-2": 16,
          "FIPS 180-4": 3,
          "FIPS 186-4": 7,
          "FIPS 197": 3,
          "FIPS 198-1": 2,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "NIST SP 800-38D": 1,
          "NIST SP 800-56B": 2,
          "SP 800-108": 5,
          "SP 800-132": 1,
          "SP 800-135": 4,
          "SP 800-38A": 3,
          "SP 800-38B": 2,
          "SP 800-38D": 3,
          "SP 800-56A": 1,
          "SP 800-56B": 1,
          "SP 800-90A": 10,
          "SP 800-90B": 4
        },
        "PKCS": {
          "PKCS#8": 12,
          "PKCS1": 1
        },
        "RFC": {
          "RFC 3278": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 20,
            "AES-": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 12,
            "HMAC": 3,
            "HMAC-SHA-256": 2,
            "HMAC-SHA-512": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Ryan Thomas",
      "/CreationDate": "D:20230331200128-07\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230331200128-07\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 592815,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://www.fungible.com/",
          "http://www.acumensecurity.net/",
          "https://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 23
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "f9b4f1c490606bcd1f6db6844e3bb90d7c49f63c2fa043a4828e492de94acb70",
    "policy_txt_hash": "534f86d8733ac76ab0ba568d58e7338158d06d52c534edf3ef268422fc88b7e8"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Secure Boot Processor operates a secure enclave within the Fungible DPU, and implements a hardware rooted chain of trust for authenticating all software, firmware and configuration files used in the DPU. The SBP also manages a number of asymmetric key cryptography accelerators within the enclave, and implements APIs for invoking these accelerators. The APIs are used by the DPU operating system (FunOS) modules to offload public key cryptography operations.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "95b53165a1",
    "historical_reason": null,
    "hw_versions": "F1 1.0.0 and S1 1.0.1",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Secure Boot Processor (SBP) Crypto Engine",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "Fungible F1 rev A0",
      "Fungible S1 rev A0"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-10",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Fungible, Inc.",
    "vendor_url": "http://www.fungible.com"
  }
}