1 Apr. 26, 2024
FIPS 140‐3 Non-Proprietary Security Policy for:
Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series
MG09ACP18TA and MG09ACP16TA
Prepared by:
Rev 2.3.1
2 Apr. 26, 2024
TOSHIBA SECURE TCG OPAL SSC SELF-ENCRYPTING DRIVE SERIES......................................... 1
1. GENERAL ................................................................................................................................... 3
1.1 ACRONYMS...........................................................................................................................................3
2. CRYPTOGRAPHIC MODULE SPECIFICATION ......................................................................... 4
2.1 PRODUCT VERSION ..............................................................................................................................4
2.2 ALL SECURITY FUNCTIONS ..................................................................................................................4
3. CRYPTOGRAPHIC MODULE INTERFACES .............................................................................. 6
4. ROLES, SERVICES, AND AUTHENTICATION ........................................................................... 6
4.1 ROLES..................................................................................................................................................7
4.2 SERVICES .............................................................................................................................................8
5. SOFTWARE/FIRMWARE SECURITY ........................................................................................ 13
6. OPERATIONAL ENVIRONMENT ............................................................................................. 13
7. PHYSICAL SECURITY.............................................................................................................. 13
8. NON-INVASIVE SECURITY...................................................................................................... 13
9. SENSITIVE SECURITY PARAMETERS MANAGEMENT......................................................... 14
10. SELF-TESTS.............................................................................................................................. 16
11. LIFE-CYCLE ASSURANCE ....................................................................................................... 17
12. MITIGATION OF OTHER ATTACKS ......................................................................................... 18
3 Apr. 26, 2024
1. General
The Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series (MG09ACP18TA and
MG09ACP16TA) is used for hard disk drive data security. The security levels for this Cryptographic
Module (CM) are as follows:
ISO/IEC 24759 Section 6.
[Number Below]
FIPS 140-3 Section Title Security
Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 2
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A
Overall Level 1
Table 1: Security Levels
This document is non-proprietary and may be reproduced in its original entirety.
1.1 Acronyms
AES Advanced Encryption Standard
CM Cryptographic Module
CSP Critical Security Parameter
DRBG Deterministic Random Bit Generator
EBG Entropy Bit Generator
FW Firmware
HMAC Keyed-Hashing for Message Authentication code
KAT Known Answer Test
LBA Logical Block Address
PCA Printed Circuit Assembly
POST Power on Self-Test (pre-operational self-tests and conditional algorithm self-tests)
SoC System on Chip
SSC Security Subsystem Class
SED Self-Encrypting Drive
SHA Secure Hash Algorithm
SID Security ID
TCG SWG Trusted Computing Group Storage Work Group
TOEPP Tested Operational Environment’s Physical Perimeter
4 Apr. 26, 2024
2. Cryptographic Module Specification
This CM provides various cryptographic services using approved algorithms. Services include
hardware-based data encryption, cryptographic erase, independently protected user data LBA
ranges, and FW Download. The CM always encrypts the user data, protects CSPs from unauthorized
access, and provides secure sanitization methods by supporting TCG Opal SSC features. The
operational rules described in this document adheres to TCG Opal.
This CM is a multiple-chip-embedded hardware cryptographic module. The cryptographic boundary
of the CM is the entire HDD. The physical interface for power-supply and for communication is one
SATA connector. The CM is connected with host system by this SATA connector. The logical interface
is the SATA, TCG SWG and Opal SSC.
The CM has the non-volatile storage area for not only user data but also the keys, CSPs, and FW.
The latter storage area is called the “system area”, which is not logically accessible / addressable by
the host application.
The CM has one approved mode of operation and CM is always in approved mode of operation. The
CM provides only approved services defined in 4.2. Non-approved security functions are not
implemented.
2.1 Product Version
The Toshiba Secure TCG Opal SSC SED has been validated in the following versions:
Model Hardware [Part Number and
Version]
Firmware
Version
Distinguishing Features
MG09ACP18TA A0 PD82 SATA interface, 18TB
MG09ACP16TA A0 PD82 SATA interface, 16TB
The tested platform is Toshiba Cryptographic Hardware 88i1215-B1. The CM does not employ any
operating system.
Table 2: Cryptographic Module Tested Configuration
2.2 All Security Functions
The CM does not implement any non-approved algorithms allowed in the approved mode of operation.
It does not implement any non-approved algorithms allowed in the approved mode of operation with
no security claimed. It does not implement any non-approved algorithms not allowed in the approved
mode of operation.
CAVP
Certs
Algorithm and
Standard
Mode/Method Description / Key Size(s) /
Key Strength
Use/Function
A1637 RSA, FIPS PUB
186-4
RSASSA-
PKCS#1-v1_5
Modulus: 3072bits,
Key Strength: 128bits
Digital signature verification
A1637 SHS, FIPS PUB
180-4
SHA2-256
(BYTE-only)
- Message digest for RSA
5 Apr. 26, 2024
CAVP
Certs
Algorithm and
Standard
Mode/Method Description / Key Size(s) /
Key Strength
Use/Function
A1638 AES, FIPS PUB
197-upd1,
SP800-38A
CBC Key Size: 256bits,
Key Strength: 256bits
Data encryption / decryption
A1638 AES, FIPS PUB
197-upd1
ECB Key Size: 256bits,
Key Strength: 256bits
Data encryption / decryption
(used as a prerequisite for XTS
mode)
A1638 AES, FIPS PUB
197-upd1,
SP800-38E
XTS Key Size (Key_1):256bits,
Key Size (Key_2):256bits,
Key Strength: 256bits
Data encryption / decryption
A1638 HMAC, FIPS
PUB 198-1
SHA2-256 Key Size: 256bits,
Key Strength: 256bits,
KS < BS
Message authentication for
data integrity verification of
system area
A1638 SHS, FIPS PUB
180-4
SHA2-256
(BYTE-only)
- Message digest for HMAC
A1645 Hash-DRBG,
SP800-90A rev1
SHA2-256 Prediction Resistance：
False
Deterministic random bit
generation
A1645 SHS, FIPS PUB
180-4
SHA2-256
(BYTE-only)
- Message digest for DRBG
ENT (P) SP800-90B - - Seed generation for Hash-
DRBG
Vendor
Affirmed
CKG, SP800-
133rev2
- An output of the hash-
DRBG is directly used.
(Section 4 of SP800-
133rev2)
Key generation
There are algorithms, modes, and keys that have been CAVP tested but not used by the module.
Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used
by the module.
Table 3: Approved Algorithms
Figure 1: MG09ACP16TA Figure 2: MG09ACP18TA Figure 3: PCA side
Figure 4 shows the CM's block diagram. In this diagram, the cryptographic boundary of the CM,
6 Apr. 26, 2024
defined by the enclosure of the MG09ACP18TA and the MG09ACP16TA, is indicated by a dashed
line. It includes the SATA connector, the SoC, the buffer DRAM, the flash ROM and the magnetic
storage medium.
Figure 4: Block Diagram
3. Cryptographic Module Interfaces
The CM does not implement any control output interface.
Physical port Logical interface Data that passes over port / interface
SATA connector Data input interface User data, FW data
SATA connector Data output interface User data
SATA connector Control input interface SATA control input data (ex. command frame,
data frame)
N/A Control output interface N/A
SATA connector Status output interface SATA status output data (ex. response frame,
data frame)
SATA connector Power interface N/A
All data, status, control, and power interfaces above use a single SATA connector that contains multiple
pins for power supply, data transmission, and signal exchange.
Table 4: Ports and Interfaces
4. Roles, Services, and Authentication
This section describes roles and services the CM supports. The CM supports 16 Crypto Officer roles
listed in Table 5. The roles listed in Table 5 are all Crypto Officer roles.
The CM does not implement any Non-Approved Services.
7 Apr. 26, 2024
4.1 Roles
Role1 Service Input Output
LockingSP.Ad
min1
…
LockingSP.Ad
min4
Enable / Disable LockingSP
Admin/User
Trusted Send command Command
response
Range Lock/Unlock
Set range position and size
TCG Reactivate
TCG Cryptographic Erase
(Erase)
TCG Cryptographic Erase
(GenKey)
Zeroization (without RKey)
Master Cryptographic erase ATA Security Erase
command
Command
response
Range Lock/Unlock ATA Security Unlock
command
Firmware Download2 ATA Security Unlock
command and Download
Microcode command with
FW
Enable ATA Role ATA Security Set Password
command
Exit ATA Mode ATA Security Disable
Password command
User Cryptographic erase ATA Security Erase
command
Command
response
Range Lock/Unlock ATA Security Unlock
command
Firmware Download ATA Security Unlock
command and Download
Microcode with FW
Enable ATA Role ATA Security Set Password
command
Exit ATA Mode ATA Security Disable
Password command
LockingSP.Us
er1
…
LockingSP.Us
er9
Range Lock/Unlock Trusted Send command Command
response
Set range position and size
TCG Cryptographic Erase
(Erase)
TCG Cryptographic Erase
(GenKey)3
AdminSP.SID TCG activate Trusted Send command Command
response
Firmware Download Trusted Send command and
Download Microcode
command with FW
1 TCG Authority (LockingSP.Admin1-4, AdminSP.Admin1, LockingSP.User1-9 or AdminSP.SID)
can be assumed by using TCG Start Session method, while ATA Security role (Master or User) can
be assumed by using ATA Security command.
2 When the Master password capability is set to “High” by User.
3 Available only when the CM uses TCG Single User Mode functionality.
The CM is always in 140-3 approved mode of operation regardless of this functionality.
8 Apr. 26, 2024
Role1 Service Input Output
None Reset (run POSTs) Power on reset command Command
response
Data read / write Read/Write commands with
User data
Command
response,
User data
Random number generation Trusted Send command Command
response,
Random
number
Show status Read Status Register
command
Command
response,
Status
Zeroization (with RKey)
(using PSID)
Trusted Send command Command
response
Cryptographic Sanitization Sanitize command
Show versioning information Identify Device command Command
response,
Versioning
information
Non-security relevant HDD service ATA command Command
response
Table 5: Roles, Service Commands, Input and Output
4.2 Services
The CM supports two security modes: ATA security mode and TCG Opal security mode. A set of
available services is different depending on the mode.
The CM also supports the TCG Single User Mode functionality defined in the Single User Mode
feature set of TCG Opal. A single role (LockingSP.Userx) is assigned to manage the associated range
(range X) during the TCG single user mode. The LockingSP.Reactivate or LockingSP.Activate
method enables this mode. Authorized roles of some services differ when the CM is in single user
mode. About such services, the Role(s) column in Table 6 is divided into two rows. The upper row
shows authorized roles in non-single user mode (normal mode), while the lower row shows
authorized roles against range X in single user mode.
The CM provides the following services to operators per Section 7.4.3.1 of ISO/IEC
19790_2012_2015:
 Show module's versioning information: Show versioning information service
 Show status: Show Status service
 Perform self-test: Reset (run POSTs) service
 Perform zeroization: Zeroization (with RKey) service, Zeroization (without RKey) services
9 Apr. 26, 2024
 Perform approved security functions: Services indicated with Approved Security Functions
in Table 6
The modes of access to SSPs shown in Table 6 are defined as:
G = Generate: The module generates or derives the SSP.
R = Read: The SSP is read from the module (e.g. the SSP is output).
W = Write: The SSP is updated, imported, or written to the module.
E = Execute: The module uses the SSP in performing a cryptographic operation.
Z = Zeroise: The module zeroises the SSP.
Service Description Approved
Security
Functions
Keys
and/or
SSPs
Role(s) Access
rights
to Keys
and/or
SSPs
Indicator
Cryptographic
Erase
Erase user data (in
cryptographic means) by
changing the data encryption
key, disable Master/User roles
and transition to non-ATA
security mode.
Method: ATA SECURITY
ERASE PREPARE command
and ATA SECURITY ERASE
UNIT command in ATA
security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
Master
User
G, Z
E
Command
response
Data
read/write
(decrypt/encry
pt)
Encryption / decryption of
unlocked user data to/from
range
Method: ATA READ, WRITE
commands in ATA security
mode or TCG Opal security
mode
AES256-XTS MEK(s) None E Command
response
Enable
/Disable
LockingSP
Admin/User
Enable/Disable LockingSP
Admin/User (except for-
Single-User-Data-Range
User) Authority
Method: TRUSTED SEND
command (TCG Set Method)
in TCG Opal security mode
HMAC
SHA2-
256(A1638)
N/A LockingSP.A
dminx
N/A Command
response
Random
Number
generation
Provide a random number
generated by the CM
Method: TRUSTED SEND
command (TCG Random) in
TCG Opal security mode
Hash_DRBG
SHA2-
256(A1645)
DRBG C
Vector
DRBG V
Vector
None4 E
E
Command
response
4 Except for User, Master
10 Apr. 26, 2024
Service Description Approved
Security
Functions
Keys
and/or
SSPs
Role(s) Access
rights
to Keys
and/or
SSPs
Indicator
Range
Lock/Unlock
Block or allow read (decrypt)
/ write (encrypt) of user
data in a range. Locking
also requires read/write
locking to be enabled
Method:
-TRUSTED SEND command
(TCG Set Method) in TCG
Opal security mode
-ATA SECURITY UNLOCK
command in ATA security
mode
HMAC
SHA2-
256(A1638)
RKey
MEK(s)
LockingSP.A
dminx/Loc
kingSP.Use
rx
(LockingSP
is active)
or
User/Master
5 (ATA
Security is
enable)
E
E
Command
response
LocknigSP.
Userx
Set range
position and
size
Set the location and size of the
LBA range
Method: TRUSTED SEND
command (TCG Set Method)
in TCG Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
LockingSP.A
dminx
G
E
Command
response
LockingSP.A
dminx
or
LockingSP.
Userx
Reset
(run POSTs)
Perform self-tests and delete
CSPs in SRAM
Method: Power on reset
command
RSASSA-
PKCS#1-v1_5
SHA2-
256(A1637)
DRBG C
Vector
DRBG V
Vector
Seed
RKey
None G, Z
G, Z
G, E, Z
E
Command
response
TCG
reactivate
Switch from/to TCG Opal
single user mode
Method:
-TRUSTED SEND command
(TCG Reactivate) in TCG
Opal security mode
HMAC
SHA2-
256(A1638)
N/A LockingSP.A
dminx
N/A Command
response
Show Status Report status of the CM
Method:
-Read STATUS REGISTER
command (50/51h)
N/A N/A None N/A Command
response
TCG Activate Activate LockingSP and
transition to TCG Opal
security mode
Method: TRUSTED SEND
command (AdminSP.activate)
before transitioning to TCG
Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
(except
for
Global
Range)
RKey
AdminSP.SI
D
G
E
Command
response
5 When the Master password capability is set to “High” by User.
11 Apr. 26, 2024
Service Description Approved
Security
Functions
Keys
and/or
SSPs
Role(s) Access
rights
to Keys
and/or
SSPs
Indicator
TCG
Cryptographic
Erase (Erase)
Erase user data (in
cryptographic means) in an
LBA range by changing the
data encryption key. This
method is available only in
single user mode.
Method: TRUSTED SEND
command (TCG Erase) in
TCG Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
N/A G, Z
E
Command
response
LocknigSP.
Userx
LockingSP.A
dminx
TCG
Cryptographic
Erase
(GenKey)
Erase user data (in
cryptographic means) in an
LBA range by changing the
data encryption key.
Method: TRUSTED SEND
command (TCG GenKey) in
TCG Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
LockingSP.A
dminx
G, Z
E
Command
response
LockingSP.
Userx
Zeroization
(with RKey)
Initialize the CM by zeroizing
a root key (RKey), MEKs, and
range configuration, and
transition to non-TCG Opal
security mode.
Method: TRUSTED SEND
command (
- AdminSPObj.Revert6
) in TCG Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
None (using
PSID7)
G, Z
G, E, Z
Command
response
Zeroization
(without
Rkey)
Initialize the CM by zeroizing
MEKs, and range
configuration, and transition
to non-TCG Opal security
mode.
Method: TRUSTED SEND
command (
- LockingSP.RevertSP6
- LockingSPObj.Revert6
) in TCG Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
LockingSP.A
dminx
G, Z
E
Command
response
6 AdminSPObj.Revert, LockingSP.RevertSP, LockingSPObj.Revert are methods of TCG Opal SSC.
7 PSID (Printed SID) is public drive-unique value which is used for the TCG Revert AdminSP
method. PSID is printed on the HDD’s product label.
12 Apr. 26, 2024
Service Description Approved
Security
Functions
Keys
and/or
SSPs
Role(s) Access
rights
to Keys
and/or
SSPs
Indicator
Firmware
Download
Enable / Disable firmware
download and load a part of a
firmware image. If the
firmware load test passes, the
CM will run with the new
code.
Method:
-TRUSTED SEND command
(TCG Set Method),
DOWNLOAD MICROCODE
command in TCG Opal
security mode
-ATA SECURITY UNLOCK
command, DOWNLOAD
MICROCODE command in
ATA security mode
RSASSA-
PKCS#1-v1_5
SHA2-
256(A1637)
HMAC
SHA2-
256(A1638)
PubKey AdminSP.SI
D
User
Master8
E Command
response
Cryptographic
Sanitization
Erase user data by changing
the data encryption key.
This service is available only
when all ranges are unlocked.
Method: SANITIZE CRYPTO
SCRAMBLE EXT command
in ATA security mode or TCG
Opal security mode
Hash_DRBG
SHA2-
256(A1645)
AES256-CBC
HMAC
SHA2-
256(A1638)
ENT (P)
CKG
MEK(s)
RKey
None G, Z
E
Command
response
Show
versioning
information
Output the model name, HW
version and FW version of the
CM.
Method: IDENTIFY DEVICE
command with Word 23-26
(FW version), Word 135 (HW
version)
N/A N/A None N/A Command
response
Non-security
relevant HDD
service
Provide a HDD general
service
Method: ATA commands
N/A N/A None N/A Command
response
Enable ATA
role
Enable User/Master role and
transition to ATA security
mode.
Method: ATA SECURITY
SET PASSWORD command
before transitioning to ATA
security mode
HMAC
SHA2-
256(A1638)
N/A User
Master9
N/A Command
response
8 When the Master password capability is set to “High” by User.
9 Each role is enabled by itself.
13 Apr. 26, 2024
Service Description Approved
Security
Functions
Keys
and/or
SSPs
Role(s) Access
rights
to Keys
and/or
SSPs
Indicator
Exit ATA
mode
Disable User role and
transition to non-ATA
security mode.
Method: ATA SECURITY
DISABLE PASSWORD
command in ATA security
mode
HMAC
SHA2-
256(A1638)
N/A User
Master10
N/A Command
response
Table 6: Approved Services
5. Software/Firmware Security
FW integrity check is performed at power on. Signature verification using RSASSA-PKCS#1-v1_5 of
the FW codes (in the flash ROM and in the disk media) and EDC verification of the FW code in the
Mask ROM are done. The operator can initiate the on-demand FW integrity check by power cycling.
All firmware components are in executable form, which cannot be dynamically modified.
6. Operational Environment
The CM is a hardware module and operates in a non-modifiable operational environment, that is its
firmware cannot be modified and no code can be added or deleted. SSPs are controlled by the CM
itself, and uncontrolled access to CSPs and uncontrolled modifications of SSPs are prevented.
Although firmware can be updated by “Firmware Download” service, whole FW codes (in the flash
ROM and in the disk media) are replaced by this service, and the module becomes another module
which requires new 140-3 certification.
7. Physical Security
The CM has the following physical security:
⚫ Production-grade components with standard passivation
⚫ Exterior of the drive is opaque
The operator is required to periodically inspect the enclosure condition of the CM.
8. Non-Invasive Security
The CM does not employ non-invasive mitigation techniques referenced in NIST SP800-140F.
10 When the Master password capability is set to “High” by User.
14 Apr. 26, 2024
9. Sensitive Security Parameters Management
The CM uses SSPs in the following tables:
Key/SSP/Name/
Type
Strength
Security
function and
cert. number
Generation
Import/
export
Establishment Storage Zeroization Use & related keys
MEKs/ CSP/
Symmetric
256
AES-
XTS(A1638)
By Hash-
DRBG
(A1645)
CKG, SP800-
133rev2
Compliant
with IG C.I
(Key_1 ≠
Key_2)
No
After
“Cryptographic
Erase”,“Zeroizati
on (with RKey /
without RKey)”,
“TCG
Cryptographic
Erase (Erase /
GenKey)”,
“Cryptographic
Sanitization”,
“TCG Activate”,
and “Set range
position and
size” services.
In the factory
Encrypte
d by
RKey / in
System
area
/Static
By
“Cryptograp
hic Erase”,
“Zeroization
(with RKey /
without
RKey)”,
“TCG
Cryptograph
ic Erase
(Erase /
GenKey)”,
and
“Cryptograp
hic
Sanitization”
services
(explicitly)
User data
encryption and
decryption (only for
storage purpose)
Encrypted and
decrypted by RKey
By “Range
Lock/Unlock”
service.
By “Reset”
service (when
the associated
range is
unlocked)
Plain/ in
SRAM
(SoC
register)
/Dynami
c
By power-off
(implicitly)
Rkey/ CSP/
Symmetric
256
AES-
CBC(A1638)
By Hash-
DRBG
(A1645)
CKG, SP800-
133rev2
No
After
“Zeroization
(with Rkey)”
service.
In the factory
Obfuscat
ed (plain
in 140-3
means) /
in
System
area
/Static
By
“Zeroization
(with RKey)"
service
(explicitly)
Encryption and
decryption of MEKs
By
“Cryptographic
Erase”,“Zeroizati
on (with RKey /
without RKey)”,
“TCG
Cryptographic
Erase (Erase /
GenKey)”,
“Cryptographic
Sanitization”,
“TCG Activate”,
“Set range
position and
Plain/ in
SRAM
/Dynami
c
After use
(implicitly)
15 Apr. 26, 2024
Key/SSP/Name/
Type
Strength
Security
function and
cert. number
Generation
Import/
export
Establishment Storage Zeroization Use & related keys
size”, and
“Range
Lock/Unlock”
services.
By “Reset”
service (when
the range is
unlocked)
Seed/ CSP/ DRBG
seed11
N/A12
Hash-
DRBG(A1645),
Entropy source
By Entropy
source
No
At instantiation
(SP800-90Arev1)
Plain/ in
SRAM
/Dynami
c
By power-off
(implicitly)
Instantiation of
Hash_DRBG
DRBG C Vector/
CSP/ internal
state
N/A12
Hash-
DRBG(A1645)
By DRBG No
At instantiation
(SP800-90Arev1)
Plain/ in
SRAM
/Dynami
c
By power-off
(implicitly)
Random number
generation
DRBG V Vector/
CSP/ internal
state
N/A12
Hash-
DRBG(A1645)
By DRBG No
At instantiation
(SP800-90Arev1)
Plain/ in
SRAM
/Dynami
c
By power-off
(implicitly)
Random number
generation
PubKey/ PSP/
Public
Modulus:
3072
Key
Strength:
128
RSASSA-
PKCS#1-
v1_5(A1637)
Manufacturi
ng
No
In the factory
Plain /
Embedde
d in FW
in
system
area
/Static
By
“Firmware
Download”
service
(explicitly)
Signature
verification
By “Firmware
Download”
service
Plain/ in
SRAM
/Dynami
c
By power-off
(implicitly)
Table 8: SSPs
Note that there is no security-relevant audit feature and audit data.
Entropy sources Minimum number of bits of
entropy
Details
Entropy source 0.6 / 1 Physical noise source used to seed the approved Hash-
DRBG. The overall amount of generated entropy is 48
bytes.
This entropy source meets NIST SP800-90B
requirements.
Table 9: Non-Deterministic Random Number Generation Specification
If the source may deteriorate to the point when the generation of the sufficient amount of entropy
can no longer be guaranteed, health test detects the source deterioration, enter an error state, and
11 Entropy input string and nonce.
12 The security strength of Hash_DRBG is 256 bits.
16 Apr. 26, 2024
halts the CM. When the CM continuously enters in error state in spite of several trials of reboot, the
CM shall be sent back to factory to recover from error state.
10. Self-Tests
The CM runs self-tests in the following table.
Function Self-test type Description Operator
initiation
Failure behavior
Firmware
integrity check
Pre-operational
software/firmware
integrity test
EDC (32bits)
verification of the
firmware in the Mask
ROM
Power-cycle Boot error state
The CM is not accessible
via SATA interface
Signature verification
of the firmware in the
flash ROM by
RSASSA-PKCS#1-
v1_5 with a 3072-bit
Modulus using
“PubKey2”
Boot error state
The CM is not accessible
via SATA interface
Signature verification
of the firmware in the
disk media by
RSASSA-PKCS#1-
v1_5 with a 3072-bit
Modulus using
“PubKey2”
Boot error state
The CM is not accessible
via SATA interface
AES CBC Conditional
cryptographic
algorithm test
Encrypt KAT with a
256-bit key
Power-cycle Boot error state
The CM is not accessible
via SATA interface
Decrypt KAT with a
256-bit key
AES XTS Conditional
cryptographic
algorithm test
Encrypt KAT with a
256-bit key
Power-cycle
Decrypt KAT with a
256-bit key
SHA2-
256(A1637)
Conditional
cryptographic
algorithm test
Digest KAT Power-cycle
SHA2-
256(A1638)
Conditional
cryptographic
algorithm test
Digest KAT Power-cycle
SHA2-
256(A1645)
Conditional
cryptographic
algorithm test
Digest KAT Power-cycle
Hash DRBG Conditional
cryptographic
algorithm test
DRBG KAT Power-cycle
HMAC Conditional
cryptographic
algorithm test
Digest KAT Power-cycle
RSASSA-
PKCS#1-v1_5
Conditional
cryptographic
algorithm test
Signature verification
KAT with a 3072-bit
Modulus
Power-cycle
17 Apr. 26, 2024
Entropy source Conditional
cryptographic
algorithm test
SP800-90B Start-up
health test (repetition
count test, adaptive
proportion test)
Power-cycle Boot error state
The CM is not accessible
via SATA interface
SP800-90B
Continuous health
test (repetition count
test, adaptive
proportion test)
Power-cycle Error state (conditional
test)
Status Field: 0x53, Error
Field: 0x04
Firmware load
test
Conditional
software/firmware
load test
Signature verification
of firmware image by
RSASSA-PKCS#1-
v1_5 with a 3072-bit
Modulus
N/A Error state (FW Load Test)
Status Field: 0x53, Error
Field: 0x04
The CM discards the new
firmware image, then
enters the Idle state
The public verification key “PubKey2” used in firmware integrity check resides within the
MaskROM code and is not a SSP.
SHA2-256(A1637) is embedded in RSASSA-PKCS#1-v1_5, while SHA2-256(A1638) is used in HMAC,
and SHA2-256(A1645) is employed in Hash DRBG.
Table 10: Self-Tests
If the CM fails the self-test, it enters one of three error states: Error State (Conditional Test), Error
State (FW Load Test), or Boot Error State. If the SP800-90B continuous health test fails, it enters
Error State (Conditional Test); if the firmware load test fails, it goes to Error State (FW Load Test);
and for other self-tests, it transitions to Boot Error State. The status indicator for each error state is
specified in Table 10 (e.g., The “Random Number Generation” service resulting in “Status Field: 0x53,
Error Field: 0x04” indicates that the CM is currently in Error State (Conditional Test)).
When in the error state, the CM does not perform any cryptographic operations or output data. A
power cycle is required to clear the error state. When the CM continuously enters the error state
despite several reboot attempts, the CM should be returned to the factory for recovery from the error
state.
The CM does not support any degraded operation.
11. Life-Cycle Assurance
The following are the secure initialization procedure for the CM.
The CM is always in approved mode of operation in a deployed environment. In addition to this, the
following procedure of initial settings will allow further secure operation during power cycling.
Initialization in TCG Opal security mode:
Please refer to TCG Opal specification (TCG Storage Security Subsystem Class: Opal Version
2.01 Revision 1.00) for the details.
(1) Activate LockingSP by “TCG Activate” service.
18 Apr. 26, 2024
(2) Set LockOnReset in Download port to “Power Cycle”.13
(3) Set ReadLockEnabled and WriteLockEnabled to 1(true) and LockOnReset to “Power
Cycle”.14
(4) Do a power-on reset.
Initialization in ATA security mode:
(1) Enable ATA role (Master) with “Enable ATA role” service.
(2) Enable ATA role (User) with “Enable ATA role” service and set Master Password Capability
to “Maximum”.
(3) Disable Software Settings Preservation (SSP) feature set.13,14
(4) Do a power-on reset.
The longest service life of the CM under suitable conditions and treatment is 5 years. By the end of
this period the operator is required to follow the CM’s end of life procedures below.
(1) Initialize internal sensitive data in the host system.
(2) Initialize parameters and user information in the CM by “Zeroization (with RKey)” service.
For additional details, refer to the guidance documents provided with the CM:
⚫ 3.5 type SATA Hard Disk Drives Product Specification
⚫ 3.5 type SATA Hard Disk Drives Interface Specification
⚫ 3.5 type Hard Disk Drives SED Specification
⚫ Toshiba SED HDD FIPS140-2/3 Use case Rev.6.0
12. Mitigation of Other Attacks
The CM does not mitigate other attacks beyond the scope of 140-3 requirements.
13 This procedure configures the CM to disable Firmware Download feature after power-cycling.
14 This procedure configures the CM to lock all range(s) after power-cycling.