Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module

Certificate #4400

Webpage information ?

Status active
Validation dates 27.12.2022 , 27.02.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Firmware-Hybrid
Embodiment Single Chip
Caveat When operated in FIPS mode with modules [Google Titan-D] validated to FIPS 140-2 under Cert. #4367 operating in FIPS mode.
Exceptions
  • Mitigation of Other Attacks: N/A
Description The Integrated Management Complex firmware manages functions such as power-on, reset, clock and power control, configuration, and security functions including encryption and decryption, key derivation, key generation, and hashing. The IMC performs these functions as ARM Trusted Execution Environment (TEE) firmware executing on two ARM-A53 processors within the IN762 SoC. The hardware comprises the B227 TRNG, which is a NIST SP800-90 A/B compliant TRNG employed by the IMC module for generating cryptographic keys.
Version (Hardware) 3.00b
Version (Firmware) 20220318
Tested configurations
  • IN762 SoC B1 with ARM Cortex-A53
Vendor Google, LLC
References

This certificate's webpage directly references 1 certificates, transitively this expands into 1 certificates.

Security policy ?

Symmetric Algorithms
AES-, AES, CMAC
Hash functions
SHA-256
Randomness
TRNG, DRBG
Block cipher modes
ECB, CTR, GCM

Trusted Execution Environments
PSP, TEE

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS 140, FIPS 180-4, NIST SP 800-90, SP 800-38A, SP 800-38B, SP 800-90A, SP 800-108, SP 800-90B

File metadata

Creation date D:20230208121255-08'00'
Modification date D:20230208121255-08'00'
Pages 16
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

References

Incoming
  • 4445 - active - Look-aside Cryptography and Compression Engine (LCE)
  • 4521 - active - Look-aside Cryptography and Compression Engine (LCE)
  • 4799 - active - Look-aside Cryptography and Compression Engine (LCE)

Heuristics ?

No heuristics are available for this certificate.

References ?

Updates ?

  • 16.09.2024 The certificate data changed.
    Certificate changed

    The computed heuristics were updated.

    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4799']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4799']}}} data.
    • The module_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4799']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4799']}}} data.
  • 18.05.2023 The certificate data changed.
    Certificate changed

    The computed heuristics were updated.

    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4521']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4521']}}} data.
    • The module_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4521']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4521']}}} data.
  • 12.03.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The validation_history property was updated, with the [[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2023-02-27', 'validation_type': 'Update', 'lab': 'ACUMEN SECURITY, LLC'}]] values inserted.
    • The tested_conf property was set to ['IN762 SoC B1 with ARM Cortex-A53'].

    The PDF extraction data was updated.

    • The policy_metadata property was updated, with the {'pdf_file_size_bytes': 476166, '/CreationDate': "D:20230208121255-08'00'", '/ModDate': "D:20230208121255-08'00'"} data.

    The computed heuristics were updated.

    • The algorithms property was updated, with the {'_type': 'Set', 'elements': ['DRBG#A2721', 'AES#A2721']} values added.
    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'_type': 'Set', 'elements': ['4445']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4445']}} data.
    • The module_processed_references property was updated, with the {'directly_referenced_by': {'_type': 'Set', 'elements': ['4445']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4445']}} data.

    The state was updated.

    • The policy_pdf_hash property was set to d83207efffd949859167202218b0887032a8e02b910548ba8e97301e36033897.
    • The policy_txt_hash property was set to 6dd3d16971f16b318178e2b8701dd97703b54043e72246ace954a0f42c437937.
  • 09.02.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4400,
  "dgst": "936d1dafd8b1b6e7",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES#A2469",
        "KBKDF#A2469",
        "SHS#A2469",
        "DRBG#A2721",
        "AES#A2721",
        "DRBG#A2469"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.00"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4799",
          "4521",
          "4445"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4367"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4799",
          "4521",
          "4445"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4367"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "4367"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4799",
          "4521",
          "4445"
        ]
      },
      "directly_referencing": null,
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4799",
          "4521",
          "4445"
        ]
      },
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-CMAC 128": 1,
          "AES-CTR 256": 1,
          "DRBG 256": 2,
          "SHA-256": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA2": {
            "SHA-256": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 35
        },
        "TRNG": {
          "TRNG": 20
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-2": 13,
          "FIPS 180-4": 1
        },
        "NIST": {
          "NIST SP 800-90": 1,
          "SP 800-108": 2,
          "SP 800-38A": 2,
          "SP 800-38B": 1,
          "SP 800-90A": 17,
          "SP 800-90B": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 1,
            "AES-": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 2
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 18
        },
        "other": {
          "TEE": 2
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20230208121255-08\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230208121255-08\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 476166,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 16
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "d83207efffd949859167202218b0887032a8e02b910548ba8e97301e36033897",
    "policy_txt_hash": "6dd3d16971f16b318178e2b8701dd97703b54043e72246ace954a0f42c437937"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode with modules [Google Titan-D] validated to FIPS 140-2 under Cert. #4367 operating in FIPS mode.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2022_030123_0646_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Integrated Management Complex firmware manages functions such as power-on, reset, clock and power control, configuration, and security functions including encryption and decryption, key derivation, key generation, and hashing. The IMC performs these functions as ARM Trusted Execution Environment (TEE) firmware executing on two ARM-A53 processors within the IN762 SoC. The hardware comprises the B227 TRNG, which is a NIST SP800-90 A/B compliant TRNG employed by the IMC module for generating cryptographic keys.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "20220318",
    "historical_reason": null,
    "hw_versions": "3.00b",
    "level": 1,
    "mentioned_certs": {
      "4367": 1
    },
    "module_name": "Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module",
    "module_type": "Firmware-Hybrid",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "IN762 SoC B1 with ARM Cortex-A53"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2022-12-27",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-02-27",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Update"
      }
    ],
    "vendor": "Google, LLC",
    "vendor_url": "http://www.google.com"
  }
}