Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module

Certificate #4400

Webpage information

Status active
Validation dates 27.12.2022 , 27.02.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Firmware-Hybrid
Embodiment Single Chip
Caveat When operated in FIPS mode with modules [Google Titan-D] validated to FIPS 140-2 under Cert. #4367 operating in FIPS mode.
Exceptions
  • Mitigation of Other Attacks: N/A
Description The Integrated Management Complex firmware manages functions such as power-on, reset, clock and power control, configuration, and security functions including encryption and decryption, key derivation, key generation, and hashing. The IMC performs these functions as ARM Trusted Execution Environment (TEE) firmware executing on two ARM-A53 processors within the IN762 SoC. The hardware comprises the B227 TRNG, which is a NIST SP800-90 A/B compliant TRNG employed by the IMC module for generating cryptographic keys.
Version (Hardware) 3.00b
Version (Firmware) 20220318
Tested configurations
  • IN762 SoC B1 with ARM Cortex-A53
Vendor Google, LLC
References

This certificate's webpage directly references 1 certificates, transitively this expands into 1 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES-, AES, CMAC
Hash functions
SHA-256
Randomness
TRNG, DRBG
Block cipher modes
ECB, CTR, GCM

Trusted Execution Environments
PSP, TEE

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS 140, FIPS 180-4, NIST SP 800-90, SP 800-38A, SP 800-38B, SP 800-90A, SP 800-108, SP 800-90B

File metadata

Creation date D:20230208121255-08'00'
Modification date D:20230208121255-08'00'
Pages 16
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

References

Incoming
  • 4799 - active - Look-aside Cryptography and Compression Engine (LCE)
  • 4521 - active - Look-aside Cryptography and Compression Engine (LCE)
  • 4445 - active - Look-aside Cryptography and Compression Engine (LCE)

Heuristics

No heuristics are available for this certificate.

References

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4400,
  "dgst": "936d1dafd8b1b6e7",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "DRBG#A2721",
        "AES#A2721",
        "KBKDF#A2469",
        "SHS#A2469",
        "DRBG#A2469",
        "AES#A2469"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.00"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4445",
          "4799",
          "4521"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4367"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4445",
          "4799",
          "4521"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4367"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "4367"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4445",
          "4799",
          "4521"
        ]
      },
      "directly_referencing": null,
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4445",
          "4799",
          "4521"
        ]
      },
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-CMAC 128": 1,
          "AES-CTR 256": 1,
          "DRBG 256": 2,
          "SHA-256": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA2": {
            "SHA-256": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 35
        },
        "TRNG": {
          "TRNG": 20
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-2": 13,
          "FIPS 180-4": 1
        },
        "NIST": {
          "NIST SP 800-90": 1,
          "SP 800-108": 2,
          "SP 800-38A": 2,
          "SP 800-38B": 1,
          "SP 800-90A": 17,
          "SP 800-90B": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 1,
            "AES-": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 2
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 18
        },
        "other": {
          "TEE": 2
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20230208121255-08\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230208121255-08\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 476166,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 16
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "d83207efffd949859167202218b0887032a8e02b910548ba8e97301e36033897",
    "policy_txt_hash": "6dd3d16971f16b318178e2b8701dd97703b54043e72246ace954a0f42c437937"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode with modules [Google Titan-D] validated to FIPS 140-2 under Cert. #4367 operating in FIPS mode.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2022_030123_0646_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Integrated Management Complex firmware manages functions such as power-on, reset, clock and power control, configuration, and security functions including encryption and decryption, key derivation, key generation, and hashing. The IMC performs these functions as ARM Trusted Execution Environment (TEE) firmware executing on two ARM-A53 processors within the IN762 SoC. The hardware comprises the B227 TRNG, which is a NIST SP800-90 A/B compliant TRNG employed by the IMC module for generating cryptographic keys.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "20220318",
    "historical_reason": null,
    "hw_versions": "3.00b",
    "level": 1,
    "mentioned_certs": {
      "4367": 1
    },
    "module_name": "Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module",
    "module_type": "Firmware-Hybrid",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "IN762 SoC B1 with ARM Cortex-A53"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2022-12-27",
        "lab": "Acumen Security",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-02-27",
        "lab": "Acumen Security",
        "validation_type": "Update"
      }
    ],
    "vendor": "Google, LLC",
    "vendor_url": "http://www.google.com"
  }
}