SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 1 of 33 Solidigm DC SSD D7-D4512 FIPS 140-2 Cryptographic Module Non-Proprietary Security Policy Document Version: 0.9 Date: October 21, 2022 SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 2 of 33 Table of Contents 1 Introduction ..................................................................................................................5 1.1 Hardware and Physical Cryptographic Boundary.........................................................................7 1.1.1 NVMe Interface...............................................................................................................................7 1.1.2 SMBus Interface..............................................................................................................................7 1.2 Firmware and Logical Cryptographic Boundary...........................................................................8 1.3 Modes of Operation.....................................................................................................................9 2 Cryptographic Functionality......................................................................................... 11 2.1 Critical Security Parameters.......................................................................................................13 2.2 Public Security Parameters (PSP) ...............................................................................................14 3 Roles, Authentication and Services .............................................................................. 15 3.1 Assumption of Roles...................................................................................................................15 3.2 Authentication Methods............................................................................................................16 3.3 Services.......................................................................................................................................17 4 Self-Tests..................................................................................................................... 23 5 Physical Security.......................................................................................................... 25 5.1 Physical Security Policy...............................................................................................................25 5.2 Applying Tamper-Evident Seals for Drives Shipped in FIPS Non-Approved mode.....................28 6 Operational Environment ............................................................................................ 29 7 Mitigation of Other Attacks Policy................................................................................ 29 8 Security Rules and Guidance ........................................................................................ 29 9 References and Definitions .......................................................................................... 32 SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 3 of 33 List of Tables Table 1 –Cryptographic Module Configurations...........................................................................................5 Table 2 – Security Level of Security Requirements.......................................................................................5 Table 3 – Ports and Interfaces ......................................................................................................................7 Table 4 – Approved and CAVP Validated Cryptographic Functions............................................................11 Table 5 – Approved Cryptographic Functions Tested with Vendor Affirmation ........................................12 Table 6 – Non-Approved but Allowed Cryptographic Functions ................................................................12 Table 7 – Critical Security Parameters (CSPs) .............................................................................................13 Table 8 – Public Security Parameters..........................................................................................................14 Table 9 – Roles Description.........................................................................................................................15 Table 10 – Unauthenticated Roles..............................................................................................................16 Table 11 – Authenticated Services..............................................................................................................18 Table 12 – Unauthenticated Services .........................................................................................................19 Table 13 – CSPs and PSPs Access Rights within Services ............................................................................20 Table 14 – Power-Up Self-Tests ..................................................................................................................23 Table 15 – Conditional Self-Tests................................................................................................................24 Table 16 – Physical Security Inspection Guidelines ....................................................................................27 Table 17 – References.................................................................................................................................32 Table 18 – Acronyms and Definitions .........................................................................................................32 List of Figures Figure 1 Module Picture................................................................................................................................7 Figure 2 – Module Block Diagram.................................................................................................................8 Figure 3 – Module Physical Enclosure - Front.............................................................................................25 Figure 4 – Module Physical Enclosure - Isometric ......................................................................................26 Figure 5 – Module Physical Enclosure - Back..............................................................................................26 Figure 6 – Module Physical Enclosure - Bottom .........................................................................................27 Figure 7 Applying Tamper-Evident Seals.....................................................................................................28 Figure 8 Seal Application Locations ............................................................................................................29 SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 4 of 33 Copyrights and Trademarks © 2022 Solidigm. This document can be reproduced and distributed only whole and intact, including this copyright notice SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 5 of 33 1 Introduction This document defines the Security Policy for the Solidigm DC SSD D7-D4512 module, hereafter denoted as the Module. The Module is a PCIe dual-port Gen3 x 2 NVMe SSD with industry leading NAND delivering power-efficient performance with enterprise ready security and remote manageability capabilities. The Module meets FIPS 140-2 overall Level 2 requirements. Table 1 –Cryptographic Module Configurations Modules HW P/Ns and Versions Tamper-Evident Seals P/N FW Version 1 Solidigm D7- D4512 1.92 TB SSDPD2KS019T8R with J29722-003 Rev1 and J90877-300 Rev4 K33839-001 VPV1ET10, VPV1ET13 2 Solidigm D7- D4512 3.84 TB SSDPD2KS038T8R with J29722-003 Rev1 and J90878-300 Rev4 3 Solidigm D7- D4512 7.68 TB SSDPD2KS076T8R with J29722-003 Rev1 and J90879-300 Rev4 4 Solidigm D7- D4512 15.36 TB SSDPD2KS153T8R with J76794-100 Rev9 The Module is intended for use by US Federal agencies and other markets that require FIPS 140-2 validated Self-Encrypting Solid State Disks. The Module is a multi-chip standalone embodiment. The FIPS 140-2 security levels for the Module are as follows: Table 2 – Security Level of Security Requirements Security Requirement Security Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 2 Roles, Services, and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment NA Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 2 Mitigation of Other Attacks N/A SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 6 of 33 The Module implementation is compliant with: • NVM Express 1.2b: o https://nvmexpress.org/wp-content/uploads/NVM_Express_1_2b_20160601-1.pdf • TCG Opal 2.01: o https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage- Opal_SSC_v2.01_rev1.00.pdf • NVMe-MI 1.0a: o https://nvmexpress.org/wp- content/uploads/NVM_Express_Management_Interface_1_0a_2017.04.08_-_gold.pdf SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 7 of 33 1.1 Hardware and Physical Cryptographic Boundary The Module is designed to be embedded in a General Purpose Computer (host) and is connected through the PCIe connector. The physical form of the Module is depicted in Figure 1. Figure 1 Module Picture The cryptographic boundary is defined as the external perimeter of the SSD enclosure represented in Figure 1. The physical ports and logical interfaces are identified in Table 3 below: Table 3 – Ports and Interfaces Port Interfaces Description Logical Interface Type PCIe connector NVMe NVMe interface used for both normal and maintenance operations Control in | Data in | Data out | Status out SMBus Management interface Control in | Status out Power Power interface Power 1.1.1 NVMe Interface The NVMe interface provides the primary interface to interact with the module. Most services provided by the module are accessed via the NVMe Interface including Opal configuration, reading and writing user data, retrieving FIPS capability support, and retrieving FIPS status reporting. 1.1.2 SMBus Interface The SMBus interface provides the ability to audit the SSD environment (temperature, Vital Product Data). SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 8 of 33 1.2 Firmware and Logical Cryptographic Boundary The Module is composed of the following components: 1. P4512 – The storage controller ASIC. This component is responsible for terminating PCIe/NVMe commands, reading or writing data to the Host platform, encrypting or decrypting data from the Host platform, and storing or retrieving data to NAND non-volatile memory. 2. AL5 – The PCIe dual-port bridge ASIC. This component is responsible for bridging two PCIe Gen3x2 interfaces into a single PCIe Gen3x4 interface on the storage controller ASIC. 3. DDR – Dynamic RAM. These components are used by the AL5 bridge for temporary storage of data and/or parameters that are needed by the AL5 controller during execution. 4. NAND – non-volatile memory. These components comprise the non-volatile media of the storage device. These components store encrypted user data, firmware for the P4512, and other non- volatile configuration data needed by the P4512 controller during execution. 5. PIC – SMBus controller. The Module relies on the PCIe/NVMe interface as input/output devices. Figure 2 depicts the Module block diagram: Physical Security Boundary PCIe Connector (2x2) AL5 PIC P4512 Controller NAND PCIe/NVMe Port2 Gen3x2 PCIe/NVMe Port1 Gen3x2 SMBUS SMBUS 3DXP 3DXP NAND NAND PCIe/NVMe Gen3x4 DDR Figure 2 – Module Block Diagram The PCIe Host is attached to the Module via two PCIe Gen3x2 interfaces supporting 2 lanes each which are bridged by the AL5 ASIC into a single PCIe Gen3x4 interface on the P4512 ASIC. The dual PCIe interfaces provide the data input, data output, control and status interface. The NVMe layer handles NVMe 1.2b commands. Some of the NVMe 1.2b commands may be handled by firmware running in the P4512 controller via interrupts to the P4512 controller. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 9 of 33 Firmware is located in AL5 and P4512 components. AL5 contains neither security relevant implementation, CSPs, nor Public parameters with the exception of the plaintext password that is passed through the AL5 to be processed by the P4512. 1.3 Modes of Operation The Module ships from the manufacturing facility with either the FIPS Approved firmware identified in Table 1 or a firmware which was not validated. To determine if a module is using a FIPS Approved firmware version, the FIPS Compliance Descriptor will be retrieved via the Read FIPS Compliance service and the following information will be verified: 1. Related Standard indicates FIPS 140-2 (2) on byte 13 2. Overall Security Level indicates Level 2 (2) on byte 14 3. Compliance Descriptor Hardware Version (byte 16) matches the HW P/N and Version column of a configuration in Table 1 4. Compliance Descriptor Version (byte 144) matches the FW Version column of a configuration in Table 1. 5. Compliance Descriptor Module Name (byte 272) matches the Module column of a configuration in Table 1. When the FIPS firmware is installed, the module is placed in a FIPS uninitialized mode and user authentication is not enabled. When the FIPS firmware is not installed, the user will have to perform the following operations to transition the module to a FIPS uninitialized mode: 1. Update the firmware with the Firmware download verification service to the FIPS Approved firmware. 2. Reset the module. 3. Enable/Activate Opal. 4. Perform an AdminSP Revert method on the AdminSP. 5. Apply the tamper-evident seals as shown in Section 5.2. The Module must be placed into the FIPS Approved mode of operation (Initialized) through the following initialization procedure: 1. Taking ownership of Opal by setting the AdminSP SID credential to something other than MSID. 2. Activating the LockingSP. 3. Setting the WriteLockEnabled and ReadLockEnabled column within the Locking Table of all ranges containing sensitive user data. The CO role is responsible for configuration of other CO roles and User roles as well as enabling locking/unlocking of any of the CO or User role-controlled areas (locking ranges). The User roles are responsible for enabling locking/unlocking of the assigned locking ranges as well as performing SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 10 of 33 locking/unlocking of their assigned locking range. In FIPS Approved mode (Initialized), both the CO and User Roles require authentication and unlock prior to allowing access to data, whereas the uninitialized mode does not. The module will be in non-Approved mode of operation if not initialized. To determine if a Module is in the FIPS Approved mode of operation (Initialized), the following must be verified: 1. The LockingEnabled bit of the TCG Level 0 Discovery Locking Feature Descriptor is set to 1 2. The ReadLockEnabled column of the Locking Table is set to the True state for all ranges covering sensitive user data It is possible to switch from the FIPS Approved Initialized mode to uninitialized mode by performing the AdminSP Revert method. However, the module shall be initialized to be in a FIPS mode of operation before any User accesses the Module and calls any services different than those described in Section 1.3. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 11 of 33 2 Cryptographic Functionality The Module implements the FIPS Approved and Non-Approved but Allowed cryptographic functions listed in the tables below. Table 4 – Approved and CAVP Validated Cryptographic Functions Algorithm Description Cert # AES [FIPS 197, SP 800-38A] Functions: CTR Cryptographic Erase of encryption Keys, CBC Encryption and Decryption of encryption Keys Modes: ECB, CTR, CBC Key size: 256 bits C586 AES [FIPS 197, SP 800-38F] Functions: Encryption and Decryption of the Keys Modes: KW Key size: 256 bits C793 AES [FIPS 197, SP 800-38A, SP 800-38E] Functions: XTS Encryption and Decryption operations Modes: XTS, ECB Key size: 256 bits C587 DRBG [SP 800-90A] Functions: HMAC DRBG Hash: SHA-256 (Cert. #C586) Security Strength: 256 bits C817 HMAC [FIPS 198-1] Functions: Firmware Message Authentication Generation (Firmware Download), Verification of Firmware on Boot (integrity test) SHA size: SHA-256 (Cert. #C593) C593 HMAC [FIPS 198-1] Functions: HMAC-DRBG random number generation, KBKDF, PBKDF2 SHA size: SHA-256 (Cert. #C586) C586 Key Based KDF (KBKDF) [SP800-108] Functions: Derivation of the keys used to wrap key blobs for cryptographic erase Options HMAC-SHA-256: (Cert. #C586) C793 SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 12 of 33 Algorithm Description Cert # RSA [FIPS 186-4 and PKCS #1 v2.1 (PKCS1.5)] Functions: Digital Signature Verification (Firmware Download, Maintenance authentication) Key size: 2048 bits Hash: SHA-256 (Cert. #C586) C793 SHS [FIPS 180-4] Functions: HMAC Digital Signature Generation (Firmware Download), Firmware Integrity test using HMAC SHA size: SHA-256 C593 SHS [FIPS 180-4] Functions: Digital Signature Verification (Firmware Download), HMAC DRBG, Key Based-KDF operations SHA size: SHA-256 C586 Table 5 – Approved Cryptographic Functions Tested with Vendor Affirmation Algorithm Description IG Ref. CKG [SP 800-133] Section 7.1: Direct symmetric key generation using unmodified DRBG output Section 7.4: Symmetric Keys Derived From a Pre-shared Key Vendor Affirmed IG D.12 Password-Based KDF [SP 800-132] Options: PBKDF2 with Option 1a Functions: HMAC-based KDF using SHA-256 (Cert. #C586) Used as part of authentication of User and Cryptographic Officer roles Note: the keys derived from passwords are only used for storage applications. Vendor Affirmed IG D.6 Table 6 – Non-Approved but Allowed Cryptographic Functions Algorithm Description NDRNG [Annex C] Hardware Non-Deterministic RNG. The NDRNG provides a seed with a minimum entropy of 256 bits to the FIPS Approved DRBG. Password Based KDF (no security claimed) [SP 800-132] HMAC-based KDF with SHA-256. Used as part of PSID verification only. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 13 of 33 Algorithm Description Key Based KDF (no security claimed) [SP800-108] Functions: • Derivation of the key used to verify the Firmware Integrity. • Derivation of a key used to obfuscate the keys AES KW (no security claimed) [FIPS 197, SP 800-38F] Key storage encryption with a non-Approved method Non-Approved Cryptographic Functions for use in non-FIPS mode only: None. 2.1 Critical Security Parameters All CSPs used by the Module are described in this section. All usage of these CSPs by the Module (including all CSP lifecycle states) is described in the services detailed in Section 3.3. Table 7 – Critical Security Parameters (CSPs) CSP Description / Usage DRBG-EI 3096-bit DRBG entropy input DRBG-State HMAC_DRBG internal state (V and C) AdminSPKREK AdminSP Key Ring Encryption Key, AES-256 key AdminSPPassword AdminSP passwords used to authenticate the CO ASPPKey AdminSP Key derived from the CO passwords, AES-256 key MEK Media Encryption Keys, AES-256 keys MKEK Media Key Encryption Keys, AES-256 keys KREK Key Ring Encryption Key, AES-256 key U-Password Passwords used to authenticate the CO and User UPKey Key derived from the CO and User passwords with PBKDF2, AES-256 keys REKMEK Reset Ephemeral Key for Media Encryption Keys, AES-256 key REKMKEK Reset Ephemeral Key for Media Key Encryption Keys, AES-256 key CEERK Crypto Erase Ephemeral Root Key, 256-bit random data CEEK Crypto Erase Ephemeral Key, AES-256 key SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 14 of 33 2.2 Public Security Parameters (PSP) Table 8 – Public Security Parameters Key Description / Usage FW_Pub 2048-bit RSA public Key used to verify the signature of the firmware PSID 32 bytes value used to call the TCG Revert service MSID 32 bytes value used to initialize the Module (first authentication) Salt PBKDF2 Salt, 20-byte value Unlock_Key Asymmetric Diagnostic Unlock Public Key: 2048-bit RSA public Key used to verify the certificate of the authorized Solidigm entity that is unlocking the drive for diagnostic access SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 15 of 33 3 Roles, Authentication and Services 3.1 Assumption of Roles The Module supports three (3) distinct operator roles: User, Cryptographic Officer (CO) and Maintenance roles. The cryptographic Module enforces the separation of the Cryptographic Officer and User roles using a credential (named password or PIN) that is provisioned for the administrator (CO) and User roles as part of taking ownership and personalization of the Opal security subsystem. The credential is verified as part of authentication as the specific role during session startup to the Opal Security Subsystem. Access control over configuration mechanisms under control of the administrator is enforced by the Module firmware. The Maintenance role is entered via authentication of an RSA 2048-bit challenge/response protocol with 512-bit nonce and PSID verification (to prove physical presence). This role grants maintenance and recovery capabilities to the cryptographic Module implementer. Table 9 lists all operator roles supported by the Module. The Module does not support concurrent operators. If multiple successful authentications occur in an active session to the Opal security subsystem to multiple roles, modifications are possible to the Opal security subsystem under both roles simultaneously, however, it is assumed that the separation is performed by the human operators and not by the cryptographic Module or the software that is the session owner. Neither the administrator credential nor the user credential are discoverable/readable through the Opal Security Subsystem, regardless of the active authentication state in the session. Table 9 – Roles Description Role ID Role Description Authentication Type Authentication Data CO Cryptographic Officer – -Opal Locking SP Admin Authorities (4) -Opal AdminSP Admin and SID Authorities (2) -Ability to configure start addresses and encryption within the Module (locking ranges) -Ability to provide user roles with the ability to enable/disable locking on a locking range -Ability to enable/disable locking on a locking range -Ability to cryptographically erase a locking range -Ability to move from FIPS Approved Initialized Mode to FIPS uninitialized mode through AdminSP Revert Role-based 14-byte to 32-byte password (U- Password) Five (5) attempts are possible before requiring a power-on reset of the storage device SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 16 of 33 Role ID Role Description Authentication Type Authentication Data User User – -Opal Locking SP User Authorities (8) -Ability to enable/disable locking on a locking range -Ability to cryptographically erase a locking range Role-based 14-byte to 32-byte password (U- Password) Five (5) attempts are possible before requiring a power-on reset of the storage device Maintenance Maintenance role - Ability to recover debug logs - Ability to bring device to healthy state when otherwise non- functional - Ability to load authenticated firmware into the Module Role-based RSA 2048-bit challenge/response protocol w/ 512 bit nonce and PSID verification (to prove physical presence) Table 10 – Unauthenticated Roles Role ID Role Description Public Authentication Data (if present) PSID PSID role – -PSID Authority -Ability to move from FIPS Approved initialized Mode to FIPS uninitialized mode through AdminSP Revert which also causes Zeroization of all CSPs 32-byte value (written on the Module) Five (5) attempts are possible before requiring a power-on reset of the storage device Anybody User – -Ability to read MSID -Ability to read all configuration data in AdminSP and LockingSP tables (except for PIN values) N/A 3.2 Authentication Methods CO and User Password/PIN Authentication Method The Module supports a maximum of four (4) admin users (CO) and nine (9) individual users (8 locking ranges plus one global range as defined by [TCG-OPAL]. Each user may insert a unique password/PIN up to 32 bytes in order to authenticate to the Module and act on the Module in that role. The password/PIN length must be at least 14 bytes (see Security Rules and Guidance). SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 17 of 33 Thus, the probability of guessing a password/PIN in a single attempt is 1/2^112 (= 1/2^(8*14)) which is smaller than 1/10^6. The Module enforces a count-based access protection mechanism that supports, at most, five (5) password authentication attempts per second. After five (5) consecutive unsuccessful password validation attempts have occurred, the Module requires a reset before any more login attempts can be attempted. The reset time required in performing a reset to the Module is one (1) second. Therefore, 5 * 30 = 150 password attempts may be executed in one minute where the overall search space is 2^112 leaving a false acceptance probability in one minute of 150/2^112, which is smaller than 1/10^5 as required for FIPS 140- 2. The password/PIN is received in plaintext by the Module and the Module passes the password through the PBKDF2 algorithm with 20 bytes of salt in order to derive the CO and the User CSPs to access the media. Maintenance Authentication Method This authentication method is used to verify the Maintenance role as part of the maintenance unlock mechanism. The operator, external to the module, must perform a challenge response authentication mechanism in addition to PSID verification to authenticate as the Maintenance role. The challenge response authentication mechanism is performed through the following steps: 1. The operator requests a 64-byte challenge from the module through a vendor unique command a. The module will generate a 64-byte challenge using the HMAC-DRBG. 2. The operator collects the 64-byte challenge and has it signed by an authorized Solidigm representative that has access to an RSA leaf private key and a leaf certificate that has been signed with the RSA private key that corresponds to the RSA Asymmetric Diagnostic Unlock public key contained in the CM. 3. The operator then provides the signed 64-byte challenge, the leaf certificate, and the PSID value as a return response to the CM. 4. The CM then verifies the PSID, the leaf certificate, and then the RSA signed 64-byte challenge. 5. If all of these steps are successful, the CM will then transition into maintenance mode. The Maintenance role challenge response authentication mechanism leverages a 64-byte nonce and 2048-bit signature verification. The security strength of the authentication method is greater than 112 bits. Therefore, the probability of a random attempt of generating a matching signed challenge is 1/2^112 which is smaller than 1/10^6. The module can perform up to 1,500 authentication verifications per one minute where the overall search space is 2^112 leaving a false acceptance probability in one minute of 1,500/2^112 (= 2.88E-31), which is smaller than 1/10^5 as required for FIPS 140-2. 3.3 Services All services implemented by the Module in FIPS initialized mode are listed in Table 11 and Table 12 below. Each service description also describes all usage of CSPs by the service. The service names highlighted in bold in Table 11 and Table 12 can be called in the FIPS uninitialized mode. Note: • CO = Cryptographic Officer Role • U = User Role • FM = Maintenance Role SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 18 of 33 Table 11 – Authenticated Services Service Description CO U FM Take Ownership Sets the SID credential to something other than MSID X Data Encryption/Decryption Protects access to the Media Encryption Keys stored in the Module in ciphertext form. The cryptographic officer or user password is used to generate an intermediate key (Pkey) which is used to unwrap a Key Ring Encryption Key which is then used to unwrap the Media Key Encryption Key which is then used to unwrap the Media Encryption Key. X X Enable/Disable of Opal (FIPS Approved, Initialized Mode) Enable through TCG Activate/Disable Opal through AdminSP or LockingSP Revert X Change admin password Change any password in AdminSP X Zeroize/AdminSP Revert Destroy user data (TCG Revert) X Disable authorities Disable authorities to make them invalid and no longer able to authenticate to the drive. X Configure Locking Ranges Configure locking ranges in the CM. X Change any password in Admin/Locking SP Change any password in Locking SP X Format NVM/ GenKey Destroy any data (changing key) X TCG RevertSP and keep data Revert and keep data. Reset all configuration data in the locking SP but do not destroy user data in the Global Range. X Set data store Set data store – write data into the Opal data store tables. X Configure Access Control Change which entity can manage/lock/unlock an encryption range. X Lock, unlock ranges Lock, unlock ranges from access to read/writes on the data input/output interface X X Set common name – Locking SP if allowed by Locking SP Admin If the Locking SP Administrator allows, change the common name to reflect different text in the Locking SP X SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 19 of 33 Service Description CO U FM Set data store if allowed by Locking SP Admin If Locking SP Administrator allows, change data in the data store tables X FW Maintenance Retrieve FW Maintenance Logs, recover device from non-functional state X Maintenance FW update The module allows the firmware to be updated through a vendor unique command in the event of a firmware failure. This authentication mechanism is used to verify the firmware using RSASSA-PKCS1-v1.5 signature verification with SHA-256 and an internal public key. X Table 12 – Unauthenticated Services Service Description Module Reset (Self-test) Reset the Module by power cycle, or PERST#. Performs self-tests, firmware integrity check. Warm Reset Resets the module by performing an NVMe Subsystem Reset. Read of configuration (show status) Opening a session as Anybody does not require authentication. During an active session in this state, the CM will provide Status/Level 0 Discovery information, the version number, and Opal security configuration. This will be invoked during the FIPS Approved Mode check. Read FIPS Compliance Reads FIPS 140 compliance descriptor as defined in [SFSC]. NVMe Firmware download verification The module allows the firmware to be updated through the NVMe Firmware Download and Commit commands. This authentication mechanism is used to verify the firmware using RSASSA-PKCS1-v1.5 signature verification with SHA256 and FW_Pub. Zeroization/PSID Revert Destroys all CSPs after PSID verification. NVMe-MI Basic Management Command Retrieves drive status (status flags, SMART warnings, temperature, VID, serial number, etc.). User/Admin Authentication (start session) Authenticates a user using a TCG credential. FW Maintenance unlock The Module authenticates the maintenance role using challenge response authentication and PSID verification and upon successful authentication, maintenance capabilities are unlocked. Random Generates a random number and returns it to the caller of the method. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 20 of 33 Service Description Telemetry The module allows the collection of debugging information through NVMe log pages – host-initiated telemetry log page and controller initiated log page. The purpose of the telemetry log data is to provide information required to debug firmware issues remotely. Sanitize Destroys any data (changing key) while in FIPS uninitialized mode. Table 13 defines the relationship between access to CSPs and the different Module services. The modes of access shown in the table are defined as: • G = Generate: The Module generates the CSP. • Ḡ = Generate: The Module generates the CSP – unless the CSP is the Global Range MEK, in which case it is not destroyed, but preserved through the service. • R = Read: The Module reads the CSP. The read access is typically performed before the Module uses the CSP. • E = Execute: The Module executes using the CSP. • W = Write: The Module writes the CSP. The write access is typically performed after a CSP is imported into the Module, when the Module generates a CSP, or when the Module overwrites an existing CSP. • Z = Zeroize: The Module zeroizes plaintext and ciphertext CSPs. • Ž = Plaintext Zeroize: The Module zeroizes all plaintext instances of the CSP from memory, if present Table 13 – CSPs and PSPs Access Rights within Services Services CSPs PSPs DRBG-EI DRBG-State AdminSPKREK AdminSPPassword ASPPKey MEK MKEK KREK U-Password UPKey REK MEK REK MKEK CEERK CEEK FW_Pub PSID MSID Salt Unlock_Key Unauthenticated Module Reset Z Z Z Z Z Z Z Z Z Z Z G Z G -- Z -- -- -- -- -- Warm Reset Z Z -- Z Z -- -- -- Z Z RE RE -- Z -- -- -- -- -- Read of configuration (show status) -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Read of FIPS Compliance -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- NVMe Firmware download verification -- -- -- -- -- -- -- -- -- -- -- -- -- -- RE -- -- -- -- SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 21 of 33 Services CSPs PSPs DRBG-EI DRBG-State AdminSPKREK AdminSPPassword ASPPKey MEK MKEK KREK U-Password UPKey REK MEK REK MKEK CEERK CEEK FW_Pub PSID MSID Salt Unlock_Key Zeroization/PSID Revert -- -- Z -- -- Z Z Z -- -- -- -- -- Z -- R -- Z -- NVMe-MI Basic Management Command -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- User/Admin Authentication (start session) -- -- RE RE G E Z RE RE RE RE Z G E Z RE RE -- -- -- -- -- RE -- FW Maintenance unlock Ž Ž Ž Ž Ž Ž Ž Ž Ž Ž Ž Ž Ž Ž -- -- -- -- RE Random G RE W RE W -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Telemetry -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Sanitize G RE W RE W -- -- -- Z G W -- -- -- -- -- -- Z G W G E -- -- -- -- -- Authenticated Take Ownership G RE W RE W G E W RE RE -- -- G E W -- RE -- -- Z G W G E -- R E G E W -- Data Encryption/Decryption -- -- -- -- -- RE -- -- -- -- -- -- -- -- -- -- -- -- -- Enable/Disable of Opal G RE W RE W RE R G E -- G RE G RE -- G E -- -- Z G W G E -- -- -- G E W -- Change admin password G RE W RE W RE RE G E -- -- RE W -- G E -- -- Z G W G E -- -- -- -- Zeroize/AdminSP Revert G RE W RE W Z -- G E Z Z Z -- G E -- -- Z G W G E -- -- -- Z -- Disable authorities -- -- G W -- -- -- -- G W -- -- -- -- -- -- -- -- -- -- -- Configure Locking Ranges -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Change any password in Admin/Locking SP G RE W RE W G E W RE Z G E -- -- G E W RE Z G E -- -- Z G W G E -- -- -- G E W -- Format NVM/GenKey G RE W RE W -- -- -- Z G W RE -- -- -- -- -- Z G W G E -- -- -- -- -- TCG RevertSP and keep data G RE W RE W -- -- -- Ḡ Z Z Z -- -- -- -- Z G W G E -- -- -- Z -- Set data store -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 22 of 33 Services CSPs PSPs DRBG-EI DRBG-State AdminSPKREK AdminSPPassword ASPPKey MEK MKEK KREK U-Password UPKey REK MEK REK MKEK CEERK CEEK FW_Pub PSID MSID Salt Unlock_Key Configure Access Control -- -- RE -- -- -- R W RE -- -- -- -- -- -- -- -- -- -- -- Lock, unlock ranges -- -- RE -- G E R RE RE -- G E -- -- Z G W G E -- -- -- -- -- Set common name – Locking SP if allowed by Locking SP Admin -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Set data store if allowed by Locking SP Admin -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- FW Maintenance -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Maintenance FW update -- -- -- -- -- -- -- -- -- -- -- -- -- -- RE -- -- -- -- SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 23 of 33 4 Self-Tests Each time the Module is powered up, it tests that the cryptographic algorithms still operate correctly and that sensitive data has not been damaged. Power-up self–tests are available on demand by power cycling the Module. On power-up or reset, the Module performs the Self-Tests described in Table 14 below. All KATs must be completed successfully prior to any other use of cryptography by the Module. If one of the KATs fails, the Module enters an internal error state if the failure is during the ROM boot stage of the device. If the device has exited the ROM boot stage, the Module enters a soft error state requiring reset of the Module. Table 14 – Power-Up Self-Tests Test Target Description Firmware Integrity HMAC-SHA-256 (Cert. #C593) (used to verify all firmware upon boot from internal media on the P4512 controller). 32-bit modular sum (used to verify all firmware upon boot from internal media on the AL5 ASIC) AES-CTR (Cert. #C586) KATs: Encryption, Decryption Modes CTR Key size: 256 bits AES-CBC (Cert. #C586) KATs: Encryption, Decryption Mode: CBC Key size: 256 bits AES-ECB (Cert. #C586) KATs: Encryption, Decryption as part of AES-CTR KAT AES-KW (Cert. #C793) KATs: Encryption, Decryption Mode: KW Key size 256 bits AES-XTS (Cert. #C587) KATs: Encryption, Decryption Mode: XTS Key size: 256 bits AES-ECB (Cert. #C587) KATs: Encryption, Decryption as part of AES-XTS KAT Key size: 256 bits DRBG (Cert. #C817) KATs: HMAC DRBG (inclusive of instantiate, generate and reseed) Mode: HMAC SHA-256 Security Strength: 256 bits HMAC (Cert. #C593) KATs: Verification as part of Firmware Integrity test SHA size: SHA-256 HMAC (Cert. #C586) KATs: Generation as part of DRBG KAT SHA size: SHA-256 KBKDF (Cert. #C793) KATs: Key Derivation Key size: 256 bits RSA (Cert. #C793) KATs: Signature Verification with SHA-256 (Cert. #C586) Key size: 2048 bits SHS (Cert. #C586) KATs: SHA-256 as part of RSA KAT SHS (Cert. #C593) KATs: SHA-256 as part of HMAC Firmware Integrity Test SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 24 of 33 Table 15 – Conditional Self-Tests Test Target Description NDRNG NDRNG Continuous Test performed when a random value is requested from the NDRNG. Firmware load test Firmware signature verification based on RSA PKCS#1 v1.5 with SHA-256 and 2048- bit key. If a self-test fails, the Module will indicate the following information: • Firmware integrity: either the Module will not respond or will not enumerate • KAT (other than XTS-AES): the module will not enumerate • XTS-AES KAT: the SSD NVMe Identify service will return 1 at offset 4010 • Firmware upload: the SSD will return Invalid Image • NDRNG: the SSD NVMe Identify service will return 1 at offset 4010 During the Initialization period, the module can send the NVMe SSD driver to the host to allow the host to communicate with the SSD after the POST. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 25 of 33 5 Physical Security 5.1 Physical Security Policy The following physical security mechanisms are implemented in the cryptographic Module: • The Module consists of production-grade components enclosed in an aluminum alloy enclosure, which is opaque within the visible spectrum. The enclosure contains two parts: a top and bottom part that affix together through the use of a hinge on the back side of the Module and two (2) screws that affix the top to the bottom near the PCIe edge connector. • Two (2) tamper-evident seals (one large and one small) are affixed to the front of the Module such that if the Module top and bottom are separated, exposing the internals of the Module, that the tamper-evident seals will be broken in the process. The position of the two (2) tamper-evident seals is indicated in Figure 3. The two tamper-evident seals are captured as part of one-part number that is listed in Table 1. Figure 3 – Module Physical Enclosure - Front SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 26 of 33 Figure 4 – Module Physical Enclosure - Isometric Figure 5 – Module Physical Enclosure - Back SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 27 of 33 Figure 6 – Module Physical Enclosure - Bottom The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained: Table 16 – Physical Security Inspection Guidelines Physical Security Mechanism Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Production grade cases On initial receipt of the device and annually at a minimum afterwards. Inspect the entire perimeter for cracks, gouges, lack of enclosure, bent clips, and other signs of tamper. Remove from service if tampering is found. Two (2) Tamper-evident Seals Inspect the tamper-evident seals for scratches, gouges, cuts and other signs of tamper. Remove from service if tampering is found. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 28 of 33 5.2 Applying Tamper-Evident Seals for Drives Shipped in FIPS Non-Approved mode Modules shipped in FIPS Non-Approved mode may not include the required tamper-evident seals. The tamper-evident seals shall be installed for the module to operate in a FIPS Approved mode of operation. To convert the module to a FIPS Approved mode of operation, the following procedure must be followed to apply the provided seals to the module: 1. Clean seal surface a. Use isopropyl alcohol of equivalent solution to remove any contaminants from the enclosure seam seal location b. Handle drive and seal with gloves 2. There are two different size seals with a designated location for each seal. The larger seal is applied to the right front of the module; the smaller seal on the left front (see Figure 3). 3. Use tweezers to lift seal from liner and place on the seam of the enclosure for the designated area (see Figure 7). 4. Apply finger pressure to seal pressing out any air or lifted edges Figure 7 Applying Tamper-Evident Seals SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 29 of 33 Figure 8 Seal Application Locations 6 Operational Environment The Module is designated as a non-modifiable operational environment under the FIPS 140-2 definitions. The Module includes a firmware load service to support necessary updates. The Module will not load or execute firmware which is not signed with the Solidigm 2048-bit RSA private key. The mechanisms available to perform a firmware load are the following: 1. Through NVMe using NVMe Firmware Download and Commit operations 2. Through NVMe after entering the Maintenance role New firmware versions within the scope of this validation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into this Module is out of the scope of this validation and require a separate FIPS 140-2 validation. 7 Mitigation of Other Attacks Policy The cryptographic Module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-2. 8 Security Rules and Guidance The Module design corresponds to the Module security rules. This section documents the security rules enforced by the cryptographic Module to implement the security requirements of this FIPS 140-2 Level 2 Module. 1. The Module shall provide three distinct operator roles: Maintenance, User and Cryptographic Officer. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 30 of 33 2. The Module shall provide role-based authentication. 3. The Module shall clear previous authentications on power cycle. 4. When the Module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 5. The operator shall be capable of commanding the Module to perform the power-up self-tests by cycling power or resetting the Module. 6. Power-up self-tests do not require any operator action. 7. Data output shall be inhibited during self-tests and error states. 8. Data output shall be logically disconnected during key generation and zeroization. 9. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module. 10. There are no restrictions on which keys or CSPs are zeroized by the zeroization service. 11. The Module does not support concurrent operators. 12. The Module does not support manual key entry. 13. The Module does have external input/output devices used for entry/output of data. 14. The Module does not output plaintext CSPs. 15. The Module does not output intermediate key values. 16. The Module does not support a bypass capability service. 17. The Module does not support the update of the logical serial number or vendor ID. This section documents the security rules imposed by the vendor. 1. The operator is capable of commanding the Module to perform the power-up Self-Tests by cycling power or resetting the Module. 2. The shipping container protecting the module or set of modules in transit should be verified for tamper evidence. 3. If the Module is shipped from the factory with the FIPS firmware installed and uninitialized (TCG Opal is in a manufactured inactive state), the following step will have to be followed. On receipt of the Module, the CO should examine the product to ensure it has not been tampered with during shipping according to the procedures outlined in the Section 5. Upon verification that the Module has not been tampered, the user should initialize the module as described in Section 1.3. 4. If the module is shipped with the FIPS firmware not installed, seals will need to be applied as described in Section 5 and then the module must be initialized as described in Section 1.3. 5. The module CSPs may be zeroized by calling the Revert method on the AdminSP in the Opal interface of the cryptographic Module. 6. The module shall be zeroized through “Module Reset” and “Zeroize/Destroy User Data through TCG Revert” prior to performing a Maintenance operation. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 31 of 33 7. The module shall be zeroized using the service: “Module Reset” and “Zeroize/Destroy User Data through TCG Revert” after performing a Maintenance operation. The operator shall follow the procedure contained in “Solidigm __SSD_DC_D7-D4512 _Procedure_To_Exit_Maintenance_Mode.pdf” - Version 1.0 to exit the maintenance mode. 8. The password length must be greater than 14 bytes. 9. The Module shall be initialized by the CO before any User access the Module and calling any services different than those described in Section 1.3. SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 32 of 33 9 References and Definitions The following standards are referred to in this Security Policy. Table 17 – References Abbreviation Full Specification Name [FIPS140-2] Security Requirements for Cryptographic Modules, May 25, 2001 [SP800-131Arev2] Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, March 2019 [TCG-OPAL] Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00 [SFSC] Information technology – Security Features for SCSI Commands (SFSC) Table 18 – Acronyms and Definitions Acronym Definition ASCII American Standard Code for Information Interchange AES Advanced Encryption Standard CBC Cipher Block Chain mode of AES encryption/decryption CO Cryptographic Officer CSP Critical Security Parameters DRBG Deterministic Random Bit Generator ECB Electronic Code Book mode of AES encryption/decryption KAT Known Answer Test KBKDF Key Based Key Derivation Function KDF Key Derivation Function MSID Manufactured SID, Public value that is used as default password NVMe Non-Volatile Memory express PBKDF Password Based Key Derivation Function PCIe Peripheral Component Interconnect express POST Power-On Self-Test PSID Physical SID, a public unique value for each drive RSA Rivest Shamir Adleman SHA Secure Hash Algorithm SHS Secure Hash Standard SID Secure ID SolidigmTM DC SSD D7-D4512 Security Policy © 2022 Solidigm This document can be reproduced and distributed only whole and intact, including this copyright notice. Page 33 of 33 Acronym Definition TCG Trusted Computing Group XTS XEX Tweakable Block Cipher with Ciphertext Stealing