This page was not yet optimized for use on mobile devices.
Bootloader Module
Certificate #4921
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, HMACAsymmetric Algorithms
RSA 2048Hash functions
SHA-256, SHA2Schemes
Key ExchangeProtocols
IKE, IPsec, VPNBlock cipher modes
CBCTrusted Execution Environments
PSPVendor
Qualcomm, BroadcomSecurity level
Level 1Certification process
out of scope, both the Factory CA Public Key and ArubaOS are out of scope of this validation, i.e. out of scope of module, the Factory CA Public Key, and the ArubaOS image (both the Factory CA Public Key and ArubaOS are out of scope of this validation). Refer to Figure 2 block diagram below and the following section 2.2, Version, virtual appliances. ArubaOS, Hewlett Packard Enterprise devices, and the hardware BIOS process are out of scope of this validation. Once ArubaOS is booted, control of the Hewlett Packard Enterprise device passes, Key -PSP 2048 bits RSA Public Key Cert. #A2688 N/A Loaded into the TPM during manufacturing (i.e. out of scope of module). Import: from TPM Export: N/A N/A Stored in TPM Since this public key is stored and, boot of the Hewlett Packard Enterprise device. ArubaOS and Hewlett Packard Enterprise devices are out of scope of this validation. 11.1 Start-up Procedures The Hewlett Packard Enterprise Bootloader ModuleStandards
FIPS 140-3, FIPS 186-4, FIPS 180-4, PKCS1, PKCS#1, ISO/IEC 24759, ISO/IEC 19790:2012, ISO/IEC 24759:2017File metadata
| Author | McGlashan, Dave |
|---|---|
| Creation date | D:20241126194033-05'00' |
| Modification date | D:20241126194057-05'00' |
| Pages | 22 |
| Creator | Acrobat PDFMaker 24 for Word |
| Producer | Adobe PDF Library 24.4.48 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
23.12.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Bootloader Module was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4921,
"dgst": "a815067c3d78312c",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"RSA SigVer (FIPS186-4)A2688",
"SHA2-256A2688"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"1.0"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"RSA": {
"RSA 2048": 1
}
},
"certification_process": {
"OutOfScope": {
"Key -PSP 2048 bits RSA Public Key Cert. #A2688 N/A Loaded into the TPM during manufacturing (i.e. out of scope of module). Import: from TPM Export: N/A N/A Stored in TPM Since this public key is stored and": 1,
"boot of the Hewlett Packard Enterprise device. ArubaOS and Hewlett Packard Enterprise devices are out of scope of this validation. 11.1 Start-up Procedures The Hewlett Packard Enterprise Bootloader Module": 1,
"both the Factory CA Public Key and ArubaOS are out of scope of this validation": 1,
"i.e. out of scope of module": 1,
"out of scope": 4,
"the Factory CA Public Key, and the ArubaOS image (both the Factory CA Public Key and ArubaOS are out of scope of this validation). Refer to Figure 2 block diagram below and the following section 2.2, Version": 1,
"virtual appliances. ArubaOS, Hewlett Packard Enterprise devices, and the hardware BIOS process are out of scope of this validation. Once ArubaOS is booted, control of the Hewlett Packard Enterprise device passes": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 1
},
"IPsec": {
"IPsec": 1
},
"VPN": {
"VPN": 1
}
},
"crypto_scheme": {
"KEX": {
"Key Exchange": 1
}
},
"device_model": {},
"ecc_curve": {},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"PAA 8": 1,
"PKCS#1": 1,
"PKCS1": 2,
"RSA 2048": 1,
"RSA PKCS#1": 1,
"SHA-256": 1,
"SHA2": 2,
"SHA2-256": 8
}
},
"fips_security_level": {
"Level": {
"Level 1": 33
}
},
"hash_function": {
"SHA": {
"SHA2": {
"SHA-256": 1,
"SHA2": 2
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 40,
"FIPS 180-4": 1,
"FIPS 186-4": 1
},
"ISO": {
"ISO/IEC 19790:2012": 1,
"ISO/IEC 24759": 2,
"ISO/IEC 24759:2017": 1
},
"PKCS": {
"PKCS#1": 1,
"PKCS1": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 1
}
},
"constructions": {
"MAC": {
"HMAC": 1
}
}
},
"tee_name": {
"AMD": {
"PSP": 1
}
},
"tls_cipher_suite": {},
"vendor": {
"Broadcom": {
"Broadcom": 2
},
"Qualcomm": {
"Qualcomm": 3
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "McGlashan, Dave",
"/Comments": "",
"/Company": "",
"/CreationDate": "D:20241126194033-05\u002700\u0027",
"/Creator": "Acrobat PDFMaker 24 for Word",
"/Keywords": "",
"/ModDate": "D:20241126194057-05\u002700\u0027",
"/Producer": "Adobe PDF Library 24.4.48",
"/SourceModified": "D:20241127003959",
"/Subject": "",
"/Title": "",
"pdf_file_size_bytes": 569620,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://myenterpriselicense.hpe.com/cwp-ui/software",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program",
"https://networkingsupport.hpe.com/end-of-life",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search",
"https://networkingsupport.hpe.com/downloads;pageSize=100;fileTypes=DOCUMENT;products=Aruba%20Access%20Points,Aruba%20Mobility%20Gateways;softwareGroups=ArubaOS;softwareMajorVersions=8.10",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/Details?validation=35299",
"https://www.hpe.com/us/en/networking/",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15161"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 22
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "d1df9d30619821fbe4914bb7e0912175e7bbf3098ebee2702963e04404d9b1a6",
"policy_txt_hash": "a407bcdf3f68c3d1b2491d0b273fdd346e2cf9781761de45e1e437089636e3c2"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation",
"certificate_pdf_url": null,
"date_sunset": "2026-12-17",
"description": "The Aruba Bootloader Module is preloaded and shipped with Aruba devices: Mobility Controllers, Gateways, Appliances, or Access Points. The module checks the OS image integrity and authenticity. It then boots the ArubaOS operating system, for either hardware-based equipment or virtual appliances.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "1.0",
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Bootloader Module",
"module_type": "Firmware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": [
"Linux Kernel 2.6.35 running on Mobility Controllers 7220 with a Broadcom XLP (MIPS64)",
"Linux Kernel 3.18 running on Aruba Mobility Conductor Hardware Appliances MCR-HW-5K with an Intel Xeon E5 (Broadwell) with PAA",
"Linux Kernel 4.1.45 running on an AP-51x with a Broadcom BCM (64-bit ARMv8)",
"Linux Kernel 4.14 running on 9004 Gateways with an Intel Atom C3508 (Denverton)",
"Linux Kernel 4.4.60 running on an AP-63x with a Qualcomm IPQ (64-bit ARM Cortex A53)",
"Linux Kernel 4.4.60 running on an AP-655 with a Qualcomm IPQ (64-bit ARM Cortex A53)",
"Linux Kernel 4.4.60 running on AP-53x, AP-555, and AP-58x with a Qualcomm IPQ (64-bit ARM Cortex A53)",
"VMWare ESXi 6.5 running on Aruba Mobility Controller Virtual Appliances MC-VA-50 on HPE ProLiant ML110 Gen10 with an Intel Xeon (Cascade Lake) with PAA",
"VMWare ESXi 6.5 running on Aruba Mobility Controller Virtual Appliances MC-VA-50 on HPE ProLiant ML110 Gen10 with an Intel Xeon (Cascade Lake) without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-12-18",
"lab": "Lightship Security, Inc.",
"validation_type": "Initial"
}
],
"vendor": "Hewlett Packard Enterprise",
"vendor_url": "http://www.hpe.com/us/en/networking/"
}
}