THIS DOCUMENT MAY BE REPRODUCED ONLY IN ITS ORIGINAL ENTIRETY
NPCT XX TPM .
FIPS - SECURITY POLICY
DOCUMENT VERSION: .
LAST REVISION: AUGUST
NUVOTON
TECHNOLOGY
CORPORATION
! HASADNAOT STREET
HERZLIA,
ISRAEL
NUVOTON TPM . SECURITY POLICY PAGE OF
CONTENTS
1. Module Description ............................................................................. 4
2. Cryptographic Functions ................................................................... 9
3. Ports and Interfaces ...........................................................................11
4 Roles and Services...............................................................................13
5. Key Management...............................................................................16
6. Power-On Self Tests........................................................................21
7. Conditional Self-Tests......................................................................23
8. Crypto Officer Guidance..................................................................24
9. User Guidance.....................................................................................24
10. Acronyms...........................................................................................25
NUVOTON TPM . SECURITY POLICY PAGE OF
LIST OF TABLES AND FIGURES
Figure 1: TPM 1.2 Images ..................................................................... 5
Figure 2: TPM 1.2 Logical Block Diagram........................................ 7
Table 1: Security Levels........................................................................... 8
Table 2: Cryptographic Functions........................................................ 9
Table 3: Ports and Interfaces................................................................11
Table 4: Roles...........................................................................................13
Table 5: Services ....................................................................................14
Table 6: Cryptographic Keys ...............................................................16
Table 7: Self-tests....................................................................................21
NUVOTON TPM . SECURITY POLICY PAGE OF
1.
1.
1.
1. MODULE DESCRIPTION
MODULE DESCRIPTION
MODULE DESCRIPTION
MODULE DESCRIPTION
Nuvoton Trusted Platform Module (“MODULE”) is a hardware
cryptographic module that implements advanced cryptographic
algorithms, including symmetric and asymmetric cryptography;
as well as key generation and random number generation.
The Module is a SINGLE CHIP MODULE that provides
cryptographic services utilized by external applications. The
Module meets requirements of FIPS Pub 140-2.
The module meets commercial-grade specifications for power,
temperature, reliability, shock, and vibrations.
The FIPS 140-2 conformance testing was performed on two
platforms specified below
NUVOTON NPCT6XX TPM 1.2
FIRMWARE VERSION: 5.81.0.0
HARDWARE VERSION 1: FB5C85D IN TSSOP28 PACKAGE
HARDWARE VERSION 2: FB5C85D IN QFN32 PACKAGE
HARDWARE VERSION 3: FB5C85D IN TSSOP28 PACKAGE
HARDWARE VERSION 4: FB5C85E IN QFN32 PACKAGE
Images depicting the Module are provided on the next page.
NUVOTON TPM . SECURITY POLICY PAGE OF
FIGURE : TPM . IMAGES
FB5C85D IN TSSOP28 PACKAGE
FB5C85D IN QFN32 PACKAGE
NUVOTON TPM . SECURITY POLICY PAGE OF
FB5C85E IN TSSOP28 PACKAGE
FB5C85E IN QFN32 PACKAGE
The PHYSICAL CRYPTOGRAPHIC BOUNDARY of the Module is the
outer boundary of the chip packaging.
NUVOTON TPM . SECURITY POLICY PAGE OF
A LOGICAL DIAGRAM of the Module is provided on the next page.
FIGURE : TPM . LOGICAL BLOCK DIAGRAM
The Module was tested to meet OVERALL SECURITY LEVEL 1 of
the FIPS PUB 140-2 standard. The Security Level as per each
section of FIPS PUB 140-2 is specified in the table on the next
page.
RNG POWER
MANAGEMENT
NON-VOLATILE
DATA
PROCESSOR
CRYPTO
ACCELE-
RATOR
CODE
GPIO
PERIPHE-
RALS
VOLATILE
DATA
HOST
INTERFACE
(TIS
EMULATION)
LPC\I C\
SPI BUS
GPI
NUVOTON TPM . SECURITY POLICY PAGE ! OF
TABLE : SECURITY LEVELS
FIPS - SECTION SECURITY LEVEL
CRYPTOGRAPHIC MODULE SPECIFICATION
CRYPTOGRAPHIC MODULE PORTS AND
INTERFACES
ROLES, SERVICES AND AUTHENTICATION
FINITE STATE MODEL
PHYSICAL SECURITY
OPERATING ENVIRONMENT N/A
CRYPTOGRAPHIC KEY MANAGEMENT
EMI/EMC
SELF-TESTS
DESIGN ASSURANCE
MITIGATION OF OTHER ATTACKS N/A
NUVOTON TPM . SECURITY POLICY PAGE * OF
2.
2.
2.
2. CRYPTOGRAPHIC FUNCTI
CRYPTOGRAPHIC FUNCTI
CRYPTOGRAPHIC FUNCTI
CRYPTOGRAPHIC FUNCTIONS
ONS
ONS
ONS
The cryptographic functions of the Module are outlined in the
table below.
TABLE : CRYPTOGRAPHIC FUNCTIONS
FUNCTION
KEYSIZE
USE
CERT
NUMBER
APPROVED FUNCTIONS
AES ENCRYPT
MODES: ECB, CTR
! BITS ENCRYPTION *
RSA VERIFY &
! BITS
DIGITAL
SIGNATURE
VERIFICATION
!
HMAC KEYED HASH
HMAC-SHA-
BITS KEYED
MESSAGE
DIGEST
* !
SHS HASH N/A MESSAGE
DIGEST
GENERATION OF RSA KEYS
FIPS ! -
! KEY PAIR
GENERATION
!
FIPS ! - RNG N/A RANDOM
NUMBER
GENERATION
NUVOTON TPM . SECURITY POLICY PAGE OF
&
SYMMETRIC
KEY
GENERATION
APPROVED SERVICES
CVL
SP ! - REV
N/A TPM KEY
DERIVATION
ALLOWED FOR USE FUNCTIONS
RSA KEY WRAPPING ! BITS WRAP &
UNWRAP
SYMMETRIC
KEYS
N/A
HARDWARE-BASED NON-
APPROVED NON-
DETERMINISTIC RNG
(ENTROPY SOURCE).
N/A GENERATE
SEED & THE
SEED KEY FOR
THE RNG
N/A
In the Approved mode of operation the Module supports key size
of 2048 bits for RSA key wrapping, which corresponds to the
effective key strength of 112 bits.
The module supports key wrapping using the AES algorithm.
Note: no TPM protocol has been used or tested by the CAVP and
CMVP.
2.1 Non-Approved Non-Allowed Functions
The Module supports signature generation using RSA-SHA-1
which is used in the TPM IDENTITY service. This function is
Non-Approved and is considered equivalent to plaintext or
obfuscation.
NUVOTON TPM . SECURITY POLICY PAGE OF
3.
3.
3.
3. PORTS AND
PORTS AND
PORTS AND
PORTS AND I
I
I
INTERFACES
NTERFACES
NTERFACES
NTERFACES
The physical ports of the Module are
- LPC Bus
- SPI Bus
- I2C Bus
- GPIO Bus
The logical interfaces and the mapping of the logical interfaces to
the physical ports of the Module are described in the table below.
TABLE : PORTS AND INTERFACES
LOGICAL
INTERFACE
DESCRIPTION PHYSICAL
PORTS
CONTROL INPUT
INTERFACE
CONTROL INPUT COMMANDS
ISSUED TO THE CHIP
LPC BUS
SPI BUS
I C BUS
GPIO BUS
STATUS OUTPUT
INTERFACE
STATUS DATA OUTPUT BY THE
CHIP
LPC BUS
SPI BUS
I C BUS
GPIO BUS
DATA INPUT
INTERFACE
DATA PROVIDED TO THE CHIP
AS PART OF THE DATA
PROCESSING COMMANDS
LPC BUS
SPI BUS
I C BUS
GPIO BUS
DATA OUTPUT
INTERFACE
DATA OUTPUT BY THE CHIP A
PART OF THE DATA
PROCESSING COMMANDS
LPC BUS
SPI BUS
I C BUS
GPIO BUS
NUVOTON TPM . SECURITY POLICY PAGE OF
POWER
INTERFACE
POWER INTERFACE OF THE
CHIP
POWER PIN
GROUND PIN
The Module does not include a maintenance interface.
NUVOTON TPM . SECURITY POLICY PAGE OF
4
4
4
4 ROLES AND
ROLES AND
ROLES AND
ROLES AND SERVICES
SERVICES
SERVICES
SERVICES
The OPERATOR ROLES implemented by the module are
summarized in the table below.
TABLE : ROLES
ROLE HIGH LEVEL DESCRIPTION
CRYPTO OFFICER INSTALLS AND CONFIGURES THE
PRODUCT AND MANAGES USERS
USER EXECUTES CRYPTO ALGORITHMS
AND GENERATES KEYS
The Module provides a set of SERVICES described in the table on
the next page. For each service the table includes a description of
the service, as well as lists roles in which the service is available.
NUVOTON TPM . SECURITY POLICY PAGE OF
TABLE : SERVICES
SERVICE DESCRIPTION ROLE
GET STATUS THE MODULE IMPLEMENTS A GET STATUS
COMMAND THAT RETURNS THE STATUS OF THE
MODULE, INCLUDING SUCCESS OR FAILURE OF
SELF-TESTS.
CRYPTO OFFICER
RUN SELF-TESTS THE MODULE RUNS POWER-UP SELF-TESTS
AUTOMATICALLY WHEN POWERED ON.
ONE CAN EXECUTE SELF-TESTS ON DEMAND BY
POWER-CYCLING THE MODULE.
CRYPTO OFFICER
ENCRYPT USED TO ENCRYPT DATA USER
ZEROIZE USED TO ZEROIZE (IRREVERSIBLY DESTROY)
MODULE'S CRYPTOGRAPHIC KEYS AND CSPS.
THE KEYS AND CSPS STORED IN THE NON-
VOLATILE AND VOLATILE MEMORY ARE ZEROIZED
BY EXECUTING THE CORRESPONDING KEY/ENTITY
ZEROIZATION COMMANDS:
- TPM_FLUSHSPECIFIC
- TPM_OWNERCLEAR
CRYPTO OFFICER
MAC &
MAC VERIFY
USED TO CALCULATE AND VERIFY MAC FOR DATA USER
KEY GENERATE USED TO GENERATE KEYS USER
RSA VERIFY USED TO VERIFY DATA USING RSA USER
RSA WRAP & UNWRAP USED TO WRAP & UNWRAP CRYPTOGRAPHIC
KEYS USING RSA
USER
NUVOTON TPM . SECURITY POLICY PAGE OF
KEY IMPORT USED TO IMPORT KEYS USER
TPM IDENTITY USED TO
AUTHENTICATE TPM IDENTITY TO OTHER PARTIES
USER
TPM ENDORSEMENT USED TO PROVE TO OTHER PARTIES THAT TPM IS
A GENUINE TPM
USER
UNBINDING USED TO UNBIND SYMMETRIC KEYS USING RSA
PRIVATE BINDING KEY
USER
TPM GET RANDOM USED TO GENERATE RANDOM DATA USER
TPM STIR RANDOM USED TO ADD ENTROPY TO THE RANDOM BIT
GENERATOR
USER
INSTALL MODULE INSTALLS MODULE CRYPTO OFFICER
FIRMWARE UPDATE UPDATES MODULE’S FIRMWARE CRYPTO OFFICER
NUVOTON TPM . SECURITY POLICY PAGE OF
5
5
5
5.
.
.
. KEY MANAGEMENT
KEY MANAGEMENT
KEY MANAGEMENT
KEY MANAGEMENT
The table below specifies each cryptographic key utilized by the
Module. For each key the table provides a description of its use;
derivation or import; and storage.
NOTE: READ is defined as read access; WRITE is defined as write
access.
TABLE : CRYPTOGRAPHIC KEYS
KEY OR CSP USAGE SERVICE &
ACCESS
ORIGIN &
STORAGE
AES
SYMMETRIC
ENCRYPTION
KEYS
USED TO ENCRYPT
DATA
ENCRYPT
READ
KEY GEN
WRITE
KEY
WRAP/UNWRAP
WRITE
KEY IMPORT
WRITE
ZEROIZE
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
OTP OR IN NON-
VOLATILE FLASH IN
PLAINTEXT
NUVOTON TPM . SECURITY POLICY PAGE OF
RSA PUBLIC
VERIFICATION
KEYS
USED TO VERIFY
SIGNATURES ON
DATA
RSA VERIFY
READ
KEY GEN
WRITE
ZEROIZE
WRITE
KEY
WRAP/UNWRAP
WRITE
KEY IMPORT
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
VOLATILE RAM OR IN
NON-VOLATILE FLASH
IN PLAINTEXT
RSA PUBLIC
STORAGE KEYS
USED TO WRAP
SYMMETRIC KEYS
RSA
WRAP/UNWRAP
READ
KEY IMPORT
WRITE
RSA KEY GEN
WRITE
ZEROIZE
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
VOLATILE RAM OR IN
NON-VOLATILE FLASH
IN PLAINTEXT
NUVOTON TPM . SECURITY POLICY PAGE ! OF
RSA PRIVATE
STORAGE KEYS
USED TO UNWRAP
SYMMETRIC KEYS
RSA
WRAP/UNWRAP
READ
RSA KEY GEN
WRITE
KEY IMPORT
WRITE
ZEROIZE
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
VOLATILE RAM OR IN
NON-VOLATILE FLASH
IN PLAINTEXT
IDENTITY KEYS AUTHENTICATION
TOKENS USED TO
TPM IDENTITY TO
OTHER PARTIES
TPM IDENTITY
READ
RSA KEY GEN
WRITE
KEY IMPORT
WRITE
ZEROIZE
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
VOLATILE RAM OR IN
NON-VOLATILE FLASH
IN PLAINTEXT
NUVOTON TPM . SECURITY POLICY PAGE * OF
RSA PRIVATE
BINDING KEYS
USED TO UNBIND
(UNWRAP) A KEY
BOUND BY AN
EXTERNAL ENTITY
DATA BINDING
READ
RSA KEY GEN
WRITE
ZEROIZE
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
VOLATILE RAM OR IN
NON-VOLATILE FLASH
IN PLAINTEXT
HMAC KEYS USED TO
CALCULATE AND
VERIFY MAC
CODES FOR DATA
MAC/MAC
VERIFY
READ
KEY GEN
READ
KEY IMPORT
WRITE
ZEROIZE
WRITE
GENERATED OR
IMPORTED BY THE
MODULE, STORED IN
VOLATILE RAM OR IN
NON-VOLATILE FLASH
IN PLAINTEXT
RNG SEED USED TO SEED THE
RNG
KEY GEN
READ
RSA KEY GEN
READ
ZEROIZE
WRITE
GENERATED BY THE
MODULE USING THE
NON-APPROVED NON-
DETERMINISTIC
HARDWARE RNG
(ENTROPY SOURCE)
STORED IN VOLATILE
RAM IN PLAINTEXT
NUVOTON TPM . SECURITY POLICY PAGE OF
RNG SEED
KEY
USED TO SEED THE
RNG
KEY GENERATE
READ
RSA KEY GEN
READ
ZEROIZE
WRITE
GENERATED BY THE
MODULE USING THE
NON-APPROVED NON-
DETERMINISTIC
HARDWARE RNG
(ENTROPY SOURCE),
STORED IN VOLATILE
RAM IN PLAINTEXT
ENDORSEMENT
KEY
AUTHENTICATION
TOKEN USED TO
PROVE TO THE
EXTERNAL PARTIES
THAT TPM IS A
GENUINE TPM
TPM
ENDORSEMENT
READ
INSTALLED AT THE
FACTORY
HMAC
AUTHENTICATI
ON KEY
USED FOR HMAC
AUTHENTICATION
OF DATA
KEY GENERATE
WRITE
MAC/MAC
VERIFY
READ
GENERATED BY THE
MODULE
FIRMWARE
UPDATE KEY
USED TO VERIFY
SIGNATURE ON
FIRMWARE
UPDATES
FIRMWARE
UPDATE
READ
INSTALLED AT THE
FACTORY
NUVOTON TPM . SECURITY POLICY PAGE OF
The key zeroization service is executed by running the following
two commands in sequence:
- TPM_FLUSHSPECIFIC
- TPM_OWNERCLEAR
All keys and CSPs that are subject to the key zeroization
requirements of FIPS 140-2 are zeroized by executing the key
zeroization service.
The module implements power-up cryptographic algorithm tests
that are described in the table below.
6
6
6
6.
.
.
. POWER
POWER
POWER
POWER-
-
-
-ON
ON
ON
ON SELF TESTS
SELF TESTS
SELF TESTS
SELF TESTS
The Module implements a power-up integrity check using a 128-
bit error detection code.
The module implements power-up cryptographic algorithm tests
that are described in the table below.
TABLE : SELF-TESTS
CRYPTO FUNCTION TEST TYPE
AES CTR ENCRYPT KNOWN ANSWER TEST
(ENCRYPT)
RSA VERIFY KNOWN ANSWER TEST (VERIFY)
HMAC KEYED HASH KNOWN ANSWER TEST
(KEYED HASH)
SHS HASH KNOWN ANSWER TEST (HASH)
RNG RANDOM NUMBER KNOWN ANSWER TEST
NUVOTON TPM . SECURITY POLICY PAGE OF
GENERATION (GENERATE RANDOM BLOCK)
NUVOTON TPM . SECURITY POLICY PAGE OF
7. CONDITIONAL SELF
7. CONDITIONAL SELF
7. CONDITIONAL SELF
7. CONDITIONAL SELF-
-
-
-TESTS
TESTS
TESTS
TESTS
The Module executes continuous RNG test on each execution of
the FIPS 186-2 RNG.
The Module executes continuous RNG test on each execution of
the non-Approved hardware non-deterministic RNG (entropy
source).
The Module executes conditional pair-wise consistency check for
RSA public-private key pairs each time an RSA key pair is
generated using FIPS 186-4 key pair generation algorithm.
The module executes the firmware update test during the
firmware update. The digital signature is verified on the firmware
image using RSA(SHA-256) algorithm utilizing a 2048-bit
firmware update key.
If any of the conditional or power-on self-tests fail, the Module
enters an error state where both data output and cryptographic
services are disabled.
NUVOTON TPM . SECURITY POLICY PAGE OF
8
8
8
8. CRYPTO OFFICER GU
. CRYPTO OFFICER GU
. CRYPTO OFFICER GU
. CRYPTO OFFICER GUIDANCE
IDANCE
IDANCE
IDANCE
To install the Module in the Approved Mode of operation, the
following steps must be followed:
- The Module must be physically controlled during the
installation
- The Module must be placed on the PCB as described in the
Module technical specifications
- The module normally would come from the manufacturer
pre-configured with TpmInit script already executed. If the
initialization sequence has not been executed by the
manufacturer, the Crypto Officer shall initialize the module
as described in Nuvoton “NPCT6xx Initialization and
Configuration” document. This includes running the
the TpmInit script with the -fips flag.
9
9
9
9. USER GUIDANCE
. USER GUIDANCE
. USER GUIDANCE
. USER GUIDANCE
The users shall take security measures to protect tokens used to
authenticate the user to the Module.
NOTE: authentication is not covered by the FIPS 140-2 Level 1
requirements.
NUVOTON TPM . SECURITY POLICY PAGE OF
10
10
10
10.
.
.
. ACRONYMS
ACRONYMS
ACRONYMS
ACRONYMS
AES Advanced Encryption Algorithm
CPU Central Processing Unit
EMC Electro Magnetic Compatibility
EMI Electro Magnetic Interference
FIPS Federal Information Processing Standard
GPIO General Purpose Input Output bus
HMAC Hash-based Message Authentication Code
I2C Inter-integrated circuit bus
LPC Low Pin Count bus
OTP One Time Programmable Memory
PCB Printed Circuit Board
RAM Random Access Memory
RNG Random Number Generator
RSA Rivest-Shamir-Adleman
SHS Secure Hash Standard
SP Special Publication
SPI Serial Peripheral Interface bus
TCG Trusted Computing Group
TIS TPM Interface Specification
TPM Trusted Platform Module