This page was not yet optimized for use on mobile devices.

Marvell LS2 HSM Family

Certificate #4703

Webpage information

Status	active
Validation dates	06.06.2024 , 16.06.2025
Sunset date	05-06-2029
Standard	FIPS 140-3
Security level	3
Type	Hardware
Embodiment	Multi-Chip Embedded
Caveat	When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy
Exceptions	Operational environment: N/A Non-invasive security: N/A Mitigation of other attacks: N/A
Description	The LS2 HSM module is a multi-chip PCIe adapter with firmware. It consists of multiple firmware components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module
Version (Hardware)	LS2-G-A050-B0; LS2-G-A100-B0; LS2-G-A200-B0; LS2-G-A300-B0; LS2-G-A400-B0
Version (Firmware)	MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.02-1200; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.23-1107-R01-SB; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.23-1107-R02-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.02-1200; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R01-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R02-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.01-10, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.02-1200, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R01-SB, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R02-SB, PIN-App:10.23-1107
Vendor	Marvell Semiconductor, Inc.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, AES-256, CAST, DES, Triple-DES, TDES, TDEA, HMAC, HMAC-SHA-256, HMAC-SHA-512, CMAC

Asymmetric Algorithms

RSA 2048, RSA 1024, ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSA

Post-quantum Algorithms

ML-DSA, ML-KEM

Hash functions

SHA-1, SHA-256, SHA-512, SHA-224, SHA-384, SHA256, SHA512, SHA2, SHA-2, SHA3-224, SHA3, SHA3-256, SHA3-384, SHA3-512, PBKDF

Schemes

MAC, Key agreement, Key Agreement

Protocols

SSL, TLS 1.2, TLS, TLS v1.2, TLSv1.2

Randomness

DRBG, RBG

Libraries

OpenSSL

Elliptic Curves

P-224, P-256, P-384, P-521, B-283, B-409, B-571, K-283, K-409, K-571, K-163, B-163, brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1, brainpoolP160r1, FRP256v1, Curve25519

Block cipher modes

ECB, CBC, CTR, GCM

TLS cipher suites

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Trusted Execution Environments

SSC

Security level

Level 3, Level 1

Side-channel analysis

physical tampering

Standards

FIPS 140-3, FIPS186-4, FIPS 180-4, FIPS 198-1, FIPS 186-4, FIPS 202, FIPS18, FIPS PUB 186-4, FIPS PUB 140-3, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-132, SP 800-90B, SP 800-90A, SP 800-38B, SP 800-38C, SP 800-56A, PKCS #1, RFC 5288, ISO/IEC 24759

File metadata

Creation date	D:20250312115305-04'00'
Modification date	D:20250312115305-04'00'
Pages	87

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates Feed

08.09.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The validation_history property was updated.
23.06.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The validation_history property was updated, with the [[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2025-06-16', 'validation_type': 'Update', 'lab': 'LEIDOS CSTL'}]] values inserted.

The caveat property was set to When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.

The hw_versions property was set to LS2-G-A050-B0; LS2-G-A100-B0; LS2-G-A200-B0; LS2-G-A300-B0; LS2-G-A400-B0.

The fw_versions property was set to MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.02-1200; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.23-1107-R01-SB; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.23-1107-R02-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.02-1200; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R01-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R02-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.01-10, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.02-1200, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R01-SB, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R02-SB, PIN-App:10.23-1107.

The PDF extraction data was updated.

The keywords property was updated, with the {'symmetric_crypto': {'__update__': {'AES_competition': {'__update__': {'AES': {'__update__': {'AES': 78}}}}}}, 'asymmetric_crypto': {'__update__': {'ECC': {'__update__': {'ECDSA': {'__update__': {'ECDSA': 96}}}}, 'FF': {'__insert__': {'DSA': {'DSA': 6}}}}}, 'pq_crypto': {'__insert__': {'FIPS': {'ML-DSA': 10, 'ML-KEM': 8}}}, 'randomness': {'__update__': {'PRNG': {'__update__': {'DRBG': 127}}}}, 'standard_id': {'__update__': {'FIPS': {'__update__': {'FIPS 186-4': 26}}, 'NIST': {'__update__': {'SP 800-38B': 18}}}}} data.

The policy_metadata property was updated, with the {'pdf_file_size_bytes': 1607155, 'pdf_number_of_pages': 87, '/CreationDate': "D:20250312115305-04'00'", '/ModDate': "D:20250312115305-04'00'"} data.

The computed heuristics were updated.

The extracted_versions property was updated, with the {'_type': 'Set', 'elements': ['10.23']} values added.

The state was updated.

The policy_pdf_hash property was set to 58d10bbb73ab7961fc40dc95fb10a20dd0106ce2f4c9439f1ccfae50831aeea0.

The policy_txt_hash property was set to ccbd0192e49b180c43f60e81bba560b25497b02d6ba17a49a5a4dab59f6634ec.
24.02.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The exceptions property was updated.
08.07.2024

The certificate data changed.
Certificate changed

The web extraction data was updated.

The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf.
04.07.2024

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4703,
  "dgst": "d95c59c87f64adc6",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "PBKDFA1948",
        "SHA2-256A1948",
        "AES-ECBA1947",
        "SHA-1A1948",
        "ECDSA KeyGen (FIPS186-4)A2393",
        "HMAC-SHA-1A1948",
        "SHAKE-128A1947",
        "SHAKE-256A1947",
        "AES-KWPA1948",
        "KDA OneStep Sp800-56Cr1A1948",
        "KDA TwoStep Sp800-56Cr1A1948",
        "RSA KeyGen (FIPS186-4)A2393",
        "TDES-CBCA1947",
        "KTS-IFCA2393",
        "AES-CTRA1947",
        "KDF SP800-108A1948",
        "ECDSA SigVer (FIPS186-4)A1948",
        "SHA3-384A1947",
        "AES-CCMA1947",
        "AES-GCMA1948",
        "KAS-ECC Sp800-56Ar3A1948",
        "HMAC-SHA2-384A1948",
        "SHA3-256A1947",
        "KDF ANS 9.63A1948",
        "Hash DRBGA1947",
        "SHA2-512A1948",
        "HMAC-SHA2-512A1948",
        "RSA Decryption PrimitiveA1948",
        "RSA Signature PrimitiveA1947",
        "AES-GMACA1947",
        "RSA SigVer (FIPS186-4)A1948",
        "SHA3-224A1947",
        "HMAC-SHA2-256A1948",
        "KAS-ECC-SSC Sp800-56Ar3A1948",
        "SHA2-384A1948",
        "RSA SigGen (FIPS186-4)A1948",
        "TDES-KWA1948",
        "AES-CBCA1948",
        "Counter DRBGA1948",
        "KDF TLSA1947",
        "KAS-IFC-SSCA1948",
        "KDA HKDF Sp800-56Cr1A1948",
        "AES-CMACA1948",
        "SHA3-512A1947",
        "AES-KWA1948",
        "TDES-ECBA1948",
        "ECDSA SigGen (FIPS186-4)A1948",
        "ECDSA KeyVer (FIPS186-4)A1948"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "10.02",
        "10.01",
        "10.23"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 26
          },
          "ECDH": {
            "ECDH": 20
          },
          "ECDSA": {
            "ECDSA": 96
          }
        },
        "FF": {
          "DH": {
            "DH": 6,
            "Diffie-Hellman": 3
          },
          "DSA": {
            "DSA": 6
          }
        },
        "RSA": {
          "RSA 1024": 3,
          "RSA 2048": 5
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 9
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 1
        }
      },
      "crypto_protocol": {
        "TLS": {
          "SSL": {
            "SSL": 2
          },
          "TLS": {
            "TLS": 36,
            "TLS 1.2": 5,
            "TLS v1.2": 1,
            "TLSv1.2": 2
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 7
        },
        "MAC": {
          "MAC": 26
        }
      },
      "device_model": {},
      "ecc_curve": {
        "ANSSI": {
          "FRP256v1": 2
        },
        "Brainpool": {
          "brainpoolP160r1": 1,
          "brainpoolP224r1": 2,
          "brainpoolP256r1": 2,
          "brainpoolP320r1": 2,
          "brainpoolP384r1": 2,
          "brainpoolP512r1": 2
        },
        "Curve": {
          "Curve25519": 1
        },
        "NIST": {
          "B-163": 1,
          "B-283": 1,
          "B-409": 1,
          "B-571": 1,
          "K-163": 1,
          "K-283": 1,
          "K-409": 1,
          "K-571": 1,
          "P-224": 27,
          "P-256": 44,
          "P-384": 22,
          "P-521": 24
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 2,
          "#2": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128, 192": 1,
          "AES 256": 2,
          "AES Encrypt/Decrypt, 128": 1,
          "AES-256": 2,
          "DES3": 1,
          "HMAC SHA256": 1,
          "HMAC-SHA-1": 20,
          "HMAC-SHA-256": 12,
          "HMAC-SHA-512": 4,
          "PKCS #1": 4,
          "RSA 1024": 3,
          "RSA 2048": 5,
          "SHA- 1": 1,
          "SHA-1": 20,
          "SHA-2 224": 1,
          "SHA-2 256": 3,
          "SHA-224": 3,
          "SHA-256": 12,
          "SHA-384": 4,
          "SHA-512": 5,
          "SHA2": 7,
          "SHA2- 256": 1,
          "SHA2- 384": 1,
          "SHA2- 512": 2,
          "SHA2-224": 3,
          "SHA2-256": 26,
          "SHA2-384": 22,
          "SHA2-512": 24,
          "SHA256": 1,
          "SHA3": 5,
          "SHA3-224": 2,
          "SHA3-256": 2,
          "SHA3-384": 2,
          "SHA3-512": 2,
          "SHA512": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 1,
          "Level 3": 6
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 15
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 20
          },
          "SHA2": {
            "SHA-2": 4,
            "SHA-224": 3,
            "SHA-256": 12,
            "SHA-384": 4,
            "SHA-512": 5,
            "SHA2": 7,
            "SHA256": 1,
            "SHA512": 2
          },
          "SHA3": {
            "SHA3": 5,
            "SHA3-224": 2,
            "SHA3-256": 2,
            "SHA3-384": 2,
            "SHA3-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {
        "FIPS": {
          "ML-DSA": 10,
          "ML-KEM": 8
        }
      },
      "randomness": {
        "PRNG": {
          "DRBG": 127
        },
        "RNG": {
          "RBG": 7
        }
      },
      "side_channel_analysis": {
        "FI": {
          "physical tampering": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 8,
          "FIPS 180-4": 50,
          "FIPS 186-4": 26,
          "FIPS 198-1": 25,
          "FIPS 202": 12,
          "FIPS PUB 140-3": 2,
          "FIPS PUB 186-4": 1,
          "FIPS18": 1,
          "FIPS186-4": 130
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-132": 10,
          "SP 800-38A": 44,
          "SP 800-38B": 18,
          "SP 800-38C": 5,
          "SP 800-38D": 27,
          "SP 800-38F": 62,
          "SP 800-56A": 1,
          "SP 800-90A": 2,
          "SP 800-90B": 5
        },
        "PKCS": {
          "PKCS #1": 2
        },
        "RFC": {
          "RFC 5288": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 78,
            "AES-256": 2
          },
          "CAST": {
            "CAST": 2
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 6,
            "Triple-DES": 41
          },
          "DES": {
            "DES": 13
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 24,
            "HMAC-SHA-256": 6,
            "HMAC-SHA-512": 2
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 6
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 2,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 2
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20250312115305-04\u002700\u0027",
      "/ModDate": "D:20250312115305-04\u002700\u0027",
      "pdf_file_size_bytes": 1607155,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://www.marvell.com/",
          "https://www.marvell.com/support/downloads.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 87
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "58d10bbb73ab7961fc40dc95fb10a20dd0106ce2f4c9439f1ccfae50831aeea0",
    "policy_txt_hash": "ccbd0192e49b180c43f60e81bba560b25497b02d6ba17a49a5a4dab59f6634ec"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2024_010724_1153.pdf",
    "date_sunset": "2029-06-05",
    "description": "The LS2 HSM module is a multi-chip PCIe adapter with firmware. It consists of multiple firmware components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module",
    "embodiment": "Multi-Chip Embedded",
    "exceptions": [
      "Operational environment: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": "MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.02-1200; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.23-1107-R01-SB; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.23-1107-R02-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.02-1200; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R01-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R02-SB; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.01-10, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.02-1200, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R01-SB, PIN-App:10.23-1107; MARVELL-LS2-FW-10.23-1107, MARVELL-LS2-UBOOT-10.23-1107-R02-SB, PIN-App:10.23-1107",
    "historical_reason": null,
    "hw_versions": "LS2-G-A050-B0; LS2-G-A100-B0; LS2-G-A200-B0; LS2-G-A300-B0; LS2-G-A400-B0",
    "level": 3,
    "mentioned_certs": {},
    "module_name": "Marvell LS2 HSM Family",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-06-06",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2025-06-16",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Update"
      }
    ],
    "vendor": "Marvell Semiconductor, Inc.",
    "vendor_url": "http://www.marvell.com"
  }
}

Sections

Marvell LS2 HSM Family

Certificate #4703

Webpage information

Security policy

Symmetric Algorithms

Asymmetric Algorithms

Post-quantum Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

TLS cipher suites

Trusted Execution Environments

Security level

Side-channel analysis

Standards

File metadata

Heuristics

References

Updates Feed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

New certificate

Raw data

Sections

Marvell LS2 HSM Family

Certificate #4703

Webpage information

Security policy

Cryptography

Symmetric Algorithms

Asymmetric Algorithms

Post-quantum Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

TLS cipher suites

Device

Trusted Execution Environments

Security

Security level

Side-channel analysis

Other

Standards

File metadata

Heuristics

References

Updates Feed

Raw data

Toggle raw data