Jun 26, 2024
1
FIPS 140‐3 Non-Proprietary Security Policy for:
KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC
KIOXIA CORPORATION
Rev 2.0.0
Jun 26, 2024
2
SECTION 1 - GENERAL........................................................................................................................... 3
SECTION 1.1 - ACRONYMS ............................................................................................................................... 3
SECTION 2 – CRYPTOGRAPHIC MODULE SPECIFICATION............................................................ 4
SECTION 2.1 – PRODUCT VERSION .................................................................................................................. 4
SECTION 2.2 – SECURITY FUNCTIONS.............................................................................................................. 4
SECTION 2.3 – MODULE CONFIGURATION ........................................................................................................ 6
SECTION 3 – CRYPTOGRAPHIC MODULE INTERFACE .................................................................... 6
SECTION 4 – ROLES SERVICES AND AUTHENTICATION ............................................................... 7
SECTION 4.1 – ROLES AND AUTHENTICATION................................................................................................... 9
SECTION 4.2 – SERVICES............................................................................................................................... 10
SECTION 5 – SOFTWARE/FIRMWARE SECURITY.......................................................................... 13
SECTION 6 – OPERATIONAL ENVIRONMENT ................................................................................. 14
SECTION 7 – PHYSICAL SECURITY .................................................................................................. 14
SECTION 8 – NON-INVASIVE SECURITY......................................................................................... 14
SECTION 9 – SENSITIVE SECURITY PARAMETER MANAGEMENT ............................................. 15
SECTION 10 – SELF TESTS ................................................................................................................. 17
SECTION 11 – LIFE-CYCLE ASSURANCE.......................................................................................... 19
SECTION 12 – MITIGATION OF OTHER ATTACKS.......................................................................... 20
Jun 26, 2024
3
Section 1 - General
This document explains precise specification of the security rules about KIOXIA TCG OPAL SSC
Crypto Sub-Chip TC58NC1132GTC. The Cryptographic Module (CM) meets the requirements of
FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail.
Section Level
1. General 2
2. Cryptographic Module Specification 2
3. Cryptographic Module Interfaces 2
4. Roles, Services, and Authentication 2
5. Software/Firmware Security 2
6. Operational Environment N/A
7. Physical Security 2
8. Non-invasive Security N/A
9. Sensitive Security Parameter Management 2
10. Self-tests 2
11. Life-cycle Assurance 2
12. Mitigation of Other Attacks N/A
Overall Level 2
Table 1 ‐ Security Levels
This document is non-proprietary and may be reproduced in its original entirety.
Section 1.1 - Acronyms
AES Advanced Encryption Standard
CM Cryptographic Module
SSP Sensitive Security Parameter
DRBG Deterministic Random Bit Generator
HMAC The Keyed-Hash Message Authentication code
KAT Known Answer Test
POST Power on Self-Test
CAST Cryptographic Algorithm Self-Test
PSID Printed SID
SED Self-Encrypting Drive
SHA Secure Hash Algorithm
SID Security ID
TCG Trusted Computing Group
Jun 26, 2024
4
Section 2 – Cryptographic Module Specification
KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC (listed in Section2.1 Product Version)
is used for solid state drive data security. The CM is a single chip hardware module implemented
as a sub-chip compliant with IG 2.3.B in the TC58NC1132GTC 0003 SoC (see Figure 1 in Section
7). Overall Security Rating of the CM is Level2 (See Table 1 in Section 1 for individual security
area levels). The CM is intended to be used by being embedded in TCG OPAL compliant solid
state drive.
The CM provides various cryptographic services using approved algorithms. The CM has
multiple functions, but they do not support the degraded operation. The physical boundary of
the CM is the TC58NC1132GTC 0003 SoC and the logical boundary of the CM is
TC58NC1132GTC CRPT module.
The CM has one approved mode of operation and CM is always in approved mode of operation
after initial operations are performed (See Section 11). In approved mode, the CM provides
services defined in Table 7 in Section 4.2.
Section 2.1 – Product Version
The CM are validated with the following versions:
Physical single-chip
The sub-chip cryptographic
subsystem soft circuitry core
The associated
firmware
TC58NC1132GTC 0003 TC58NC1132GTC CRPT module 0001 SC02AN
Table 2 ‐ Cryptographic Module Tested Configuration
Section 2.2 – Security Functions
The CM executes following approved algorithms:
CAVP Cert
Algorithm and
Standard
Mode/
Method
Description/Key
Size(s)/ Key
Strength(s)
Use/Function
#C1925
AES256
(FIPS 197 / SP800-38A)
CBC
Key Size: 256 bits/
Key Strength: 256 bits
Data and Key
Encryption/
Decryption
Jun 26, 2024
5
#C1925
AES256
(FIPS 197 / SP800-38E)
XTS1 Key Size: 256 bits/
Key Strength: 256 bits
Data Encryption/
Decryption
#C1925
SHA256
(FIPS 180-4)
N/A N/A
Hashing
messages
#C1925
HMAC-SHA256
(FIPS 198-1)
N/A
Key Size: 256 bits/
Key Strength: 256 bits
Message
Authentication
Code
#C2009
RSASSA-PKCS#1-v1_5
(FIPS 186-4)
N/A
Key Size: 2048 bits/
Key Strength: 112 bits
Signature
verification
#C2002
Hash_DRBG
(SP800-90A Rev.1)
N/A Hash based: SHA256
Deterministic
Random Bit
Generation
#C2001
KBKDF
(SP800-108 Revised)
Counter
MACs: HMAC-SHA256/
Key Size: 256 bits/
Key Strength 256 bits
Key derivation
#C1925
KTS
(IG D.G)
N/A
Combination of
AES256 CBC Mode and
HMAC-SHA256 /
Key Size: 256 bits/
Key Strength: 256 bits
Key Transport
Scheme
Vendor
Affirmation
CKG
(SP800-133 Rev.2)
N/A
Methods described in
section 4 of the
SP800-133 Rev.2
Cryptographic
Key Generation
ENT(P)
Entropy Source
(SP800-90B)
N/A N/A
Hardware RNG
used to seed the
approved
Hash_DRBG.
Table 3 ‐ Approved Algorithm
The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of
Operation.
1
ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the
Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different
according to IG C.I.
Jun 26, 2024
6
Section 2.3 – Module Configuration
Overview block diagram of the CM is shown below.
Figure 1 – Configuration of module and peripheral components
Components of the CM is shown with gray background include processor and memories (volatile
and non-volatile memory) and HW circuitry for cryptographic processing. Physical ports
bordering outside the CM’s boundary and the data passing over them are also indicated (see
Section 3 for details on physical ports and interfaces).
Section 3 – Cryptographic Module Interface
Physical port Logical
Interface
Data that passes over port/interface
Mailbox
AES circuit
DMAC
Lock Checker
Data Input Mailbox input parameter.
User data.
Read/Write destination address information.
Mailbox
AES circuit
DMAC
Data Output Mailbox output parameter.
User data.
Mailbox
Lock Checker
Control Input Mailbox command information.
Lock status confirmation request signal.
Mailbox
Lock Checker
Status Output Mailbox command result.
Lock status confirmation result signal.
Power PIN Power Input Power
Note: Control output is omitted in the table above because the CM does not implement this type of interface.
Table 4 ‐ Ports and Interface
Jun 26, 2024
7
Section 4 – Roles Services and Authentication
The relation between Roles and Services in this CM is shown below.
Role Service Input Output
FIPS Crypto Officer
(AdminSP.SID)
Download Port Lock/Unlock
Mailbox command Mailbox command result
Firmware Download2
Set PIN (for AdminSP.SID and
AdminSP.Admin1)
Authority Enable/Disable
Revert
Data Locking protection Enable
Sanitize
Format Namespace
Namespace Create/Delete
FIPS Crypto Officer
(AdminSP.Admin1)
Set PIN (for AdminSP.Admin1)
Mailbox command Mailbox command result
Revert
Sanitize
Format Namespace
Namespace Create/Delete
FIPS Crypto Officer
(LockingSP.Admin1-4)
Band Lock/Unlock
Mailbox command Mailbox command result
Cryptographic Erase
Cryptographic Erase and Initialize
Band State
Set Band position and Size,
Set Band position and Size for Band
of Single User Mode
Set PIN(for LockingSP.Admin1-4
and LockingSP.User1-192)
Authority Enable/Disable
Revert
Data Locking protection Enable
Sanitize
Format Namespace
Namespace Create/Delete
Band Set Enable
Band Set Disable
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
FIPS Crypto Officer
(LockingSP.User1)
Band Lock/Unlock for Band of
Single User Mode (for GlobalRange)
Mailbox command Mailbox command result
Cryptographic Erase for Band of
Single User Mode (for GlobalRange)
2
“Firmware Download” service is controlled by AdminSP.SID role and signature of downloaded
external firmware is verified (RSASSA-PKCS#1-v1_5).
Jun 26, 2024
8
Cryptographic Erase and Initialize
Band State (for GlobalRange)
Set Band position and Size for Band
of Single user Mode (for
GlobalRange
Set PIN (for LockingSP.User1),
Set PIN for Band of Single User
Mode (for LockingSP.Use1)
Format Namespace
Namespace Create/Delete
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
FIPS Crypto Officer
(LockingSP.User2)
Band Lock/Unlock for Band of
Single User Mode (for Band1)
Mailbox command Mailbox command result
Cryptographic Erase for Band of
Single User Mode (for Band1)
Cryptographic Erase and Initialize
Band State (for Band1)
Set Band position and Size for Band
of Single user Mode (for Band1)
Set PIN (for LockingSP.User2),
Set PIN for Band of Single User
Mode (for LockingSP.User2)
Format Namespace
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
… … … …
FIPS Crypto Officer
(LockingSP.User192)
Band Lock/Unlock for Band of
Single User Mode (for Band191)
Mailbox command Mailbox command result
Cryptographic Erase for Band of
Single User Mode (for Band191)
Cryptographic Erase and Initialize
Band State (for Band191)
Set Band position and Size for Band
of Single user Mode (for Band191)
Set PIN (for LockingSP.User192),
Set PIN for Band of Single User
Mode (for LockingSP.User192)
Format Namespace
Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data
None
Firmware Verification
Mailbox command Mailbox command result
Random Number Generation
Show Status
Zeroisation
Check Lock State Read/Write Command Lock state of each Band
Reset Power N/A
Table 5 ‐ Roles, Service Commands, Input and output
Jun 26, 2024
9
The CM supports the configuration of roles and services. The authenticated operator is expected
to configure locked bands for data storage, the associated role and the lock-based
authentication data (PIN) per Table 6 (refer to section 11 for detail settings to maintain secure
operation). Bands that are not configured are considered unprotected or plaintext. This
configuration enables Data Read/Write service using the lock-based authentication model (IG
4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with
appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the
bands must be controlled by a trusted operator outside of the module who has been
authenticated as the associated role until powered off. The module prevents Data read/write
service for locked bands. If Read and Write access needs to be inhibited prior to power off, the
operator who authenticates the role must set the bands to the locked state again.
Section 4.1 – Roles and Authentication
This section describes roles, authentication method, and strength of authentication.
Role Name Role Type
Type of
Authentication
Authentication
Authentication
Strength
Multi Attempt
strength
AdminSP.SID
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000 30 / 264
< 1 / 100,000
AdminSP.Admin1
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000 30 / 264
< 1 / 100,000
LockingSP.Admin1-4
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000 30 / 264
< 1 / 100,000
LockingSP.User1
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000 30 / 264
< 1 / 100,000
LockingSP.User2
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000 30 / 264
< 1 / 100,000
… … … … … …
LockingSP.User192
Crypto
Officer
Role PIN 1 / 264
< 1 / 1,000,000 30 / 264
< 1 / 100,000
Table 6 ‐ Identification and Authentication Policy
The CM performs role authentication by comparing whether the PIN entered by the user
matches the information stored inside the CM. PINs are hashed with SHA-256 to store them on
the CM. The PIN entered by the user is hashed and compared to the stored PIN hash.
PINs can be changed by executing the Set PIN Service (see Section4.2) with appropriate roles
authenticated. The CM refuses to set a PIN less than 8 bytes, and responds with an error if such
a setting is attempted. Therefore the probability that a random attempt will succeed is 1 / 264
<
1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 2sec
when authentication attempt fails, so the maximum number of authentication attempts is 30
Jun 26, 2024
10
times in 1 min. Consequently the probability that random attempts in 1min will succeed is 30 /
264
< 1 / 100,000.
The Roles of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set initial
authentication data to null (means data of length 0). These role’s authentication data are need
to be replaced upon the first-time authentication. Otherwise, the operator who assumes these
role cannot execute services except Set PIN and services that does not need authorized roles.
Section 4.2 – Services
This section describes services which the CM provides.
Service Description
Approved
Security
Function
Keys and/or
SSPs
Role(s)
Access
rights to
Keys
and/or
SSPs3
Indicator
Band Lock/Unlock Lock or unlock read /
write of user data in a
band.
KBKDF KDK
MEKs
LockingSP.Admin
1-4
E
G
Mailbox
command result
HMAC-SHA256 System MAC Key E
Band Lock/Unlock
for Band of Single
User Mode
Lock or unlock read /
write of user data in
band”X” of single user
mode.
LockingSP.User”X
+1”
Check Lock State Check a lock state of
band that read / write
user data.
N/A N/A None N/A
Band Lock state
Data Read/Write Encryption /
decryption of user
data to/from unlocked
band of SSD 4
.
AES256-XTS MEKs LockingSP.Admin
1-4
LockingSP.User1-
192
E Readable/Writab
le signal
from lock check
module
Cryptographic
Erase
Erase user data (in
cryptographic means)
by changing the key
that derives the data
encryption key.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
LockingSP.Admin
1-4
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Cryptographic
Erase for Band of
Single User Mode
Erase user data in
band”X” of single user
mode (in
cryptographic means)
by changing the key
that derives the data
encryption key.
LockingSP.user”X
+1”
3 The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively.
4
The band has to be unlocked by corresponding role beforehand.
Jun 26, 2024
11
Cryptographic
Erase and Initialize
Band State
Erase user data in
band”X” of single user
mode (in
cryptographic means)
by changing the key
that derives the data
encryption key, and
initialize the band
state.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
LockingSP.Admin
1-4
LockingSP.user”X
+1”
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Download Port
Lock/Unlock
Lock / unlock firmware
download.
N/A N/A AdminSP.SID N/A
Mailbox
command result
Firmware
Verification
Digital signature
verification for
firmware outside the
CM.
RSASSA-PKCS#1-
v1_5
Public Key
embedded on
the
CM’s code
None E
Mailbox
command result
Firmware
Download
Download a firmware
image5
.
SHA256 PubKey1 AdminSP.SID W, E
Mailbox
command result
RSASSA-PKCS#1-
v1_5
PubKey1 E
Random Number
Generation
Provide a random
number generated by
the CM.
Hash_DRBG DRBG Internal
Value
None E
Mailbox
command result
Set Band Position
and Size
Set the location and
size of the band.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
LockingSP.Admin
1-4
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Set Band Position
and Size for Band
of Single User
Mode
Set the location and
size of the band”X” of
single user mode.
LockingSP.Admin
1-4
LockingSP.User”X
+1”
Set PIN Set PIN
(authentication data).
SHA256 PINs AdminSP.SID,
AdminSP.Admin1
,
LockingSP.Admin
1-4,
LockingSP.User1-
192
W, E
Mailbox
command result
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS PINs W, R
Set PIN for Band of
Single User Mode
Set PIN
(authentication
data) of authority for
band”X” of single use
mode
LockingSP.User1-
192
Authority
Enable/Disable
Enable/Disable the
authority.
HMAC-SHA256 System MAC Key AdminSP.SID
LockingSP.Admin
1-4
E
Mailbox
command result
AES256-CBC System Enc Key E
Revert Initialize the band
State and disable band
lock setting.
SHA256 PINs AdminSP.SID,
AdminSP.Admin1
LockingSP.Admin
1-4,
W, E
Mailbox
command result
CKG (Hash_DRBG) DRBG Internal
Value
KDK
E
G, Z
5
Only the CMVP validated version is to be used
Jun 26, 2024
12
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS PINs
KDK
W, R
W, R
Data Locking
Protection Enable
Enable Data
protection with band
lock setting.
SHA256 PINs AdminSP.SID
LockingSP.Admin
1-4
W, E
Mailbox
command result
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS PINs W, R
Sanitize Erase all user data (in
cryptographic means)
by changing the key
that derives the data
encryption key.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
AdminSP.SID,
AdminSP.Admin1
,
LockingSP.Admin
1-4
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Format Namespace Erase user data (in
cryptographic means)
on Namespace by
changing the key that
derives the data
encryption key.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
AdminSP.SID,
AdminSP.Admin1
,
LockingSP.Admin
1-4,
LockingSP.User1-
192
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Namespace
Create/Delete
Create and delete
Namespace.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
AdminSP.SID,
AdminSP.Admin1
,
LockingSP.Admin
1-4,
LockingSP.User1
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Band Set Enable Set the location, size
and lock state of the
band.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
LockinSP.Admin1
-4
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Band Set Disable Initialize the location,
size and lock state of
the band.
CKG (Hash_DRBG) DRBG Internal
Value
KDK
LockingSP.Admin
1-4
E
G, Z
Mailbox
command result
KBKDF KDK
MEKs
E
G, Z
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK W, R
Show Status Report status of the
CM and versioning
information.
N/A N/A None N/A
Mailbox
command result
Zeroisation Erase SSPs. N/A RKey None6
Z Mailbox
6 Need to input PSID, which is public drive-unique value used for the zeroisation service.
Jun 26, 2024
13
KDK Z command result
MEKs Z
PINs Z
System MAC Key Z
System Enc Key Z
DRBG Internal
Value
Z
Reset Power-OFF:
Delete SSPs in RAM.
N/A System MAC Key None Z
N/A
System Enc Key Z
KDK Z
MEKs Z
PINs Z
DRBG Internal
Value
Z
PubKey1 Z
Power-ON:
Runs various self-tests
to be performed at
power-on ( POSTs,
CASTs, Firmware Load
test ) and generate /
import some SSPs.
RSASSA-PKCS#1-
v1_5
PubKey1 W, E
KBKDF RKey
System MAC Key
System Enc Key
E
G
G
Entropy Source DRBG Seed G
Hash_DRBG DRBG Seed
DRBG Internal
Value
E, Z
G
HMAC-SHA256 System MAC Key E
AES256-CBC System Enc Key E
KTS KDK
PINs
W
W
Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key.
Table 7 ‐ Approved services
Section 5 – Software/Firmware Security
Firmware Security of components in this CM is shown below.
ROM Code:
・ Form of the executable code: ELF format
・ Integrity verification method: 32bit CRC
・ Method for integrity test on demand: Power cycling
Firmware image (User Code):
・ Form of the executable code: ELF format
・ Integrity verification method: Approved signature verification (RSASSA-PKCS#1-v1_5, see
table 3)
・ Method for integrity test on demand: Power cycling
Jun 26, 2024
14
Section 6 – Operational Environment
Operational Environment requirements are not applicable because the CM does not employ
operating systems and operates in a non-modifiable environment that is the CM cannot be
modified and no code can be added or deleted.
Section 7 – Physical Security
The CM is a sub-chip enclosed in a single chip that is an opaque package. Gathering information
of the module’s internal construction or components is impossible without forcing the package
to open. In this case, it is confirmed package damage as a tamper-evidence. Operators of the
CM can ensure that the physical security is maintained to confirm the package has no obvious
attack damage. If the operator discovers tamper evidence, the CM should be removed.
Front Back
Figure 1 - TC58NC1132GTC 0003 SoC
Physical Security Mechanism
Recommended Frequency of
Inspection/Test
Inspection/Test Guidance Detail
Passivated opaque package Every month or every two months Confirmation that there is no visual damage
Table 8 ‐ Physical Security Inspection Guidelines
Section 8 – Non-invasive security
The CM does not apply Non-invasive security.
Jun 26, 2024
15
Section 9 – Sensitive security parameter management
The CM uses keys and SSPs in the following table.
Key/SSP
Name/Ty
pe
Strength
(bit)
Security
Function
and Cert
Number
Generation
Import/
Export
Establishment Storage Zeroisation
Use & related
keys
Critical Security Parameters (CSPs)
RKey 256 KBKDF
(#C2001)
Hash_DRBG
(Method
SP800-133
Rev.2 Section
4)
N/A Manufacturing Plaintext in
OTP
Explicit
Zeroisation
service
Derivation of System
Enc Key and System
MAC Key
System Enc
Key
256 AES-CBC
(#C1925)
KDF in Counter
Mode
N/A Power-On Plaintext in
RAM
Explicit
Zeroisation
service
Data and Key
Encryption /
Decryption for KTS
Implicit
Power-Off
System MAC
Key
256 HMAC
(#C1925)
KDF in Counter
Mode
N/A Power-On Plaintext in
RAM
Explicit
Zeroisation
service
Message
Authentication Code
generation and
verification for KTS
Implicit
Power-Off
KDK 256 KBKDF
(#C2001)
Hash_DRBG
(Method
SP800-133
Rev.2 Section
4)
Imported
and
Exported
by KTS
(see Table
3)
Key update
services7
Plaintext in
RAM
Encrypted
in System
Area
outside the
module
Explicit
Zeroisation
service,
Key update
services
Derivation of MEKs
Implicit
Power-Off
7 The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of
Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set
Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace,
Namespace Create/Delete and Band Set Enable.
Jun 26, 2024
16
using the
Approved
KTS
MEKs 256 AES-XTS
(#C1925)
KDF in Counter
Mode
N/A Band Lock/Unlock
service,
Key update
services
Plaintext in
AES
register
Explicit
Zeroisation
service,
Key update
services
Data Encryption /
Decryption
Implicit
Power-Off
PINs Referred to
in Section
4.1 (Table
6)
SHA256
(#C1925)
Electric input Imported
and
Exported
by KTS
(see Table
3)
Set PIN service Hashed in
RAM
Hashed +
Encrypted
in System
Area
outside the
module
using the
Approved
KTS
Explicit
Zeroisation
service
User authentication
Implicit
Power-Off
DRBG
Internal
Value
V: 440 bits
C: 440 bits
Hash_DRBG
(#C2002)
SP800-90A
Instantiation of
Hash_DRBG
N/A Power-On Plaintext in
RAM
Explicit
Zeroisation
service
Random number
generation
Implicit
Power-Off
DRBG Seed Entropy
Input
String and
Nonce: 512
bits
Hash_DRBG
(#C2002)
Entropy
collected from
Entropy Source
at instantiation
(Minimum
entropy of 8
bits: 6.31)
N/A Power-On Plaintext in
RAM
Implicit
Immediately
after use8
Random number
generation
Public Security Parameters (PSPs)
8
Zeroised after input to Hash_DRBG algorithm.
Jun 26, 2024
17
PubKey1 112 RSA
(#C2009)
Electric input Imported
during FW
load.
Power-on
FW Download
service
Plaintext in
RAM
Hashed in
OTP
Implicit
Power-Off
(Data in RAM)
Signature verification.
Table 9 ‐ SSPs
Entropy source Minimum number
of bits of entropy
Details
Entropy Source9
Minimum entropy
of 8 bits is 6.31.
Hardware RNG used to seed the approved
Hash_DRBG.
Table 10 ‐ Non-Deterministic Random Number Generation Specification
For the Entropy Source listed in the table above, self-tests are performed each time before data
is obtained (see Section 10 for details of these self-tests). When these tests detect that the
Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error
state. The CM can be recovered from the error state by rebooting the module, and the obtaining
of Entropy data is attempted again. If the CM continuously enters in error state in spite of
several trials of reboot, the CM may be sent back to factory to recover from error state.
Section 10 – Self Tests
The CM runs self-tests in the following table.
Function Self-Test Type Execution
Condition
Abstract Failure Behavior
AES256-CBC Conditional Power-On Encrypt and Decrypt KAT Enters Boot Error State.
(Indicated Error Code: 0x24)
AES256-XTS Conditional Power-On Encrypt and Decrypt KAT Enters Boot Error State.
(Indicated Error Code: 0x23)
SHA256 Conditional Power-On Digest KAT Enters Boot Error State.
(Indicated Error Code: 0x25)
9
The Entropy Source is a hardware module inside the CM boundary. The Entropy Source
supplies the Hash_DRBG with 512 bits entropy input. From Table 10 this input contains about
404 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.
Jun 26, 2024
18
HMAC-SHA256 Conditional Power-On Digest KAT Enters Boot Error State.
(Indicated Error Code: 0x26)
Hash_DRBG Conditional Power-On DRBG KAT Enters Boot Error State.
(Indicated Error Code: 0x18/0x19)
RSASSA-PKCS#1-v1_5 Conditional Power-On Signature verification KAT Enters Boot Error State.
(Indicated Error Code: 0x27)
KDF in Counter Mode Conditional Power-On KDF KAT Enters Boot Error State
(Indicated Error Code: 0x28)
Entropy Source (Health
tests of noise source at
startup.)
Conditional Power-On Verify not deviating from
the intended behavior of the
noise source by Repetition
Count Test and Adaptive
Proportion Test specified in
SP800-90B.
Enters Boot Error State
(Indicated Error Code: 0x2C/0x2D)
Hash_DRBG Conditional Random
number
generation
Verify newly generated
random number not equal to
previous one
Enters Error State.
(Indicated Error Code: 0x1D)
Entropy Source Conditional Entropy
output
request
Verify newly generated
random number not equal to
previous one
Enters Error State.
(Indicated Error Code: 0x1E)
Entropy Source
(Continuous noise source
health tests during
operation.)
Conditional Entropy
output
request
Verify not deviating from
the intended behavior of the
noise source by Repetition
Count Test and Adaptive
Proportion Test specified in
SP800-90B.
Enters Error State.
(Indicated Error Code: 0x2C/0x2D)
Firmware load test Conditional10
Power-on Verify signature of loaded
firmware image by
RSASSA-PKCS#1-v1_5
Enters Power Up Load Test Error
State
(Indicated Error Code: 0x13)
FW download Verify signature of
downloaded firmware image
by RSASSA-PKCS#1-v1_5
Enters Conditional Load Test Error
State. After reporting Error code,
transition from error state to
normal state and continue to
operate with FW before download.
10 Firmware load test is also run at the time of Power-up, and the integrity of the Firmware
loaded into the CM can be confirmed.
Jun 26, 2024
19
(Indicated Error Code: 0x13)
Firmware integrity test Pre-operational Power-On Verify ROM code integrity
with 32bit CRC.
Enters Boot Error State
(Implicit error reporting by
stopping the startup sequence)
Table 11 ‐ Self Tests
As shown in the table above, self-tests are performed automatically at the CM startup and
before execution certain security functions. Operator can also initiate self-test on-demand for
periodic testing by using the Reset service which is automatically invoked when the module is
powered-off and powered-on (rebooted).
If the self-tests fail, the CM reports error status and enters to the error state. In this case, the
CM must be powered-off to clear error condition. When power-on is executed again, self-tests
are also executed like an on-demand operator reset. If the CM continuously enters in error state
in spite of several trials of reboot, the CM may be sent back to factory to recover from error
state.
Section 11 – Life-cycle Assurance
In the SSD’s manufacturing process, installation is executed as below:
1. The Firmware described in Section 2.1 is downloaded into the CM.
2. Initial SSPs are generated.
3. Initial authentication information is set to the CM.
4. System area including SSPs generated in Step2 and Step3 are encrypted and calculated
message authentication code.
Initial operations to setup this CM are following:
1. Load Firmware into the CM.
2. Load system area including SSPs into the CM.
3. Execute Range state setting method.
4. Execute Download port setting method.
5. Execute Service execution state setting method.
6. Execute Namespace setting method.
The CM switches to approved mode after the initial operation success. When the initial
operation succeeds, the CM indicates success on the Status Output interface. Users can confirm
that the CM is in approved mode by executing Show Status service and checking that the
startup is successfully completed.
Jun 26, 2024
20
For secure operation, the following settings must be maintained:
 Data Locking Protection is Enabled
 Each Band is set to be locked when power-on. Bands that are not configured are considered
unprotected or plaintext.
(Refer to SSD setting procedure11
)
As described in Section 2, the CM is used by being embedded in the solid state drive. Therefore,
there are no maintenance requirements for the CM alone. Guidance for this module is provided
to solid state drive developers who embed the CM. The usage and maintenance of solid state
drives with the CM built-in are outside of the scope of this document.
Section 12 – Mitigation of Other Attacks
The CM does not mitigate other attacks beyond the scope of FIPS 140-3 requirements.
11 For maintaining secure condition, the SSD needs several setting at least.
Owners of the SSD that embeds the CM must use it securely according to the followings:
1. TCG LockingSP is enabled by Activate method.
2. Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included
GlobalRange) and it must not be modified.
3. For each band, "Power Cycle" of LockOnReset setting is not change.
4. If the LockingSP has been made disabled, the Activate method is re-executed before
PowerCycle is performed.