Crypto Module for Intel® Alder Point PCH Converged Security and Manageability Engine (CSME)

Certificate #4749

Webpage information ?

Status active
Validation dates 02.08.2024
Sunset date 01-08-2026
Standard FIPS 140-3
Security level 2
Type Firmware-Hybrid
Embodiment Single Chip
Caveat Interim Validation. When operated in approved mode. When initialized and configured as specified in Section 11 of the Security Policy.
Exceptions
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Cryptographic Module for Intel® Converged Security and Manageability Engine(CSME) is a firmware-hybrid module. The module consists of both hardware and firmware. The hardware portion is the Converged Security Engine (CSE) and the firmware portion is the crypto driver process of the Manageability Engine (ME). The two portions form the cryptographic boundary and they combine as Converged Security and Manageability Engine (CSME) to perform cryptographic functions within the Alder Point PCH applications executing on the CSME OS.
Version (Hardware) 4.6.0.0
Version (Firmware) 5.2.0.0
Tested configurations
  • CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-M/P with Alder Lake M CPU
  • CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-M/P with Raptor Lake HX CPU
  • CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-S with Alder Lake S CPU
  • CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-S with Raptor Lake P CPU
  • CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-S with Raptor Lake S CPU
Vendor Intel Corporation
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, AES-, CAST, SM4, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-224, HMAC-SHA-512, CMAC, CBC-MAC
Asymmetric Algorithms
RSA-PSS, RSA-OAEP, ECDH, ECDHE, ECDSA, ECC, Diffie-Hellman
Hash functions
SHA-1, SHA-224, SHA-384, SHA-256, SHA-512, MD5
Schemes
MAC, Key Agreement
Randomness
DRBG
Elliptic Curves
P-256, P-384, secp256k1
Block cipher modes
ECB, CBC, CTR, OFB, GCM

JavaCard API constants
SM2
Trusted Execution Environments
SSC

Security level
level 2, Level 1, Level 2
Side-channel analysis
DPA, timing attacks

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 198-1, FIPS 186-4, FIPS 180-4, FIPS186-4, FIPS140-3, FIPS180-4, FIPS197, FIPS198-1, SP 800-56C, SP 800-90B, SP 800-38D, PKCS#1, ISO/IEC 24759

File metadata

Title FIPS 140-3 Non-Proprietary Security Policy
Author Renaudt Nunez
Creation date D:20240719184007-05'00'
Modification date D:20240719184007-05'00'
Pages 45
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 09.09.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf.
  • 03.08.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4749,
  "dgst": "66dfd8bb9bcf776b",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES-CBCA3362",
        "HMAC-SHA2-224A3362",
        "AES-GCMA3362",
        "KDF SP800-108A3362",
        "ECDSA SigVer (FIPS186-4)A3362",
        "HMAC-SHA-1A3362",
        "HMAC-SHA2-512A3362",
        "ECDSA KeyGen (FIPS186-4)A3362",
        "AES-CMACA3362",
        "ECDSA KeyVer (FIPS186-4)A3362",
        "HMAC-SHA2-256A3362",
        "AES-OFBA3362",
        "SHA2-256A3362",
        "RSA SigGen (FIPS186-4)A3362",
        "HMAC-SHA2-384A3362",
        "SHA2-224A3362",
        "SHA2-384A3362",
        "AES-ECBA3362",
        "RSA Decryption PrimitiveA3362",
        "AES-CTRA3362",
        "RSA KeyGen (FIPS186-4)A3362",
        "AES-CFB128A3362",
        "SHA-1A3362",
        "KTS-IFCA3362",
        "KAS-ECC Sp800-56Ar3A3362",
        "SHA2-512A3362",
        "ECDSA SigGen (FIPS186-4)A3362",
        "RSA SigVer (FIPS186-4)A3362",
        "Counter DRBGA3362",
        "RSA Signature PrimitiveA3362"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "4.6.0.0",
        "5.2.0.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 21
          },
          "ECDH": {
            "ECDH": 12,
            "ECDHE": 5
          },
          "ECDSA": {
            "ECDSA": 56
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 4
          }
        },
        "RSA": {
          "RSA-OAEP": 3,
          "RSA-PSS": 6
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CTR": {
          "CTR": 3
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 9
        },
        "OFB": {
          "OFB": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 5
        },
        "MAC": {
          "MAC": 12
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 20,
          "P-384": 4,
          "secp256k1": 4
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 48
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-256": 2,
          "HMAC- SHA-512": 1,
          "HMAC-SHA- 224": 2,
          "HMAC-SHA-1": 8,
          "HMAC-SHA-256": 12,
          "HMAC-SHA-384": 6,
          "HMAC-SHA-512": 4,
          "HMAC-SHA-512 KAT 9": 2,
          "HMAC-SHA256": 2,
          "PKCS#1": 19,
          "RSA PKCS#1": 5,
          "RSA7": 1,
          "SHA- 384": 2,
          "SHA- 512": 2,
          "SHA-1": 16,
          "SHA-224": 8,
          "SHA-256": 17,
          "SHA-384": 8,
          "SHA-512": 10
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 1,
          "Level 2": 2,
          "level 2": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 23
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 16
          },
          "SHA2": {
            "SHA-224": 10,
            "SHA-256": 15,
            "SHA-384": 10,
            "SHA-512": 8
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "SM2": 10
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 29
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "DPA": 2,
          "timing attacks": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 11,
          "FIPS 180-4": 1,
          "FIPS 186-4": 13,
          "FIPS 197": 3,
          "FIPS 198-1": 1,
          "FIPS PUB 140-3": 2,
          "FIPS140-3": 1,
          "FIPS180-4": 1,
          "FIPS186-4": 3,
          "FIPS197": 1,
          "FIPS198-1": 1
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-38D": 1,
          "SP 800-56C": 3,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS#1": 12
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 35,
            "AES-": 5,
            "AES-256": 2
          },
          "CAST": {
            "CAST": 5
          }
        },
        "constructions": {
          "MAC": {
            "CBC-MAC": 1,
            "CMAC": 2,
            "HMAC": 19,
            "HMAC-SHA-224": 1,
            "HMAC-SHA-256": 5,
            "HMAC-SHA-384": 4,
            "HMAC-SHA-512": 2
          }
        },
        "miscellaneous": {
          "SM4": {
            "SM4": 4
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 3
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Renaudt Nunez",
      "/CreationDate": "D:20240719184007-05\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240719184007-05\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "FIPS 140-3 Non-Proprietary Security Policy",
      "pdf_file_size_bytes": 793638,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://platformsw.intel.com/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35153",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35972\u0026displayMode=CollapsedAlgorithm"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 45
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "b4d36dbcda77650e7e3d5ce353a97f46a14db035e4b9da3f53ccd9a493564910",
    "policy_txt_hash": "0c7a3b0fd0c4e894a34d0c7d1ab74a09c22555b4128e4ee78f4dd678f1d681c2"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim Validation. When operated in approved mode. When initialized and configured as specified in Section 11 of the Security Policy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
    "date_sunset": "2026-08-01",
    "description": "The Cryptographic Module for Intel\u00ae Converged Security and Manageability Engine(CSME) is a firmware-hybrid module. The module consists of both hardware and firmware. The hardware portion is the Converged Security Engine (CSE) and the firmware portion is the crypto driver process of the Manageability Engine (ME). The two portions form the cryptographic boundary and they combine as Converged Security and Manageability Engine (CSME) to perform cryptographic functions within the Alder Point PCH applications executing on the CSME OS.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Operational environment: N/A",
      "Non-invasive security: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": "5.2.0.0",
    "historical_reason": null,
    "hw_versions": "4.6.0.0",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "Crypto Module for Intel\u00ae Alder Point PCH Converged Security and Manageability Engine (CSME)",
    "module_type": "Firmware-Hybrid",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-M/P with Alder Lake M CPU",
      "CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-M/P with Raptor Lake HX CPU",
      "CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-S with Alder Lake S CPU",
      "CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-S with Raptor Lake P CPU",
      "CSME OS with firmware version 16.1.25.2124 running on Alder Point PCH-S with Raptor Lake S CPU"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-08-02",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Intel Corporation",
    "vendor_url": "http://www.intel.com"
  }
}