All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Samsung NVMe TCG Opal SSC SEDs BM1733a Series

Certificate#4681StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorSamsung Electronics Co., Ltd.
Medium review priority  ·  no TCB surface named  ·  last validated 28 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date3/24/2029
CaveatNone
VendorSamsung Electronics Co., Ltd.

Approved Algorithms (4)

AlgorithmACVP Cert
AES-XTSC1271
Hash DRBGA1720
RSA SigVer (FIPS186-4)A940
SHA2-256C1272

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Samsung NVMe TCG Opal SSC SEDs BM1733a Series
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output<br/>self-test</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Samsung NVMe TCG Opal SSC SEDs BM1733a Series
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output<br/>self-test</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

Samsung NVMe TCG Opal SSC SEDs BM1733a Series Document Version: 1.0 H/W Version: MZEM515THALC-00AMV F/W Version: MPOA3A5Q

Page 2

Revision History Version Change

1.0 Initial Version

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 3
Table of Contents
#SectionPage
Page 4
  1. General 1.1. Scope This document specifies the security policy for Samsung Electronics Co., Ltd. (“Samsung”) NVMe TCG Opal SSC SEDs BM1733a Series, herein after referred to as a “cryptographic module” or “module”, SSD (Solid State Drive), satisfies all applicable FIPS 140-3 Security Level 1 requirements of a hardware module, supporting TCG Opal SSC based SED (SelfEncrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase. ISO/IEC 24759 Section
  2. FIPS 140-3 Section Title Security Level [Number Below]
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A

Table

  1. Security Levels 1.2. Acronyms Acronym Description CTRL Controller CPU Central Processing Unit (ARM-based) DRAM Dynamic Random Access Memory DRAM I/F Dynamic Random Access Memory Interface ECC Error Correcting Code KAT Known Answer Test LBA Logical Block Address MEK Media Encryption Key MSID Manufactured SID (Security Identifier) NAND NAND Flash Memory NAND I/F NAND Flash Interface NVMe Non-Volatile Memory Host Controller Interface Specification ROM Read-only Memory Table
  2. Acronyms Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 5
  1. Cryptographic module specification 2.1. Cryptographic Boundary The following photograph shows the cryptographic module’s top and bottom views. The multiple-chip standalone cryptographic module consists of hardware and firmware components specified version in the Table 3 that are all enclosed in two aluminum alloy cases, which serve as the cryptographic boundary of the module. Figure
  2. Specification of the Samsung SSD NVMe TCG Opal SSC SEDs BM1733a Series Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 6

The firmware utilizes a single chip controller with an NVMe interface on the system side as well as Samsung NAND flash. The following figure depicts the module operational environment. The firmware within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-3 validation. Figure

  1. Block Diagram for Samsung SSD NVMe TCG Opal SSC SEDs BM1733a Series 2.2. Version information Model Hardware Version Firmware Version Drive Capacity BM1733a MZEM515THALC-00AMV MPOA3A5Q 15.36TB Table
  2. Cryptographic Module Tested Configuration Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 7

2.3. Cryptographic Functionality 2.3.1. Approved Algorithm The cryptographic module supports the following Approved algorithms for secure data storage: Description/ Mode/ CAVP Cert Algorithm and Standard Key Size(s)/ Use/Function Method Key Strength(s) C12711 AES / XTS, 256 bits Data Encryption / Decryption FIPS 197, SP 800-38E A1720 DRBG / Hash_ DRBG N/A Deterministic Random Bit SP 800-90A Rev. 1 (SHA-256) Generation A940 RSA / FIPS 186-4 PSS SigVer 3072 bits Digital Signature Verification (SHA-256) C1272 SHS / FIPS 180-4 SHA-256 N/A Message Digest Vendor CKG / SP 800-133 rev2 Section 4 and N/A Cryptographic Key Generation Affirmed Section 6.1 (Symmetric Keys) N/A ENT (P) / SP800-90B N/A N/A Non-deterministic Random Number Generator (only used for generating seed materials for the Approved DRBG) Table

  1. Approved Algorithms 2.3.2. Non-Approved Algorithm Following algorithms are not intended to be used as a security function, and not used whatsoever to meet any FIPS 140-3 requirements. These algorithms are not provided through a non-approved service to an operator. Algorithm Caveat Use / Function No Security Claimed; AES-XTS is only AES-XTS / used for firmware decryption during Firmware Decryption FIPS 197, SP 800-38E ROM initialized. AES-CCM / Key Encryption and Decryption FIPS 197, SP 800-38C No Security Claimed; Non-approved PBKDF2 Key Derivation algorithms here are only used for HMAC / encrypting or obfuscating the CSP. SHA-256 (SHS Cert.# Key Derivation C1272) Table
  2. Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed 2.4. Approved Mode of Operation The module only has a single approved mode of operation and does not have a non-approved mode of operation. The cryptographic module shows the approved mode through validated version status by Show Status Service in Table 8 via NVM express Identify Controller command. The only non-approved algorithms present in the module are allowed in the approved mode of operation with no security claimed in the module.

1 AES-ECB is the pre-requisite for AES-XTS; AES-ECB alone is NOT supported by the cryptographic module in the approved mode of operation.

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 8
  1. Cryptographic module interfaces Physical port Logical interface Type Data that passes over port/interface Data Input / Output plaintext data; signed data; commands input logically via an API; signals input logically or Control Input physically via one or more physical ports NVMe Connector status information output logically via an API; signal outputs Status Output logically or physically via one or more physical ports; Power Input Power input signals input logically or physically via one or more physical Control Input ports JTAG signal outputs logically or physically via one or more physical Status Output ports; Table
  2. Ports and Interfaces Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 9
  1. Roles, services, and authentication 4.1. Role The module does not support role authentication. Roles are implicitly assumed based on the service they are invoking. Role Service Input Output Lock/Unlock an LBA Range LBA Range status Erase an LBA Range’s Data LBA Range status Update the firmware FW image binary status Cryptographic Get Random Number N/A status Officer(CO) IO Command LBA status FormatNVM / Sanitize / DeleteNS LBA Range status Revert PSID N/A Perform Self-Tests N/A N/A Maintenance2 Diagnostics N/A N/A Table
  2. Roles, Service Commands, Input and Output 4.2. Service 4.2.1. Approved Services E: EXECUTE; W: WRITE; G: GENERATE; Z: ZEROISE Approved Type(s) of Service Description Security SSPs Roles Access3 Indicator4 Functions E W G Z Show approved version CO NVM Command: Show Status5 status of the module / N/A N/A Identify Controller command FIPS fail mode Result : Status Code UID: Locking_GlobalRange / Block or allow read Lock/Unlock Locking_RangeNNNN (decrypt) / write AES-XTS MEK O O O an LBA Range TCG Method: Set (encrypt) of user data. Result: TCG status code DRBG Internal O O State UID: Erase user data by DRBG Seed O O K_AES_256_GlobalRange_Key / Erase an LBA Hash_ DRBG changing the data K_AES_256_RangeNNNN_Key Range’s Data (SHA-256) DRBG Entropy TCG Method: GenKey encryption key. O O Input String Result: TCG status code MEK O O O FW Admin Command: Update the Update the firmware RSA Verification O Firmware Commit firmware Result : Status Code Key DRBG Internal Provide a random O O UID: ThisSP Get Random Hash_ DRBG State number generated by TCG Method: Random Number (SHA-256) DRBG Seed O O Result: TCG status code the CM. DRBG Entropy O O
2 Maintenance role is operator that has responsible for using the JTAG

3 It means that “Write” and “Zeroise” perform in each storage of SSPs that is described in Table 10. The (R)ead column, which is specified in

NIST SP 800-140B, is not applicable to the module.

4 The result of NVMe or TCG command is used as an indicator

5 The cryptographic module shows the hardware version and firmware version through the ‘Model Number (MN)’ and ‘Firmware Revision (FR)’

of Identify Controller Data Structure. If the module enters the FIPS Fail Mode, this service indicates “ERRORMOD” in Firmware Revision (FR). Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 10

Input String NVM Command: IO Command Read/Write user data AES-XTS MEK O Write / Read Result : Status Code DRBG Internal O O State Admin Command: FormatNVM / Erase user data by Hash_ DRBG DRBG Seed O O Format NVM / Sanitize / Sanitize / changing the data Namespace Management (SHA-256) DRBG Entropy DeleteNS encryption key. O O Result : Status Code Input String MEK O O O Erase user data in all UID: SPObj(AdminSP) Hash_ DRBG DRBG Internal Revert Range by changing the O O TCG Method: Revert (SHA-256) State Result: TCG status code data Power cycling the Perform Selfmodule to perform self- N/A N/A O N/A tests tests Maint Diagnostics Perform Maintenance N/A N/A enanc N/A e Table 8. Approved Services Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 11

5. Software/Firmware security - The cryptographic module employs the 428-byte parity for firmware integrity test - The firmware integrity test is performed when power on reset. - The masked ROM embedded in this module is guaranteed for a minimum 10 years after manufactured date under effective lifetime. - If this cryptographic module is no longer deployed, secure sanitization can be fulfilled by carrying out the following NVM Express commands; FormatNVM, Sanitize Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 12

6. Operational environment - The cryptographic module operates in a limited operational environment that is consist of the module’s firmware. This operational environment does not require any specific security rules, settings/configurations or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. - Since the cryptographic module is zeroised through the procedure for using maintenance role, it is restricted preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 13
  1. Physical security The following physical security mechanisms are implemented in a cryptographic module: • Production grade components. The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained: Recommended Frequency of Physical Security Mechanisms Inspection/Test Guidance Details Inspection/Test Production grade components N/A N/A Table
  2. Inspection/Testing of Physical Security Mechanisms The Cryptographic module supports a maintenance role. The maintenance access interface is defined as the JTAG port. In compliance with maintenance role requirements, the operator shall perform the following procedures. • The Cryptographic module must be zeroised by operator via Revert service when entering or exiting the maintenance role. • The operator should perform the power-on reset the module after exiting the maintenance role. Operator should confirm the original Firmware revision of the module has not changed. • The operator should inspect the JTAG port as often as feasible since the operator is responsible to manage for JTAG port of the module. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 14

8. Non-invasive security - Non-invasive security has not applicable for this cryptographic module Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 15
  1. Sensitive security parameter management - Temporary SSPs, stored in RAM are zeroised when power on reset. - Firmware integrity temporary values are zeroised after the firmware integrity test is complete - The zeroisation is performed overwriting the target SSP with random value which is creating through the DRBG. - SSPs are not exported to outside. Security Use & Key/SSP Function Import Establish Strength Generation Storage Zeroisation related Name/ Type and Cert. /Export ment keys Number A1720 SP 800-90A DRBG Internal 256-bit Hash_ DRBG HASH_DRBG N/A N/A RAM Power on Reset MEK State6 (SHA-256) (SHA-256) A1720 DRBG Seed 256-bit Hash_ DRBG ENT (P) N/A N/A RAM Power on Reset MEK (SHA-256) A1720 DRBG Entropy 256-bit Hash_ DRBG ENT (P) N/A N/A RAM Power on Reset MEK Input String (SHA-256) Via “Unlock an LBA Range”, “Erase an LBA SP 800-90A Plain Text C1271 Range’s Data”, MEK 256-bit HASH_DRBG N/A N/A in RAM, N/A AES-XTS “Revert” and (SHA-256) Flash “FormatNVM / Sanitize / DeleteNS” service Entered Right after FW Firmware HW SFR A940 during load test Firmware Verification 128-bits N/A N/A RSA manufact Load Test Key uring Flash N/A Table
  2. SSPs The module contains an entropy source, compliant with SP 800-90B, within the module’s cryptographic boundary. Entropy sources Minimum number of bits of entropy Details ENT (P) - 0.5 entropy per bit Entropy source for Hash_DRBG - Minimum of 256 bits of entropy for DRBG seed (total seed size of 512 bits). Table
  3. Non-Deterministic Random Number Generation Specification
6 The values of V and C are the “secret values” of the internal state

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 16
  1. Self-tests While executing the following self-tests, all data output is inhibited until self-test completion. To execute the pre-operational tests on-demand, the operator may power-cycle the module. If a cryptographic module fails a self-test, the module will enter an error state. While in this state, all data output is inhibited. 10.1. Pre-operational test • F/W integrity check - Firmware integrity check is performed by using 428-byte parity at power-on. 10.2. Conditional test • Cryptographic Algorithm Tests Algorithm Description Hash_DRBG KATs for Hash_DRBG (SHA-256) described in SP 800-90A Section 11.3.1, 11.3.2, 11.3.3, 11.3.4 AES-XTS AES256 XTS mode Encrypt and Decrypt KAT performed SHA-256 Hash Digest KAT performed (SHA-256) RSA, 2048 Signature verification KAT are performed (RSA 2048 PSS with SHA-256) modulus with SHA-256 Table
  2. Self-tests • Firmware load test - Firmware load test is performed using RSA-3072 with SHA-256 when new FW is downloaded. • Health test The cryptographic module has performed the below 2 types of tests and each test includes the Repetition Count test and Adaptive Proportion test described in SP800-90B. - Start-up test is performed for Entropy Source after power on reset. - Continuous test is performed for Entropy Source while the module is operating Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 17

11. Life-cycle assurance 11.1. Secure Installation

Page 18
  1. Mitigation of other attacks The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3 Mitigation Other Attacks Specific Limitations Mechanism N/A N/A N/A Table
  2. Mitigation of Other Attacks Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy