All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Samsung NVMe TCG Opal SSC SEDs BM1733a Series

Certificate#4698StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorSamsung Electronics Co., Ltd.
Low review priority  ·  no TCB surface named  ·  last validated 2 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date5/20/2029
CaveatNone
VendorSamsung Electronics Co., Ltd.

Approved Algorithms (4)

AlgorithmACVP Cert
AES-XTSC1271
Hash DRBGA1720
RSA SigVer (FIPS186-4)A940
SHA2-256C1272

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Samsung NVMe TCG Opal SSC SEDs BM1733a Series
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load<br/>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Samsung NVMe TCG Opal SSC SEDs BM1733a Series
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load<br/>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

Samsung NVMe TCG Opal SSC SEDs BM1733a Series Document Version: 1.3 H/W Version: MZWM515THALC-00AC9, MZWM515THALC-00AG6 F/W Version: MPO92E5Q, MPO93E5Q, NA50, MPO94E5Q, MPO96E5Q

Page 2

Revision History Version Change

1.0 Initial Version
1.1 Updated for MPO93E5Q and NA50
1.2 Updated for MPO94E5Q
1.3 Updated for MPO96E5Q

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 3
Table of Contents
#SectionPage
Page 4
  1. General 1.1. Scope This document specifies the security policy for Samsung Electronics Co., Ltd. (“Samsung”) NVMe TCG Opal SSC SEDs BM1733a Series, herein after referred to as a “cryptographic module” or “module”, SSD (Solid State Drive), satisfies all applicable FIPS 140-3 Security Level 2 requirements of a hardware module, supporting TCG Opal SSC based SED (SelfEncrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase. ISO/IEC 24759 Section
  2. FIPS 140-3 Section Title Security Level [Number Below]
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 2
5 Software/Firmware security 2

6 Operational environment N/A

7 Physical security 2

8 Non-invasive security N/A

9 Sensitive security parameter management 2

10 Self-tests 2

11 Life-cycle assurance 2

12 Mitigation of other attacks N/A

Table

  1. Security Levels 1.2. Acronyms Acronym Description CTRL Controller CPU Central Processing Unit (ARM-based) DRAM Dynamic Random Access Memory DRAM I/F Dynamic Random Access Memory Interface ECC Error Correcting Code KAT Known Answer Test LBA Logical Block Address LDPC Low Density Parity Check MEK Media Encryption Key MSID Manufactured SID(Security Identifier) NAND NAND Flash Memory NAND I/F NAND Flash Interface NVMe Non-Volatile Memory Host Controller Interface Specification ROM Read-only Memory SFR Special Function Register Table
  2. Acronyms Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 5
  1. Cryptographic module specification 2.1. Cryptographic Boundary The following photographs show the cryptographic module’s top and bottom views. The multiple-chip standalone cryptographic module consists of hardware and firmware components that are all enclosed in two aluminum alloy cases, which serve as the cryptographic boundary of the module. Figure
  2. Specification of the Samsung SSD NVMe TCG Opal SSC SEDs BM1733a Series Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 6

The firmware utilizes a single chip controller with an NVMe interface on the system side as well as Samsung NAND flash. The following figure depicts the module operational environment. The firmware within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-3 validation. Any firmware loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation Figure

  1. Block Diagram for Samsung SSD NVMe TCG Opal SSC SEDs BM1733a Series 2.2. Version information Model Hardware Version Firmware Version Drive Capacity MZWM515THALC-00AC9 MPO92E5Q MPO93E5Q 15.36TB BM1733a MPO94E5Q MPO96E5Q MZWM515THALC-00AG6 NA50 15.3TB Table
  2. Cryptographic Module Tested Configuration Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 7

2.3. Cryptographic Functionality 2.3.1. Approved Algorithm The cryptographic module supports the following Approved algorithms for secure data storage: Description/ Mode/ CAVP Cert Algorithm and Standard Key Size(s)/ Use/Function Method Key Strength(s) C1271 1 AES / XTS 256 bits Data Encryption / Decryption FIPS 197, SP 800-38E (only used for storage) A1720 DRBG / Hash_DRBG N/A Deterministic Random Bit SP 800-90A Rev. 1 (SHA-256) Generation A940 RSA / FIPS 186-4 PSS SigVer (SHA- 3072 bits Digital Signature Verification 256) C1272 SHS / FIPS 180-4 SHA-256 N/A Message Digest Vendor CKG / SP 800-133 rev2 Section 4 and N/A Cryptographic Key Generation Affirmed Section 6.1 (Symmetric Keys) N/A ENT (P) / SP800-90B N/A N/A Non-deterministic Random Number Generator (only used for generating seed materials for the Approved DRBG) ENT (P) provides a minimum of 256 bits of entropy for DRBG seed Table 4. Approved Algorithms 2.3.2. Non-Approved Algorithm Following algorithms are not intended to be used as a security function, and not used whatsoever to meet any FIPS 140-

3 requirements. These algorithms are not provided through a non-approved service to an operator.

Algorithm Caveat Use / Function No Security Claimed; AES-XTS is only used AES-XTS / Firmware Removal of for firmware removal of obfuscation during FIPS 197, SP 800-38E obfuscation ROM initialized. (IG 2.4.A Scenario #2) AES-CCM / Key obfuscation and FIPS 197, SP 800-38C No Security Claimed; Non-approved Removal of obfuscation PBKDF2 algorithms here are only used for Non-SSP Derivation HMAC / obfuscation and removal of obfuscation the SHA-256 (SHS Cert.# CSP. (IG 2.4.A Scenario #1) Non-SSP Derivation C1272) Table 5. Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed 2.4. Approved Mode of Operation The module only has a single approved mode of operation and does not have a non-approved mode of operation. The cryptographic module shows the approved mode through validated version status by Show Status Service in Table 9 via NVM express Identify Controller command. The non-approved algorithms are allowed in the approved mode of operation with no security claimed in the module.

1 AES-ECB is the pre-requisite for AES-XTS; AES-ECB alone is NOT supported by the cryptographic module in Approved Mode.

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 8
  1. Cryptographic module interfaces Physical Port Logical Interface Type Data that Passes Over Port/Interface plaintext data; signed data; Data Input authentication data Data Output plaintext data; commands input logically via an API (e.g. for the software and firmware components of the cryptographic module); Control Input NVMe Connector signals input logically or physically via one or more physical ports (e.g. for the hardware components of the cryptographic module); status information output logically via an API; Status Output signal outputs logically or physically via one or more physical ports; Power Power input Table
  2. Ports and Interfaces Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 9
  1. Roles, services, and authentication 4.1. Role The following table defines the roles, and associated services supported by the each role: Role Service Input Output Cryptographic Officer(CO) Lock/Unlock an LBA Range LBA Range Status and User Erase an LBA Range’s Data LBA Range Status CO Change the Password. CO Password Status User Set User Password User Password Status Table
  2. Roles, Service Commands, Input and Output 4.2. Approved service E: EXECUTE; W: WRITE; G: GENERATE; Z: ZEROISE Approved Type(s) of Service Description Security SSPs Role Access 2 Indicator 3 Functions E W G Z CO Password O O O UID: AdminSP_SID_C_PIN / Change the Change CO Hashed CO AdminSP_Admin1_C_PIN SHA-256 CO Password. password Authentication O O O TCG Method: Set Data Result: TCG status code User Password O O O UID: LockingSP_Admin1~4_C_PIN / Set User Set User Hashed User SHA-256 User LockingSP_User1~9_C_PIN Password Password Authentication O O O TCG Method: Set Data Result: TCG status code Block or allow UID: Locking_GlobalRange / Lock/Unlock an read (decrypt) / Locking_RangeNNNN N/A MEK O O LBA Range 4 write (encrypt) of TCG Method: Set user data Result: TCG status code DRBG Internal CO, User O O O O UID: State Erase user data by K_AES_256_GlobalRange_Key / Erase an LBA Hash_ DRBG changing the data K_AES_256_RangeNNNN_Key Range’s Data (SHA-256) encryption key TCG Method: GenKey MEK O O O Result: TCG status code Table
  3. Authenticated Services

2 It means that “Write” and “Zeroise” perform in each storage of SSPs that is described in Table 13. The (R)ead column, which is specified in

NIST SP 800-140B, is not applicable to the module.

3 The result of NVMe or TCG command is used as an indicator.

4 The CO can grant Users the authority to utilize this service via updating the “Locking SP ACE Table”, in accordance with the TCG specification

(included in the Lock/Unlock an LBA Range service). Initially, only the CO can perform this service. This module provides an indicator which shows when Self-Initiated Cryptographic Output Capability is activated or inactivated. The operator can check whether the target range is locked or unlocked through the ‘getLockingTable’ query per the TCG specification. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 10

- Following table shows unauthenticated services. It is initially possible to use the services in following table without authentication. Approved Type(s) of Service Description Security SSPs Role Access Indicator 5 Functions E W G Z Show approved version NVM Command: Show Status 6 status of the module / N/A N/A Identify Controller command FIPS fail mode Result : Status Code UID: AdminSP_SID / CO Password O O AdminSP_Admin1 / Authenticate to the LockingSP_Admin1~4 / Authentication SHA-256 module LockingSP_User1~9 User Password O O TCG Method: Authenticate Result: TCG status code UID: ThisSP Get Random Provide a random number Hash_ DRBG DRBG Internal O O TCG Method: Random Number generated by the CM (SHA-256) State Result: TCG status code NVM Command: IO Command 7 Read/Write user data. AES-XTS MEK O Write / Read Result : Status Code DRBG Internal O O State Erase user data in all MEK N/A O O O Range by changing the UID: SPObj(AdminSP) Hash_ DRBG Revert data encryption key and TCG Method: Revert (SHA-256) Hashed CO clearing the Result: TCG status code authentication data Authentication O Data Hashed User Authentication O Data DRBG Internal O O O O Admin Command: FormatNVM / Erase user data by State Hash_ DRBG Format NVM / Sanitize / Sanitize / changing the data (SHA-256) Namespace Management DeleteNS encryption key MEK O O O Result : Status Code Firmware Admin Command: Update the Update the firmware RSA Verification O O Firmware Commit firmware 8 Key Result : Status Code Power cycling the module Perform Self-tests N/A N/A N/A to perform self-tests Table 9. Unauthenticated Services

5 The module only supports approved services in an approved manner. The module uses implicit indicators through the result of the NVMe or

6 The cryptographic module shows the hardware version and firmware version through the ‘Model Number (MN)’ and ‘Firmware Revision (FR)’

of Identify Controller Data Structure. If the module enters the FIPS Fail Mode, this service indicates “ERRORMOD” in Firmware Revision (FR).

7 The I/O command itself is the approved service where Self-Initiated Cryptographic Output Capability occurs, while the unlock request (via

Lock/Unlock an LBA range” service) is the authorized enablement of this capability.

8 This service is exempted from being authenticated by exception clause (c) of IG 4.1.A.

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 11

4.3. Authentication This module provides the role-based authentication. The authentication mechanism allows a minimum 8-byte length or longer (up to 32-byte) password, where each byte can be any of 0x00 to 0xFF, for every Cryptographic Officer and User role supported by the module, which means a single random attempt can succeed with the probability of 1/264 or lower. Each Password authentication attempt takes at least 750ms. It means, the number of attempts possible in a minute period is maximum 80 attempts (60000ms/750ms). Role Authentication Method Authentication Strength CO Password Probability of 1/264 in a single random attempt User (Min: 8 bytes, Max: 32 bytes) Probability of 80/264 in multiple random attempts in a minute Table 10. Roles and Authentication Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 12

5. Software/Firmware security - The cryptographic module employs the 428-byte parity for firmware integrity test - The firmware integrity test is performed when power on reset. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 13

6. Operational environment - The cryptographic module operates in a limited operational environment that is consist of the module’s firmware. This operational environment does not require any specific security rules, settings, configurations or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 14
  1. Physical security The following physical security mechanisms are implemented in a cryptographic module: • The module consists of production-grade components enclosed in an aluminum alloy enclosure, which is opaque within the visible spectrum. The top panel of the enclosure can be removed by unscrewing screws. However, the module is sealed with tamper-evident labels in accordance with FIPS 140-3 Level 2 Physical Security requirements so that tampering is easily detected when the top and bottom cases are detached. • 2 tamper-evident labels are applied over both top and bottom cases of the module at the factory. The tamper-evident labels are not removed and reapplied without tamper evidence. • The tamper-evident labels are applied by Samsung at Manufacturing. The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained: Physical Security Recommended Frequency Inspection/Test Guidance Details Mechanisms of Inspection/Test Inspect the entire perimeter for cracks, gouges, Production grade cases lack of screw(s) and other signs of tampering. Remove from service if tampering found. As often as feasible Inspect the sealing labels for scratches, gouges, Tamper-evident Sealing cuts and other signs of tampering. Remove from Labels service if tampering found. Table
  2. Inspection/Testing of Physical Security Mechanisms Figure
  3. Tamper Evident Label Placement Figure
  4. Example of Signs of Tamper Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 15

8. Non-invasive security - Non-invasive security has not applicable for this cryptographic module Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 16
  1. Sensitive security parameter management - Temporary SSPs are zeroised when power on reset. - Firmware integrity temporary values are zeroised after the firmware integrity test is complete. - The zeroisation is performed before overwriting to the target SSP with random value which is generated from the DRBG. - SSP’s are not exported outside the module. Security Estab Use & Key/SSP Function and Import Strength Generation lishm Storage Zeroisation Related Name/ Type Cert. /Export ent Keys Number A1720 SP 800-90A DRBG Internal Plaintext in 256-bit Hash_ DRBG HASH_DRBG N/A N/A Power on Reset MEK State 9 RAM (SHA-256) (SHA-256) A1720 Plaintext in DRBG Seed 256-bit Hash_ DRBG ENT (P) N/A N/A Power on Reset MEK RAM (SHA-256) A1720 DRBG Entropy Plaintext in 256-bit Hash_ DRBG ENT (P) N/A N/A Power on Reset MEK Input String RAM (SHA-256) Manual Via Min. 64- Plaintext in CO Password N/A N/A Distribution/Ele N/A “Authentication” N/A bit RAM ctronic Entry service Manual Via Min. 64- Plaintext in User Password N/A N/A Distribution/Ele N/A “Authentication” N/A bit RAM ctronic Entry service Hashed CO Hashed from Via “Change the C1272 Plaintext in Authenticatio 128-bit Password as N/A N/A Password” and N/A SHA-256 Flash n Data per SHA-256 Revert” service Hashed User Hashed from Via “Set User C1272 Plaintext in Authenticatio 128-bit Password as N/A N/A Password” and N/A SHA-256 Flash n Data per SHA-256 Revert” service Via “Unlock an LBA Range”, “Erase an LBA SP 800-90A Plaintext in Range’s Data”, C1271 MEK 256-bit HASH_DRBG N/A N/A RAM and “Revert” and N/A AES-XTS (SHA-256) Flash “FormatNVM / Sanitize / DeleteNS” service Plaintext in Right after FW Firmware Hardware Firmwar A940 Entered during load test Verification 128-bit N/A N/A SFR e load RSA manufacturing Key Plaintext in test N/A Flash Table
  2. SSPs The module contains an entropy source, compliant with SP 800-90B, within the module’s cryptographic boundary. Entropy Sources Minimum Number of Bits of Entropy Details ENT (P) - 0.5 entropy per bit Entropy source for - Minimum of 256 bits of entropy for DRBG seed Hash_DRBG (total seed size of 512 bits). Table
  3. Non-Deterministic Random Number Generation Specification The values of V and C are the “secret values” of the internal state Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 17
  1. Self-tests While executing the following self-tests, all data output is inhibited until self-test completion. To execute the preoperational tests on-demand, the operator may power-cycle the module. If a cryptographic module fails a self-test, the module will enter an error state. While in this state, all data output is inhibited. 10.1. Pre-operational Test • Firmware integrity check – Firmware integrity check is performed by using 428-byte parity at power-on. 10.2. Conditional Test Algorithm Type Description KATs for Hash_DRBG (SHA-256) described in SP 800-90A Section 11.3.1, 11.3.2, Cryptographic algorithm DRBG 11.3.3, 11.3.4 self-test KAT performed with 512-bit entropy input Cryptographic algorithm Encrypt and Decrypt KAT performed with 512-bit key size AES-XTS self-test Cryptographic algorithm Hash Digest KAT performed with 256-bit message size SHA self-test Cryptographic algorithm Verify KAT performed with 3072 Modulus (3072-bit key size) and SHA-256. RSA self-test RSA Firmware load test Perform using RSA-3072 with SHA-256 when new firmware is downloaded. Perform the below 2 types of tests and each test includes the Repetition Count test and Adaptive Proportion test described in SP800-90B. Cryptographic algorithm ENT (P) • Start-up test is performed for Entropy Source after power on reset. self-test • Continuous test is performed for Entropy Source while the module is operating Table
  2. Self-tests 10.3. Error States Name Description Conditions Recovery Method Indicator Error state in The module does Integrity test or SP Power cycle Hang state. No action Boot not provide any 800-90B start-up crypto operation. failure during boot Error State Any other self-test If the module enters the FIPS failure Fail Mode, Show Status service indicates “ERRORMOD” in Firmware Revision (FR). Table
  3. Error States Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 18

11. Life-cycle assurance The following specifies the security rules under which the cryptographic module shall operate in accordance with FIPS 140-3:

Page 19
  1. Mitigation of other attacks The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3 Mitigation Other Attacks Specific Limitations Mechanism N/A N/A N/A Table
  2. Mitigation of Other Attacks Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy