All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Marvell LS2 HSM Family

Certificate#4703StandardFIPS 140-3Level3TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorMarvell Semiconductor, Inc.
Medium review priority  ·  exposes boot-chain verification, firmware-update authentication, debug/recovery interface, HSM/SE firmware trust anchor  ·  U-Boot upstream has published 10 CVEs since this module's initial validation  ·  last validated 5 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date6/5/2029
EntropyENT (P)
CaveatWhen operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy
VendorMarvell Semiconductor, Inc.
Hardware versionsLS2-G-A050-B0, LS2-G-A100-B0, LS2-G-A200-B0, LS2-G-A300-B0, LS2-G-A400-B0

Vendor resources (verify with the vendor)

Product pagehttps://www.marvell.com/products/security-solutions/liquidsecurity2.html
Support pagehttps://www.marvell.com/support/security-solutions.html closed support
Documentationhttps://www.marvell.com/content/dam/marvell/en/public-collateral/security-solutions/marvell-liquidsecurity2-hsm-adapters-product-brief.pdf
https://www.marvell.com/support/doc-library.html
AssessmentPublic product brief is available; the LS2 admin/SDK documentation is behind the Marvell Customer Portal login. Support page is a contact form.

Approved Algorithms (67)

AlgorithmACVP Cert
AES-CBCA1947
AES-CBCA1948
AES-CCMA1947
AES-CMACA1947
AES-CMACA1948
AES-CTRA1947
AES-ECBA1947
AES-GCMA1947
AES-GCMA1948
AES-GMACA1947
AES-KWA1948
AES-KWPA1948
Counter DRBGA1948
ECDSA KeyGen (FIPS186-4)A1948
ECDSA KeyGen (FIPS186-4)A2393
ECDSA KeyVer (FIPS186-4)A1948
ECDSA SigGen (FIPS186-4)A1947
ECDSA SigGen (FIPS186-4)A1948
ECDSA SigVer (FIPS186-4)A1948
Hash DRBGA1947
HMAC-SHA-1A1948
HMAC-SHA2-256A1947
HMAC-SHA2-256A1948
HMAC-SHA2-384A1947
HMAC-SHA2-384A1948
HMAC-SHA2-512A1947
HMAC-SHA2-512A1948
KAS-ECC Sp800-56Ar3A1948
KAS-ECC-SSC Sp800-56Ar3A1947
KAS-ECC-SSC Sp800-56Ar3A1948
KAS-IFC-SSCA1948
KDA HKDF Sp800-56Cr1A1948
KDA OneStep Sp800-56Cr1A1948
KDA TwoStep Sp800-56Cr1A1948
KDF ANS 9.63A1948
KDF SP800-108A1948
KDF TLSA1947
KTS-IFCA1948
KTS-IFCA2393
PBKDFA1948
RSA Decryption PrimitiveA1947
RSA Decryption PrimitiveA1948
RSA KeyGen (FIPS186-4)A1948
RSA KeyGen (FIPS186-4)A2393
RSA SigGen (FIPS186-4)A1948
RSA Signature PrimitiveA1947
RSA SigVer (FIPS186-4)A1946
RSA SigVer (FIPS186-4)A1948
SHA-1A1947
SHA-1A1948
SHA2-256A1946
SHA2-256A1947
SHA2-256A1948
SHA2-384A1947
SHA2-384A1948
SHA2-512A1947
SHA2-512A1948
SHA3-224A1947
SHA3-256A1947
SHA3-384A1947
SHA3-512A1947
SHAKE-128A1947
SHAKE-256A1947
TDES-CBCA1947
TDES-ECBA1947
TDES-ECBA1948
TDES-KWA1948

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification3
Cryptographic Module Interfaces3
Roles, Services, and Authentication3
Software/Firmware Security3
Operational EnvironmentN/A
Physical Security3
Non-Invasive SecurityN/A
Sensitive Security Parameter Management3
Self-Tests3
Life-Cycle Assurance3
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Marvell LS2 HSM Family
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>MARVELL-LS2-FW-*, MARVELL-LS2-UBOOT-*</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>CN_LOAD_RECOVERY_KEY_INIT CN_LOAD_RECOVERY_KEY_FI…<br/>CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_END<br/>CN_UPDATE_LICENSE</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>USB FTDI USB to Multi-Channel Serial SPI/I2C…<br/>PCIe<br/>PCIe SMBus</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>arm trusted firmware</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Marvell LS2 HSM Family
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>MARVELL-LS2-FW-*, MARVELL-LS2-UBOOT-*</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>CN_LOAD_RECOVERY_KEY_INIT CN_LOAD_RECOVERY_KEY_FI…<br/>CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_END<br/>CN_UPDATE_LICENSE</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>USB FTDI USB to Multi-Channel Serial SPI/I2C…<br/>PCIe<br/>PCIe SMBus</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>arm trusted firmware</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Marvell LS2 HSM Family January 29, 2026

Page 2
RevisionDateAuthorChange Description
1.0October 18, 2021Phanikumar KancharlaFW v1.0 build 01 CMVP initial submission.
1.0.1April 6, 2022Phanikumar Kancharla and Girish Kumar YerraFW 10.0 build 03 update.
1.0.1aJanuary 12, 2023Girish Kumar YerraAddressing CMVP comments and adding bug fixes.
1.0.1bAugust 16, 2023Rajendar KalwaAddressed comments from NIST. Updated FW build with changes to address CMVP comments and bug fixes to 10.01-07
1.0.1cDecember 27, 2023Rajendar KalwaAddressed comments from NIST. Updated FW build with changes to address algorithm transitions and bug fixes to 10.02-1101
1.0.1dMay 13, 2024Rajendar Kalwa Vikash KumarAddressed comments from NIST
1.0.1eJune 4, 2024Rajendar KalwaAddressed final comments from NIST
1.0.2March 7, 2025Vikash Kumar Deepanshu TyagiNSRL submission changes
1.0.3October 29, 2025Vikash Kumar Deepanshu TyagiNSRL submission changes
1.0.4January 29, 2026Vikash Kumar Deepanshu TyagiNSRL submission changes

Revision History 1.0 1.0.1 1.0.2 1.0.3 1.0.4 Notice This document may be reproduced only in its entirety (without revision).

Page 3
Table of Contents
#SectionPage
1General6
1.1Module Overview6
1.2Security Level6
2Cryptographic Module Specification7
2.1Partitions10
2.2Modes of Operation11
2.3Supported Cryptographic Algorithms11
2.4TLS 1.2 Cipher Suites24
2.5Module Photograph24
3Cryptographic Module Interfaces26
3.1PCIe Data Interface26
3.2Other Interfaces26
4Roles, Services, and Authentication27
4.1Roles, Services, and CSP Access27
5Firmware Security67
6Operational Environment67
7Physical Security67
7.1Physical Security Mechanisms67
7.2Tamper Evidence67
8Non-Invasive Security68
9Sensitive Security Parameter Management68
9.1Definition of Critical Security Parameters (CSPs)68
9.2Definition of Session Keys81
10Self-Tests81
11Life-Cycle Assurance83
11.1Secure Installation, Initialization, Startup, and Operation of the Module83
11.2Maintenance Requirements84
11.3Administrative and Non-Administrative Guidance84
11.4LED Error Pattern for FIPS Failure86
11.5User Guidance86
12Mitigation of Other Attacks87
13References87
14Definitions and Acronyms87
Page 4
List of Tables
ItemPage
Table 1 Security Levels6
Table 2 Cryptographic Module Tested Configuration7
Table 3 Approved Algorithms11
Table 4 Non-Approved Algorithms Allowed in the Approved Mode of Operation21
Table 5 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed22
Table 6 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation22
Table 7 Ports and Interfaces26
Table 8 Roles, Service Commands, Input and Output30
Table 9 Roles and Authentication36
Table 10 Approved Services36
Table 11 Non-Approved Services61
Table 12 Physical Security Inspection Guidelines67
Table 13 EFP/EFT68
Table 14 Hardness Testing Temperature Ranges68
Table 15 SSPs69
Table 16 Non-Deterministic Random Number Generation Specification80
Table 17 LED Flash Pattern for Errors86
Page 5
List of Figures
ItemPage
Figure 1 Top View of Cryptographic Module24
Figure 2 Bottom View of Cryptographic Module25
Figure 3 Cryptographic Module Showing Tamper Evidence67
Page 6
Security level
NameISO SectionRequirementLevel
11General3
22Cryptographic Module Specification3
33Cryptographic Module Interfaces3
44Roles, Services, and Authentication3
55Software/Firmware Security3
66Operational EnvironmentN/A
77Physical Security3
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management3
1010Self-Tests3
1111Life-Cycle Assurance3
1212Mitigation of Other AttacksN/A

1.1 Module Overview The LS2 HSM Family module (hereafter referred to as the module or HSM) by Marvell is a high-performance purpose-built security solution for key management and crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and protocol acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload for the keys stored on the HSM. The module’s functions are accessed over the PCIe interface via opcode defined by the module. The HSM is a hardware multi-chip embedded cryptographic module with firmware programmed on the HSM. The module provides cryptographic primitives to accelerate approved, allowed and non-approved, allowed (only in non-approved mode of operation) algorithms to support use cases including PKI, code signing, document signing, Root Of Trust, and TLS. The cryptographic functionality includes asymmetric (RSA/EC) and symmetric (AES and Triple-DES) ciphers, signatures, and random number generation, along with protocol-specific complex instructions to support TLS 1.2. The module implements password-based singlefactor authentication at FIPS 140-3 Level 3 security and an optional public-key-based authentication. The physical boundary of the module is the outer perimeter of the PCIe card itself as depicted in section 2.5 . 1.2 The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140-3. Table 1 Security Levels [Number Below] N/A N/A N/A

Page 7
Module configuration
NameModelHardware VersionFirmware VersionFeatures
LiquidSecurity 2 (LS2)LiquidSecurity 2 (LS2)LS2-G-A050-B0FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1150 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1202 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107HW Version B0
LiquidSecurity 2 (LS2)LiquidSecurity 2 (LS2)LS2-G-A100-B0FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1150 Bootloader: MARVELL-LS2-UBOOT-10.01-10HW Version B0
LiquidSecurity 2 (LS2)LiquidSecurity 2 (LS2)LS2-G-A200-B0FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107HW Version B0
LiquidSecurity 2 (LS2)LiquidSecurity 2 (LS2)LS2-G-A300-B0FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1150 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1202 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107HW Version B0
LiquidSecurity 2 (LS2)LiquidSecurity 2 (LS2)LS2-G-A400-B0FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SBHW Version B0

Cryptographic Module Specification The configuration of hardware and firmware for this validation is as described in the following table: Table 2 Cryptographic Module Tested Configuration

Page 9

Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB HPS APP: PIN-App:10.23-1107 The part number printed on the product label will have additional information to optionally identify a manufacturing process such as key ceremony, packaging, and shipping per customer requirements. For example, the part number shown on the product label is in the format “LS2-G-A300-XX-Y-B0”. Here XX represents the key ceremony process and “Y” represents the size of the bracket (short or full) fitted to the module (PCIe adapter). LS2-HSM-G Firmware MARVELL-LS2-FW-10.02-1102 MARVELL-LS2-UBOOT-10.01-10 MARVELL-LS2-UBOOT-10.02-1200 MARVELL-LS2-FW-10.23-1107 MARVELL-LS2-UBOOT-10.23-1107 -R01-SB MARVELL-LS2-UBOOT-10.23-1107 -R02-SB PIN-App:10.23-1107 MARVELL-LS2-FW-10.23-1150 MARVELL-LS2-UBOOT-10.01-10 MARVELL-LS2-UBOOT-10.02-1200-SB MARVELL-LS2-UBOOT-10.23-1107 -R01-SB MARVELL-LS2-UBOOT-10.23-1107 -R02-SB PIN-App:10.23-1107 MARVELL-LS2-FW-10.23-1202 MARVELL-LS2-UBOOT-10.23-1107 -R01-SB MARVELL-LS2-UBOOT-10.23-1107 -R02-SB PIN-App:10.23-1107 Note: These binaries do not have extensions. The LS2 HSM module is a multi-chip PCIe adapter with firmware. It consists of multiple components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module. Important hardware components of the module are: general purpose, ARM-based control processor, ARM-based microcontroller, RAM memory, NOR and eMMC flash for persistent storage, USB interfaces, and RJ45 and PCIe gen-4 x8 with SMBus interfaces. The following components are excluded from the cryptographic boundary as they do not belong to either data/control interface.

Page 10

2.1 Partitions The LS2 HSM adapter is an SR-IOV enabled intelligent PCIe adapter with one physical function and 64 virtual functions. The physical device is referred to as Physical Function (PF) while the virtual devices are referred to as Virtual Functions (VF). Allocation of the VF can be dynamically controlled by the PF via registers encapsulated in the capability. Each VF's PCI configuration space can be accessed by its own Bus, Device and Function Number (Routing ID). And each VF also has PCI Memory Space, which is used to map its register set. VF device driver operates on the register set so it can be functional and appear as a real existing PCI device. In addition to crypto offloads, this adapter can provide secure key storage with up to 64 logical partitions, including a master partition. Each partition will have dedicated resources that are logically and securely isolated from other partitions. A partition will have its own specific policies and controls, and its own user accounts to manage what can be done with a partition and by a user of a partition. Consequently, each partition is treated as a virtual HSM and referred as a pHSM (or HSM Partition). An LS2 HSM always has one default partition called the master partition, which exposes the interfaces to create, delete, and update the remaining partitions. LS2 HSM can either be in host virtualization mode or non-virtualization mode. One or more applications on a host/virtual machine/container can make use of different partitions available on the HSM. Each partition will have dedicated communication channels; these channels are linked to the PCIe devices. In virtualization mode, channels will be linked to PCIe VFs, otherwise linked to PCIe PF. Communication channels have basic checks to identify that an application is communicating with an intended partition on the HSM. HSM FW provides the following mechanisms to ensure only an authorized user or application of a specific partition can communicate with it. It is optional to use either mechanism based on the deployment scenarios and risk assessment.

2.1.1 Basic Channel

These channels depend on the Host OS security for device binding and application isolation. In this case, HSM does basic session validation.

2.1.2 Encrypted Communication Channels

The end-to-end encryption feature in the module allows an application to initiate a TLS connection with the firmware to ensure the confidentiality of the data communicated to the HSM. The connection is based on TLS v1.2 with the cipher-suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(known to OpenSSL as ECDHE_RSA_AES128-GCM-SHA256 and ECDHE_RSA_AES256-GCM-SHA384). The module will act as server, and the host application will act as client. The server private key will be the partition private key (PAK), which is generated for each pHSM when it is created. The server certificate used for the SSL connection is the partition certificate (PAC). The complete chain will be validated by host applications before establishing the TLS connection. The end-to-end encryption feature is enabled using the initialization configuration parameters. Once this feature is enabled, all commands except initialize and open session are encrypted.

2.1.3 HSM Master Partition

This is the default partition with only one user, called the Master Crypto Officer (MCO). This partition will expose authorized services to manage (create, delete, update, backup/restore) other partitions and set policies or conditions for them to operate. Additionally, it exposes anonymous services like fetching module information, etc. Refer to section 4.3 Roles, Services, and CSP Access for details about the services supported by the master partition. The master partition must be initialized and the MCO logged in to execute any authorized service.

2.1.4 HSM Partition

Each partition will have a different set of users to manage it and a dedicated key storage and crypto resources associated with it. A partition will have default configuration or policies supplied by the master partition. Some policies can be changed by the partition

Page 11
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
RSA SigVer (FIPS186- 4)A1946RSA SigVer (FIPS186-4)RSA 2048 with SHA2-256 Uses SHA2-256 (FIPS 180-4) (#A1946) as the underlying digest algorithmFirmware integrity verification by U-boot
SHA2-256 (FIPS 180- 4)A1946SHA2SHA 256Firmware integrity verification by U-boot
AES-CBC (SP 800- 38A)A1947AESEncrypt/Decrypt: 128, 192, and 256-bitData encryption, decryption, key-wrap and key-unwrap
AES-CCM (SP 800- 38C)A1947AESEncrypt/Decrypt: 128, 192, and 256-bit Uses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipherAuthenticated Data encryption, decryption
AES-CMAC (SP 800- 38B)A1947AESCMAC generate and verify: 128, 192, and 256-bit Uses AES-CBC (SP 800-38A) (#A1947) as the underlying block cipherMessage authentication code generation and verification
AES-CTR (SP 800- 38A)A1947AESEncrypt/Decrypt: 128, 192, and 256-bit Uses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipherData encryption, decryption
AES-ECB (SP 800- 38A)A1947AESEncrypt/Decrypt: 128, 192, and 256-bitData encryption, decryption, key-wrap and key-unwrap
AES-GCM (SP 800- 38D)A1947AESEncrypt/Decrypt: 128, 192, and 256-bit Uses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipherAuthenticated Data encryption, decryption, key wrap, and key unwrap
AES-GMAC (SP 800- 38D)A1947AESGMAC generation: 128, 192, and 256-bitUses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipherMessage Authentication
ECDSA SigGen (FIPS186-4) (CVL)A1947ECDSA SigGen (FIPS186-4)SigGen Component: P-224, P-256, P-384, P-521 (SHA-256, 384, and 512) Uses Hash DRBG (SP 800- 90Ar1) (#A1947) as underlying Random Generator P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength respectivelySignature generation
Hash DRBG (SP 800- 90Ar1)A1947Hash DRBGSHA-512 based with security strength of 256-bit. No prediction resistance Uses SHA2-512 (#A1947) as the underlying digest algorithmRandom number generation for user, internal IVs, and salt
HMAC-SHA2-256 (FIPS 198-1)A1947HMACHMAC-SHA2-256 Uses SHA2-256 (#A1947) as the underlying digest algorithmMAC generation, verify, KAS and KDF
HMAC-SHA2-384 (FIPS 198-1)A1947HMACHMAC-SHA2-384 Uses SHA2-384 (#A1947) asMAC generation, verify, KAS and KDF
HMAC-SHA2-512 (FIPS 198-1)A1947HMACHMAC-SHA2-512 Uses SHA2-512 (#A1947) as the underlying digest algorithmMAC generation, verify, KAS and KDF
KAS-ECC-SSC SP800-56Ar3A1947KASECC CDH staticUnified: P- 224, P-256, P-384, P-521, P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random Generator for the ECDSA KeyGen key pair Uses ECDSA KeyVer (FIPS 186-4) (#A1948) and ECDSA KeyGen (FIPS 186-4) (#A2393) underlying verification for the key pair Uses SHA2-256 (FIPS 180-4) (#A1947), SHA2-384 (FIPS 180-4) (#A1947) and SHA2- 512 (FIPS 180-4) (#A1947) as underlying digest algorithmShared secret computation
KDF TLS (CVL) (SP 800-135r1)A1947KDF TLSTLS-KDF ( v1.2) v1.2: SHA2-256, SHA2-384, SHA2-512 Uses HMAC-SHA2-256 (FIPS 180-4) (#A1947), HMAC- SHA2-384 (FIPS 180-4) (#A1947) and HMAC-SHA2- 512 (FIPS 180-4) (#A1947) as underlying MAC algorithmTLS handshake
RSA Decryption Primitive (SP 800- 56Br2) (CVL)A1947RSA Decryption Primitive2048 bit, 3072 bit and 4096- bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively.Decryption primitive
RSA Signature Primitive (CVL) (FIPS 186-4)A1947RSA Signature Primitive2048 bit, 3072 bit and 4096- bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively.Signature primitive
SHA-1 (FIPS 180-4)A1947SHA-1SHA-1Message digest
SHA2-256 (FIPS 180- 4)A1947SHA2SHA2256Message digest
SHA2-384 (FIPS 180- 4)A1947SHA2SHA2-384Message digest
SHA2-512 (FIPS 180- 4)A1947SHA2SHA2-512Message digest
SHA3-224 (FIPS 202)A1947SHA3SHA3-224Message digest
SHA3-256 (FIPS 202)A1947SHA3SHA3-256Message digest
SHA3-384 (FIPS 202)A1947SHA3SHA3-384Message digest
SHA3-512 (FIPS 202)A1947SHA3SHA3-512Message digest
SHAKE-128 (FIPS 202)A1947SHAKE-128SHAKE-128Message digest
SHAKE-256 (FIPS 202)A1947SHAKE-256SHAKE-256Message digest
TDES-CBC (SP 800- 38A)A1947TDES3-key Triple-DES decrypt (supports only 192-bit size)Data decryption * Legacy use only
TDES-ECB (SP 800- 38A)A1947TDES3-key Triple-DES decrypt (supports only 192-bit size)Data decryption * Legacy use only
AES-CBC (SP 800- 38A)A1948AESEncrypt/Decrypt, 128 and 256-bitData encryption, decryption, and key unwrap
AES-CMAC (SP 800- 38B)A1948AESCMAC generate and verify: 128, 192, and 256-bit Uses AES-CBC (SP 800-38A) (#A1948) as the underlying block cipherMAC generation and verification
AES-GCM (KTS) (SP800-38D)A1948SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strengthData encryption, decryption, key-wrap, and key-unwrap
AES-GCM (SP 800- 38D)A1948AESGCM mode: Authenticated encrypt/decrypt; 128, 192, and 256-bitUses AES-CBC (SP 800-38A) (#A1948) as the underlying block cipherAuthenticated data encryption and decryption, key unwrap
AES-KW (KTS) (SP 800-38F)A1948SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192 and 256-bit keys providing 128-bit, 192-bit, or 256 bits of encryption strengthKey wrapping/unwrapping
AES-KW (SP 800- 38F)A1948AESKW, 128, 192, and 256-bit Uses AES-CBC (#A1948) as underlying block cipherKey wrapping/unwrapping
AES-KWP (KTS) (SP 800-38F)A1948SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192 and 256-bit keys providing 128-bit, 192-bit, or 256 bits of encryption strengthKey wrapping/unwrapping
AES-KWP (SP 800- 38F)A1948AESKWP, 128, 192, and 256-bit Uses AES-CBC (#A1948) as underlying block cipherKey wrapping/unwrapping
Counter DRBG (SP 800-90Ar1)A1948Counter DRBGAES 256 with df No prediction resistance Uses AES-CBC (SP 800-38A) (#A1948) as the underlying block cipherRandom number generation for user, internal IVs, and salt
ECDSA KeyGen (FIPS186-4)A1948Key GenKey Gen: P-224, P-256, P- 384, P-521 Uses Counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random GeneratorKey generation
ECDSA KeyVer (FIPS186-4)A1948ECDSA KeyVer (FIPS186-4)Key Ver; P-224, P-256, P-384 and P-521Key Verification
ECDSA SigGen (FIPS186-4)A1948ECDSA SigGen (FIPS186-4)Signature generation: P-224, P-256, P-384, P-521 (SHA2- 256, SHA2-384, SHA2-512) Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random generator Uses SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948) and SHA2- 512 (FIPS 180-4) (#A1948) as underlying digest algorithmSignature Generation
ECDSA SigVer (FIPS186-4)A1948ECDSA SigVer(FIPS186-4)Signature verify: P-224, P- 256, P-384, P-521 (SHA- 1, SHA2-256, SHA2-384, and SHA2-512) Uses SHA-1 (FIPS 180-4) (#A1948), SHA2-256 (FIPS 180-4) (#A1948) and SHA2- 384 (FIPS 180-4) (#A1948) and SHA2-512 (FIPS 180-4) (#A1948) as underlying digest algorithmSignature Verification
HMAC-SHA-1 (FIPS 198-1)A1948HMACHMAC-SHA-1 Uses SHA-1 (FIPS 180-4) (#A1948) as underlying digest algorithmMAC generation, Verify and KDF
HMAC-SHA2-256 (FIPS 198-1)A1948HMACHMAC-SHA2-256 Uses SHA2-256 (FIPS 180-4) (#A1948) as underlying digest algorithmMAC generation, verify, KAS, and KDF
HMAC-SHA2-384 (FIPS 198-1)A1948HMACHMAC-SHA2-384 Uses SHA2-384 (FIPS 180-4) (#A1948) as underlying digest algorithmMAC generation, verify, KAS, and KDF
HMAC-SHA2-512 (FIPS 198-1)A1948HMACHMAC-SHA2-512 Uses SHA2-512((FIPS 180-4) (#A1948) as underlying digest algorithmMAC generation, verify, KAS, and KDF
KAS-ECC (KAS) (SP 800-56Ar3)A1948SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-521 curve providing 256 bits of encryption strengthCloning protocol
KAS-ECC SP800- 56Ar3A1948KASECC CDH Ephemeral Unified P-521 with OneStep KDF (HMAC-SHA2-512) Uses Counter DRBG (#A1948) as underlying Random number Uses ECDSA KeyGen (FIPS186-4) (#A1948) as underlying ECC KeyGen and ECDSA KeyVer (#A1948) as underlying ECDSA Key Verification algorithm.\ Uses SHA2-512) (FIPS 180- 4) as underlying digest algorithmCloning protocol
KAS-ECC-SSC SP800-56Ar3A1948KASECC CDH Static Unified: P- 224, P-256, P384, P-521, B- 233, B-283, B-409, B-571, K- 233, K-283, K-409, K-571 P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator for the ECDSA KeyGen key pair Uses ECDSA KeyVer (FIPS 186-4) (#A1948) and ECDSA KeyGen (FIPS 186-4) (#A1948) underlying verification and generation for the key pair Uses SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948), SHA2-512 (FIPS 180-4) (#A1948) as the underlying digest algorithmShared secret computation
KAS-IFC-SSC (SP 800-56Br2)A1948KASRSA-based key exchange scheme KAS1 and KAS2 RSA 2048, 3072, and 4096- bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator for the RSA Key Pair Generation Uses SHA2-256 (#A1948), SHA2-384 (#A1948) and SHA2-512 (#A1948) as underlying hash algorithm Uses RSA KeyGen (FIPS 186-4) [#A1948] as underlying RSA key generation algorithmPEK and KLK generation and certificate authentication
KDA HKDF SP800- 56Cr1A1948KDA HKDF SP800-56Cr1HKDF Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random GeneratorECDH key derivation and ECDH key wrap
KDA OneStep SP800- 56Cr1A1948KDA OneStep SP800-56Cr1Hash-based KDF Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator Uses HMAC-SHA2-256 (#A1948), HMAC-SHA2-384 (#A1948) and HMAC-SHA2- 512 (#A1948) as underlying MAC algorithmECDH key derivation and ECDH key wrap
KDA TwoStep SP800- 56Cr1A1948KDA TwoStep SP800-56Cr1HMAC/CMAC-based extract- expand KDFs Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator Uses HMAC-SHA2- 256 (#A1948), HMAC-SHA2- 384 (#A1948) and HMAC-SHA2-512 (#A1948) as underlying MAC algorithm Uses AES-CBC (#A1948) as underlying Block cipher for AES-CMACECDH key derivation and ECDH key wrap
KDF ANS 9.63 (CVL) (SP 800-135r1)A1948KDF ANS 9.63SHA-2 224, 256, 384, and 512 Uses SHA2-256 (#A1948), SHA2-384 (#A1948) and SHA2-512 (#A1948) as underlying digest algorithmKey derivation and key agreement schemes
KDF SP800-108A1948KDF SP800-108HMAC-SHA-1, SHA2-224, SHA2-256, 384, and 512 KDF Uses HMAC-SHA-1 (#A1948), HMAC-SHA2-256 (#A1948), HMAC-SHA2-384 (#A1948) and HMAC-SHA2-512 (#A1948) as underlying MAC algorithmKey derivation
KTS-IFC (KTS) (SP 800-56Br2)A1948SP 800-56Brev2. KTS-IFC (key encapsulation and un- encapsulation) per IG D.G.2048, 3072, or 4096-bit modulus providing 112, 128, or 150 bits of encryption strengthAsymmetric key encapsulation and un- encapsulation
KTS-IFC (SP 800- 56Br2)A1948KTSKTS-OAEP-basic RSA 2048, 3072, and 4096-bit Uses counter DRBG (SP800- 90Ar1) (#A1948) as underlying RandomAsymmetric key encapsulation and un- encapsulation
PBKDF (SP 800-132)A1948PBKDFHMAC with SHA-1, SHA-2 256, 384, and 512 Uses HMAC-SHA-1 (#A1948), HMAC-SHA2-256 (#A1948), HMAC-SHA2-384 (#A1948) and HMAC-SHA2- 512 (#A1948) as underlying MAC algorithmUser credentials storage. Master key derived from PBKDF is not used for deriving keys for data encryption/protection, but instead used only for storing passwords as hashes.
RSA Decryption Primitive (SP 800- 56Br2) (CVL)A1948RSA Decryption PrimitiveModulus sizes: 2048, 3072, and 4096-bitRSA key transport
RSA KeyGen (FIPS186-4)A1948RSA KeyGen (FIPS186-4)Key generation: 2048, 3072, and 4096-bit Uses Counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random GeneratorRSA key generation
RSA SigGen (FIPS186-4)A1948RSA SigGen (FIPS186-4)FIPS 186-4 PKCS #1 1.5 and PSS Sig Gen: 2048, 3096, and 4096-bit (SHA-2 256, 384, and 512) Uses SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948), SHA2-512 (#A1948) as underlying digest algorithm 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively.Signature generation
RSA SigVer (FIPS186- 4)A1948RSA SigVer (FIPS186-4)FIPS 186-4 PKCS #1 1.5 and PSS SigVer: 1024, 2048, 3072, and 4096-bit (SHA-1, SHA-2 256, 384, and 512) Uses SHA-1 (FIPS 180- 4)(#A1947) SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948), SHA2-512 (#A1948) as underlying digest algorithm 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively.Signature verification User authentication Firmware update verification
SHA-1 (FIPS 180-4)A1948SHA-1SHA-1Digests, HMAC, and KDFs
SHA2-256 (FIPS 180- 4)A1948SHA2SHA2-256Digests, HMAC, signature generation, and KDFs
SHA2-384 (FIPS 180- 4)A1948SHA2SHA2-384Digests, HMAC, signature generation, and KDFs
SHA2-512 (FIPS 180- 4)A1948SHA2SHA2-512Digests, HMAC, signature generation, and KDFs
TDES-ECBA1948TDESTriple-DES 3-key decrypt.Prerequisite for TDES-KW. * Legacy use only
TDES-KW (KTS) (SP 800-38F)A1948SP 800-38F. KTS (key unwrapping) per IG D.G192-bit key providing 112-bit encryption strengthKey unwrapping * Legacy use only
TDES-KW (SP 800- 38F)A1948TDESTKW 3-key DES decrypt Uses TDES-ECB (#A1948) as underlying block cipherKey unwrapping * Legacy use only
ECDSA KeyGen (FIPS186-4)A2393ECDSA KeyGen (FIPS186-4)Key Gen: P-224, P-256, P- 384, P-521 Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random Generator for the ECDSA KeyGen key pairKey Generation
KTS-IFC (KTS) (SP 800-56Br2)A2393SP 800-56Brev2. KTS-IFC (key encapsulation and un- encapsulation) per IG D.G.2048, 3072, or 4096-bit modulus providing 112, 128, or 150 bits of encryption strengthAsymmetric key encapsulation and un- encapsulation in hybrid environment
KTS-IFC (SP 800- 56Br2)A2393KTSRSA key wrap and unwrap of symmetric keys in KTS- OAEP-Basic padding. 2048, 3072, 4096-bit modulus Uses Counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random Generator Uses HMAC-SHA2-256 (FIPS 180-4) (#A1947), HMAC- SHA2-384 (FIPS 180-4) (#A1947), HMAC-SHA2-512 (FIPS 180-4) (#A1947) as underlying digest algorithm Uses RSA KeyGen (FIPS 186-4) (#A2393) as underlying key generation algorithmAsymmetric key encapsulation and un- encapsulation in hybrid environment
RSA KeyGen (FIPS186-4)A2393RSA KeyGen (FIPS186-4)Key generation: 2048, 3072, and 4096-bit Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random Generator for the RSA KeyGen key pairRSA key generation in hybrid environment
KAS TLS (SP 800- 56Ar3)KAS-ECC-SSC SP800-56Ar3 (#A1947) and KDF TLS (CVL) (#A1947)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)P-224, P-256, P-384, P-521 curves providing 112, 128, 192, or 256 bits of encryption strengthTLS
KAS ANS 9.63 (SP 800-56Ar3)KAS-ECC-SSC SP800-56Ar3 (#A1948) KDF ANS 9.63 (CVL) (SP 800- 135r1) (#A1948)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS KDA HKDF (SP 800-56Ar3)KAS-ECC-SSC SP800-56Ar3 (#A1948), KDA HKDF SP800- 56Cr1 (#A1948)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS KDA ONESTEP (SP 800-56Ar3)KAS-ECC-SSC SP800-56Ar3 (#A1948), KDA OneStep SP800- 56Cr1 (#A1948)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS KDA TWOSTEP (SP 800-56Ar3)KAS-ECC-SSC SP800-56Ar3 (#A1948), KDA TwoStep SP800- 56Cr1 (#A1948)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS-IFC HKDF (SP800-56Br2)KAS-IFC-SSC (SP 800-56Br2) (#A1948) KDA HKDF SP800- 56Cr1 (#A1948)SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2).2048-bit, 3072-bit and 4096- bit modulus providing between 112 and 150 bits of encryption strengthPEK and KLK generation and certificate authentication
KAS-IFC OneStep (SP800-56Br2)KAS-IFC-SSC (SP 800-56Br2) (#A1948) KDA OneStep SP800-56Cr1 (#A1948)SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2).2048-bit, 3072-bit and 4096- bit modulus providing between 112 and 150 bits of encryption strengthPEK and KLK generation and certificate authentication
KAS-IFC TwoStep (SP800-56Br2)KAS-IFC-SSC (SP 800-56Br2) (#A1948) KDA TwoStep SP800-56Cr1 (#A1948)SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2).2048-bit, 3072-bit and 4096- bit modulus providing between 112 and 150 bits of encryption strengthPEK and KLK generation and certificate authentication
ENT (P) (SP 800-90B)N/AN/ASP 800-90B entropy sourceEntropy Source
CKG SP 800-133Rev2Vendor AffirmedCKGPlease refer to section 2.3.2 Algorithm Specific InformationCryptographic Key Generation; SP 800- 133Rev2 and IG D.H

administrator or PCO. When a partition is created by the MCO, it will be in a zeroized state and must be initialized to do any key management or crypto operations. Partition initialization will create the Partition Crypto Officer (PCO). The PCO can later create up to

1024 users (PCO or PCU) on demand. Each user will have a unique username to identify themselves. The user has to log in to the

partition/vHSM to issue any authorized commands. Users are authenticated using passwords submitted during the user creation. 2.2 Modes of Operation The module supports the following modes of operation:

  1. Uninitialized/zeroized mode.
  2. Non-approved mode of operation.
  3. Approved mode of operation. The module is initialized into one of the modes specified above during the module initialization period as mentioned in Section
  4. The value of the parameter fipsState passed into the call specifies the mode. The following values are allowed for the fipsState parameter:
0 - Non-Approved mode.
2 - Approved mode with single-factor authentication mechanism.
3 - Approved mode with certificate-based dual-factor authentication mechanism.

The indicator of Approved mode is obtained by using the Get Status service. The fipsState field of the Get Status service indicates the mode. CSPs are not shared between the approved and non-approved modes of operation.

2.2.1 Uninitialized/Zeroized Mode of Operation

When received by the end user, the module is not configured or initialized; this state is called uninitialized/zeroized mode. In this mode, the user can query for basic information about the module, such as version details and vendor information, using an unauthenticated role.

2.2.2 Approved Mode of Operation

The module provides an Approved mode of operation, comprising all services described in Table 10. In this mode, the module allows only Approved or allowed algorithms. Request for any non-approved/allowed algorithm is rejected.

2.2.3 Non-Approved Mode of Operation

The module supports a non-Approved mode implementing the non-Approved algorithms listed in Table 6. In this mode, the module also allows Approved or allowed algorithms. 2.3 Supported Cryptographic Algorithms This section provides the list of supported cryptographic algorithms segregated based on the operating mode.

2.3.1 Approved Algorithms

The cryptographic module supports the following Approved algorithms. There are algorithms, modes, and key/moduli sizes that have been CAVP-tested but are not used by any approved service of the module. Only the algorithms, modes/methods, and key lengths/curves/moduli used by the module in approved mode are listed in the following table. Note: All symmetric key sizes represent the key strength. Table 3 Approved Algorithms 4)

Page 20

N/A

Page 21
Approved algorithm
NameUse FunctionUse/Function
AESCert A1947, Key unwrapping. Per IG D.G.Legacy Key unwrap only • ECB mode: Decrypt; 128, 192, and 256-bit • CBC mode: Decrypt; 128, 192, and 256-bit
AESCert A1948, Key unwrapping. Per IG D.GLegacy Key unwrap only • ECB mode: Decrypt; 128, 192, and 256-bit • CBC mode: Decrypt; 128, 192, and 256-bit
EC Diffie-Hellman with non-NIST recommended curvesCert A1947, Provides between 112 and 256 bits of encryption strength. Per IGs D.F and C.A.EC-DH Secp224k1(112 bits), Secp256K1 (128 bits) brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512)
ECDSA with non- NIST recommended curvesCert A1947, Provides between 112 and 256 bits of encryption strength. Per IG C.A.EC Key generation, sign Secp256K1 (128 bits) brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512)
SHA-1No security claimed per IG 2.4.AFingerprints
Triple-DES SP 800-38BNo security claimed per IG 2.4.AFingerprints Key Sizes • 192-bit (Generation, Verify)
2.3.3 Non-Approved Allowed Algorithms Used in the Module

The cryptographic module supports the following non-Approved algorithms, which are allowed for use in Approved mode. Table 4 Non-Approved Algorithms Allowed in the Approved Mode of Operation

Page 22
2.3.5 Non-Approved, Non-Allowed Algorithms

The cryptographic module supports the following non-Approved algorithms available only in non-Approved mode of operation. Table 6 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation

Page 23
AlgorithmUse/Function
DESDerive unique key per transaction (DUKPT) EMV key derivation. Derive PIN from Offset Derive Offset from PIN PIN Verification PVV generation and Verification CVV generation and verification Export Symmetric key/Export Asymmetric key pair using TR31 wrapping. Import/Export using TR34. Import Decimal Table EMV script. EMV ARQC/ARPC Data/PIN encryption/decryption
DES MACMAC generation and Verification
Double-DESDerive unique key per transaction (DUKPT), EMV key derivation. Derive PIN from Offset Derive Offset from PIN PIN Verification PVV generation and Verification CVV generation and verification Export Symmetric key/Export Asymmetric key pair using TR31 wrapping. Import/Export using TR34 Import Decimal Table EMV script. EMV ARQC/ARPC Data/PIN encryption/decryption
EC-AESEC-AES wrap/unwrap (EC BYOK)
ECDH KDFKey derivation using ECDH followed by HMAC/CMAC counter KDF
ECDSA (non-compliant)Key generation, Sign, Verify P192, Secp192k1, brainpoolP160r1, brainpool192r1, K-163 and B-163 (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
EDDSA (non-compliant)Key generation, Sign, Verify
KAS-ECC (non-compliant)EC Key generation and ECDH Curve25519 (128 bits), Curve448 (224 bits)
ML-DSA (non-compliant)Key generation, sign, verify
ML-KEM (non-compliant)Key generation, Asymmetric key encapsulation and un-encapsulation
PBEKey generation
RSA (non-compliant)TR34 Import TR34 Export PIN block decryption BYOK Encrypt/Decrypt Asymmetric key encapsulation and un-encapsulation using PKCS#1-v1.5 padding with modulus size 2048, 3072, 4096 and 8192 bits Key generation, Sign, Verify (1024-bit)
Shamir’s Key ShareKey share
Triple-DES (non-compliant)Derive unique key per transaction (DUKPT) EMV key derivation. Derive PIN from Offset
Page 24
AlgorithmUse/Function
Derive Offset from PIN PIN Verification PVV generation and verification CVV generation and verification Export Symmetric key/Export Asymmetric key pair using TR31 wrapping Import/Export using TR34 Import Decimal Table EMV script. EMV ARQC/ARPC Data/PIN encryption/decryption

2.4 TLS 1.2 Cipher Suites The module supports the algorithms for the following cipher suites using Approved and allowed algorithms and key sizes:

Figure 1 Top View of Cryptographic Module
Figure 1 Top View of Cryptographic Module
Page 25

Figure 2 Bottom View of Cryptographic Module

Figure 2 Bottom View of Cryptographic Module
Figure 2 Bottom View of Cryptographic Module
Page 26
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
USB FTDI USB to Multi-Channel Serial SPI/I2C bridge FTDI dual port USB endpoint Channel A: OCTEON UART0 Channel B: MCU UART2 OR FTDI quad port USB end point Channel A: OCTEON UART0 Channel B: not connected Channel C: MCU UART2 Channel D: not connectedUSB FTDI USB to Multi-Channel Serial SPI/I2C bridge FTDI dual port USB endpoint Channel A: OCTEON UART0 Channel B: MCU UART2 OR FTDI quad port USB end point Channel A: OCTEON UART0 Channel B: not connected Channel C: MCU UART2 Channel D: not connectedStatus outputOCTEON UART • Log messages MCU UART, SMBus • Diagnostics • Log messages
PCIePCIeControl inputPCIe configuration is read and written; no other.
Data input, data output, and status outputData input, data output, and status outputPrimary interface to communicate with the module. Provides APIs for the software on the host to communicate with the module.
PowerPowerN/A
PCIe SMBusPCIe SMBusStatus outputDiagnostics, log messages System management and log reading
UARTUARTStatus outputLog messages
LEDLEDStatus outputStatus output
Tamper PINTamper PINControl inputNo data; only a signal from high to low
Zeroize push buttonZeroize push buttonControl inputNo data;
Power connectorPower connectorPowerNo data; external power connector
Battery interfacesBattery interfacesPowerNo data; external power connector (only to MCU)

The module ports and interfaces are described in the below table. Table 7 Ports and Interfaces N/A * The RJ45 Connector depicted in Figure 1 is disabled in firmware. 3.1 self-tests are run and firmware is loaded. After the module is zeroized, the firmware enforces that the PCIe data interface only provides basic versioning and informational When the module enters the error state, the PCIe data interface will report the error state and no other data. 3.2 Other interfaces are all meant for informational services to read temperature, logs, and diagnostic information but no other data.

Page 27

Roles, Services, and Authentication The module supports different operator roles. One identity is allowed for each role, per partition. Username is used as the identity of a user. This means for a given partition, each username needs to be unique per predefined roles. Master Partition Roles: • Master Crypto Officer (MCO) - The Master Crypto Officer role (MCO) is allowed only on the master partition, which is mandatory to use the HSM. This role has access to administrative services offered by the module or HSM. This role is used to configure non-master partitions (create, provision, resize, and delete) but cannot access their resources (e.g., cannot manage or use non-master partition keys). Master partition supports only MCO role in addition to UN-AUTH operator roles as described in Table

  1. Non-Master Partition Roles: • Pre-Crypto Officer (Pre-CO) - This role is an optional role with limited functionality; eventually transitions into PCO. During partition initialization, default credentials are used to create a Pre-CO or a PCO. The Pre-CO is a restricted role primarily for configuring certificates and setting up a PCO. After a PCO is set up for a partition, the Pre-CO role is no longer accessible. • Partition Crypto Officer (PCO) - This role has access to administrative services of the partition and can configure PCU and AU identities. The HSM supports more than one Crypto Officer role with a requirement there shall be at least one. • Partition Crypto User (PCU) - This role has access to all cryptographic services offered by the partition; its purpose is operational use of the module. • Appliance User (AU) - This role has access to partition audit logs and can create end-to-end encrypted channels. It is used to set up and synchronize clusters. Each non-master partition supports these four (4) distinct operator roles (Pre-CO, PCO, PCU, and AU) in addition to UN-AUTH as described in Table
  2. The module enforces the separation of roles using identity-based authentication. Re-authentication is required to change roles. Except for Pre-CO, concurrent operators are allowed; however, only one operator is allowed per login session. 4.1 Roles, Services, and CSP Access Service interface documentation details specific service inputs and outputs: Document name: LiquidSecurity2-10.23-1150-Driver-APIs.zip Version: 10.23-1150 Release date: 09/26/2025 To access the document, complete the below steps.
  3. Open the following link to open the Marvell Public Driver Downloads page: https://www.marvell.com/support/downloads.html
  4. Choose CATEGORY, PLATFORM, and PART NUMBER as shown in the following screenshot; then click the APPLY button.
Page 28

Select “LiquidSecurity2-10.23-1150-Driver-APIs-html" to download. 3. This pops up a window to accept the “MARVELL LIMITED USE LICENSE AGREEMENT”.

Page 29

Click I ACCEPT to accept the terms and conditions; the Service Interface document will be downloaded.

  1. After the Interface document is downloaded, extract the archive with the password “LS-FIPS-140-3”.
  2. To access the Services, open the index.html file; then select LiquidSecurity Opcodes > Recommended API(s) from the left-pane. The following interface displays. The module's primary service inputs are opcodes. An API is provided to the operator on the host system to invoke these opcodes.
Page 30
Service
NameRolesInputOutput
CN_ZEROIZEMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_VENDOR_ZEROIZEMCOOpcode inputsOpcode outputs
CN_APP_INITIALIZEUN-AUTHOpcode inputsOpcode outputs
CN_APP_FINALIZEMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_OPEN_SESSIONMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CLOSE_SESSIONMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_SESSION_INFOMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CLOSE_ALL_SESSIONSMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CLOSE_PARTITION_SESSIONSMCO/PCOOpcode inputsOpcode outputs
CN_ENCRYPT_SESSIONUN-AUTHOpcode inputsOpcode outputs
CN_AUTHORIZE_SESSIONUN-AUTHOpcode inputsOpcode outputs
CN_LOGINUN-AUTHOpcode inputsOpcode outputs
CN_LOGOUTMCO/PCO/PCU/AUOpcode inputsOpcode outputs
CN_ALWAYS_AUTHORIZE_USERPCUOpcode inputsOpcode outputs
CN_UPDATE_USER_DETAILSPCO/Pre-COOpcode inputsOpcode outputs
CN_SET_USER_ATTRPCOOpcode inputsOpcode outputs
CN_TOKEN_INFOMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_PARTITION_INFOMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_HSM_LABELMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_ALL_PARTITION_INFOMCOOpcode inputsOpcode outputs
CN_GET_POLICY_SETMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_VERSIONMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE)ManufacturerOpcode inputsOpcode outputs
CN_LOAD_RECOVERY_KEY_INIT CN_LOAD_RECOVERY_KEY_FINISHMCOOpcode inputsOpcode outputs
CN_SHUTDOWNMCOOpcode inputsOpcode outputs
CN_SET_INIT_TIMEMCOOpcode inputsOpcode outputs
CN_SET_VENDOR_TIMEMCOOpcode inputsOpcode outputs
CN_GET_TIMEMCOOpcode inputsOpcode outputs
CN_SYNC_TIMEMCOOpcode inputsOpcode outputs
CN_UCD_CMDMCOOpcode inputsOpcode outputs
CN_GET_HSM_LOGGER_INFOMCOOpcode inputsOpcode outputs
CN_INIT_TOKENMCO/PCO/Pre-COOpcode inputsOpcode outputs
CN_GEN_PSWD_ENC_KEYMCO/PCO/Pre-COOpcode inputsOpcode outputs
CN_CREATE_COMCO/PCO/Pre-COOpcode inputsOpcode outputs
CN_INIT_DONEMCO/PCO/Pre-COOpcode inputsOpcode outputs
CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_ENDMCOOpcode inputsOpcode outputs
CN_STORE_FW_SIGNING_KEYMCOOpcode inputsOpcode outputs
CN_ALLOW_FW_UPDATEMCOOpcode inputsOpcode outputs
CN_INVOKE_FIPSMCOOpcode inputsOpcode outputs
CN_SET_HSM_CONFIGPCOOpcode inputsOpcode outputs
CN_CREATE_PARTITIONMCOOpcode inputsOpcode outputs
CN_DELETE_PARTITIONMCOOpcode inputsOpcode outputs
CN_BACKUPMCO/PCOOpcode inputsOpcode outputs
CN_RESTOREMCO/PCOOpcode inputsOpcode outputs
CN_BACKUP_OBJECTMCOOpcode inputsOpcode outputs
CN_RESTORE_OBJECTMCOOpcode inputsOpcode outputs
CN_SET_NODEIDPCOOpcode inputsOpcode outputs
CN_CREATE_USERPCOOpcode inputsOpcode outputs
CN_DELETE_USERPCOOpcode inputsOpcode outputs
CN_LIST_USERSPCO/PCUOpcode inputsOpcode outputs
CN_GET_LOGIN_FAILURE_CNTPCOOpcode inputsOpcode outputs
CN_CREATE_PRE_OFFICERPre-COOpcode inputsOpcode outputs
CN_CREATE_APPLIANCE_USERPCOOpcode inputsOpcode outputs
CN_OPEN_SESSION_V2UN-AUTHOpcode inputsOpcode outputs
CN_ENCRYPT_SESSION_V2UN-AUTHOpcode inputsOpcode outputs
CN_GET_SERVER_PARAMSUN-AUTHOpcode inputsOpcode outputs
CN_GET_USER_INFOPCO/PCU/AUOpcode inputsOpcode outputs
CN_CREATE_OBJECTPCUOpcode inputsOpcode outputs
CN_GEN_KEY_ENC_KEYPCOOpcode inputsOpcode outputs
CN_EXTRACT_MASKED_OBJECTPCO/PCU/AUOpcode inputsOpcode outputs
CN_INSERT_MASKED_OBJECTPCO/PCU/AUOpcode inputsOpcode outputs
CN_DESTROY_OBJECTPCUOpcode inputsOpcode outputs
CN_TOMBSTONE_OBJECTPCUOpcode inputsOpcode outputs
CN_DELETE_TOMBSTONED_OBJECTPCO/PCU/AUOpcode inputsOpcode outputs
CN_GET_ATTRIBUTE_VALUEPCUOpcode inputsOpcode outputs
CN_GET_ATTRIBUTE_SIZEPCUOpcode inputsOpcode outputs
CN_GET_ALL_ATTRIBUTE_SIZEPCUOpcode inputsOpcode outputs
CN_GET_ALL_ATTRIBUTE_VALUEPCUOpcode inputsOpcode outputs
CN_MODIFY_OBJECTPCO/PCUOpcode inputsOpcode outputs
CN_MODIFY_KEY_OWNERPCOOpcode inputsOpcode outputs
CN_GENERATE_KEYPCUOpcode inputsOpcode outputs
CN_GENERATE_KEY_PAIRPCUOpcode inputsOpcode outputs
CN_EXPORT_PUB_KEYPCUOpcode inputsOpcode outputs
CN_GET_OBJECT_INFOPCUOpcode inputsOpcode outputs
CN_UNWRAP_KEY/CN_UNWRAP_KEY2PCUOpcode inputsOpcode outputs
CN_WRAP_KEY/CN_WRAP_KEY2PCUOpcode inputsOpcode outputs
CN_NIST_AES_WRAP_UNWRAP/ CN_NIST_AES_WRAP_UNWRAP2PCUOpcode inputsOpcode outputs
CN_DERIVE_KEYPCUOpcode inputsOpcode outputs
CN_FIND_OBJECTS_USING_COUNT/ CN_FIND_ALL_OBJECTS_IN_RANGE/ CN_FIND_ALL_OBJECTS/ CN_FIND_ALL_OBJECTS_USING_COUNT/ CN_FIND_OBJECTS/ CN_FIND_OBJECTS_FROM_INDEXMCO/PCO/PCU/AUOpcode inputsOpcode outputs
CN_ADMIN_GET_PARTN_KEYHANDLES_HASHPCO/AUOpcode inputsOpcode outputs
CN_GET_PARTN_SINGLE_KEYHANDLE_HASHPCO/AU/PCUOpcode inputsOpcode outputs
CN_ DESTROY _OBJECTPCUOpcode inputsOpcode outputs
CN_PARTN_GET_AUDIT_DETAILSPCO/AUOpcode inputsOpcode outputs
CN_PARTN_GET_AUDIT_LOGSPCO/AUOpcode inputsOpcode outputs
CN_PARTN_GET_AUDIT_SIGNPCO/AUOpcode inputsOpcode outputs
CN_PARTN_ACK_AUDIT_SIGNPCO/AUOpcode inputsOpcode outputs
CN_FINALIZE_LOGSMCOOpcode inputsOpcode outputs
CN_SET_POLICYMCO/PCOOpcode inputsOpcode outputs
CN_NIST_AES_WRAPPCUOpcode inputsOpcode outputs
CN_ALLOC_SSL_CTXPCUOpcode inputsOpcode outputs
CN_FREE_SSL_CTXPCUOpcode inputsOpcode outputs
CN_FIPS_RANDPCUOpcode inputsOpcode outputs
CN_ME_PKCS_LARGEPCUOpcode inputsOpcode outputs
CN_ME_PKCSPCUOpcode inputsOpcode outputs
CN_FECCPCUOpcode inputsOpcode outputs
CN_HASHPCUOpcode inputsOpcode outputs
CN_SHA3PCUOpcode inputsOpcode outputs
CN_HMACPCUOpcode inputsOpcode outputs
MAJOR_OP_AES_CMACPCUOpcode inputsOpcode outputs
CN_ENCRYPT_DECRYPTPCUOpcode inputsOpcode outputs
MAJOR_OP_DECRYPT_AND_ENCRYPT_COMMANDPCUOpcode inputsOpcode outputs
MAJOR_OP_ENCRYPT_DECRYPT_RECORDPCUOpcode inputsOpcode outputs
CN_CERT_AUTH_GET_SOURCE_RANDOMPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_VALIDATE_PEER_CERTS/ CN_CERT_AUTH_VALIDATE_TARGET_CERTSPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_SOURCE_KEY_EXCHANGEPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_TARGET_KEY_EXCHANGEPCOOpcode inputsOpcode outputs
CN_CLONE_SOURCE_INITPCOOpcode inputsOpcode outputs
CN_CLONE_SOURCE_STAGE1PCOOpcode inputsOpcode outputs
CN_CLONE_TARGET_INITPCOOpcode inputsOpcode outputs
CN_CLONE_TARGET_STAGE1PCOOpcode inputsOpcode outputs
CN_LIST_AUTH_PUB_KEYSPCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_M_VALUEPCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_TOKENPCO/PCUOpcode inputsOpcode outputs
CN_APPROVE_TOKENPCO/PCUOpcode inputsOpcode outputs
CN_LIST_TOKENSPCO/PCUOpcode inputsOpcode outputs
CN_TOKEN_TIMEOUTPCO/PCUOpcode inputsOpcode outputs
CN_DELETE_TOKENPCO/PCUOpcode inputsOpcode outputs
CN_FRAMLOG_CMDUN-AUTHNoneOpcode outputs
CN_GET_CFG_PREGEN_CACHE_SZMCO/PCOOpcode inputsOpcode outputs
CN_GET_CFG_PREGEN_CACHE_VALMCO/PCOOpcode inputsOpcode outputs
CN_LIST_UNLINKED_OBJECTSPCOOpcode inputsOpcode outputs
CN_GET_PARTN_FINGERPRINTMCO/PCUOpcode inputsOpcode outputs
CN_CERT_AUTH_GET_CERTMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CERT_AUTH_STORE_CERTMCO/PCOOpcode inputsOpcode outputs
CN_GET_KBK_SLOT_INFOMCO/PCOOpcode inputsOpcode outputs
CN_SET_KBK_PRIMARYMCO/PCOOpcode inputsOpcode outputs
CN_SHARE_OBJECTPCUOpcode inputsOpcode outputs
CN_UNLOCK_COUN-AUTHOpcode inputsOpcode outputs
CN_UNLOCK_USERMCO/PCOOpcode inputsOpcode outputs
CN_GET_CORE_DUMPUN-AUTHOpcode inputsOpcode outputs
CN_MODULE_INFOMCOOpcode inputsOpcode outputs
CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY, KBK)PCOOpcode inputsOpcode outputs
CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY)PCOOpcode inputsOpcode outputs
CN_GET_CHALLENGE_COUN-AUTHOpcode inputsOpcode outputs
CN_SET_M_VALUEPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_GET_CERT_REQMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CERT_AUTH_REMOVE_CERTPCOOpcode inputsOpcode outputs
CN_UPDATE_LICENSEMCOOpcode inputsOpcode outputs
CN_GET_LICENSE_INFOMCO/UN-AUTHOpcode inputsOpcode outputs
CN_GET_DIAGLOGMCO/UN-AUTHOpcode inputsOpcode outputs
CN_NOR_HUK_OPMCO/UN-AUTHOpcode inputsOpcode outputs
CN_APP_CLEANUPMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_APP_CLEANUP_V2MCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_SAFE_REBOOTUN-AUTHOpcode inputsOpcode outputs
CN_GET_ALL_PARTITION_INFOUN-AUTHOpcode inputsOpcode outputs
CN_PARK_OBJECTPCUOpcode inputsOpcode outputs
CN_UNPARK_OBJECTPCUOpcode inputsOpcode outputs
CN_GENERATE_PBE_KEYPCUOpcode inputsOpcode outputs
LSPAY_GENERATE_ASYMM_KEYPCUOpcode inputsOpcode outputs
LSPAY_GENERATE_SYMM_KEYPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_PUBLIC_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_KPKPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_TR34_KEYPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_KEYPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_TR34_KEYPCUOpcode inputsOpcode outputs
LSPAY_TRANSLATE_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_CERTIFICATEPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_DECIMAL_TABLEPCUOpcode inputsOpcode outputs
LSPAY_GENERATE_CSRPCUOpcode inputsOpcode outputs
LSPAY_DERIVE_KEYPCUOpcode inputsOpcode outputs
LSPAY_ENCRYPTPCUOpcode inputsOpcode outputs
LSPAY_DECRYPTPCUOpcode inputsOpcode outputs
LSPAY_DECRYPT_THEN_ENCRYPTPCUOpcode inputsOpcode outputs
LSPAY_MAC_GENPCUOpcode inputsOpcode outputs
LSPAY_MAC_VERIFYPCUOpcode inputsOpcode outputs*
LSPAY_MAC_TRANSLATEPCUOpcode inputsOpcode outputs*
LSPAY_FPE_ENCRYPTPCUOpcode inputsOpcode outputs
LSPAY_FPE_DECRYPTPCUOpcode inputsOpcode outputs
LSPAY_SIGNPCUOpcode inputsOpcode outputs
LSPAY_SIGN_VERIFYPCUOpcode inputsOpcode outputs
LSPAY_PINBLK_TRANSLATEPCUOpcode inputsOpcode outputs
LSPAY_DERIVE_PIN_FROM_OFFSETPCUOpcode inputsOpcode outputs
LSPAY_DERIVE_OFFSET_FROM_PINPCUOpcode inputsOpcode outputs
LSPAY_VERIFY_PINPCUOpcode inputsOpcode outputs
LSPAY_PVV_GENPCUOpcode inputsOpcode outputs
LSPAY_PVV_VERIFYPCUOpcode inputsOpcode outputs
LSPAY_EMV_GENVERIFYPCUOpcode inputsOpcode outputs
LSPAY_EMV_SECURE_MSG_GENPCUOpcode inputsOpcode outputs
LSPAY_CVV_GENPCUOpcode inputsOpcode outputs
LSPAY_CVV_VERIFYPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_CREATEPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_EXPORT_COMPONENTPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_IMPORT_COMPONENTPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_COMBINE_INITPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_COMBINE_KEYPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_ZEROIZEPCUOpcode inputsOpcode outputs
LSPAY_MFK_GENERATEPCOOpcode inputsOpcode outputs
LSPAY_MFK_GET_INFOPCOOpcode inputsOpcode outputs
LSPAY_MFK_SET_PRIMARYPCOOpcode inputsOpcode outputs
LSPAY_MFK_DELETEPCOOpcode inputsOpcode outputs
LSPAY_FUNCTIONALITY_GETPCOOpcode inputsOpcode outputs
LSPAY_FUNCTIONALITY_SETPCOOpcode inputsOpcode outputs
LSPAY_EXPORT_KPKPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_PUBLIC_KEYPCUOpcode inputsOpcode outputs
LSPAY_VALIDATE_PUBLIC_KEYPCUOpcode inputsOpcode outputs
CN_GENERATE_KEY_PAIR (non-compliant)PCUOpcode inputsOpcode outputs
CN_GENERATE_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_CREATE_OBJECT (non-compliant)PCUOpcode inputsOpcode outputs
CN_UNWRAP_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_WRAP_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_EXTRACT_MASKED_OBJECT (non-compliant)PCU/PCO/AUOpcode inputsOpcode outputs
CN_STORE_FW_SIGNING_KEY (non-compliant)MCOOpcode inputsOpcode outputs
CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant)PCUOpcode inputsOpcode outputs
CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non-compliant)ManufacturerOpcode inputsOpcode outputs
CN_INSERT_MASKED_OBJECT (non-compliant)PCU/PCO/AUOpcode inputsOpcode outputs
CN_ENCRYPT_SESSION (non-compliant)UN-AUTHOpcode inputsOpcode outputs
CN_DERIVE_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_PQC_GENERATE_KEY_PAIRPCUOpcode inputsOpcode outputs
CN_PQC_CRYPTO_SIG_GENPCUOpcode inputsOpcode outputs
CN_PQC_CRYPTO_SIG_VERIFYPCUOpcode inputsOpcode outputs
CN_PQC_CRYPTO_MULTICALL_SIG_GENPCUOpcode inputsOpcode outputs
CN_PQC_CRYPTO_MULTICALL_SIG_VERIFYPCUOpcode inputsOpcode outputs
CN_PQC_CRYPTO_HYBRID_SIG_GENPCUOpcode inputsOpcode outputs
CN_PQC_CRYPTO_HYBRID_SIG_VERIFYPCUOpcode inputsOpcode outputs
HPS_CREATE_PARTITIONMCOOpcode inputsOpcode outputs
HPS_PART_FW_UPDATE_BEGIN HPS_PART_FW_UPDATE HPS_PART_FW_UPDATE_ENDMCOOpcode inputsOpcode outputs
HPS_PARTITION_MGMTMCOOpcode inputsOpcode outputs
HPS_PARTITION_INFOMCOOpcode inputsOpcode outputs
HPS_DELETE_PARTITIONMCOOpcode inputsOpcode outputs
CN_UPDATE_LICENSE (non-compliant)MCOOpcode inputsOpcode outputs
CN_GET_LICENSE_INFO (non-compliant)UN-AUTHOpcode inputsOpcode outputs

The host API is called, which packetizes services and calls the PCIe host driver to send the request from the host to the HSM. The HSM processes the service requests and passes the response from HSM to the host through PCIe host Driver and API. NOTE: The new API documentation 10.23-1150 also covers the API documentation version 10.02-1102, 10.23-1107 and 10.231202. Table 8 Roles, Service Commands, Input and Output

Page 36

* Please refer to the API documentation for specific Opcode inputs and Opcode outputs. * The below generic services represent a set of related services:

Page 37
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
CN_ZEROIZEZeroize all master partition and user partitions. Can be configured to be allowed by CO only, Factory-reset the master partition. zeroizes all the data except vendor- programmed certificates and SSPs. (Perform zeroization)MCO PCO PCU AU UN-AUTHUser keys MMEK PMEK PAK KLK Partition Masking Key PAC 2FAMofNP ubK CAPubK AOAPubK Login Passwords PEK KBK POTAC POKBK POACNoneZSuccess with fips_state = 2 or 3
CN_VENDOR_ZEROIZEZeroize all master and user partitions. Zeroizes vendor- programmed certificates and SSPs. Zeroize types: Vendor/factory reset (Perform zeroization)MCOUser keys FMAK FMAEK MARC MARECFM AEC MMEK MFDEK PAK PAC AOTAC POTAC POKBK POAC AOTAC OKBK AOAC SecureBo otAuth Public KeyNoneZSuccess with fips_state = 2 or 3
CN_APP_INITIALIZERegisters an application with HSM.UN-AUTHDRBG Entropy/H ASH_DR BG Internal StateHash DRBG (SP 800- 90Ar1) (#A1947)E RSuccess with fips_state = 2 or 3
CN_APP_FINALIZEUnregisters an application from HSM.MCO PCO PCU AU UN-AUTHUser keysNoneZSuccess with fips_state = 2 or 3
CN_OPEN_SESSIONManagement services for open, status of sessions.MCO PCO PCU AU UN-AUTHDRBG Entropy/H ASH_DRB G Internal StateHash DRBG (SP 800- 90Ar1) (#A1947)NoneSuccess with fips_state = 2 or 3
CN_CLOSE_SESSIONCloses the session.MCO PCO PCU AU UN-AUTHUser keysNoneZSuccess with fips_state = 2 or 3
CN_GET_SESSION_INFOGets the session information.MCO PCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_CLOSE_ALL_SESSIONSManagement services for closing all sessions.MCO PCO PCU AU UN-AUTHUser keysNoneZSuccess with fips_state = 2 or 3
CN_CLOSE_PARTITION_SESSI ONSCloses sessions of all applications tied to a partition.PCO MCOUser keysNoneZSuccess with fips_state = 2 or 3
CN_ENCRYPT_SESSIONEnables encrypted communication channel.UN-AUTHPOAC PAK TLS pre- master secret TLS master secretHash DRBG (SP 800- 90Ar1) (#A1947) RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) KDF TLS (CVL) (SP 800-135r1) (#A1947) ECDSA SigVer (FIPS186-4)R E G, E G, ESuccess with fips_state = 2 or 3
(#A1948)TLS session symmetric key set DRBG Entropy/H ASH_DRB G Internal State(#A1948)G E
CN_AUTHORIZE_SESSIONAuthorizes the sessions to be used under E2E and do login.UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_LOGINAllows login to a session. Public key is used to verify user signatures, optionally in 2-factor authentication.UN-AUTHPEK Login passwords 2FAMofNP ubK CAPubK DRBG Entropy/H ASH_DRB G Internal StateAES-CBC (SP 800-38A) (#A1947) RSA SigVer (FIPS186-4) (#A1948) PBKDF (SP 800-132) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947)E W E E ESuccess with fips_state = 2 or 3
CN_LOGOUTAllows logout of a session.MCO PCO PCU AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_ALWAYS_AUTHORIZE_USE RContext specific explicit user authorization service for CKA_ALWAYS_AUTHENTICATE keysPCUPEK 2FAMofNP ubK CAPubK Login passwordsAES-CBC (SP 800-38A) (#A1947) RSA SigVer (FIPS186-4) (#A1948) PBKDF (SP 800-132) (#A1948)E E E ESuccess with fips_state = 2 or 3
CN_UPDATE_USER_DETAILSRequires user to be logged in. Updates passwords and public key for 2-factor authentication.PCO Pre-COPMEK 2FAMofNP ubK PEK Login passwords DRBG Entropy/H ASH_DRB G Internal StateRSA SigVer (FIPS186-4) (#A1948) AES-CBC (SP 800-38A) (#A1947) Hash DRBG (SP 800- 90Ar1) (#A1947) PBKDF (SP 800-132) (#A1948)E W E W ESuccess with fips_state = 2 or 3
CN_SET_USER_ATTRSet user attributes that control the functionality of a crypto user.PCONoneNoneNoneSuccess with fips_state =
CN_TOKEN_INFOGets token/module information. (Show module’s versioning information, Show status)MCO PCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARTITION_INFOReturns partition Information. (Show module’s versioning information, Show status)MCO PCO PCU AU UN-AUTHPartition Owner KBK (POKBK)NoneESuccess with fips_state = 2 or 3
CN_GET_HSM_LABELReturns HSM label.MCO PCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_ALL_PARTITION_INFOGets information for all Partitions. (Show module’s versioning information, Show status)MCOPartition Owner KBK (POKBK)NoneESuccess with fips_state = 2 or 3
CN_GET_POLICY_SETGets the current policy settings. This operation does not need authentication.MCO PCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_VERSIONObtains firmware version. (Show module’s versioning information)MCO PCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_STORE_VENDOR_PRE_SH ARED_KEY (CN_STORE_KBK_SHARE)Stores fixed keys (KBK) for backup.Manufacture r PCOMFKBK PDEK MARC MAREC AOTAC, POTAC, OKBK, POKBK, FMAK, PAKRSA SigVer (FIPS186-4) (#A1948) KTS-IFC (KTS) (SP 800- 56Br2) (#A1948) AES-KWP (SP 800-38F) (#A1948)W E E E E E W W E ESuccess with fips_state = 2 or 3
CN_LOAD_RECOVERY_KEY_INI T CN_LOAD_RECOVERY_KEY_FI NISHManages loading recovery key into HSMMCOMCO_RK HSMEK HSMEKCKAS-ECC- SSC SP800- 56Ar3 (#A1948) KAS-ECC SP800-56Ar3 (#A1948) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDFW E ESuccess with fips_state = 2 or 3
CN_SHUTDOWNCloses and cleans the Cfm library and driver. Unregisters an application from HSM. Deletes all the sessions created within this application. Closes the device file.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_INIT_TIMESets the user's initial time upon receiving the HSMMCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_VENDOR_TIMESets the vendor time on the HSMMCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_TIMEGets the RTC and System time from HSM (Show status)MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SYNC_TIMESets the user's time on the HSM. Also used for drift calculation and configuration. Returns useful information such as the drift between previous configured time and new time configured and the lifetime average drift observed.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_UCD_CMDGets the logs from UCD related to voltage rail monitoring and faults in the system.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_HSM_LOGGER_INFOGets the pending logs of FRAM from the HSM. (Show status)MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_INIT_TOKENInitializes the HSM and sets its policies and boundaries to the values specified in config_fileMCO PCO Pre-COMMEK PMEK DRBG Entropy/H ASH_DRB G InternalHash DRBG (SP 800- 90Ar1) (#A1947)G G ESuccess with fips_state = 2 or 3
CN_GEN_PSWD_ENC_KEYGenerates a Password Encryption Key (PEK), which is used to wrap the user password while sending it over the FIPS boundary.MCO PCO Pre-COPEK DRBG Entropy/H ASH_DRB G Internal State Host PswdEncK eyPublic KeyKAS-IFC-SSC (SP 800- 56Br2) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) KDA OneStep SP800-56Cr1 (#A1948) KDA TwoStep SP800-56Cr1 (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)G E ESuccess with fips_state = 2 or 3
CN_CREATE_COCreates Crypto OfficerMCO PCO Pre-COPMEK 2FAMofNP ubK PEK Login passwords DRBG Entropy/H ASH_DRB G Internal StateRSA SigVer (FIPS186-4) (#A1948) AES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948)E W E W ESuccess with fips_state = 2 or 3
CN_INIT_DONECompletes initialization of HSM/ partition. Successful initialization of HSM will reboot the HSM.MCO PCO Pre-CONoneNoneNoneSuccess with fips_state = 2 or 3
CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_ENDPerforms firmware update: uploads the signed firmware to the module.MCOManufactu rer firmware update validation key MFUVKRSA SigVer (FIPS186-4) (#A1948)E ESuccess with fips_state = 2 or 3
CN_STORE_FW_SIGNING_KEYConfigure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072, and 4096 or a supported EC curve.MCOAOAPubK AOACRSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948)W ESuccess with fips_state = 2 or 3
CN_ALLOW_FW_UPDATEConfigure a lower version of FW to be allowed to be updated for certain time period and on certain HSMsMCOAOAPubKRSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948)ESuccess with fips_state = 2 or 3
CN_INVOKE_FIPSPerforms Self tests.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_HSM_CONFIGSets the HSM configuration parametersPCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CREATE_PARTITIONCreates a partition with the given name and size.MCOPAK FMAC FMAK MARC PACRSA KeyGen (FIPS186-4) (#A2393) RSA SigGen (FIPS186-4) (#A1948)G E E E GSuccess with fips_state = 2 or 3
CN_DELETE_PARTITIONDeletes a partition and all associated keys.MCONoneNoneZSuccess with fips_state = 2 or 3
CN_BACKUPBacks up config, users, keys, and data objects.MCO PCOBackup session key 2FAMofNP ubK PEK CAPubK User Keys DRBG Entropy/H ASH_DRB G Internal StateKDF SP800- 108 (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) HMAC-SHA2- 256 (FIPS 198- 1) (#A1947) SHA2-512 (FIPS 180-4) (#A1948)G, E R R R R ESuccess with fips_state = 2 or 3
CN_RESTORERestores partition configuration, users, and keys.MCO PCOBackup session key 2FAMofNP ubKAES-KW (KTS) (SP 800-38F) (#A1948) AES-CBC (SP 800-38A) (#A1948)W, E WSuccess with fips_state = 2 or 3
SHA2-512 (FIPS 180-4) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) CKG SP 800- 133Rev2 (Vendor affirmed)PEK Login Passwords CAPubK User Keys DRBG Entropy/H ASH_DRB G Internal StateSHA2-512 (FIPS 180-4) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) CKG SP 800- 133Rev2 (Vendor affirmed)W W W W E
CN_BACKUP_OBJECTBacks up partition key, partition CSR, PO cert, partition cert signed by PO.MCOBackup PAK PAC Partition masking keyAES-KW (KTS) (SP 800-38F) (#A1948)E R R RSuccess with fips_state = 2 or 3
CN_RESTORE_OBJECTRestores the backed-up object and object details.MCOBackup session key PAK PAC Partition masking keyAES-KW (KTS) (SP 800-38F) (#A1948)E W W WSuccess with fips_state = 2 or 3
CN_SET_NODEIDSets the cluster node ID for a partition.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CREATE_USERCreates a new CU, CO, or AU user with the provided name and password.PCOPMEK 2FAMofNP ubK PEK Login passwords DRBG internal statesAES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948) RSA SigVer (FIPS186-4) (#A1948)E W E W ESuccess with fips_state = 2 or 3
CN_DELETE_USERDeletes the user with the given name.PCONoneNoneZSuccess with
CN_LIST_USERSLists all users of the current partition.PCO/ PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_LOGIN_FAILURE_CNTGets login failure count. (Show status)PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CREATE_PRE_OFFICERCreates a pre-officer.Pre-COPMEKAES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948)ESuccess with fips_state = 2 or 3
CN_CREATE_APPLIANCE_USE RCreates an Appliance User.PCOPMEKAES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948)ESuccess with fips_state = 2 or 3
CN_OPEN_SESSION_V2Opens a session in HSM and returns the session handle.UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_ENCRYPT_SESSION_V2Establishes E2E connection with/without client- authentication, between HSM and the CavClient/CavMgmt Util.UN-AUTHCAPubK POAC TLS pre- master secret TLS master secret TLS session symmetric key set DRBG Entropy/H ASH_DRB G Internal StateHash DRBG (SP 800- 90Ar1) (#A1947) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1947) KAS-ECC- SSC SP800- 56Ar3 (#A1947) ECDSA KeyVer (FIPS186-4) (#A1948) KDF TLS (CVL) (SP 800-135r1) (#A1947) ECDSA SigVer (FIPS186-4) (#A1948) KAS TLS (SP 800-56Ar3)E E G, E G, E G ESuccess with fips_state = 2 or 3
CN_GET_SERVER_PARAMSGets the server parameters used in Cav-server for the server handshake messagesUN-AUTHTLS session (E2E) ECDH keyHash DRBG (SP 800- 90Ar1) (#A1947) ECDSA KeyGenG ESuccess with fips_state = 2 or 3
(FIPS186-4) (#A2393)POAC PAK DRBG Entropy/H ASH_DRB G Internal State(FIPS186-4) (#A2393)E E
CN_GET_USER_INFOGets user info and user attributes in TLV format for a crypto user. Memory should be allocated for user attribute template by the application calling this opcode.PCO PCU AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_CREATE_OBJECTImports a public key into HSM.PCUUser Public KeysNoneWSuccess with fips_state = 2 or 3
CN_GEN_KEY_ENC_KEYGenerates KLK or key encryption key. The type of key is determined by the kek_method parameter in the hsm_config file. The KLK is always a global key;PCOKLK Partition key loading private key KLSZ DRBG Entropy/H ASH_DRB G Internal StateECDSA KeyGen (FIPS186-4) (#A2393) KAS-IFC-SSC (SP 800- 56Br2) (#A1948) KAS-ECC (KAS) (SP 800-56Ar3) ECDSA KeyVer (FIPS186-4) (#A1948) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) Hash DRBG (SP 800- 90Ar1) (#A1947) CKG SP 800- 133Rev2 (Vendor affirmed)G,E G, E G, ESuccess with fips_state = 2 or 3
CN_EXTRACT_MASKED_OBJEC TExtracts a masked object; i.e., retrieves an object by wrapping it with a masking key shared by the process of cloning.PCO PCU AUUser keys PEK KLKAES-KW (KTS) (SP 800-38F) (#A1948)R R RSuccess with fips_state = 2 or 3
Partition masking keyPartition masking keyE
CN_INSERT_MASKED_OBJECTInserts a masked object into an HSM that Is extracted from another HSM.PCU PCO AUUser keys PEK KLK Partition masking keyAES-KW (KTS) (SP 800-38F) (#A1948) Triple-DES SP 800-38B, no security claimed per IG 2.4.A AES-CMAC (SP 800-38B) (#A1948) SHA-1, no security claimed per IG 2.4.AR R R ESuccess with fips_state = 2 or 3
CN_DESTROY_OBJECTDestroys key object.PCUUser keysNoneZSuccess with fips_state = 2 or 3
CN_TOMBSTONE_OBJECTMarks the key to be deleted and makes it unusable.PCUUser keysNoneZSuccess with fips_state = 2 or 3
CN_DELETE_TOMBSTONED_O BJECTDestroys tombstoned keys.PCO PCU AUUser keysNoneZSuccess with fips_state = 2 or 3
CN_GET_ATTRIBUTE_VALUERetrieves single key attribute/ metadata.PCUUser keysNoneESuccess with fips_state = 2 or 3
CN_GET_ATTRIBUTE_SIZERetrieves an attribute or its size from an object.PCUUser keysNoneESuccess with fips_state = 2 or 3
CN_GET_ALL_ATTRIBUTE_SIZERetrieves an attribute or its size from an object.PCUUser keysNoneESuccess with fips_state = 2 or 3
CN_GET_ALL_ATTRIBUTE_VAL UERetrieves all attributes or their size from an object.PCUUser keysNoneESuccess with fips_state = 2 or 3
CN_MODIFY_OBJECTUses the setAttribute command to modify object attributes.PCO PCUUser keysNoneWSuccess with fips_state = 2 or 3
CN_MODIFY_KEY_OWNERModifies object attributes.PCOUser keysNoneWSuccess with fips_state = 2 or 3
CN_GENERATE_KEYGenerates a symmetric key of given key type and length.PCUSymmetric User KeysHash DRBG (SP 800- 90Ar1) (#A1947)G ESuccess with fips_state = 2 or 3
CKG SP 800- 133Rev2 (Vendor affirmed) Triple-DES SP 800-38B, no security claimed per IG 2.4.A AES-CMAC (SP 800-38B) (#A1948) SHA-1, no security claimed per IG 2.4.ADRBG Entropy/H ASH_DRB G Internal StateCKG SP 800- 133Rev2 (Vendor affirmed) Triple-DES SP 800-38B, no security claimed per IG 2.4.A AES-CMAC (SP 800-38B) (#A1948) SHA-1, no security claimed per IG 2.4.A
CN_GENERATE_KEY_PAIRGenerates asymmetric keys (RSA/ ECC). Updates the public and private key handles in the output on return.PCUAsymmetri c User Keys DRBG Entropy/H ASH_DRB G Internal StateRSA KeyGen (FIPS186-4) (#A2393) ECDSA KeyGen (FIPS186-4) (#A2393) ECDSA SigGen (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947)G ESuccess with fips_state = 2 or 3
CN_EXPORT_PUB_KEYExports a public key in PEM- encoded format.PCUUser keysNoneRSuccess with fips_state = 2 or 3
CN_GET_OBJECT_INFOObtains Key details like shared sessions, shared users ,and m_values of USE_KEY, MANAGE_KEY services.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_UNWRAP_KEY/ CN_UNWRAP_KEY2Unwraps a key with an AES/ Triple- DES/RSA private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command.PCUUser keys KLKAES-KW (KTS) (SP 800-38F) (#A1948) KAS-ECC- SSC SP800- 56Ar3 (#A1947) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) KDA OneStep SP800-56Cr1W ESuccess with fips_state = 2 or 3
CN_WRAP_KEY/CN_WRAP_KE Y2Wraps sensitive (private and symmetric) keys from the HSM to the host.PCUUser keys KLKAES-KW (KTS) (SP 800-38F) (#A1948) KAS-ECC- SSC SP800- 56Ar3 (#A1947) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) KDA OneStep SP800-56Cr1 (#A1948) KDA TwoStep SP800-56Cr1 (#A1948) KTS-IFC (SP 800-56Br2) (#A1948) KTS-IFC (KTS) (SP 800- 56Br2) (#A2393) AES-KW (KTS) (SP 800-38F) (#A1948) KTS-IFC (KTS) (SP 800- 56Br2) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP800- 38D)R ESuccess with fips_state = 2 or 3
CN_NIST_AES_WRAP_UNWRA P/ CN_NIST_AES_WRAP_UNWRA P2Wraps/unwraps data with a specified AES key.PCUSymmetric User KeysAES-KW (KTS) (SP 800-38F) (#A1948)ESuccess with fips_state = 2 or 3
CN_DERIVE_KEYDerives a key using a supported KDF mechanism with the params given by the user.PCUUser keysKDF SP800- 108 (#A1948) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) HMAC-SHA2- 256 (FIPS 198- 1) (#A1948) HMAC-SHA2- 384 (FIPS 198- 1) (#A1948) HMAC-SHA2- 512 (FIPS 198- 1) (#A1948) HMAC-SHA-1 (FIPS 198-1) (#A1948) KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800- 56Ar3) KAS ANS 9.63 (SP 800- 56Ar3)G, ESuccess with fips_state = 2 or 3
CN_FIND_OBJECTS_USING_C OUNT/ CN_FIND_ALL_OBJECTS_IN_R ANGE/ CN_FIND_ALL_OBJECTS/ CN_FIND_ALL_OBJECTS_USIN G_COUNT/Finds all key(s) in the partition based on input criteria. An array of key handles will be returned for the keys that match the input criteria specified, key class, key label, etc. Search can be requested from an index.MCO PCO PCU AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_ADMIN_GET_PARTN_KEYH ANDLES_HASHGets hash of all keys for a partition.PCO AUUser keysSHA-1 (FIPS 180-4) (#A1948) SHA2-256 (FIPS 180-4) (#A1948) SHA2-384 (FIPS 180-4) (#A1948) SHA2-512 (FIPS 180-4) (#A1948)E RSuccess with fips_state = 2 or 3
CN_GET_PARTN_SINGLE_KEY HANDLE_HASHGets hash of single key for a partitionPCO PCU AUUser keysSHA-1 (FIPS 180-4) (#A1948) SHA2-256 (FIPS 180-4) (#A1948) SHA2-384 (FIPS 180-4) (#A1948) SHA2-512 (FIPS 180-4) (#A1948)ESuccess with fips_state = 2 or 3
CN_ DESTROY _OBJECTDeletes the specified object stored on the HSM.PCUUser keysNoneZSuccess with fips_state = 2 or 3
CN_PARTN_GET_AUDIT_DETAI LSGets audit logs detailsPCO AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARTN_GET_AUDIT_LOGSGets audit logsPCO AUNoneSHA2-256 (FIPS 180-4) (#A1947)NoneSuccess with fips_state = 2 or 3
CN_PARTN_GET_AUDIT_SIGNGets audit logs hash or RSA signaturePCO AUPAKSHA2-256 (FIPS 180-4) (#A1947) ECDSA SigGen (FIPS186-4) (CVL) (#A1947)ESuccess with fips_state = 2 or 3
CN_PARTN_ACK_AUDIT_SIGNAcks previously retrieved signature. Either hash or signature needs to match with the values stored by HSM for firmware to accept the signature acknowledgmentPCO AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_FINALIZE_LOGSFinalizes logs by inserting end marker. No more loggable commands are allowed on the partition after this command is run.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_POLICYSets an HSM policyMCO PCONoneNoneNoneSuccess with fips_state =
CN_NIST_AES_WRAPWraps data with a specified AES key.PCUPOKBKAES-KW (KTS) (SP 800-38F) (#A1948)ESuccess with fips_state = 2 or 3
CN_ALLOC_SSL_CTXAllocates a context segment in the HSM memory and returns its handle, which will be passed later to the processor in the final 8 bytes of the request as Cptr.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_FREE_SSL_CTXFrees a context segment for use by another SSL connection.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_FIPS_RANDGenerates FIPS random number of given lengths.PCUDRBG Entropy/H ASH_DRB G Internal StateHash DRBG (SP 800- 90Ar1) (#A1947)ESuccess with fips_state = 2 or 3
CN_ME_PKCS_LARGEModExp and PKCS#1v1.5 Sign and verifyPCUAsymmetri c User KeysRSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1947) KTS-IFC (KTS) (SP800-56Br2) (#A2393)ESuccess with fips_state = 2 or 3
CN_ME_PKCSPKCS#1v2.2 sign and verify.PCUAsymmetri c User KeysRSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1947) KTS-IFC (KTS) (SP800-56Br2) (#A2393)ESuccess with fips_state = 2 or 3
CN_FECCECDSA sign and point add/ double/mul operation.PCUAsymmetri c User KeysECDSA SigGen (FIPS186-4) (CVL) (#A1947) KAS-ECC- SSC SP800- 56Ar3 (#A1948) KDF ANS 9.63 (CVL) (SP 800-135r1) (#A1948) EC Diffie- Hellman withESuccess with fips_state = 2 or 3
CN_HASHComputes SHA hash.PCUNoneSHA-1 (FIPS 180-4) (#A1947) SHA2-256 (FIPS 180-4) (#A1947) SHA2-384 (FIPS 180-4) (#A1947) SHA2-512 (FIPS 180-4) (#A1947)NoneSuccess with fips_state = 2 or 3
CN_SHA3Computes SHA3 HashPCUNoneSHA3-224 (FIPS 202) (#A1947) SHA3-256 (FIPS 202) (#A1947) SHA3-384 (FIPS 202) (#A1947) SHA3-512 (FIPS 202) (#A1947) SHAKE-128 (FIPS 202) (#A1947) SHAKE-256 (FIPS 202) (#A1947)NoneSuccess with fips_state = 2 or 3
CN_HMACComputes/verifies the MAC of a complete message. HMAC max message length supported will vary based on hash type.PCUSymmetric and HMAC User KeysHMAC-SHA2- 256 (FIPS 198- 1) (#A1947) HMAC-SHA2- 384 (FIPS 198- 1) (#A1947) HMAC-SHA2- 512 (FIPS 198- 1) (#A1947) AES-CMAC (SP 800-38B) (#A1947)ESuccess with fips_state = 2 or 3
MAJOR_OP_AES_CMACComputes/verifies the MAC of a complete message using AES as PRF.PCUSymmetric and HMACAES-CMAC (SP 800-38B)ESuccess with fips_state =
Minor Opcodes are MINOR_OP_START, MINOR_OP_UPDATE and MINOR_OP_FINISHMinor Opcodes are MINOR_OP_START, MINOR_OP_UPDATE and MINOR_OP_FINISHUser Keys(#A1948)2 or 3
CN_ENCRYPT_DECRYPTAES/Triple-DES(* legacy use only)/AES-GCM encryption and decryption Minor Ops: GCM_INIT, GCM_UPDATE, GCM_FINAL (GCM_MINOR_OP_DEC)PCUSymmetric User Keys DRBG Entropy/H ASH_DRB G Internal StateAES-CBC (SP 800-38A) (#A1947) AES-ECB (SP 800-38A) (#A1947) TDES-ECB (SP 800-38A) (#A1947) TDES-CBC (SP 800-38A) (#A1947) AES-CTR (SP 800-38A) (#A1947) AES-CCM (SP 800-38C) (#A1947) AES-GCM (SP 800-38D) (#A1947) TDES-ECB (SP 800-38A) *legacy use only (#A1947) TDES-CBC (SP 800-38A) *legacy use only (#A1947) Hash DRBG (SP 800- 90Ar1) (#A1947) AES-GMAC (SP 800-38D) (#A1947)E ESuccess with fips_state = 2 or 3
MAJOR_OP_DECRYPT_AND_EN CRYPT_COMMANDAES-GCM encryption and decryption Minor Ops: GCM_INIT, GCM_UPDATE, GCM_FINAL (GCM_MINOR_OP_DEC)PCUSymmetric User Keys DRBG Entropy/H ASH_DRB G Internal StateAES-GCM (SP 800-38D) (#A1947) Hash DRBG (SP 800- 90Ar1) (#A1947) AES-GMAC (SP 800-38D) (#A1947)ESuccess with fips_state = 2 or 3
MAJOR_OP_ENCRYPT_DECRY PT_RECORDEncrypts/decrypts records. Sends encrypted E2E request to the FW.PCUSymmetric User Keys DRBG Entropy/HHash DRBG (SP 800- 90Ar1) (#A1947) AES-GCM (SP 800-38D)E ESuccess with fips_state = 2 or 3
(#A1947)ASH_DRB G Internal State(#A1947)
CN_CERT_AUTH_GET_SOURC E_RANDOMGets the source random number required for mutual trust protocol.PCODRBG Entropy/H ASH_DRB G Internal StateHash DRBG (SP 800- 90Ar1) (#A1947)E RSuccess with fips_state = 2 or 3
CN_CERT_AUTH_VALIDATE_P EER_CERTS/ CN_CERT_AUTH_VALIDATE_T ARGET_CERTSValidates the peer certificates as part of the mutual trust protocol.PCODRBG Entropy/H ASH_DRB G Internal State MARC MAC PAC AOTAC AOAC POTAC POACHash DRBG (SP 800- 90Ar1) (#A1947) RSA SigVer (FIPS186-4) (#A1948) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1948)E E E E E E E ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_SOURCE_KE Y_EXCHANGEGenerate source key exchange message from the HSM.PCOSAZ PAK DRBG Entropy/H ASH_DRB G Internal StateHash DRBG (SP 800- 90Ar1) (#A1947) RSA SigVer (FIPS186-4) (#A1948)G E ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_TARGET_KEY _EXCHANGEValidate key exchange message from peer. Used in cert-based cloningPCOPAK SAZKAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)E GSuccess with fips_state = 2 or 3
CN_CLONE_SOURCE_INITFetch the value for the clone target initialization.PCOPCPK DRBG Entropy/H ASH_DRBHash DRBG (SP 800- 90Ar1) (#A1947) RSA KeyGenG ESuccess with fips_state = 2 or 3
(FIPS186-4) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948)G Internal State Partition Cloning Initiator Public Key(FIPS186-4) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948)E
CN_CLONE_SOURCE_STAGE1Push clone target output into clone source.PCOCSSZ PCSK PCSMK Partition masking key Partition Cloning Responder Public KeyKAS-ECC (KAS) (SP 800-56Ar3) ECDSA KeyVer (FIPS186-4) (#A1948) HMAC-SHA2- 512 (FIPS 198- 1) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)G G G R ESuccess with fips_state = 2 or 3
CN_CLONE_TARGET_INITPush clone source output into clone target.PCOPCPK DRBG Entropy/H ASH_DRB G Internal State Partition Cloning Responder Public Key Partition Cloning Initiator Public KeyHash DRBG (SP 800- 90Ar1) (#A1947) RSA KeyGen (FIPS186-4) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948)G E E ESuccess with fips_state = 2 or 3
CN_CLONE_TARGET_STAGE1Fetch the value for clone target end.PCOCSSZ PCSK PCSMK Partition masking keyKAS-ECC (KAS) (SP 800-56Ar3) ECDSA KeyVer (FIPS186-4) (#A1948) HMAC-SHA2- 512 (FIPS 198- 1) (#A1947) AES-KWG G G WSuccess with fips_state = 2 or 3
CN_LIST_AUTH_PUB_KEYSList all registered user auth pub keys.PCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_M_VALUEGets minimum number of quorum approvals needed for a service in a partitionPCO PCU AU UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_TOKENGets a token from the partition for a given service.PCO PCUDRBG Entropy/C TR_DRBG Internal StateCounter DRBG (SP 800- 90Ar1) (#A1948)ESuccess with fips_state = 2 or 3
CN_APPROVE_TOKENSubmit approvals on token, approval could be on a single or multiple blobs.PCO PCU2FA MofNPubk eyRSA SigVer (FIPS186-4) (#A1948)ESuccess with fips_state = 2 or 3
CN_LIST_TOKENSList all MofN tokens in the current partition.PCO PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_TOKEN_TIMEOUTGet the timeout values of the tokens in the partition.PCO PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_DELETE_TOKENDeletes the existing MxN tokens based on the token-delete options.PCO PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_FRAMLOG_CMDIt is status output of the module for critical messagesUN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_CFG_PREGEN_CACH E_SZSet configured pre generated keys cache sizeMCO PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_CFG_PREGEN_CACH E_VALReturns the key count in pre generated key cacheMCO PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_LIST_UNLINKED_OBJECTSReturn the total tombstone sessions, keys and contextsPCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_PARTN_FINGERPRINTReturns the fingerprint of partition keys, users and objectsMCO PCOUser keys, PAC, POTAC, PAKSHA2-256 (FIPS 180-4) (#A1948)ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_GET_CERTFetches certificates stored on the HSM. Certificates like VENDOR_CERT HSM_CERT PARTITION_OWNER_CERT PARTITION_CERT PARTITION_CERT_ISSUED_BY_HSM HSM_OWNER_CERT HSM_CERT_ISSUED_BY_HOMCO/PCO/ PCU/AU/UN -AUTHMARC FMAC POAC POTAC PAC AOAC AOTACNoneR R R R R R RSuccess with fips_state = 2 or 3
CN_CERT_AUTH_STORE_CERTStore the partition owner certificate or the partition certificate signed by the partition owner or HSM certificate signed by vendor, HSM owner certificate and HSM certificate signed by HSM owner.MCO PCOAOTAC POTAC AOAC POACRSA SigVer (FIPS 186-4) [#A1948] ECDSA SigVer(FIPS18 6-4) [#A1948]W W W WSuccess with fips_state = 2 or 3
CN_GET_KBK_SLOT_INFOGet the stored fixed (KBK) keys ekcv informationMCO PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_KBK_PRIMARYSet the latest stored fixed (KBK) key as the primary key for backup.MCO PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SHARE_OBJECTShare an object between users.PCUUser KeysNoneWSuccess with fips_state = 2 or 3
CN_UNLOCK_COOn providing response(signature) over the challenge thrown by HSM/Partition during CN_GET_CHALLENGE_CO (CfmGetChallengeCO), session will be marked with "unlock" privileges, allowing the user to generate PEK, zeroizeHSM and change the CO's self password. Session will remain in unlocked state only for 120 seconds.UN-AUTHPOAC AOACRSA SigVer (FIPS 186-4) [#A1948]ESuccess with fips_state = 2 or 3
CN_UNLOCK_USERUnlock CU or AU user that got locked up due to invalid login attemptsMCO PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_CORE_DUMPTo retrieve the binary core dumpUN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_MODULE_INFOTo retrieve board names and hardware versions (how module’s versioning information, Show Status)MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH _DERIVED_KEY, KBK)Wrap KBK out of the HSMPCOKBKAES-KW (KTS) (SP 800-38F) (#A1948), AES-KWP (KTS) (SP 800-38F) (#A1948)RSuccess with fips_state = 2 or 3
CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH _DERIVED_KEY)Unwraps KBK into the HSMPCOKBKAES-KW (KTS) (SP 800-38F) (#A1948), AES-KWP (KTS) (SP 800-38F) (#A1948)WSuccess with fips_state = 2 or 3
CN_GET_CHALLENGE_COGets a challenge to be signed by either HSM/Partition's owner to move the session to "unlocked" state using "unlockco" command.UN-AUTHPOAC AOAC PAK FMAC FMAK DRBG Entropy/CT R_DRBG Internal StateRSA SigGen (FIPS186-4) (#A1948) Counter DRBG (SP 800- 90Ar1) (#A1948)R R E R E ESuccess with fips_state = 2 or 3
CN_SET_M_VALUESet the current M value for a CO service.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CERT_AUTH_GET_CERT_R EQGet the partition or HSM Certificate Signing Request (CSR).MCO/PCO/ PCU/AU/ UN-AUTHAOAC POACNoneR RSuccess with fips_state = 2 or 3
CN_CERT_AUTH_REMOVE_CE RTStores or removes the Partition TA certPCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_UPDATE_LICENSEPerforms license update: uploads the license file and its signature file.MCOManufactu rer License Validation Key (MLVK)RSA SigVer (FIPS 186-4) [#A1948]ESuccess with fips_state = 2 or 3
CN_GET_LICENSE_INFOGets data from license fileMCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_DIAGLOGStatus output of the module for Critical, System and FRAM logsMCO/UN- AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_NOR_HUK_OPShows the status of HUK in NOR FlashMCO/UN- AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_APP_CLEANUPCloses an application from HSM PartitionMCO/PCO/ PCU/AU/UN -AUTHUser KeysNoneZSuccess with fips_state = 2 or 3
CN_APP_CLEANUP_V2Closes multiple applications from HSM PartitionMCO/PCO/ PCU/AU/UN -AUTHUser KeysNoneZSuccess with fips_state = 2 or 3
CN_SAFE_REBOOTRestarts the HSM or specific partitionUN-AUTHUser KeysNoneZSuccess with
CN_GET_ALL_PARTITION_INFODiagnostic information for all the HSM PartitionNoneNoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARK_OBJECTPark based on parkable attributesPCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_UNPARK_OBJECTUnpark based on parkable attributesPCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GENERATE_PBE_KEYGenerate PBE DES3 key with the given password, salt, and iteration count. Make sure that HSM is initialized with fips_state=0. The fips_state parameter can be found in the hsm_config file.PCUCounter DRBG Allowed Per IG 2.4.A/ PBESuccess with fips_state = 0
LSPAY_GENERATE_ASYMM_KEYGenerates RSA KEY Pair (mod_len>= 2048-bit). Generates EC KEY PAIR (Curves: Nist P256, 224, 384, 521, Brain pool, x25519/448 and Decp256K1 and FRP)PCURSA (non-compliant) ECDSA (non-compliant) KAS-ECC (non-compliant)Success with fips_state = 0
LSPAY_GENERATE_SYMM_KEYGenerates symmetric key AES/ TDEA keys used for LSPay operationsPCUCounter DRBG Allowed Per IG 2.4.ASuccess with fips_state = 0
LSPAY_EXPORT_PUBLIC_KEYExports public key for RSA BYOK.PCUN/ASuccess with fips_state = 0
LSPAY_IMPORT_KPKImports OAEP wrapped or ECDH_AES_PAD wrapped symmetric key.PCURSA (non-compliant), EC-AES / ECDH KDFSuccess with fips_state = 0
Page 38

(SP 80090Ar1) E R Z Z Z (SP 80090Ar1) Z (SP 80090Ar1) R E G, E G, E

Page 40

E E (SP 800AOTAC, r E E E E W W E T KAS-ECCSSC SP80056Ar3 E E W E E

Page 42

G E E (SP 80090Ar1) HKDF (SP80056Br2) W W E E E E E

Page 43

W E E G E E E G (SP 80090Ar1) Z G, E R HMAC-SHA2256 (FIPS 198PEK R R R E W, E W

Page 45

E E R (SP 80090Ar1) E E TLS premaster G, E KAS-ECCSSC SP80056Ar3 G, E G E G (SP 80090Ar1) E

Page 46

E E W G,E G, E G, E HKDF (SP80056Br2) (SP 80090Ar1) T R R R

Page 48

G 2.4.A 2.4.A E (SP 80090Ar1) R W E KAS-ECCSSC SP80056Ar3

Page 49

(SP 80056Br2) 2.4.A 2.4.A (SP 80056Ar3) (SP 80056Br2) (KTS) (SP80038D)

Page 50

(SP 80056Ar3) D.G D.G R E KAS-ECCSSC SP80056Ar3 (SP 80056Br2) (SP 80056Br2) (KTS) (SP80038D)

Page 51

E G, E (SP 80056Ar3) (SP 80056Ar3) P/ (SP 80056Ar3) (SP 80056Ar3)

Page 53

E (SP 80090Ar1) E E E E KAS-ECCSSC SP80056Ar3

Page 55

E E (SP 80090Ar1) E E (SP 80090Ar1) E

Page 56

(SP 80090Ar1) E (SP 80090Ar1) E E E E E E E R E (SP 80090Ar1) G E E HKDF (SP80056Br2) E G (SP 80090Ar1) G E

Page 57

E G G G R HKDF (SP800Key E (SP 80090Ar1) G E E E G G G W

Page 60

W R R (SP 800FMAK E R E E R E R MCO/UNAUTH MCO/UNAUTH Z

Page 61
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
CN_GET_ALL_PARTITION_INFODiagnostic information for all the HSM PartitionNoneNoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARK_OBJECTPark based on parkable attributesPCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_UNPARK_OBJECTUnpark based on parkable attributesPCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GENERATE_PBE_KEYGenerate PBE DES3 key with the given password, salt, and iteration count. Make sure that HSM is initialized with fips_state=0. The fips_state parameter can be found in the hsm_config file.PCUCounter DRBG Allowed Per IG 2.4.A/ PBESuccess with fips_state = 0
LSPAY_GENERATE_ASYMM_KEYGenerates RSA KEY Pair (mod_len>= 2048-bit). Generates EC KEY PAIR (Curves: Nist P256, 224, 384, 521, Brain pool, x25519/448 and Decp256K1 and FRP)PCURSA (non-compliant) ECDSA (non-compliant) KAS-ECC (non-compliant)Success with fips_state = 0
LSPAY_GENERATE_SYMM_KEYGenerates symmetric key AES/ TDEA keys used for LSPay operationsPCUCounter DRBG Allowed Per IG 2.4.ASuccess with fips_state = 0
LSPAY_EXPORT_PUBLIC_KEYExports public key for RSA BYOK.PCUN/ASuccess with fips_state = 0
LSPAY_IMPORT_KPKImports OAEP wrapped or ECDH_AES_PAD wrapped symmetric key.PCURSA (non-compliant), EC-AES / ECDH KDFSuccess with fips_state = 0
LSPAY_IMPORT_KEYImport symmetric or asymmetric keys. Wrap mech: TR31, AES_CBC, AES_CBC_PAD.PCUAES (non-compliant) Triple-DES (non-compliant).Success with fips_state = 0
LSPAY_IMPORT_TR34_KEYImport symmetric keys using TR- 34 unwrap.PCURSA (non-compliant)Success with fips_state = 0
LSPAY_EXPORT_KEYExports symmetric key wrapped with TR31/AES_CBC/ AES_CBC_PAD.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_EXPORT_TR34_KEYExports symmetric keys wrapped with TR34 mechanismPCURSA (non-compliant)Success with fips_state = 0
LSPAY_TRANSLATE_KEYTranslates wrapped key from on KPK to other KPK.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_IMPORT_CERTIFICATEImports peer’s certificate to read public key required in TR34. Import X901 certificate into HSM.PCUN/ASuccess with fips_state = 0
LSPAY_IMPORT_DECIMAL_TABLEImports encrypted decimal table to be used in PIN APIs to decimalize native PIN.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_GENERATE_CSRCreate CSR with given key pair.PCURSA (non-compliant) ECDSA (non-compliant)Success with fips_state = 0
LSPAY_DERIVE_KEYDerives DUKPT working key from the BDK.PCUAES (non-compliant) DES Triple-DES (non-compliant))Success with fips_state = 0
LSPAY_ENCRYPTEncrypts input data or PIN.PCUAES (non-compliant) Triple-DES (non-compliant) DES Double-DESSuccess with fips_state = 0
LSPAY_DECRYPTDecrypts input data or PIN.PCUAES (non-compliant) Triple-DES (non-compliant) DES Double-DESSuccess with fips_state = 0
LSPAY_DECRYPT_THEN_ENCRYPTDecrypts the input cipher text with one key and encrypts with another key.PCUAES (non-compliant) Triple-DES (non-compliant) DES Double-DESSuccess with fips_state = 0
LSPAY_MAC_GENComputes MAC on input data. Algorithm used: DES/Triple-DESPCUDES MAC Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_MAC_VERIFYVerifies MAC with calculated AMC on input data.PCUDES MAC Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_MAC_TRANSLATETranslates MAC by using new key on input data.PCUDES MAC Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_FPE_ENCRYPTPerforms FPE FF1/FF3-1 encrypt operation on input data.PCUAES (non-compliant)Success with fips_state = 0
LSPAY_FPE_DECRYPTPerforms FPE FF1/FF3-1 decrypt operation on input data.PCUAES (non-compliant)Success with fips_state = 0
LSPAY_SIGNPerforms sign and verify on input data.PCURSA (non-compliant) EDDSA (non-compliant)Success with fips_state = 0
LSPAY_SIGN_VERIFYVerifies sign on input data.PCURSA (non-compliant) EDDSA (non-compliant)Success with fips_state = 0
LSPAY_PINBLK_TRANSLATEDecrypts the input PIN using decryption key, translates toPCUAES (non-compliant)Success with fips_state = 0
given PIN format and encrypts with another key.given PIN format and encrypts with another key.Triple-DES (non-compliant) RSA (non-compliant)
LSPAY_DERIVE_PIN_FROM_OFFSETDerive PIN from given offset. Encrypts validation data with DES EDE. Derives native PIN, then offset will be added to derive IBM PIN. PIN will be encoded in given ISO format. Encrypt encoded PIN with PIN encryption key.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_DERIVE_OFFSET_FROM_PINGenerates IBM offset from given PIN Decrypt and decode received PIN. Generate native from given validation data. Subtract decoded PIN from native PIN t to get PIN offset.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_VERIFY_PINVerifies given PIN . Decrypt and decode received PIN. Generate native from given validation data. Add offset to native PIN. Compare resultant PIN with received PIN.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_PVV_GENPerform PVV generation on PIN and PAN data.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_PVV_VERIFYVerifies given PVV.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_EMV_GENVERIFYPerform EMV crypto operations. Generate ARPC. Generate or Verify ARQC.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_EMV_SECURE_MSG_GENGenerates MAC over secure message.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_CVV_GENGenerates CVV, CVV2, iCVV on given card details.PCUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
LSPAY_CVV_VERIFYVerifies CVV with given card detailsPCUTriple-DES (non-compliant)Success with fips_state = 0
LSPAY_KEY_SHARE_CREATECreates components of KeyPCUShamir’s key share algorithmSuccess with fips_state = 0
LSPAY_KEY_SHARE_EXPORT_COMPONE NTExports created components in encrypted formatPCUAES (non-compliant)Success with fips_state = 0
LSPAY_KEY_SHARE_IMPORT_COMPONE NTImports component of the key.PCUAES (non-compliant)Success with fips_state = 0
LSPAY_KEY_SHARE_COMBINE_INITStarts combine key init.PCUN/ASuccess with fips_state = 0
LSPAY_KEY_SHARE_COMBINE_KEYCombines all components of the key.PCUShamir’s key share algorithmSuccess with fips_state = 0
LSPAY_KEY_SHARE_ZEROIZEErases all components of the key.PCUN/ASuccess with fips_state = 0
LSPAY_MFK_GENERATEGenerates MFK key.PCOCounter DRBG Allowed Per IG 2.4.ASuccess with fips_state = 0
LSPAY_MFK_GET_INFOReturns MFK information for partition.PCON/ASuccess with fips_state = 0
LSPAY_MFK_SET_PRIMARYSets MFK as primary.PCON/ASuccess with fips_state = 0
LSPAY_MFK_DELETEDeletes MFK.PCON/ASuccess with fips_state = 0
LSPAY_FUNCTIONALITY_GETGets status of enabled/disabledPCON/ASuccess with
LSPay servicesLSPay servicesfips_state = 0
LSPAY_FUNCTIONALITY_SETEnable/Disable servicesPCON/ASuccess with fips_state = 0
LSPAY_EXPORT_KPKExport a Key Block Protection Key (KBPK)PCURSA (non-compliant), EC-AES / ECDH KDFSuccess with fips_state = 0
LSPAY_IMPORT_PUBLIC_KEYImport an RSA public keyPCURSA (non-compliant)Success with fips_state = 0
LSPAY_VALIDATE_PUBLIC_KEYValidates the RSA public keyPCURSA (non-compliant)Success with fips_state = 0
CN_GENERATE_KEY_PAIR (non-compliant)Generates asymmetric keys (RSA/ ECC). Updates the public and private key handles in the output on return. Caveats in Non Approved apart from approved mode: • RSA 1024 bits allowed along with all odd public exponent i.e. even lesser than 65537. • NID_X9_62_prime192v 1/NID_sect163k1/NID_ED255 19/ • NID_sect163r2 /NID_secp192k1/NID_brainpo olP160r1/ • NID_brainpoolP192r1 /NID_X25519/ • NID_X448PCURSA (non-compliant) ECDSA (non-compliant) KAS-ECC (non-compliant) ML-KEM (non-compliant) ML-DSA (non-compliant)Success with fips_state = 0
CN_GENERATE_KEY (non-compliant)Generates a symmetric key of given key type and length. Caveats in Non-Approved apart from approved mode: DES token key is allowed.PCUCounter DRBG Allowed Per IG 2.4.ASuccess with fips_state = 0
CN_CREATE_OBJECT (non-compliant)Imports a public key into HSM. Caveats in Non Approved apart from approved mode: • RSA 1024 bits allowed • NID_ED25519/ NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1/ NID_X25519/NID_X448PCUNoneSuccess with fips_state = 0
CN_UNWRAP_KEY (non-compliant)Unwraps a key with an AES/ Triple-DES/RSA private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command. Caveats in Non Approved apart from approved mode: • RSA 1024 bit • RSA PKCS1V1.5 Unwrap • NID_X9_62_prime192v1/ NID_sect163k1/ NID_ED25519/ • NID_sect163r2 / NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1 / NID_X25519/ • NID_X448 • Triple-DESPCURSA (non-compliant), EC-AES / ECDH KDF AES (non-compliant) Triple-DES (non-compliant) ML-KEM (non-compliant)Success with fips_state = 0
CN_WRAP_KEY (non-compliant)Wraps sensitive (private and symmetric) keys from the HSM to the host. Caveats in Non Approved apart from approved mode: • AES-ECB mode • AES-CBC mode • AES-CBC-PAD mode • Triple-DES ECB mode • Triple-DES CBC mode • Triple-DES NIST Wrap mode • RSA-PKCS1V1.5 WrapPCUAES (non-compliant) Triple-DES (non-compliant) RSA (non-compliant) ML-KEM (non-compliant)Success with fips_state = 0
CN_EXTRACT_MASKED_OBJECT (non- compliant)Extracts a masked object; i.e., retrieves an object by wrapping it with a masking key shared by the process of cloning.PCU PCO AUAES (non-compliant)Success with fips_state = 0
CN_STORE_FW_SIGNING_KEY (non- compliant)Configure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072, and 4096 or a supported 256 bits, 384 bits or 521 bits EC curve . Caveats in Non Approved is 192- bit curves supportedMCORSA (non-compliant) ECDSA (non-compliant)Success with fips_state = 0
CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant)ModExp and PKCS#1v1.5 and PKCS#1v2.2 Sign and verify. PKCS#1v1.5 and PKCS#1v2.2 encrypt and decryptPCURSA (non-compliant)Success with fips_state = 0
CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non-compliant)Stores fixed keys (KBK) for backup. Including PKCS#1v1.5Manufacture rRSA (non-compliant) AES (non-compliant)Success with fips_state = 0
CN_INSERT_MASKED_OBJECT (non- compliant)Inserts a masked object into an HSM that Is extracted from another HSM.PCU PCO AUAES (non-compliant) Triple-DES (non-compliant)Success with fips_state = 0
CN_ENCRYPT_SESSION (non-compliant)Enables encrypted communication channel. Caveat is Non Approved mode allow the additional Cipher suite E2E_RSA_AES128_GCM_SHA2 56 , E2E_RSA_AES128_GCM_SHA3UN-AUTHRSA (non-compliant), EC-AES / ECDH KDF ML-KEM (non-compliant)Success with fips_state = 0
CN_DERIVE_KEY (non-compliant)Derives a key using a supported KDF mechanism with the params given by the user.PCUAES (non-compliant) Triple-DES (non-compliant) RSA (non-compliant) EC-AES / ECDH KDF ML-KEM (non-compliant)Success with fips_state = 0
CN_PQC_GENERATE_KEY_PAIRGenerates the Post quantum asymmetric key pair (ML-KEM and ML-DSA).PCUML-KEM (non-compliant) ML-DSA (non-compliant)Success with fips_state = 0
CN_PQC_CRYPTO_SIG_GENGenerates a signature using ML- DSA algorithm.PCUML-DSA (non-compliant) Hash DRBG (non-compliant)Success with fips_state = 0
CN_PQC_CRYPTO_SIG_VERIFYVerifies a signature using ML- DSA algorithm.PCUML-DSA (non-compliant)Success with fips_state = 0
CN_PQC_CRYPTO_MULTICALL_SIG_GENGenerates a signature using ML- DSA algorithm. Minor Ops: MINOR_OP_START, MINOR_OP_UPDATE, and MINOR_OP_FINISHPCUML-DSA (non-compliant)Success with fips_state = 0
CN_PQC_CRYPTO_MULTICALL_SIG_VERI FYVerifies a signature using ML- DSA algorithm. Minor Ops: MINOR_OP_START, MINOR_OP_UPDATE, and MINOR_OP_FINISHPCUML-DSA (non-compliant)Success with fips_state = 0
CN_PQC_CRYPTO_HYBRID_SIG_GENGenerates a signature using ML- DSA and ECDSA sign algorithm.PCUML-DSA (non-compliant) ECDSA (non-compliant)Success with fips_state = 0
CN_PQC_CRYPTO_HYBRID_SIG_VERIFYVerifies a signature using ML- DSA and ECDSA sign algorithm.PCUML-DSA (non-compliant) ECDSA (non-compliant)Success with fips_state = 0
HPS_CREATE_PARTITIONCreates a Platform partition with the given name.MCOAES (non-compliant) ECDSA (non-compliant)Success with fips_state = 0
HPS_PART_FW_UPDATE_BEGIN HPS_PART_FW_UPDATE HPS_PART_FW_UPDATE_ENDUpdate the Platform firmware for the given partition.MCORSA (non-compliant) ECDSA (non-compliant)Success with fips_state = 0
HPS_PARTITION_MGMTHandles the commands for Platform partition firmware life cycle such as START, STOP and STATUSMCONoneSuccess with fips_state = 0
HPS_PARTITION_INFOGets the Platform partition firmware information such as version, status, memory, CPU, etc.MCONoneSuccess with fips_state = 0
HPS_DELETE_PARTITIONDeletes a Platform partition and all associated data.MCONoneSuccess with fips_state = 0
CN_UPDATE_LICENSE (non-compliant)Performs license update: uploads the license file and its signature file.MCORSA (non-compliant)Success with fips_state = 0
CN_GET_LICENSE_INFO (non-compliant)Gets data from license fileUN-AUTHNoneSuccess with fips_state = 0

Indicator for Approved services: The indicator is success for all Approved services when the partition is operated in the approved mode. The following codes are used G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroize: The module zeroizes the SSP. Approved services that also support the use of non-approved security functions are enumerated in the Non-Approved Services table below with their supported non-approved security functions. Table 11 Non-Approved Services 2.4.A

Page 66

The indicator is success for all non-approved services only when the partition is operated in the non-approved mode. The nonapproved services will fail FIPS POLICY MISMATCH when partition is operated in the approved mode.

Page 67
Recommended Frequency of
Physical Security MechanismInspection/Test Guidance Details
Inspection/Test

Firmware Security Firmware integrity is verified by the bootloader during the boot up using EDC (CRC32) for itself and using RSA 2048 signatures and SHA-256 for next level image. The integrity test can be run on-demand by resetting the module by power-cycling it or by PCIe function reset. As part of firmware load operation, the new firmware’s integrity and authenticity is verified by the active firmware using RSA 2048 signatures and SHA-256. Operational Environment The module implements a limited operational environment running SMP Linux operating system on 64-bit Armv8.2-based control processor. FIPS 140-3 Area 6 Operational Environment requirements do not apply to the module in this validation. Any firmware loaded into this module that is not shown on the module certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. The module is a hardware module with a limited operational environment and Physical Security Level 3. 7.1 The module’s cryptographic boundary is defined to be the outer perimeter of the hard epoxy enclosure containing the hardware and firmware components. The module is opaque and completely conceals the internal components of the cryptographic module. The epoxy enclosure of the module prevents physical access to any of the internal components without having to destroy the module. There are no operator required actions. Note: The module’s hardness testing was only performed at ambient temperature (23°C); no assurance is provided for Level 3 hardness conformance at any other temperature. 7.2 Tamper Evidence The module is coated in hard epoxy, such that any physical breach attempt leaves behind evidence of tamper. This is shown in the figure below. Figure 3 Cryptographic Module Showing Tamper Evidence While the module is designed to prevent successful tampering (any physical breach to module circuitry is likely to destroy the module, as per FIPS 140-3 Level 3 Physical Security requirements), the module should still be checked periodically for attempts. Guidelines are provided in the table below. Table 12 Physical Security Inspection Guidelines

Figure 3 Cryptographic Module Showing Tamper Evidence
Figure 3 Cryptographic Module Showing Tamper Evidence
Page 68
Epoxy Coating12 MonthsExamine surface of module for scratched or damaged epoxy, especially if circuitry shows.
Battery life6 MonthsIf the HSM has not been powered on in the last six months, then power it on for at least an hour.
Temperature or voltageSpecify if This Condition Results
Specify EFP or EFT
measurementin a Shutdown or Zeroization
Low Temperature-13C (Junction temperature)EFPShutdown
High Temperature100C (Junction temperature)EFPShutdown
Low Voltage3.01V (PCIe 3.3V Aux) 3.08V (PCIe 3.3V Rail) 10.9V (PCIe 12V Rail)EFPShutdown
High Voltage3.68V (PCIe 3.3V Aux) 3.75V (PCIe 3.3V Rail) 13.5V (PCIe 12V Rail)EFPShutdown
Hardness-Tested Temperature Measurements
Low Temperature-13C (Junction temperature)
High Temperature100C (Junction temperature)

If the module is found to be meaningfully damaged or tampered with (e.g., circuitry is showing or other significant damage has occurred), it should be removed from use and destroyed. Table 14 Hardness Testing Temperature Ranges Non-Invasive Security N/A due to the module not claiming to implement any non-invasive security protection mechanisms. Sensitive Security Parameter Management 9.1 Definition of Critical Security Parameters (CSPs) The Manufacturer FIPS Data Encryption Key (MFDEK) and HSM Master Partition Master Encryption Key are stored in plaintext form in eMMC Flash. The Partition Master Encryption Key (PMEK) is stored encrypted under the HSM Master Partition Master Encryption Key. All other keys and CSPs stored in the persistent memory are encrypted by the MFDEK, HSM Master Partition Master Encryption Key, or PMEK. All general purpose user CSPs are generated/created by the PCU, and these CSPs can be shared between multiple PCUs. In Table 15, the following notations are used to indicate the type of zeroization: D = Manually zeroized (via CN_DESTROY_OBJECT service) E = Zeroized right after use (Memory is wiped with zeros, immediately after use) MFZ = Zeroize all Partitions’ SSPs, including the HSM adapter owner programmed ones (Brings HSM to factory state. Factory reset via CN_ZEROIZE service with factory-reset as argument with MCO credentials) MZ = Zeroize all Partitions’ SSPs, except vendor programmed ones (Master Partition Regular CN_ZEROIZE) PD = Zeroize all SSPs in the Partition and then delete the User Partition (via CN_DELETE_PARTITION service) PFZ = Zeroize all SSPs in the Partition (Factory reset via CN_ZEROIZE service with factory-reset as argument with PCO credentials)

Page 69
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationUseImport Export
DRBG Entropy (OCTEON HW RBG)256-bitENT (P) (SP 800- 90B)ENT (P) (SP 800-90B)SSP GenerationN/APZ MZ MFZ PFZ PD VZThe entropy input string and seed for the Approved DRBG. Each version of the DRBG has its own DRBG Entropy CSP.N/A
CTR_DRBG Internal State (V and Key)256-bitCounter DRBG (SP 800-90Ar1) (#A1948)(Derived Entropy from HW)SSP GenerationN/APZ MZ MFZ PFZ PD VZThe internal state (V, Key) for the Counter DRBG.N/A
HASH_DRBG Internal State (V and C)256-bitHash DRBG (SP 800-90Ar1) (#A1947)Derived Entropy from Counter DRBG (SP800- 90Ar1) (#A1948))SSP GenerationN/APZ MZ MFZ PFZ PD VZThe internal state (V,C) for the Hash DRBG.N/A
Manufacturer FIPS Data Encryption Key (MFDEK)256-bitAES-CBC (SP 800-38A) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP generationNOR (plaintext)VZUse: AES 256-bit key used to encrypt manufacturer keys stored in persistent storage of the HSM. Related keys: FMAK, PAK, MFKBK, OKBK,POKBK, FMAEC, FMAEKNo
HSM Master Partition Master Encryption Key (MMEK)256-bitAES-CBC (SP 800-38A) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP generationMCU (plaintext)MZUse: AES 256-bit key used to encrypt Master Partition CSPs and authentication data stored in persistent storage of the HSM. Related keys:PMEKNo
Partition Master Encryption Key (PMEK)256-bitAES-CBC (SP 800- 38A) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP GenerationeMMC flash (Encrypted by MMEK, AES-CBC #A1948)PZUse: AES 256-bit key used to encrypt partition CSPs and authentication data stored in persistent storage of the HSMNo
Partition Data Encryption Key (PDEK)256-bitAES-KWP (SP 800-38F) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP GenerationeMMC flash (Encrypted by MMEK, AES-CBC #A1948)PDUse: AES 256-bit key used to wrap PAK and POKBKNo
HSM FIPS Master Authentication Key (FMAK)150-bitRSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1)SSP generationNOR flash (Encrypted by MMEK, AES-CBC #A1948)VZUse: A unique 4096-bit RSA private key. Used to identify the HSM when in the FIPS operating mode.No
KTS-IFC (KTS) (SP 800-56Br2) (#A1948)KTS-IFC (KTS) (SP 800-56Br2) (#A1948)(#A1948)Related keys: PAC, FMAC
HSM FIPS Master Authentication ECC Key (FMAEK)256-bitECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP generationNOR flash (Encrypted by MMEK, AES-CBC #A1948)VZUse: A unique ECC P521 private key. Used to identify the HSM when in the FIPS operating mode. Related keys: PAC, FMACNo
HSM Endorsement ECC Key (HSMEK)128-bitECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP generationNOR flash (Encrypted by MMEK, AES-CBC #A1948)VZUse: A unique ECC P256 private key. Used to identify the HSM when in the FIPS operating mode. Related keys: PAC, FMACNo
Partition Authentication Key (PAK)112-bitRSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948)SSP generationeMMC flash (Encrypted by PDEK, AES-CBC #A1948)PDA unique 2048-bit RSA private key used to identify the HSM partitionNo
Secure Auth Shared Secret (SAZ)112-bitKDF SP800-108 (#A1948)KAS (SP800- 56Br2) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)Key agreementIn memory (plaintext)SShared secret Z for SP 800- 56Br2 KAS2, using PAK and POACNo
PswdEncKey (PEK)256-bitAES Cert A1948, Key unwrapping, per IG D.G AES-CBC (SP 800- 38A) (#A1948)KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)Key agreementIn memory (Encrypted by PMEK, AES-CBC #A1948)PZAES-256 key for encrypting user passwords during user creation and authentication.No
Login Passwords8 to 32 Character sPBKDF (SP 800- 132) (#A1948)N/AKey TransportIn eMMC Flash (Encrypted by PMEK, AES-CBC #A1948)PDString of 8 to 32 alphanumeric characters.Yes (import) (Encrypted by PEK, AES-CBC #A1948)
Partition Key Loading Private Key256-bitKAS-ECC SP800- 56Ar3 (#A1948) KAS-IFC-SSC (SP 800-56Br2) (#A1948) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) [#A2393 ] RSA KeyGen (FIPS186- 4) (#A2393) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStepSSP generationIn memory (plaintext)EECC 521-bit or RSA 2048-bit key used in SP 800-56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 to agree on Z during key loading.No
Partition Key Loading Shared Secret (KLSZ)256-bitKDF SP800-108 (#A1948)KAS KDA HKDF (SP 800-56Ar3) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)Key agreementIn memory (plaintext)EShared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2.No
Partition Key Loading Key (KLK)256-bitAES-CBC (SP 800-38A) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (SP 800-38D) (#A1947)KAS KDA HKDF (SP 800-56Ar3) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)Key agreementeMMC flash (encrypted by PMEK, AES-CBC #A1948)PZA 256-bit AES key derived from Z; used to decrypt the imported CSPs.No
Manufacturer FIPS Key Backup Key (MFKBK)256-bitKDF SP800-108 (#A1948)NoKey transporteMMC flash (encrypted by MMEK, AES-KWP #A1948)VZAES 256-bit key used to derive KBK.Yes (Import) KTS-IFC (KTS) (SP800-56Br2) (#A1948)
HSM Owner KBK (OKBK)256-bitKDF SP800-108 (#A1948)NoKey transporteMMC flash (encrypted by MMEK AES-KWP #A1948)MFZAES 256-bit key used to derive KBK.Yes (Import) KTS-IFC (KTS) (SP800-56Br2) (#A1948)
MCO Recovery Key (MCO_RK)256-bitAES-KW (KTS) (SP 800-38F) (#A1948)NoKey transportMCU (plaintext)MFZ VZAES 256-bit key used to double encrypt the manufacturer keys.Yes (Import) AES-KW (KTS) (SP 800-38F) (#A1948)
Partition Owner KBK (POKBK)256-bitKDF SP800-108 (#A1948)NoKey transporteMMC flash (encrypted by PDEK AES-KWP (#A1948)MZAES 256-bit key used to derive KBK.Yes (Import) KTS-IFC (KTS) (SP800-56Br2) (#A1948)
HSM Key Backup Key (KBK)256-bitAES-CBC (SP 800-38A) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948)KDF SP800-108 (#A1948)Key derivation/ SSP generationeMMC flash (Encrypted by MMEK AES-KW #A1948)MZKey used to encrypt/decrypt the backup session key.No
Backup session key256-bitAES-CBC (SP 800-38A) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP800-90Ar1) (#A1948)SSP generationIn memory (plaintext)EKey used to backup and restore partition data.No
Partition256-bitAES-KW (KTS)CKG SP 800-133Rev2SSPeMMC flashPZAES-256 key for key wrapping.No
masking key(SP 800-38F) (#A1948)Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP800-90Ar1) (#A1948)generation(encrypted by PMEK, AES-CBC #A1948)Used to import/export CSPs and masked objects.
Partition Cloning Private Key (PCPK)256-BitKAS-ECC (KAS) (SP 800-56Ar3) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948) RSA KeyGen (FIPS186- 4) (#A1948)SSP generationIn memory (plaintext)EECC 521-bit or RSA 2048-bit ephemeral Private Key used in SP 800-56Ar3 C (2,0, ECC DH) or SP 800 -56Br2 KAS2 -bilateral - confirmation key agreement to generate shared secret Z. At HSM partition level, used to establish secure channel for cloning process (to export partition masking key).No
Partition Cloning Shared Secret (CSSZ)256-BitKDF SP800-108 (#A1948)KAS-ECC (KAS) (SP 800-56Ar3)Key agreementIn memory (plaintext)EShared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 -bilateral -confirmation scheme.No
Partition Cloning Session Key (PCSK)256-BitAES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948)KAS-ECC (KAS) (SP 800-56Ar3)Key agreementIn memory (plaintext)EAES 256 key for encryption and decryption of partition masking key.No
Partition Cloning Session MAC Key (PCSMK)256-bitHMAC-SHA2-256 (FIPS 198-1) (#A1947)KAS-ECC (KAS) (SP 800-56Ar3)Key agreementIn memory (plaintext)EHMAC SHA256 key used for key confirmation during SP 800- 56Ar3 key agreement.No
Asymmetric private keys (user keys)112-256 bitECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) RSA KeyGen (FIPS186-4) (#A2393) KAS-ECC-SSC SP800-56Ar3 (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) (#A2393) RSA KeyGen (FIPS186- 4) (#A2393)SSP generation/ Key transportIn memory (plaintext)/ eMMC flash (encrypted by PMEK, AES-CBC #A1948)D, SRSA/ECDSA/ECDH general purpose keys.Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)
Asymmetric private session keys (user keys)112-256 bitECDSA SigGen (FIPS186-4) (CVL) (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) KAS-ECC-SSC SP800-56Ar3 (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) RSA DecryptionCKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) (#A2393) RSA KeyGen (FIPS186- 4) (#A2393)SSP generation/ Key transportIn memory (plaintext)D, SRSA/DSA/ECDSA/ECDH general purpose session keys.Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)
Symmetric keys (user keys)112-256 bitAES-CBC (SP 800-38A) (#A1947) AES-ECB (SP 800-38A) (#A1947) AES-CTR (SP 800-38A) (#A1947) TDES-ECB (SP 800-38A) (#A1947) TDES-CBC (SP 800-38A) (#A1947) AES-CCM (SP 800-38C) (#A1947) AES-GCM (SP 800-38D) (#A1947) AES-GMAC (SP 800-38D) (#A1947) AES-CMAC (SPCKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A1948)SSP generation/ Key transportIn memory (plaintext)/ eMMC flash (encrypted by PMEK, AES-CBC #A1948)D, STriple-DES or AES general purpose keys.Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)
Symmetric session keys (user keys)112-256 bitAES-CBC (SP 800-38A) (#A1947) AES-ECB (SP 800-38A) (#A1947) TDES-ECB (SP 800-38A) (#A1947) TDES-CBC (SP 800-38A) (#A1947) AES-CCM (SP 800-38C) (#A1947) AES-GCM (SP 800-38D) (#A1947) AES-GMAC (SP 800-38D) (#A1947) AES-CMAC (SP 800-38B) (#A1947) AES-KW (KTS) (SP 800-38F) (#A1948) AES-CMAC (SP 800-38B) (#A1948) TDES-KW (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) AES-GCM (SP 800-38D) (#A1947) TDES-KW (SP 800-38F) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A1948)SSP generation/ Key transportIn memory (plaintext)D, STriple-DES or AES general purpose session keys.Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)
HMAC keys (user keys)112-256 bitHMAC-SHA2-256 (FIPS 198-1) (#A1947) HMAC-SHA2-384 (FIPS 198-1) (#A1947) HMAC-SHA2-512 (FIPS 198-1) (#A1947) HMAC-SHA-1CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A1948)SSP generation/ Key transportIn memory (plaintext)/ eMMC flash (encrypted by PMEK, AES-CBC #A1948)D SHMAC general purpose keys (minimum key size of 160 bits).Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP
(FIPS 198-1) (#A1948) HMAC-SHA2-256 (FIPS 198-1) (#A1948) HMAC-SHA2-384 (FIPS 198-1) (#A1948) HMAC-SHA2-512 (FIPS 198-1) (#A1948)(FIPS 198-1) (#A1948) HMAC-SHA2-256 (FIPS 198-1) (#A1948) HMAC-SHA2-384 (FIPS 198-1) (#A1948) HMAC-SHA2-512 (FIPS 198-1) (#A1948)800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)
HMAC session keys (user keys)112-256 bitHMAC-SHA2-256 (FIPS 198-1) (#A1947) HMAC-SHA2-384 (FIPS 198-1) (#A1947) HMAC-SHA2-512 (FIPS 198-1) (#A1947) HMAC-SHA-1 (FIPS 198-1) (#A1948) HMAC-SHA2-256 (FIPS 198-1) (#A1948) HMAC-SHA2-384 (FIPS 198-1) (#A1948) HMAC-SHA2-512 (FIPS 198-1) (#A1948)CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A2393)SSP generation/ Key transportIn memory (plaintext)D SHMAC session general purpose keys (minimum key size of 160 bitsYes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)
TLS session (E2E) ECDH key112-256 bitKAS-ECC-SSC SP800-56Ar3 (#A1947) KAS TLS (SP 800- 56Ar3)Yes (CKG SP 800- 133r2 using unmodified output of DRBG) DRBG SP 800-90Ar1 (#A1947) ECDSA KEYGEN (FIPS186-4) (#A1948)SSP GenerationIn memory (plaintext)EUsed for key agreement as part of TLS-1.2 handshake protocol.No
TLS session symmetric key set112-256 bitAES-GCM (SP 800-38D) (#A1947)KDF TLS (SP800-135r1) (#A1947)Key DerivationIn memory (plaintext)EAES 128, 192, 256, or Triple- DES keys used for encrypting TLS sessions.No
TLS pre-master secret112-256 bitKDF TLS (CVL) (SP 800-135r1) (#A1947)NoYes KAS-ECC- SSC SP800- 56Ar3 (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947)In memory (plaintext)Epre-master secret, used to derive master secret.No
TLS master secret384-bitKDF TLS (CVL) (SP 800-135r1) (#A1947)NoYes CVL SP 800-135r1 (#A1947)In memory (plaintext)ETLS master secret of size 384- bit used to derive session keysNo
Manufacturer112-bitRSA SigVerNoPre-loadingeMMC flashVZRSA 2048-bitNo
Firmware Integrity Check Keys(FIPS186-4) (#A1948)of a key(plaintext)public keys used to check the integrity of the SW images booted. The SW image is signed by the manufacturer using ECDSA private key. Note: This is not an SSP but is included for completeness of the parameters used by the module
Manufacturer Firmware Update Validation Key (MFUVK)112-bitRSA SigVer (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)NARSA 2048-bit public key used to authenticate new FW images uploaded into the module. The FW image is signed by the manufacturer using an RSA private key and the signature is verified before upgrading to the new image using the public key.No
Manufacturer License Validation Key (MLVK)112-bitRSA SigVer (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)NARSA 2048-bit public key used to authenticate the manufacturer role.No
Manufacturer Authentication Root Cert. (MARC)150-bitRSA SigVer (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)VZRSA 4096-bit public key certificate used to issue FMAC certificates.No
HSM FIPS Master Authentication Certificate (FMAC)112-bitRSA SigVer (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)VZRSA 4096-bit public key certificate of FMAK used to identify the HSM FIPS operating mode.No
Manufacturer Authentication Root ECC Cert. (MAREC)256-bitECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)VZECC P521 public key certificate used to issue FMAEC certificates.No
HSM FIPS Master Authentication ECC Certificate (FMAEC)256-bitECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)VZECC P521 public key certificate of FMAEK used to identify the HSM FIPS operating mode.No
HSM Endorsement ECC Certificate (HSMEKC)128-bitECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948)NoPre-loading of a keyeMMC flash (plaintext)VZECC P256 public key certificate of HSMEK used to identify the each HSM independentlyNo
HSM/Adapter Owner Trust Anchor Certificate (AOTAC)112-bitRSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (plaintext)MFZRSA 2048-bit public key certificate used as trust anchor of MCO.No
HSM/Adapter Owner Authentication Certificate (AOAC)112-bitRSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (plaintext)MFZRSA 2048-bit public key certificate of FMAK used to identify the HSM owner.No
Partition Authentication Certificate (PAC)112-bitRSA SigVer (FIPS186-4) (#A1948)CKG SP 800-133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output RSA KEYGEN (FIPS186-4) (#A1948)SSP Entry/ SSP generationeMMC flash (plaintext)PDRSA 2048-bit public key certificate of PAK used to identify the partition.No
Partition Owner Trust Anchor Certificate (POTAC)112-bitRSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (plaintext)PFZRSA 2048-bit public key certificate used as trust anchor of PCO.No
Partition Owner Authentication Certificate (POAC)112-bitRSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (plaintext)PFZRSA 2048-bit public key certificate of PAK used to identify the partition owner.No
Partition Cloning Initiator Public Key256-bitECDSA SigVer (FIPS186-4) (#A1948) KAS-ECC SP800- 56Ar3 (#A1948)NoSSP EntryIn memory (plaintext)EECC 521-bit ephemeral public key used in SP 800-56Ar3 C (2,0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 - bilateral - confirmation key agreement to generate shared secret Z.No
E2E Client Authentication Public key (CAPubK)112-256 BitRSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (Plaintext)PZRSA or EC public key of approved modulus or curveId to allow E2E/ TLS client authentication in E2E/ TLS handshake.No
Adapter Owner Attestation Public key (AOAPubK)112-256 BitRSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (Plaintext)PZRSA or EC public key of approved modulus or curveId to allow HSM/ Adapter Owner to authenticated with signature verification with this public key and perform FW image updateNo
Partition Cloning Responder Public Key256-bitECDSA SigVer (FIPS186-4) (#A1948) KAS-ECC SP800- 56Ar3 (#A1948) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)NoSSP EntryIn memory (plaintext)EECC 521-bit ephemeral public key used in SP 800-56Ar3 C (2, 0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 - bilateral - confirmation key agreement to generate shared secret Z.No
Host PswdEncKeyPu blic Key112-bitRSA SigVer (FIPS186-4) (#A1948) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2)NoSSP EntryIn memory (plaintext)ERSA 2048-bit public key loaded by the host used for SP 800- 56Br2 key agreement to generate PswdEncKey.No
Two-Factor Authentication Public Key (2FAMofNPubK )112-bitRSA SigVer (FIPS186-4) (#A1948)NoSSP EntryeMMC flash (Encrypted by PMEK, AES-CBC #A1948)PZRSA 2048-bit public key used to verify signature on encrypted passwords during user creation and login and/or to verify signatures on MofN authentication tokens.No
User Public Keys (User Keys)112-256 bitECDSA SigVer (FIPS186-4) (#A1948) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA Signature Primitive (CVL) (FIPS 186-4) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) KAS-ECC-SSC SP800-56Ar3 (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KAS-ECC-SSC SP800-56Ar3 (#A1948) KDF ANS 9.63 (CVL) (SP 800- 135r1) (#A1948) KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800-56Ar3) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)CKG SP 800-133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output. ECDSA KEYGEN (FIPS186-4) (#A2393) RSA KEYGEN (FIPS186-4) (#A2393)SSP entry/ SSP generationeMMC flash (Encrypted by PMEK, AES-CBC #A1948)DRSA/ECDSA/ECDH public keys.Yes (Import Plaintext)
User Public Session Keys (User Keys)112-256 bitECDSA SigVer (FIPS186-4) (#A1948) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA Signature Primitive (CVL)(#A1947) (FIPS 186-4) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) KAS-ECC-SSC SP800-56Ar3 (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800-56Ar3) KTS-IFC (KTS) (SP 800-56Br2) (#A1948)CKG SP 800-133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output. ECDSA KEYGEN (FIPS186-4) (#A2393) RSA KEYGEN (FIPS186-4) (#A2393)SSP Entry/SSP GenerationIn Memory (Plaintext)D SRSA/ECDSA/ECDH public session keys.No

= Zeroize all User SSPs in the Partition Regular p (Equivalent to User Partition Regular zeroize via CN_ZEROIZE service) S = Zeroized on session close (Session Close via CN_CLOSE_SESSION, CN_APP_FINALIZE and CN_CLOSE_PARTITION_SESSIONS) = Vendor zeroize (Zeroizes all SSPs including vendor programmed configuration and CSPs. Makes the module unusable; the module must be sent back to the vendor for re-programming.) via CN_VENDOR_ZEROIZE service. * The SSPs are zeroized securely by writing zeros to memory. * Private/Secret keys are always encrypted when doing export/import, and key encapsulation mechanisms are listed in the respective CSP row. * All CSPs from Table 15 and Table 16 are entered through automated electronic entry mechanisms. Table 15 SSPs EstablishStorage Zeroization N/A N/A N/A N/A N/A N/A

Page 76

EstablishStorage Zeroization DS E E KAS-ECCSSC SP80056Ar3 (SP 80056Br2) E E

Page 80

EstablishStorage Zeroization DS Table 16 Non-Deterministic Random Number Generation Specification

Page 81

9.2 Definition of Session Keys The cryptographic module supports the generation/import/export of user keys that are bound to a session and are termed as session keys. The following points apply to session keys:

10 Self-Tests

This section documents the security rules enforced by the cryptographic module to implement the self-test requirements of this FIPS 140-3 Level-3 module. The module always executes the self-tests without operator intervention regardless of approved or non-approved mode or any other configuration. Failure of any of the self-tests causes the module to go into an error state. If the failure happens during periodic execution of Cryptographic Algorithm Self-Tests (CASTs), then module will reject all future commands received. The module need to be reset to recover from the situation. Data output except for status log messages is inhibited during self-tests, zeroization, and error states. Status information does not contain CSPs or sensitive data. The conditional cryptographic algorithm self-tests (CASTs) run periodically. The periodicity is configurable by the MCO and by default runs every 24 hours. The execution of CASTs causes a momentary (less than a second) service interruption. The voltage monitoring happens continuously by the module which samples the voltage rails for every 400 micro-seconds. The temperature monitoring happens continuously by the module for every 30 seconds. Module performs the pre-operational Firmware integrity tests (#A1946) RSA 2048-bit SHA-256 signature verification every 24 hours. The cryptographic module performs the pre-operational and conditional self-tests:

Page 82
Page 83
11 Life-Cycle Assurance
11.1 Secure Installation, Initialization, Startup, and Operation of the Module

Refer to the sections related to HSM installation and configuration in the user guide (LS2-HSM-NFBE-Driver-SDK- UserGuide; version 1.0 or later). Before installing the HSM, the customer verifies the following:

Page 84

• There is no evidence of physical tampering on the HSM itself. After this is verified, the customer can physically insert the HSM into the PCIe on the host server. The host must meet the following requirements: • Support low-profile PCIe Gen 3/Gen 4 (x4 or x8 slot) • SR-IOV support enabled. After the HSM is physically installed, the LS2 driver and utilities that communicate with the HSM are installed on the host using standard Linux/Operating system tools. The user must be logged in the host as root/Administrator to perform the installation. The HSM owner then completes the following steps to claim ownership of the HSM and enable the approved mode:

  1. Loads the driver (command: insmod <driver.ko>).
  2. Invokes Cfm2Master Utility and logs in as default crypto officer (CO) and initializes the HSM. For example: Command: initHSM -p <CO password> -sO <CO user name> -fips_state [2|3] As part of initializing the HSM: • The Master Crypto Officer is created with username/password (see Table 8 and Table 9 for a description of this role, authentication requirements, and service access). • The fips_state flag is set on the HSM (non-Approved, Approved with single- or dual-factor authentication, or Approved with dual-factor authentication required). As a final step, the HSM owner claims the HSM by loading the adapter owner certificates (AOTAC and AOAC) on the HSM and import the HSM owner fixed backup key (OKBK). These steps are taken by the MCO using Cfm2MasterUtil. Example command syntax: Command: storeCert -s <cert-type> -f <Adapter Owner Trust Anchor Cert (AOTAC)>.crt Command: storeCert -s <cert-type> -f <Adapter Owner Auth Cert (AOAC)>.crt Command: storeMCOFixedKey -f <path>/<OKBK file>
11.2 Maintenance Requirements
11.3 Administrative and Non-Administrative Guidance

The specific tasks that can be performed by users on the HSM are strictly limited by their user role (see Table 8 for details). A user of the module can query the module’s device information, operational parameters, operating mode by invoking the command getHSMInfo from the Cfm2MasterUtil. “FIPS state” member of the output will indicate the module to be in one of the following modes:

Page 85
Page 86
FIPS TestRedGreenBluePattern
Any FIPS self-test failureYOn
Hardware RBG for failureYOn
Pairwise consistencyYOn
Boot success and healthy stateYOn

Note: Unsigned ffffffff indicates zeroized, which is –1.

11.4 LED Error Pattern for FIPS Failure

On successful completion of the FIPS tests, the DA Green LED remains in the “ON” state. If any other LED remains in the permanent glow, the card’s is in ERROR state. Any of these fatal errors will cause the module to reject all future commands received. Resetting the module is required to recover from the situation. Bootloader-level self-test failures will reset the board automatically. There is no separate LED indication for this error. All these fatal errors are shown on UART when the issue is observed. In addition, the latest errors are reported on UART on bootup. Because the logs are maintained within the module’s flash memory, which has no direct access to external users/ applications, they are not vulnerable to any tampering. Table 17 LED Flash Pattern for Errors Y Y Y Y

11.5 User Guidance

AES GCM IV restoration upon Power Cycle of Module: If the module’s power is lost and then restored, the module will establish new sessions, which will generate new IVs. For an E2E (TLS) session, this will result in fresh handshake; new AES-GCM keys and IVs will be established for the new session.

Page 87
12 Mitigation of Other Attacks

No mitigation of other attacks is implemented by the module.

13 References
  1. NIST Key Wrap Specification SP 800-38F, December 2012.
  2. NIST Special Publication 800-38D November 2007.
  3. NIST Special Publication 800-56A rev3 , April 2018.
  4. NIST Special Publication 800-56B rev2, March 2019.
  5. NIST Special Publication 800-56C rev2, August 2020.
  6. NIST Special Publication 800-52 rev2, August 2019.
  7. NIST Special Publication 800-57 Part-1 rev5, May 2020.
  8. FIPS PUB 186-4, Digital Signature Standard (DSS), July 2013.
  9. FIPS PUB 140-3, FIPS Publication 140-3 Security Requirements for Cryptographic Modules.
  10. NIST Special Publication 800-90A rev1, June 2015.
  11. NIST Special Publication 800-90B, January 2018.
  12. Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program.
  13. NIST Special Publication 800-131Ar2, March 2019.
  14. NIST Special Publication 800-133r2 rev2, June 2020.
  15. NIST Special Publication 800-108, October 2009.
  16. NIST Special Publication 800-135 Revision 1, December 2011.
  17. LS2-HSM-NFBE-Driver-SDK-UserGuide-1.0.
14 Definitions and Acronyms

ATF Arm Trusted Firmware CAST Cryptographic Algorithm Self-Tests HSM Hardware Security Module KAS Key Agreement Scheme KAT Known Answer Test KBK Key Backup Key KLK Key Loading Key MCO Master Crypto Officer PCO Partition Crypto Officer PCU Partition Crypto User SR-IOV 2FA Single Root I/O Virtualization 2-Factor Authentication

Page 88

Marvell first revolutionized the digital storage industry by moving information at speeds never thought possible. Today, that same breakthrough innovation remains at the heart of the company's storage, networking and connectivity solutions. With leading intellectual property and deep system-level knowledge, Marvell semiconductor solutions continue to transform the enterprise, cloud, automotive, industrial, and consumer markets. For more information, visit www.marvell.com. and/or its Affiliates in the US and/or other countries. This document may also contain other registered or common law trademarks of Marvell and/ or its Affiliates. Doc. No. LS2-HSM-SP Revised: January 14, 2025

Referenced URLs