| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware-hybrid |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 8/24/2026 |
| Caveat | Interim validation. |
| Vendor | Qualcomm Technologies, Inc. |
| Hardware versions | 3.1.0 |
| Algorithm | ACVP Cert |
|---|---|
| Hash DRBG | A2945 |
| SHA2-256 | A2945 |
| SHA2-256 | A2949 |
| SHA2-256 | A3946 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | N/A |
| Physical Security | 2 |
| Sensitive Security Parameter Management | 9 |
| Self-Tests | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Qualcomm® Pseudo Random Number Generator
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>7fab7110b4ff04e70460b9ffd9b2b5b96ba33faabb…</i>"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-test<br/>Status output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C5,C6 clue;
class I1,I2,I3,I5,I6 infer;
class R1,R2,R3,R5,R6 risk;
class E1,E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Qualcomm® Pseudo Random Number Generator
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>7fab7110b4ff04e70460b9ffd9b2b5b96ba33faabb…</i><br/>src: certificate.firmwareVersions"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-test<br/>Status output</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C3 clueHigh;
class C2,C5,C6 clueLow;Qualcomm® Pseudo Random Number Generator Version 1.2 Last update: 2024-10-21 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com ©2024 Qualcomm Technologies, Inc. Snapdragon and Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm® Pseudo Random Number Generator Table of Contents 1.1 1.2 2.1 2.2 2.3 4.1 4.2 5.1 5.2 5.3 6.1 6.2 6.3 9.1 9.2 9.3 9.4 © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator © 2024 Qualcomm Technologies, Inc.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 2 |
| 8 | 8 | Non-invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle Assurance | 2 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
Qualcomm® Pseudo Random Number Generator
This Security Policy describes the features and design of the Qualcomm ® Pseudo Random Number Generator cryptographic module using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Modules specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic modules to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. and including this notice. Other documentation is proprietary to their authors.
In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. This document is the non-proprietary FIPS 140-3 Security Policy for the Qualcomm Pseudo Random Number Generator. It has a one-to-one mapping to the [SP 800-140B] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document. N/A N/A © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator N/A Table 1 - Security Levels © 2024 Qualcomm Technologies, Inc.
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # |
|---|---|---|---|---|---|
| 1 | Qualcomm® Trusted Execution Environment (TEE) TZ.XF.5.24 | Snapdragon 8 Gen 2 Mobile Platform | Snapdragon 8 Gen 2 Mobile Platform | N/A | 1 |
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| SHA / FIPS 180-4 | #A2945 | SHA2-256 | SHA-256 digest computation (Implemented in hardware) | Hash for DRBG |
| SHA / FIPS 180-4 | #A2949 | SHA2-256 | SHA-256 digest computation (Implemented in hardware) | Hash for DRBG |
| DRBG / SP-800-90Ar1 | #A2945 | Hash_DRBG | SHA2-256 (Implemented in hardware) | Random number generation |
| SHA / FIPS 180-4 | #A3946 | SHA2-256 | SHA from firmware component | Hash for integrity test |
The Qualcomm® Pseudo Random Number Generator is classified as a single chip firmware-hybrid module for the purpose of FIPS 140-3 validation. It is designed to provide random numbers. The Qualcomm Pseudo Random Number Generator is a collection of hardware and firmware components contained within the Snapdragon ® 8 Gen 2 Mobile Platform SoC. The Qualcomm Pseudo Random Number Generator implements a SHA-256 Hash_DRBG as defined in SP 80090Ar1. The firmware component of the module controls the ENT (P) and DRBG configuration parameters. The configuration is fixed for a given version of the firmware and cannot be altered by the operator of the module. # N/A Table 2 - Tested Operational Environments The hardware component in this submission is identified by hardware version (3.1.0). The firmware component (“hybrid_prng_library”) has distinct versions (represented by a hash value), depending on the operational environment. The following firmware version is included: 7fab7110b4ff04e70460b9ffd9b2b5b96ba33faabbec40cb67c87a14c7 9f658fdd258ddd44163c90afe68b7a1766da625533f1f12e9819dade4c df913dd7138d The approved algorithms implemented by the module are listed in Table 3. Table 3 - Approved Algorithms NOTE: the module does not implement any non-approved but allowed, non-approved but allowed with no security claimed, or non-approved algorithms. © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator
The physical perimeter of the Qualcomm Pseudo Random Number Generator is the physical perimeter of the SoC it is implement in, i.e., the Snapdragon 8 Gen 2 Mobile Platform SoC. Consequently, the embodiment of the Qualcomm Pseudo Random Number Generator is a singlechip cryptographic module. Figure 1 below is a block diagram which illustrates the cryptographic boundary. Figure 1: Block Diagram © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator Figure 2 - [Snapdragon 8 Gen 2 Mobile Platform]
The Qualcomm Pseudo Random Number Generator only supports a single approved mode that is entered without any operator assistance. When the Qualcomm Pseudo Random Number Generator is powered on, the pre-operational selftest and cryptographic algorithm self-tests are executed automatically without any operator intervention. The Qualcomm Pseudo Random Number Generator enters the operational mode automatically if all self-tests complete successfully. If any of the self-tests fail, the Qualcomm Pseudo Random Number Generator goes into error state. All cryptographic services are prohibited while in error state. When an error state is entered, the Qualcomm Pseudo Random Number Generator can be reset by the Crypto Officer to reinitialize itself. The status of the module can be determined by its availability. If the Qualcomm Pseudo Random Number Generator is available, it has passed all self-tests. If it is unavailable, it is in the error state. The table in section 4.2 lists all security functions of the module employed for approved services and their implemented modes of operation. © 2024 Qualcomm Technologies, Inc.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Registers | Registers | Data Input | Input parameters for data |
| Data Out Registers | Data Out Registers | Data Output | Output parameters for data |
| Registers | Registers | Control Input | Input parameters for control |
| Registers | Registers | Status Output | Return code, status values |
| Physical power connector | Physical power connector | Power Input | Power port or pin for single-chip |
Qualcomm® Pseudo Random Number Generator
Table 4 - Ports and Interfaces As indicated in Table 4, all status output, control input, and data input are directed through the interface of the cryptographic boundary, which are the registers of the Qualcomm Pseudo Random Number Generator. For data output, the data output is provided via data out registers. The module does not implement a control output interface. © 2024 Qualcomm Technologies, Inc.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|---|
| SHA-256 Hash_DRBG | Crypto Officer (CO) | Personalization string, requested output length | Random string | |||||
| Self-test | None | Pass/fail results of self-tests | ||||||
| Status output | None | Current status in status output interface (as return codes and/or log messages). | ||||||
| Show version | None | Version of the module | ||||||
| SHA-256 Hash_DRBG | Hash_DRBG that uses SHA-256 | CO | DRBG entropy input string | DRBG SHA-256 | W, E | Explicit (RNG_CM_P RNG_CHAR_ STATUS register field bit 1 set to 0) | ||
| DRBG internal state V and C, DRBG seed | DRBG internal state V and C, DRBG seed | G, E | ||||||
| Self-test | Self-Test is executed automatically when device is booted or restarted | CO | N/A | DRBG SHA-256 | N/A | None |
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|---|
| SHA-256 Hash_DRBG | Crypto Officer (CO) | Personalization string, requested output length | Random string | |||||
| Self-test | None | Pass/fail results of self-tests | ||||||
| Status output | None | Current status in status output interface (as return codes and/or log messages). | ||||||
| Show version | None | Version of the module | ||||||
| SHA-256 Hash_DRBG | Hash_DRBG that uses SHA-256 | CO | DRBG entropy input string | DRBG SHA-256 | W, E | Explicit (RNG_CM_P RNG_CHAR_ STATUS register field bit 1 set to 0) | ||
| DRBG internal state V and C, DRBG seed | DRBG internal state V and C, DRBG seed | G, E | ||||||
| Self-test | Self-Test is executed automatically when device is booted or restarted | CO | N/A | DRBG SHA-256 | N/A | None | ||
| Status output | Show status of the module state | CO | N/A | None | N/A | None | ||
| Show version | Show the version of the module | CO | N/A | None | N/A | None |
Qualcomm® Pseudo Random Number Generator
The Qualcomm Pseudo Random Number Generator implements a single Crypto Officer role and does not allow concurrent operators. This Crypto Officer role is implicitly assumed by the entity accessing the module’s services and no authentication is required.
The Qualcomm Pseudo Random Number Generator does not implement any bypass capability. It service is successfully used, the Qualcomm Pseudo Random Number Generator will set the algorithm was used. Table 6 describes the services available to the operator. The following access rights are used in the table: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroize: The module zeroizes the SSP. W, E G, E N/A N/A © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator N/A N/A N/A N/A Z Table 6 - Approved Services © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator
The integrity of the firmware component of the module is verified by comparing a SHA-256 value computed at run-time with the SHA-256 value stored in the module that was computed at build time.
Integrity tests are performed as part of the Pre-Operational Self-Tests. A reset of the cryptographic module can be used to perform the "on-demand" integrity test.
The module consists of executable code that is compiled into a firmware component (binary). © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator
The Qualcomm Pseudo Random Number Generator is a single chip firmware-hybrid module at security level 1. The operational environment is non-modifiable.
See the tested operational environments in Table 2.
There are no security rules, settings, or restrictions to the configuration of the operational environment. © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator
The Qualcomm Pseudo Random Number Generator Cryptographic Module is a single-chip firmware-hybrid module which conforms to the level 2 requirements for physical security. The Qualcomm Pseudo Random Number Generator is a single chip enclosed in a production grade component. At the time of manufacturing, the die is embedded within a printed circuit board (PCB), which prevents visibility into the internal circuity of the Qualcomm Pseudo Random Number Generator. The layering process which is used to embed the die into the PCB also prevents tampering of the physical components without leaving tamper evidence. The Qualcomm Pseudo Random Number Generator is further protected by being enclosed in commercial off the shelf mobile device utilizing production grade commercially available components and that the mobile device enclosure completely surrounds the Qualcomm Pseudo Random Number Generator. There are no steps required to ensure that physical security is maintained. © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator
The Qualcomm Pseudo Random Number Generator does not support any non-invasive security techniques, this section is not applicable. © 2024 Qualcomm Technologies, Inc.
| Name | Key Size | |
|---|---|---|
| Entropy Source | Minimum number of bits of entropy | Details |
| NIST SP800-90B compliant ESV (Cert. #E67) | 256 | The seed is provided by the digitized entropy data from the physical noise source provided by ESV. |
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Import Export | Key/SSP Name /Type |
|---|---|---|---|---|---|---|---|---|
| Used to compute the DRBG seed Related SSPs: DRBG internal state, DRBG seed | 256 bits | DRBG (A2945) | Entropy Source of the Qualcomm Pseudo random Number Generator (ESV cert #E67) | N/A | Hardware registers | Module reset | N/A | DRBG entropy input string |
| Used to compute the DRBG internal state V and C Related SSPs: DRBG internal state, | 256 bits | DRBG (A2945) | Internally in the DRBG | N/A | Hardware registers | Module reset | N/A | DRBG seed |
| Random number generation Related SSPs: DRBG entropy input string, DRBG seed | 256 bits | DRBG (A2945) | Internally in the DRBG | N/A | Hardware registers | Module reset | N/A | DRBG internal state V and C |
The DRBG used to generate random bits is an SP 800-90Ar1 compliant SHA-256 Hash_DRBG using a derivation function without prediction resistance. It processes a personalization string that is written by the calling application into a hardware register for use by the module. The calling application has read/write access to the hardware register that holds the personalization string. The DRBG obtains 640 samples of 4 bits each to form the seed, from the entropy source. As these output. Table 7 - Non-Deterministic Random Number Generation Specification
have an external interface. The DRBG internal state is never output from the module. N/A Establishment N/A C N/A Zeroization © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator N/A Table 8 - SSPs
The module does not provide any SSP generation service or perform SSP generation for any of its approved algorithms. The caller of the DRBG could use the random strings output for SSP generation, but this service is not explicitly provided by the module. The module does not provide any kind of SSP establishment, entry, or output.
hardware and are not accessible externally to the Qualcomm Pseudo Random Number Generator. Zeroization of the DRBG CSPs is accomplished by a reset event of the SoC. The registers for the CSPs will implicitly be set to zero upon the reset, indicating the zeroization was successful. © 2024 Qualcomm Technologies, Inc.
| Algorithm | Test |
|---|---|
| SHA-256 | Integrity test for the firmware component |
| Algorithm | Test |
|---|---|
| SHA-256 | KAT performed for SHA-256 used for integrity test (firmware) |
| SHA-256 | KAT performed for both SHA-256 cores independently (hardware) |
| SP 800-90Ar1 DRBG | KAT for DRBG only (hardware) |
| ESV | Startup health tests, performed on 1024 consecutive samples |
| Continuous health tests (RCT and APT as defined in SP 800-90B) |
Qualcomm® Pseudo Random Number Generator
Self-tests implemented by the module consist of the pre-operational integrity test and cryptographic algorithm self-test used for algorithm implementations. All self-tests are automatically performed without any operator intervention during power-up of the module (with the exception of the ESV continuous health tests). This includes the pre-operational integrity test and the cryptographic algorithm self-tests. While the module is executing the self-tests, services are not available, and input and output are inhibited. For information about the error state, refer to Section 10.4
The firmware integrity test is run at startup of the module. The CAST for SHA-256 is executed before the integrity test is ran. Table 9 - Pre-Operational Self-Tests
The module performs self-tests on all FIPS approved cryptographic algorithms as part of the approved services using the tests shown in Table 10. The module transitions to the operational state only after the cryptographic algorithm self-tests are passed successfully. The ESV continuous health tests are performed throughout the operation of the module. Table 10 - Conditional Algorithm Self-Tests
A power cycle or reset event is the methodology used to perform the "on-demand" tests. © 2024 Qualcomm Technologies, Inc.
| Error State | Cause of Error | Status Indicator |
|---|---|---|
| Error | Integrity test or CAST failure (firmware) | Error status TZBSP_ERR_FATAL_PRNG_FIPS_HYBRID_ERR |
| Continuous health test failure | Error status TZ_RNG_STATUS__PRNG_PERMANENT_FAILU RE is set | |
| Cryptographic algorithm self-test failure (hardware) | BIST_FAILURE indicator is set |
Qualcomm® Pseudo Random Number Generator
If any of the pre-operational self-tests or conditional self-tests fail, the Qualcomm Pseudo Random Number Generator will enter the error state. While in the error state, data output is prohibited, and no further cryptographic operation is performed. This is enforced by the control logic and prevents external usage when an error is detected. To recover from the error state, re-initialization is only possible by successful execution of the preoperational tests, which can be triggered by either a power-off/power-on cycle or the receipt of a reset event. Once in the error state, the Qualcomm Pseudo Random Number Generator will only respond to a reset event, which will cause it to re-execute the power up tests. If the error persists, the Qualcomm Pseudo Random Number Generator will remain unavailable. Table 11 - Error States © 2024 Qualcomm Technologies, Inc.
| ClearCase version control | |
|---|---|
| system provides version control, workspace management, parallel development support, and build | |
| auditing. |
Qualcomm® Pseudo Random Number Generator
The Qualcomm Pseudo Random Number Generator is a single chip module in the Snapdragon 8 Gen 2 Mobile Platform. The chips are delivered from the vendor via a trusted delivery courier. Upon delivery, the customer can detect any potential tampering by visually inspecting the chips. Any tampering will result in obvious damage or scratches and will likely render the chips nonfunctional. Once the product is received by the customer and powered up the self-tests defined in Section 10 will be executed.
As stated in Section 9.4, the module does not possess persistent storage of SSPs. The SSP value only exists in volatile memory and that value is zeroized when the module is powered off. The procedure for secure sanitization of the module at the end of life is simply to power it off, which is the action of zeroization of the SSPs (Section 9.4). As a result of this sanitization via power-off, the SSP is removed from the module, so that the module may either be distributed to other operators or disposed.
There is no specific crypto officer guidance required for the module.
ClearCase, a version control system from IBM/Rational, is used to manage the revision control of the hardware code (Verilog code) and hardware documentation. The ClearCase version control auditing. The Verilog code is maintained within the ClearCase database used by Qualcomm Technologies, Inc. Perforce Visual Client(P4V), a version control system from Perforce, is used to manage the revision control of the Qualcomm firmware code. The Perforce Visual Client provides version control, branching and merging of code lines, and concurrent development. © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator
The module does not implement security mechanisms to mitigate other attacks. © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator Appendix A. Glossary and Abbreviations CAVP Cryptographic Algorithm Validation Program CMT Cryptographic Module Testing CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CVT Component Verification Testing DRBG Deterministic Random Bit Generator FIPS Federal Information Processing Standards Publication FSM Finite State Model KAT Known Answer Test NIST National Institute of Science and Technology PR Prediction Resistance RNG Random Number Generator SHA Secure Hash Algorithm SHS Secure Hash Standard SoC System on Chip © 2024 Qualcomm Technologies, Inc.
Qualcomm® Pseudo Random Number Generator Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program August 2023 https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-1403-ig-announcements FIPS180-4 Secure Hash Standard (SHS) March 2012 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-90B (Second DRAFT) NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2024 Qualcomm Technologies, Inc.