All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Qualcomm® Pseudo Random Number Generator

Certificate#4778StandardFIPS 140-3Level1TypeFirmware-hybridEmbodimentSingle ChipStatusActiveVendorQualcomm Technologies, Inc.
Low review priority  ·  no TCB surface named  ·  last validated 18 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeFirmware-hybrid
EmbodimentSingle Chip
StatusActive
Sunset date8/24/2026
CaveatInterim validation.
VendorQualcomm Technologies, Inc.
Hardware versions3.1.0

Approved Algorithms (4)

AlgorithmACVP Cert
Hash DRBGA2945
SHA2-256A2945
SHA2-256A2949
SHA2-256A3946

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security1
Operational EnvironmentN/A
Physical Security2
Sensitive Security Parameter Management9
Self-Tests1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Qualcomm® Pseudo Random Number Generator
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>7fab7110b4ff04e70460b9ffd9b2b5b96ba33faabb…</i>"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-test<br/>Status output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C5,C6 clue;
  class I1,I2,I3,I5,I6 infer;
  class R1,R2,R3,R5,R6 risk;
  class E1,E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Qualcomm® Pseudo Random Number Generator
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>7fab7110b4ff04e70460b9ffd9b2b5b96ba33faabb…</i><br/>src: certificate.firmwareVersions"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-test<br/>Status output</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C3 clueHigh;
  class C2,C5,C6 clueLow;

Security Policy, page by page

Page 1

Qualcomm® Pseudo Random Number Generator Version 1.2 Last update: 2024-10-21 Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com ©2024 Qualcomm Technologies, Inc. Snapdragon and Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Page 2

Qualcomm® Pseudo Random Number Generator Table of Contents 1.1 1.2 2.1 2.2 2.3 4.1 4.2 5.1 5.2 5.3 6.1 6.2 6.3 9.1 9.2 9.3 9.4 © 2024 Qualcomm Technologies, Inc.

2 of 23
Page 3

Qualcomm® Pseudo Random Number Generator © 2024 Qualcomm Technologies, Inc.

3 of 23
Page 4
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware Security1
66Operational EnvironmentN/A
77Physical Security2
88Non-invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-tests1
1111Life-cycle Assurance2
1212Mitigation of Other AttacksN/A

Qualcomm® Pseudo Random Number Generator

1.1 This Security Policy Document

This Security Policy describes the features and design of the Qualcomm ® Pseudo Random Number Generator cryptographic module using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Modules specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic modules to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. and including this notice. Other documentation is proprietary to their authors.

1.2 How this Security Policy was Prepared

In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. This document is the non-proprietary FIPS 140-3 Security Policy for the Qualcomm Pseudo Random Number Generator. It has a one-to-one mapping to the [SP 800-140B] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document. N/A N/A © 2024 Qualcomm Technologies, Inc.

4 of 23
Page 5

Qualcomm® Pseudo Random Number Generator N/A Table 1 - Security Levels © 2024 Qualcomm Technologies, Inc.

5 of 23
Page 6
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Qualcomm® Trusted Execution Environment (TEE) TZ.XF.5.24Snapdragon 8 Gen 2 Mobile PlatformSnapdragon 8 Gen 2 Mobile PlatformN/A1
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
SHA / FIPS 180-4#A2945SHA2-256SHA-256 digest computation (Implemented in hardware)Hash for DRBG
SHA / FIPS 180-4#A2949SHA2-256SHA-256 digest computation (Implemented in hardware)Hash for DRBG
DRBG / SP-800-90Ar1#A2945Hash_DRBGSHA2-256 (Implemented in hardware)Random number generation
SHA / FIPS 180-4#A3946SHA2-256SHA from firmware componentHash for integrity test
2 Cryptographic Module Specification
2.1 Description of Module

The Qualcomm® Pseudo Random Number Generator is classified as a single chip firmware-hybrid module for the purpose of FIPS 140-3 validation. It is designed to provide random numbers. The Qualcomm Pseudo Random Number Generator is a collection of hardware and firmware components contained within the Snapdragon ® 8 Gen 2 Mobile Platform SoC. The Qualcomm Pseudo Random Number Generator implements a SHA-256 Hash_DRBG as defined in SP 80090Ar1. The firmware component of the module controls the ENT (P) and DRBG configuration parameters. The configuration is fixed for a given version of the firmware and cannot be altered by the operator of the module. # N/A Table 2 - Tested Operational Environments The hardware component in this submission is identified by hardware version (3.1.0). The firmware component (“hybrid_prng_library”) has distinct versions (represented by a hash value), depending on the operational environment. The following firmware version is included: 7fab7110b4ff04e70460b9ffd9b2b5b96ba33faabbec40cb67c87a14c7 9f658fdd258ddd44163c90afe68b7a1766da625533f1f12e9819dade4c df913dd7138d The approved algorithms implemented by the module are listed in Table 3. Table 3 - Approved Algorithms NOTE: the module does not implement any non-approved but allowed, non-approved but allowed with no security claimed, or non-approved algorithms. © 2024 Qualcomm Technologies, Inc.

6 of 23
Page 7

Qualcomm® Pseudo Random Number Generator

2.2 Cryptographic Module Boundary

The physical perimeter of the Qualcomm Pseudo Random Number Generator is the physical perimeter of the SoC it is implement in, i.e., the Snapdragon 8 Gen 2 Mobile Platform SoC. Consequently, the embodiment of the Qualcomm Pseudo Random Number Generator is a singlechip cryptographic module. Figure 1 below is a block diagram which illustrates the cryptographic boundary. Figure 1: Block Diagram © 2024 Qualcomm Technologies, Inc.

7 of 23
Page 8

Qualcomm® Pseudo Random Number Generator Figure 2 - [Snapdragon 8 Gen 2 Mobile Platform]

2.3 Description of Approved Mode

The Qualcomm Pseudo Random Number Generator only supports a single approved mode that is entered without any operator assistance. When the Qualcomm Pseudo Random Number Generator is powered on, the pre-operational selftest and cryptographic algorithm self-tests are executed automatically without any operator intervention. The Qualcomm Pseudo Random Number Generator enters the operational mode automatically if all self-tests complete successfully. If any of the self-tests fail, the Qualcomm Pseudo Random Number Generator goes into error state. All cryptographic services are prohibited while in error state. When an error state is entered, the Qualcomm Pseudo Random Number Generator can be reset by the Crypto Officer to reinitialize itself. The status of the module can be determined by its availability. If the Qualcomm Pseudo Random Number Generator is available, it has passed all self-tests. If it is unavailable, it is in the error state. The table in section 4.2 lists all security functions of the module employed for approved services and their implemented modes of operation. © 2024 Qualcomm Technologies, Inc.

8 of 23
Page 9
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
RegistersRegistersData InputInput parameters for data
Data Out RegistersData Out RegistersData OutputOutput parameters for data
RegistersRegistersControl InputInput parameters for control
RegistersRegistersStatus OutputReturn code, status values
Physical power connectorPhysical power connectorPower InputPower port or pin for single-chip

Qualcomm® Pseudo Random Number Generator

3 Cryptographic Module Ports and Interfaces

Table 4 - Ports and Interfaces As indicated in Table 4, all status output, control input, and data input are directed through the interface of the cryptographic boundary, which are the registers of the Qualcomm Pseudo Random Number Generator. For data output, the data output is provided via data out registers. The module does not implement a control output interface. © 2024 Qualcomm Technologies, Inc.

9 of 23
Page 10
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
SHA-256 Hash_DRBGCrypto Officer (CO)Personalization string, requested output lengthRandom string
Self-testNonePass/fail results of self-tests
Status outputNoneCurrent status in status output interface (as return codes and/or log messages).
Show versionNoneVersion of the module
SHA-256 Hash_DRBGHash_DRBG that uses SHA-256CODRBG entropy input stringDRBG SHA-256W, EExplicit (RNG_CM_P RNG_CHAR_ STATUS register field bit 1 set to 0)
DRBG internal state V and C, DRBG seedDRBG internal state V and C, DRBG seedG, E
Self-testSelf-Test is executed automatically when device is booted or restartedCON/ADRBG SHA-256N/ANone
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
SHA-256 Hash_DRBGCrypto Officer (CO)Personalization string, requested output lengthRandom string
Self-testNonePass/fail results of self-tests
Status outputNoneCurrent status in status output interface (as return codes and/or log messages).
Show versionNoneVersion of the module
SHA-256 Hash_DRBGHash_DRBG that uses SHA-256CODRBG entropy input stringDRBG SHA-256W, EExplicit (RNG_CM_P RNG_CHAR_ STATUS register field bit 1 set to 0)
DRBG internal state V and C, DRBG seedDRBG internal state V and C, DRBG seedG, E
Self-testSelf-Test is executed automatically when device is booted or restartedCON/ADRBG SHA-256N/ANone
Status outputShow status of the module stateCON/ANoneN/ANone
Show versionShow the version of the moduleCON/ANoneN/ANone

Qualcomm® Pseudo Random Number Generator

4 Roles, services, and authentication

The Qualcomm Pseudo Random Number Generator implements a single Crypto Officer role and does not allow concurrent operators. This Crypto Officer role is implicitly assumed by the entity accessing the module’s services and no authentication is required.

4.2 Services

The Qualcomm Pseudo Random Number Generator does not implement any bypass capability. It service is successfully used, the Qualcomm Pseudo Random Number Generator will set the algorithm was used. Table 6 describes the services available to the operator. The following access rights are used in the table:  G = Generate: The module generates or derives the SSP.  R = Read: The SSP is read from the module (e.g., the SSP is output).  W = Write: The SSP is updated, imported, or written to the module.  E = Execute: The module uses the SSP in performing a cryptographic operation.  Z = Zeroize: The module zeroizes the SSP. W, E G, E N/A N/A © 2024 Qualcomm Technologies, Inc.

10 of 23
Page 11

Qualcomm® Pseudo Random Number Generator N/A N/A N/A N/A Z Table 6 - Approved Services © 2024 Qualcomm Technologies, Inc.

11 of 23
Page 12

Qualcomm® Pseudo Random Number Generator

5 Software/Firmware security
5.1 Integrity Techniques

The integrity of the firmware component of the module is verified by comparing a SHA-256 value computed at run-time with the SHA-256 value stored in the module that was computed at build time.

5.2 On-Demand Integrity Test

Integrity tests are performed as part of the Pre-Operational Self-Tests. A reset of the cryptographic module can be used to perform the "on-demand" integrity test.

5.3 Executable code

The module consists of executable code that is compiled into a firmware component (binary). © 2024 Qualcomm Technologies, Inc.

12 of 23
Page 13

Qualcomm® Pseudo Random Number Generator

6 Operational Environment
6.1 Applicability

The Qualcomm Pseudo Random Number Generator is a single chip firmware-hybrid module at security level 1. The operational environment is non-modifiable.

6.2 Tested Operational Environment

See the tested operational environments in Table 2.

6.3 Specifications for the Operational Environment

There are no security rules, settings, or restrictions to the configuration of the operational environment. © 2024 Qualcomm Technologies, Inc.

13 of 23
Page 14

Qualcomm® Pseudo Random Number Generator

7 Physical Security

The Qualcomm Pseudo Random Number Generator Cryptographic Module is a single-chip firmware-hybrid module which conforms to the level 2 requirements for physical security. The Qualcomm Pseudo Random Number Generator is a single chip enclosed in a production grade component. At the time of manufacturing, the die is embedded within a printed circuit board (PCB), which prevents visibility into the internal circuity of the Qualcomm Pseudo Random Number Generator. The layering process which is used to embed the die into the PCB also prevents tampering of the physical components without leaving tamper evidence. The Qualcomm Pseudo Random Number Generator is further protected by being enclosed in commercial off the shelf mobile device utilizing production grade commercially available components and that the mobile device enclosure completely surrounds the Qualcomm Pseudo Random Number Generator. There are no steps required to ensure that physical security is maintained. © 2024 Qualcomm Technologies, Inc.

14 of 23
Page 15

Qualcomm® Pseudo Random Number Generator

8 Non-invasive Security

The Qualcomm Pseudo Random Number Generator does not support any non-invasive security techniques, this section is not applicable. © 2024 Qualcomm Technologies, Inc.

15 of 23
Page 16
Approved algorithm
NameKey Size
Entropy SourceMinimum number of bits of entropyDetails
NIST SP800-90B compliant ESV (Cert. #E67)256The seed is provided by the digitized entropy data from the physical noise source provided by ESV.
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP Name /Type
Used to compute the DRBG seed Related SSPs: DRBG internal state, DRBG seed256 bitsDRBG (A2945)Entropy Source of the Qualcomm Pseudo random Number Generator (ESV cert #E67)N/AHardware registersModule resetN/ADRBG entropy input string
Used to compute the DRBG internal state V and C Related SSPs: DRBG internal state,256 bitsDRBG (A2945)Internally in the DRBGN/AHardware registersModule resetN/ADRBG seed
Random number generation Related SSPs: DRBG entropy input string, DRBG seed256 bitsDRBG (A2945)Internally in the DRBGN/AHardware registersModule resetN/ADRBG internal state V and C
9 Sensitive Security Parameter Management

The DRBG used to generate random bits is an SP 800-90Ar1 compliant SHA-256 Hash_DRBG using a derivation function without prediction resistance. It processes a personalization string that is written by the calling application into a hardware register for use by the module. The calling application has read/write access to the hardware register that holds the personalization string. The DRBG obtains 640 samples of 4 bits each to form the seed, from the entropy source. As these output. Table 7 - Non-Deterministic Random Number Generation Specification

9.2 SSP List

have an external interface. The DRBG internal state is never output from the module. N/A Establishment N/A C N/A Zeroization © 2024 Qualcomm Technologies, Inc.

16 of 23
Page 17

Qualcomm® Pseudo Random Number Generator N/A Table 8 - SSPs

9.3 SSP Generation, Entry and Output

The module does not provide any SSP generation service or perform SSP generation for any of its approved algorithms. The caller of the DRBG could use the random strings output for SSP generation, but this service is not explicitly provided by the module. The module does not provide any kind of SSP establishment, entry, or output.

9.4 SSP Storage and Zeroization

hardware and are not accessible externally to the Qualcomm Pseudo Random Number Generator. Zeroization of the DRBG CSPs is accomplished by a reset event of the SoC. The registers for the CSPs will implicitly be set to zero upon the reset, indicating the zeroization was successful. © 2024 Qualcomm Technologies, Inc.

17 of 23
Page 18
AlgorithmTest
SHA-256Integrity test for the firmware component
AlgorithmTest
SHA-256KAT performed for SHA-256 used for integrity test (firmware)
SHA-256KAT performed for both SHA-256 cores independently (hardware)
SP 800-90Ar1 DRBGKAT for DRBG only (hardware)
ESVStartup health tests, performed on 1024 consecutive samples
Continuous health tests (RCT and APT as defined in SP 800-90B)

Qualcomm® Pseudo Random Number Generator

10 Self-tests

Self-tests implemented by the module consist of the pre-operational integrity test and cryptographic algorithm self-test used for algorithm implementations. All self-tests are automatically performed without any operator intervention during power-up of the module (with the exception of the ESV continuous health tests). This includes the pre-operational integrity test and the cryptographic algorithm self-tests. While the module is executing the self-tests, services are not available, and input and output are inhibited. For information about the error state, refer to Section 10.4

10.1 Pre-operational tests

The firmware integrity test is run at startup of the module. The CAST for SHA-256 is executed before the integrity test is ran. Table 9 - Pre-Operational Self-Tests

10.2 Conditional self-tests

The module performs self-tests on all FIPS approved cryptographic algorithms as part of the approved services using the tests shown in Table 10. The module transitions to the operational state only after the cryptographic algorithm self-tests are passed successfully. The ESV continuous health tests are performed throughout the operation of the module. Table 10 - Conditional Algorithm Self-Tests

10.3 Periodic/On-demand self-tests

A power cycle or reset event is the methodology used to perform the "on-demand" tests. © 2024 Qualcomm Technologies, Inc.

18 of 23
Page 19
Error StateCause of ErrorStatus Indicator
ErrorIntegrity test or CAST failure (firmware)Error status TZBSP_ERR_FATAL_PRNG_FIPS_HYBRID_ERR
Continuous health test failureError status TZ_RNG_STATUS__PRNG_PERMANENT_FAILU RE is set
Cryptographic algorithm self-test failure (hardware)BIST_FAILURE indicator is set

Qualcomm® Pseudo Random Number Generator

10.4 Error States

If any of the pre-operational self-tests or conditional self-tests fail, the Qualcomm Pseudo Random Number Generator will enter the error state. While in the error state, data output is prohibited, and no further cryptographic operation is performed. This is enforced by the control logic and prevents external usage when an error is detected. To recover from the error state, re-initialization is only possible by successful execution of the preoperational tests, which can be triggered by either a power-off/power-on cycle or the receipt of a reset event. Once in the error state, the Qualcomm Pseudo Random Number Generator will only respond to a reset event, which will cause it to re-execute the power up tests. If the error persists, the Qualcomm Pseudo Random Number Generator will remain unavailable. Table 11 - Error States © 2024 Qualcomm Technologies, Inc.

19 of 23
Page 20
ClearCase version control
system provides version control, workspace management, parallel development support, and build
auditing.

Qualcomm® Pseudo Random Number Generator

11 Life-cycle assurance
11.1 Delivery and Operation

The Qualcomm Pseudo Random Number Generator is a single chip module in the Snapdragon 8 Gen 2 Mobile Platform. The chips are delivered from the vendor via a trusted delivery courier. Upon delivery, the customer can detect any potential tampering by visually inspecting the chips. Any tampering will result in obvious damage or scratches and will likely render the chips nonfunctional. Once the product is received by the customer and powered up the self-tests defined in Section 10 will be executed.

11.2 End of Life

As stated in Section 9.4, the module does not possess persistent storage of SSPs. The SSP value only exists in volatile memory and that value is zeroized when the module is powered off. The procedure for secure sanitization of the module at the end of life is simply to power it off, which is the action of zeroization of the SSPs (Section 9.4). As a result of this sanitization via power-off, the SSP is removed from the module, so that the module may either be distributed to other operators or disposed.

11.3 Crypto Officer Guidance

There is no specific crypto officer guidance required for the module.

11.4 Configuration Management

ClearCase, a version control system from IBM/Rational, is used to manage the revision control of the hardware code (Verilog code) and hardware documentation. The ClearCase version control auditing. The Verilog code is maintained within the ClearCase database used by Qualcomm Technologies, Inc. Perforce Visual Client(P4V), a version control system from Perforce, is used to manage the revision control of the Qualcomm firmware code. The Perforce Visual Client provides version control, branching and merging of code lines, and concurrent development. © 2024 Qualcomm Technologies, Inc.

20 of 23
Page 21

Qualcomm® Pseudo Random Number Generator

12 Mitigation of other attacks

The module does not implement security mechanisms to mitigate other attacks. © 2024 Qualcomm Technologies, Inc.

21 of 23
Page 22

Qualcomm® Pseudo Random Number Generator Appendix A. Glossary and Abbreviations CAVP Cryptographic Algorithm Validation Program CMT Cryptographic Module Testing CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CVT Component Verification Testing DRBG Deterministic Random Bit Generator FIPS Federal Information Processing Standards Publication FSM Finite State Model KAT Known Answer Test NIST National Institute of Science and Technology PR Prediction Resistance RNG Random Number Generator SHA Secure Hash Algorithm SHS Secure Hash Standard SoC System on Chip © 2024 Qualcomm Technologies, Inc.

22 of 23
Page 23

Qualcomm® Pseudo Random Number Generator Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program August 2023 https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-1403-ig-announcements FIPS180-4 Secure Hash Standard (SHS) March 2012 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-90B (Second DRAFT) NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2024 Qualcomm Technologies, Inc.

23 of 23

Referenced URLs