| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 9/2/2029 |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service |
| Vendor | KIOXIA Corporation |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | C1925 |
| AES-XTS | C1925 |
| Hash DRBG | C2002 |
| HMAC-SHA2-256 | C1925 |
| KDF SP800-108 | C2001 |
| RSA SigVer (FIPS186-4) | C2009 |
| SHA2-256 | C1925 |
flowchart LR
%% Deterministic review-risk graph for KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC KIOXIA CORPORATION Rev 2.0.0
Section 1 - General This document explains precise specification of the security rules about KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. Section Level
Section 2
AES256 Key Size: 256 bits/ Data Encryption/ #C1925 XTS1 (FIPS 197 / SP800-38E) Key Strength: 256 bits Decryption SHA256 Hashing #C1925 N/A N/A (FIPS 180-4) messages Message HMAC-SHA256 Key Size: 256 bits/ #C1925 N/A Authentication (FIPS 198-1) Key Strength: 256 bits Code RSASSA-PKCS#1-v1_5 Key Size: 2048 bits/ Signature #C2009 N/A (FIPS 186-4) Key Strength: 112 bits verification Deterministic Hash_DRBG Random Bit #C2002 N/A Hash based: SHA256 (SP800-90A Rev.1) Generation MACs: HMAC-SHA256/ KBKDF #C2001 Counter Key Size: 256 bits/ Key derivation (SP800-108 Revised) Key Strength 256 bits Combination of AES256 CBC Mode and KTS Key Transport #C1925 N/A HMAC-SHA256 / (IG D.G) Scheme Key Size: 256 bits/ Key Strength: 256 bits Methods described in Vendor CKG Cryptographic N/A section 4 of the Affirmation (SP800-133 Rev.2) Key Generation SP800-133 Rev.2 Hardware RNG Entropy Source used to seed the ENT(P) N/A N/A (SP800-90B) approved Hash_DRBG. Table 3 ‐ Approved Algorithm The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of Operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different according to IG C.I.
Section 2.3
Section 4
Cryptographic Erase and Initialize Band State (for GlobalRange) Set Band position and Size for Band of Single user Mode (for GlobalRange Set PIN (for LockingSP.User1), Set PIN for Band of Single User Mode (for LockingSP.Use1) Format Namespace Namespace Create/Delete Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data Band Lock/Unlock for Band of Single User Mode (for Band1) Cryptographic Erase for Band of Single User Mode (for Band1) Cryptographic Erase and Initialize Band State (for Band1) FIPS Crypto Officer Mailbox command Mailbox command result Set Band position and Size for Band (LockingSP.User2) of Single user Mode (for Band1) Set PIN (for LockingSP.User2), Set PIN for Band of Single User Mode (for LockingSP.User2) Format Namespace Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data … … … … Band Lock/Unlock for Band of Single User Mode (for Band191) Cryptographic Erase for Band of Single User Mode (for Band191) Cryptographic Erase and Initialize Band State (for Band191) FIPS Crypto Officer Mailbox command Mailbox command result Set Band position and Size for Band (LockingSP.User192) of Single user Mode (for Band191) Set PIN (for LockingSP.User192), Set PIN for Band of Single User Mode (for LockingSP.User192) Format Namespace Data Read/Write Encrypted/Decrypted data Decrypted/Encrypted data Firmware Verification Random Number Generation Mailbox command Mailbox command result Show Status None Zeroisation Check Lock State Read/Write Command Lock state of each Band Reset Power N/A Table 5 ‐ Roles, Service Commands, Input and output
The CM supports the configuration of roles and services. The authenticated operator is expected to configure locked bands for data storage, the associated role and the lock-based authentication data (PIN) per Table 6 (refer to section 11 for detail settings to maintain secure operation). Bands that are not configured are considered unprotected or plaintext. This configuration enables Data Read/Write service using the lock-based authentication model (IG 4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the bands must be controlled by a trusted operator outside of the module who has been authenticated as the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1
1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 2sec
when authentication attempt fails, so the maximum number of authentication attempts is 30
times in 1 min. Consequently the probability that random attempts in 1min will succeed is 30 /
The Roles of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set initial authentication data to null (means data of length 0). These role’s authentication data are need to be replaced upon the first-time authentication. Otherwise, the operator who assumes these role cannot execute services except Set PIN and services that does not need authorized roles. Section 4.2
3 The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively.
The band has to be unlocked by corresponding role beforehand.
Cryptographic Erase user data in CKG (Hash_DRBG) DRBG Internal LockingSP.Admin E Erase and Initialize band”X” of single user Value 1-4 mode (in KDK LockingSP.user”X G, Z Band State cryptographic means) KBKDF KDK +1” E Mailbox by changing the key MEKs G, Z command result that derives the data HMAC-SHA256 System MAC Key E encryption key, and AES256-CBC System Enc Key E initialize the band KTS KDK W, R state. Download Port Lock / unlock firmware N/A N/A AdminSP.SID N/A Mailbox Lock/Unlock download. command result Firmware Digital signature RSASSA-PKCS#1- Public Key None E Verification verification for v1_5 embedded on Mailbox firmware outside the the command result CM. CM’s code Firmware Download a firmware SHA256 PubKey1 AdminSP.SID W, E Mailbox Download image5. RSASSA-PKCS#1- PubKey1 E command result v1_5 Random Number Provide a random Hash_DRBG DRBG Internal None E number generated by Value Mailbox Generation the CM. command result Set Band Position Set the location and CKG (Hash_DRBG) DRBG Internal LockingSP.Admin E and Size size of the band. Value 1-4 KDK G, Z KBKDF KDK E MEKs G, Z HMAC-SHA256 System MAC Key E Mailbox AES256-CBC System Enc Key E command result KTS KDK W, R Set Band Position Set the location and LockingSP.Admin and Size for Band size of the band”X” of 1-4 single user mode. LockingSP.User”X of Single User +1” Mode Set PIN Set PIN SHA256 PINs AdminSP.SID, W, E (authentication data). HMAC-SHA256 System MAC Key AdminSP.Admin1 E , AES256-CBC System Enc Key E LockingSP.Admin KTS PINs 1-4, W, R LockingSP.User1- Mailbox
Set PIN for Band of Set PIN LockingSP.User1Single User Mode (authentication 192 data) of authority for band”X” of single use mode Authority Enable/Disable the HMAC-SHA256 System MAC Key AdminSP.SID E Mailbox Enable/Disable authority. AES256-CBC System Enc Key LockingSP.Admin E command result 1-4 Revert Initialize the band SHA256 PINs AdminSP.SID, W, E State and disable band CKG (Hash_DRBG) DRBG Internal AdminSP.Admin1 E Mailbox lock setting. Value LockingSP.Admin command result KDK 1-4, G, Z Only the CMVP validated version is to be used
KBKDF KDK E MEKs G, Z HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS PINs W, R KDK W, R Data Locking Enable Data SHA256 PINs AdminSP.SID W, E Protection Enable protection with band HMAC-SHA256 System MAC Key LockingSP.Admin E Mailbox lock setting. AES256-CBC System Enc Key 1-4 E command result KTS PINs W, R Sanitize Erase all user data (in CKG (Hash_DRBG) DRBG Internal AdminSP.SID, E cryptographic means) Value AdminSP.Admin1 by changing the key KDK , G, Z that derives the data KBKDF KDK LockingSP.Admin E Mailbox encryption key. MEKs 1-4 G, Z command result HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS KDK W, R Format Namespace Erase user data (in CKG (Hash_DRBG) DRBG Internal AdminSP.SID, E cryptographic means) Value AdminSP.Admin1 on Namespace by KDK , G, Z changing the key that KBKDF KDK LockingSP.Admin E Mailbox derives the data MEKs 1-4, G, Z command result encryption key. HMAC-SHA256 System MAC Key LockingSP.User1- E AES256-CBC System Enc Key 192 E KTS KDK W, R Namespace Create and delete CKG (Hash_DRBG) DRBG Internal AdminSP.SID, E Create/Delete Namespace. Value AdminSP.Admin1 KDK , G, Z KBKDF KDK LockingSP.Admin E Mailbox MEKs 1-4, G, Z command result HMAC-SHA256 System MAC Key LockingSP.User1 E AES256-CBC System Enc Key E KTS KDK W, R Band Set Enable Set the location, size CKG (Hash_DRBG) DRBG Internal LockinSP.Admin1 E and lock state of the Value -4 band. KDK G, Z KBKDF KDK E Mailbox MEKs G, Z command result HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS KDK W, R Band Set Disable Initialize the location, CKG (Hash_DRBG) DRBG Internal LockingSP.Admin E size and lock state of Value 1-4 the band. KDK G, Z KBKDF KDK E Mailbox MEKs G, Z command result HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS KDK W, R Show Status Report status of the N/A N/A None N/A Mailbox CM and versioning command result information. Zeroisation Erase SSPs. N/A RKey None6 Z Mailbox
6 Need to input PSID, which is public drive-unique value used for the zeroisation service.
KDK Z command result MEKs Z PINs Z System MAC Key Z System Enc Key Z DRBG Internal Z Value Reset Power-OFF: N/A System MAC Key None Z System Enc Key Z Delete SSPs in RAM. KDK Z MEKs Z PINs Z DRBG Internal Z Value PubKey1 Z Power-ON: RSASSA-PKCS#1- PubKey1 W, E v1_5 Runs various self-tests KBKDF RKey E N/A System MAC Key G to be performed at System Enc Key G power-on ( POSTs, Entropy Source DRBG Seed G CASTs, Firmware Load Hash_DRBG DRBG Seed E, Z DRBG Internal G test ) and generate / Value import some SSPs. HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS KDK W PINs W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Table 7 ‐ Approved services Section 5
Section 6
Section 9 – Sensitive security parameter management The CM uses keys and SSPs in the following table. Security Key/SSP Strength Function Import/ Use & related Name/Ty Generation Establishment Storage Zeroisation (bit) and Cert Export keys pe Number Critical Security Parameters (CSPs) RKey 256 KBKDF Hash_DRBG N/A Manufacturing Plaintext in Explicit Derivation of System (#C2001) (Method OTP Zeroisation Enc Key and System SP800-133 service MAC Key Rev.2 Section
7 The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of
Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace, Namespace Create/Delete and Band Set Enable.
using the Approved KTS MEKs 256 AES-XTS KDF in Counter N/A Band Lock/Unlock Plaintext in Explicit Data Encryption / (#C1925) Mode service, AES Zeroisation Decryption Key update register service, services Key update services Implicit Power-Off PINs Referred to SHA256 Electric input Imported Set PIN service Hashed in Explicit User authentication in Section (#C1925) and RAM Zeroisation
4.1 (Table Exported service
6) by KTS Hashed + (see Table Encrypted 3) in System Implicit Area Power-Off outside the module using the Approved KTS DRBG V: 440 bits Hash_DRBG SP800-90A N/A Power-On Plaintext in Explicit Random number Internal C: 440 bits (#C2002) Instantiation of RAM Zeroisation generation Value Hash_DRBG service Implicit Power-Off DRBG Seed Entropy Hash_DRBG Entropy N/A Power-On Plaintext in Implicit Random number Input (#C2002) collected from RAM Immediately generation String and Entropy Source after use8 Nonce: 512 at instantiation bits (Minimum entropy of 8 bits: 6.31) Public Security Parameters (PSPs) Zeroised after input to Hash_DRBG algorithm.
PubKey1 112 RSA Electric input Imported Power-on Plaintext in Implicit Signature verification. (#C2009) during FW FW Download RAM Power-Off load. service (Data in RAM) Hashed in OTP Table 9 ‐ SSPs Entropy source Minimum number Details of bits of entropy Entropy Source9 Minimum entropy Hardware RNG used to seed the approved of 8 bits is 6.31. Hash_DRBG. Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 10
404 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.
HMAC-SHA256 Conditional Power-On Digest KAT Enters Boot Error State. (Indicated Error Code: 0x26) Hash_DRBG Conditional Power-On DRBG KAT Enters Boot Error State. (Indicated Error Code: 0x18/0x19) RSASSA-PKCS#1-v1_5 Conditional Power-On Signature verification KAT Enters Boot Error State. (Indicated Error Code: 0x27) KDF in Counter Mode Conditional Power-On KDF KAT Enters Boot Error State (Indicated Error Code: 0x28) Entropy Source (Health Conditional Power-On Verify not deviating from Enters Boot Error State tests of noise source at the intended behavior of the (Indicated Error Code: 0x2C/0x2D) startup.) noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. Hash_DRBG Conditional Random Verify newly generated Enters Error State. number random number not equal to (Indicated Error Code: 0x1D) generation previous one Entropy Source Conditional Entropy Verify newly generated Enters Error State. output random number not equal to (Indicated Error Code: 0x1E) request previous one Entropy Source Conditional Entropy Verify not deviating from Enters Error State. (Continuous noise source output the intended behavior of the (Indicated Error Code: 0x2C/0x2D) health tests during request noise source by Repetition operation.) Count Test and Adaptive Proportion Test specified in SP800-90B. Firmware load test Conditional10 Power-on Verify signature of loaded Enters Power Up Load Test Error firmware image by State RSASSA-PKCS#1-v1_5 (Indicated Error Code: 0x13) FW download Verify signature of Enters Conditional Load Test Error downloaded firmware image State. After reporting Error code, by RSASSA-PKCS#1-v1_5 transition from error state to normal state and continue to operate with FW before download.
10 Firmware load test is also run at the time of Power-up, and the integrity of the Firmware
loaded into the CM can be confirmed.
(Indicated Error Code: 0x13) Firmware integrity test Pre-operational Power-On Verify ROM code integrity Enters Boot Error State with 32bit CRC. (Implicit error reporting by stopping the startup sequence) Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:
For secure operation, the following settings must be maintained: Data Locking Protection is Enabled Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11 ) As described in Section 2, the CM is used by being embedded in the solid state drive. Therefore, there are no maintenance requirements for the CM alone. Guidance for this module is provided to solid state drive developers who embed the CM. The usage and maintenance of solid state drives with the CM built-in are outside of the scope of this document. Section 12
Owners of the SSD that embeds the CM must use it securely according to the followings: