All modules
CMVP Validated Module · FIPS 140-3 Security Policy

KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip

Certificate#4826StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorKIOXIA Corporation
High review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date10/6/2029
EntropyENT (P)
CaveatNo operator authentication is enforced for executing security services that were unlocked by an authenticated service
VendorKIOXIA Corporation
Hardware versions0001

Approved Algorithms (10)

AlgorithmACVP Cert
AES-CBCA2837
AES-XTS Testing Revision 2.0A2837
ECDSA SigGen (FIPS186-4)A2883
ECDSA SigVer (FIPS186-4)A2883
Hash DRBGA2862
HMAC-SHA2-256A2837
KDF SP800-108A2861
RSA SigVer (FIPS186-4)A2837
SHA2-256A2837
SHA2-384A2837

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Roles, Services, and Authentication2
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Sensitive Security Parameter Management2
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>SC01DN</i>"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>update</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C6 clue;
  class I1,I2,I3,I6 infer;
  class R1,R2,R3,R6 risk;
  class E1,E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>SC01DN</i><br/>src: certificate.firmwareVersions"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>update</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1 clueHigh;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip KIOXIA CORPORATION Rev 3.3.0 Aug 29, 2024

Page 3
Security level
NameISO SectionLevel
1. General1. General2
2. Cryptographic Module Specification2. Cryptographic Module Specification2
3. Cryptographic Module Interfaces3. Cryptographic Module Interfaces2
4. Roles, Services, and Authentication4. Roles, Services, and Authentication2
5. Software/Firmware Security5. Software/Firmware Security2
6. Operational Environment6. Operational EnvironmentN/A
7. Physical Security7. Physical Security2
8. Non-invasive Security8. Non-invasive SecurityN/A
9. Sensitive Security Parameter Management9. Sensitive Security Parameter Management2
10. Self-tests10. Self-tests2
11. Life-cycle Assurance11. Life-cycle Assurance2
12. Mitigation of Other Attacks12. Mitigation of Other AttacksN/A
Overall LevelOverall Level2

This document explains precise specification of the security rules about KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. N/A N/A N/A Table 1 ‐ Security Levels This document is non-proprietary and may be reproduced in its original entirety. Section 1.1 - Acronyms AES Advanced Encryption Standard CM SSP DRBG Deterministic Random Bit Generator HMAC The Keyed-Hash Message Authentication code KAT Known Answer Test POST Power on Self-Test CAST Cryptographic Algorithm Self-Test PSID Printed SID SED Self-Encrypting Drive SHA Secure Hash Algorithm SID Security ID TCG Trusted Computing Group Aug 29, 2024

Page 4
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES256 (FIPS 197 / SP800-38A)#A2837CBCKey Size: 256 bits/ Key Strength: 256 bitsData and Key Encryption/ Decryption
Physical single-chipThe sub-chip cryptographicThe associated
subsystem soft circuitry corefirmware
TC58NC1137GTC 0001 TC58NC1138GTC 0001TC58NC1137GTC/TC58NC1138GTC CRPT module 0001SC01DN

Section 2

Page 5
Approved algorithm
NameCAVP CertMode MethodKey Size
AES256 (FIPS 197 / SP800-38E)#A2837XTS1Key Size: 256 bits/ Key Strength: 256 bitsData Encryption/ Decryption (only be used for storage)
SHA2-256/SHA2-384 (FIPS 180-4)#A2837N/AN/AHashing messages
HMAC-SHA2-256 (FIPS 198-1)#A2837N/AKey Size: 256 bits/ Key Strength: 256 bitsMessage Authentication Code
RSASSA-PKCS#1-v1_5 (FIPS 186-4)#A2837N/AKey Size: 3072 bits/ Key Strength: 128 bitsSignature verification
ECDSA (FIPS 186-4)#A2883N/ACurve: P-384/ Key Strength: 192 bitsSignature generation/ verification
Hash_DRBG (SP800-90A Rev.1)#A2862N/AHash based: SHA2-256Deterministic Random Bit Generation
KBKDF (SP800-108 Revised)#A2861CounterMACs: HMAC-SHA2-256/ Key Size: 256 bits/ Key Strength: 256 bitsKey derivation
KTS (IG D.G)#A2837N/ACombination of AES256 CBC Mode and HMAC-SHA2-256 / Key Size: 256 bits/ Key Strength: 256 bitsKey Transport Scheme
CKG (SP800-133 Rev.2)Vendor AffirmationN/AMethods described in section 4 of the SP800-133 Rev.2Cryptographic Key Generation
Entropy Source (SP800-90B)ENT(P)N/AN/AHardware RNG used to seed the approved Hash_DRBG.

N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Table 3 ‐ Approved Algorithm The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of Operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different Aug 29, 2024

Page 6
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Mailbox AES circuit DMAC Lock CheckerMailbox AES circuit DMAC Lock CheckerData InputMailbox input parameter. User data. Read/Write destination address information.
Mailbox AES circuit DMACMailbox AES circuit DMACData OutputMailbox output parameter. User data.
Mailbox Lock CheckerMailbox Lock CheckerControl InputMailbox command information. Lock status confirmation request signal.
Mailbox Lock CheckerMailbox Lock CheckerStatus OutputMailbox command result. Lock status confirmation result signal.
Power PINPower PINPower InputPower

Section 2.3

Page 7
Service
Name
Download Port Lock/UnlockFIPS Crypto Officer (AdminSP.SID)Mailbox commandMailbox command result
Set PIN (for AdminSP.Admin1)FIPS Crypto Officer (AdminSP.Admin1)Mailbox commandMailbox command result
Band Lock/UnlockFIPS Crypto Officer (LockingSP.Admin1-4)Mailbox commandMailbox command result
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
Band Lock/Unlock for Band of Single User Mode (for GlobalRange)FIPS Crypto Officer (LockingSP.User1)Mailbox commandMailbox command result

Section 4

Page 8
Cryptographic Erase and Initialize Band State (for GlobalRange)
Set Band position and Size for Band of Single user Mode (for GlobalRange
Set PIN (for LockingSP.User1), Set PIN for Band of Single User Mode (for LockingSP.Use1)
Format Namespace
Namespace Create/Delete
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
FIPS Crypto Officer (LockingSP.User2)Band Lock/Unlock for Band of Single User Mode (for Band1)
Cryptographic Erase for Band of Single User Mode (for Band1)Mailbox commandMailbox command result
Cryptographic Erase and Initialize Band State (for Band1)
Set Band position and Size for Band of Single user Mode (for Band1)
Set PIN (for LockingSP.User2), Set PIN for Band of Single User Mode (for LockingSP.User2)
Format Namespace
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
FIPS Crypto Officer (LockingSP.User192)Band Lock/Unlock for Band of Single User Mode (for Band191)Mailbox commandMailbox command result
Cryptographic Erase for Band of Single User Mode (for Band191)
Cryptographic Erase and Initialize Band State (for Band191)
Set Band position and Size for Band of Single user Mode (for Band191)
Set PIN (for LockingSP.User192), Set PIN for Band of Single User Mode (for LockingSP.User192)
Format Namespace
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
NoneFirmware VerificationMailbox commandMailbox command result
Random Number Generation
Show Status
Zeroisation
Signature Generation
Signature Verification
Calculate Hash Digest
Check Lock StateRead/Write CommandLock state of each Band
Page 9
Sensitive security parameter
NameTypeStrengthAuthentication
AdminSP.SIDCrypto Officer1 / 264 < 1 / 1,000,000RolePIN60,000 / 264 < 1 / 100,000
AdminSP.Admin1Crypto Officer1 / 264 < 1 / 1,000,000RolePIN60,000 / 264 < 1 / 100,000
LockingSP.Admin1-4Crypto Officer1 / 264 < 1 / 1,000,000RolePIN60,000 / 264 < 1 / 100,000
LockingSP.User1Crypto Officer1 / 264 < 1 / 1,000,000RolePIN60,000 / 264 < 1 / 100,000
LockingSP.User2Crypto Officer1 / 264 < 1 / 1,000,000RolePIN60,000 / 264 < 1 / 100,000
LockingSP.User192Crypto Officer1 / 264 < 1 / 1,000,000RolePIN60,000 / 264 < 1 / 100,000
ResetPowerN/A

N/A Table 5 ‐ Roles, Service Commands, Input and output The CM supports the configuration of roles and services. The authenticated operator is expected to configure locked bands for data storage, the associated role and the lock-based authentication data (PIN) per Table 5 (refer to section 11 for detail settings to maintain secure operation). Bands that are not configured are considered unprotected or plaintext. This configuration enables Data Read/Write service using the lock-based authentication model (IG 4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the bands must be controlled by a trusted operator outside of the module who has authenticated the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1

Page 10
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Band Lock/UnlockLock or unlock read / write of user data in a band.LockingSP.Admin 1-4KDK MEKs System MAC KeyKBKDF HMAC-SHA2-256E G EMailbox command result
Band Lock/Unlock for Band of Single User ModeLock or unlock read / write of user data in band ”X” of single user mode.LockingSP.User”X +1”
Check Lock StateCheck a lock state of band that read / write user data.NoneN/AN/AN/ABand Lock state
Data Read/WriteEncryption / decryption of user data to/from unlocked band of SSD4.LockingSP.Admin 1-4 LockingSP.User1- 192MEKsAES256-XTSEReadable/Writab le signal from lock check module
Cryptographic EraseErase user data (in cryptographic means) by changing the key that derives the data encryption key.LockingSP.Admin 1-4KDK KDK MEKs System MAC Key System Enc Key KDKCKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSG, Z E G, Z E E W, RMailbox command result
Cryptographic Erase for Band of Single User ModeErase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key.LockingSP.user”X +1”

a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264 < 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 1ms when authentication attempt fails, so the maximum number of authentication attempts is 60,000 times in 1 min. Therefore, the probability that random attempts in 1min will succeed is 60,000 / 264 < 1 / 100,000. The Roles of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set initial authentication data to null (means data of length 0). These role’s authentication data are need to be replaced upon the first-time authentication. Otherwise, the operator who assumes these roles cannot execute services except Set PIN and services that does not need authorized roles. Section 4.2

Page 11
Approved algorithm
NameUse Function
Cryptographic Erase and Initialize Band StateCryptographic Erase and Initialize Band StateErase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key, and initialize the band state.KDK KDK MEKs System MAC Key System Enc Key KDKLockingSP.Admin 1-4 LockingSP.user”X +1”
N/ADownload Port Lock/UnlockLock / unlock firmware download.N/AAdminSP.SIDN/AMailbox command result
RSASSA-PKCS#1- v1_5Firmware VerificationDigital signature verification for firmware outside the CM.Public Key embedded on the CM’s codeNoneEMailbox command result
SHA2-384 RSASSA-PKCS#1- v1_5Firmware DownloadDownload a firmware image5.PubKey1 PubKey1AdminSP.SIDW, E EMailbox command result
Hash_DRBGRandom Number GenerationProvide a random number generated by the CM.DRBG Internal ValueNoneEMailbox command result
CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSSet Band Position and SizeSet the location and size of the band.KDK KDK MEKs System MAC Key System Enc Key KDKLockingSP.Admin 1-4G, Z E G, Z E E W, RMailbox command result
Set Band Position and Size for Band of Single User ModeSet Band Position and Size for Band of Single User ModeSet the location and size of the band ”X” of single user mode.LockingSP.Admin 1-4 LockingSP.User”X +1”
SHA2-256 HMAC-SHA2-256 AES256-CBC KTSSet PINSet PIN (authentication data).PINs System MAC Key System Enc Key PINsAdminSP.SID, AdminSP.Admin1 LockingSP.Admin 1-4 LockingSP.User1- 192W, E E E W, RMailbox command result
Set PIN for Band of Single User ModeSet PIN for Band of Single User ModeSet PIN (authentication data) of authority for band ”X” of single use modeLockingSP.User1- 192
HMAC-SHA2-256 AES256-CBCAuthority Enable/DisableEnable/Disable the authority.System MAC Key System Enc KeyAdminSP.SID LockingSP.Admin 1-4E EMailbox command result
SHA2-256 HMAC-SHA2-256 AES256-CBC KTSData Locking Protection EnableEnable Data protection with band lock setting.PINs System MAC Key System Enc Key PINsAdminSP.SID LockingSP.Admin 1-4G, E E E W, RMailbox command result
CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSSanitizeErase all user data (in cryptographic means) by changing the key that derives the data encryption key.KDK KDK MEKs System MAC Key System Enc Key KDKAdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4G, Z E G, Z E E W, RMailbox command result
CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSFormat NamespaceErase user data (in cryptographic means) on Namespace by changing the key that derives the data encryption key.KDK KDK MEKs System MAC Key System Enc Key KDKAdminSP.SID, AdminSP.Admin1 LockingSP.Admin 1-4 LockingSP.User1- 192G, Z E G, Z E E W, RMailbox command result
CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSNamesapace Create/DeleteCreate and delete Namespace.KDK KDK MEKs System MAC Key System Enc Key KDKAdminSP.SID AdminSP.Admin1 LockingSP.Admin 1-4 LockingSP.User1G, Z E G, Z E E W, RMailbox command result
CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSBand Set EnableSet the location, size and lock state of the band.KDK KDK MEKs System MAC Key System Enc Key KDKLockinSP.Admin1 -4G, Z E G, Z E E W, RMailbox command result
CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSBand Set DisableInitialize the location, size and lock state of the band.KDK KDK MEKs System MAC Key System Enc Key KDKLockingSP.Admin 1-4G, Z E G, Z E E W, RMailbox command result
ECDSASignature GenerationGenerate a signature of the data by using a private key entered from outside of the CM.Key Pair Private KeyNoneW, E, ZMailbox command result
ECDSASignature VerificationVerify input signature by using a public key entered from outside of the CM.Key Pair Public KeyNoneW, E, ZMailbox command result
SHA2-256 or SHA2-384Calculate Hash DigestHash the data entered from outside of the CM.N/ANoneN/AMailbox command result
N/AShow StatusReport status of the CM and versioning information.N/ANoneN/AMailbox command result
N/AZeroisationErase SSPs.RKey KDK MEKs PINs System MAC Key System Enc Key DRBG Internal ValueNone6Z Z Z Z Z Z ZMailbox command result
N/AResetPower-OFF: Delete SSPs in RAM.System MAC Key System Enc Key KDK MEKs PINs DRBG Internal Value PubKey1NoneZ Z Z Z Z Z ZN/A
RSASSA-PKCS#1- v1_5 KBKDF Entropy Source Hash_DRBG HMAC-SHA2-256 AES256-CBC KTSPower-ON: Runs various self-tests to be performed at power-on ( POSTs, CASTs, Firmware Load test ) and generate / import some SSPs.PubKey1 RKey System MAC Key System Enc Key DRBG Seed DRBG Seed DRBG Internal Value System MAC Key System Enc Key KDK PINsW, E E G G G E, Z G E E W W

G, Z 1-4 E G, Z +1” E E W, R N/A N/A N/A E W, E E E G, Z 1-4 E G, Z E E W, R 1-4 +1” W, E E 1-4 E W, R Revert E E G, E G, Z lock setting. E 1-4 G, Z 1-4 E E Only the CMVP validated version is to be used. This service only replaces firmware image Aug 29, 2024

Page 13

N/A Z Z Z Z Z Z Z N/A Z Z Z Z Z Z Z W, E E G G G E, Z G N/A E E W W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Table 7 ‐ Approved services Section 5

Page 14

Section 6

Page 15
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageUseImport ExportZeroisation
RKey256KBKDF (#A2861)Hash_DRBG (Method SP800-133 Rev.2 Section 4)ManufacturingPlaintext in OTPDerivation of System Enc Key and System MAC KeyN/AExplicit Zeroisation service
System Enc Key256AES-CBC (#A2837)KDF in Counter ModePower-OnPlaintext in RAMData and Key Encryption / Decryption for KTSN/AExplicit Zeroisation service
System MAC Key256HMAC (#A2837)KDF in Counter ModePower-OnPlaintext in RAMMessage Authentication Code generation and verification for KTSN/AExplicit Zeroisation service
Physical Security MechanismRecommended Frequency ofInspection/Test Guidance Detail
Inspection/Test
Passivated opaque packageEvery month or every two monthsConfirmation that there is no visual damage

Figure 1.2 - TC58NC1138GTC 0001 SoC Section 8

Page 16
Approved algorithm
NameKey SizeUse Function
Hash_DRBG (Method SP800-133 Rev.2 Section 4)Derivation of MEKsKey update services7KDK256KBKDF (#A2861)Electric Imported and Exported by KTS (see Table 3)Plaintext in RAM Encrypted in System Area outside the module using the Approved KTSExplicit Zeroisation service, Key update services
KDF in Counter ModeData Encryption / DecryptionBand Lock/Unlock service, Key update servicesMEKs256AES-XTS (#A2837)N/APlaintext in AES registerExplicit Zeroisation service, Key update services
Electric inputUser authenticationSet PIN servicePINsReferred to in Section 4.1 (Table 6)SHA2-256 (#A2837)Electric Imported and Exported by KTS (see Table 3)Hashed in RAM Hashed + Encrypted in System Area outside the module using the Approved KTSExplicit Zeroisation service
Electric inputSignature generation for arbitrary dataSignature Generation serviceKey Pair Private Key192ECDSA (#A2883)Electric Imported duringPlaintext in RAMImplicit Immediately after use8

4) 3) N/A / 6) 3) + The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace, Namespace Create/Delete and Band Set Enable. Aug 29, 2024

Page 17
Approved algorithm
NameKey SizeUse Function
Hash_DRBG (#A2862)V: 440 bits C: 440 bitsN/ADRBG Internal ValueSP800-90A Instantiation of Hash_DRBGPower-OnPlaintext in RAMExplicit Zeroisation serviceRandom number generation
Hash_DRBG (#A2862)Entropy Input String and Nonce: 1024 bitsN/ADRBG SeedEntropy collected from Entropy Source at instantiation (Minimum entropy of 8 bits: 5.67)Power-OnPlaintext in RAMImplicit Immediately after use8Random number generation
RSA (#A2837)128Electric Imported during FW load.PubKey1Electric inputPower-on FW Download servicePlaintext in RAM Hashed in OTPImplicit Power-Off (Data in RAM)Signature verification.
ECDSA (#A2883)192Electric Imported during Signature Verification ServiceKey Pair Public KeyElectric inputSignature Verification servicePlaintext in RAMImplicit Immediately after use8Signature verification for arbitrary data

N/A N/A Table 9 ‐ SSPs Zeroised after input to related algorithm. Aug 29, 2024

Page 18
Approved algorithm
NameKey SizeUse Function
DetailsEntropy sourceMinimum
Hardware RNG used to seed the approved Hash_DRBG.Minimum entropy of 8 bits is 5.67.Entropy Source9
AES256-CBCEncrypt and Decrypt KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x24)
AES256-XTSEncrypt and Decrypt KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x23)
SHA2-256/ SHA2-384Digest KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x25)
HMAC-SHA2-256Digest KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x26)
Hash_DRBGDRBG KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x18/0x19)
RSASSA-PKCS#1- v1_5Signature verification KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x27)
ECDSASignature generation KATBefore first useConditionalEnters Error State (Indicated Error Code: 0x36)
Approved algorithm
NameKey SizeUse Function
DetailsEntropy sourceMinimum
Hardware RNG used to seed the approved Hash_DRBG.Minimum entropy of 8 bits is 5.67.Entropy Source9
AES256-CBCEncrypt and Decrypt KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x24)
AES256-XTSEncrypt and Decrypt KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x23)
SHA2-256/ SHA2-384Digest KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x25)
HMAC-SHA2-256Digest KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x26)
Hash_DRBGDRBG KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x18/0x19)
RSASSA-PKCS#1- v1_5Signature verification KATPower-OnConditionalEnters Boot Error State. (Indicated Error Code: 0x27)
ECDSASignature generation KATBefore first useConditionalEnters Error State (Indicated Error Code: 0x36)

Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 10

725 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.

Page 19
Approved algorithm
NameMode Method
Signature verification KATECDSAConditionalBefore first useEnters Error State (Indicated Error Code: 0x36)
KDF KATKDF in Counter ModeConditionalPower-OnEnters Boot Error State (Indicated Error Code: 0x28)
Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B.Entropy Source (Health tests of noise source at startup.)ConditionalPower-OnEnters Boot Error State (Indicated Error Code: 0x2C/0x2D)
Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B.Entropy Source (Continuous noise source health tests during operation.)ConditionalEntropy output requestEnters Error State. (Indicated Error Code: 0x2C/0x2D)
Verify signature of loaded firmware image by RSASSA-PKCS#1-v1_5Firmware load testConditional10Power-OnEnters Power Up Load Test Error State (Indicated Error Code: 0x13)
Verify signature of downloaded firmware image by RSASSA-PKCS#1-v1_5FW downloadEnters Conditional Load Test Error State. After reporting Error code, transition from error state to normal state and continue to operate with FW before download. (Indicated Error Code: 0x13)
Verify ROM code integrity with 32bit CRC.Firmware integrity testPre-operationalPower-OnEnters Boot Error State (Implicit error reporting by stopping the startup sequence)

Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). loaded into the CM can be confirmed. Aug 29, 2024

Page 20

If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:

  1. The Firmware described in Section 2.1 is downloaded into the CM.
  2. Initial SSPs are generated.
  3. Initial authentication information is set to the CM.
  4. System area including SSPs generated in Step2 and Step3 are encrypted and calculated message authentication code. Initial operations to setup this CM are following:
  5. Load Firmware into the CM.
  6. Load system area including SSPs into the CM.
  7. Execute range state setting method.
  8. Execute download port setting method.
  9. Execute service execution state setting method.
  10. Execute namespace setting method. The CM switches to approved mode after the initial operation success. When the initial operation succeeds, the CM indicates success on the Status Output interface. Operators can confirm that the CM is in approved mode by executing Show Status service and checking that the startup is successfully completed. For secure operation, the following settings must be maintained:  Data Locking Protection is Enabled  Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11) For maintaining secure condition, the SSD needs several setting at least. Owners of the SSD that embeds the CM must use it securely according to the followings:
  11. TCG LockingSP is enabled by Activate method.
  12. Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included GlobalRange) and it must not be modified. Aug 29, 2024
Page 21

As described in Section 2, the CM is used by being embedded in SSDs. Therefore, there are no maintenance requirements for the CM alone. More detailed guidance for this module is provided to the SSDs developers that embed the CM. Section 12 – Mitigation of Other Attack The CM does not mitigate other attacks beyond the scope of FIPS 140-3 requirements.

  1. For each band, "Power Cycle" of LockOnReset setting is not change.
  2. If the LockingSP has been made disabled, the Activate method is re-executed before PowerCycle is performed. Aug 29, 2024