Derived Review-Risk Graph (review prompts, not findings)
flowchart LR
%% Deterministic review-risk graph for KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>SC01DN</i>"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C6 clue;
class I1,I2,I3,I6 infer;
class R1,R2,R3,R6 risk;
class E1,E2,E3,E6 evidence;Underlying clues
flowchart LR
%% Deterministic clue tier for KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>SC01DN</i><br/>src: certificate.firmwareVersions"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1 clueHigh;
class C2,C3,C6 clueLow;Security Policy, page by page
KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip KIOXIA CORPORATION Rev 3.3.0 Aug 29, 2024
Security level
| Name | ISO Section | Level |
|---|
| 1. General | 1. General | 2 |
| 2. Cryptographic Module Specification | 2. Cryptographic Module Specification | 2 |
| 3. Cryptographic Module Interfaces | 3. Cryptographic Module Interfaces | 2 |
| 4. Roles, Services, and Authentication | 4. Roles, Services, and Authentication | 2 |
| 5. Software/Firmware Security | 5. Software/Firmware Security | 2 |
| 6. Operational Environment | 6. Operational Environment | N/A |
| 7. Physical Security | 7. Physical Security | 2 |
| 8. Non-invasive Security | 8. Non-invasive Security | N/A |
| 9. Sensitive Security Parameter Management | 9. Sensitive Security Parameter Management | 2 |
| 10. Self-tests | 10. Self-tests | 2 |
| 11. Life-cycle Assurance | 11. Life-cycle Assurance | 2 |
| 12. Mitigation of Other Attacks | 12. Mitigation of Other Attacks | N/A |
| Overall Level | Overall Level | 2 |
This document explains precise specification of the security rules about KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. N/A N/A N/A Table 1 ‐ Security Levels This document is non-proprietary and may be reproduced in its original entirety. Section 1.1 - Acronyms AES Advanced Encryption Standard CM SSP DRBG Deterministic Random Bit Generator HMAC The Keyed-Hash Message Authentication code KAT Known Answer Test POST Power on Self-Test CAST Cryptographic Algorithm Self-Test PSID Printed SID SED Self-Encrypting Drive SHA Secure Hash Algorithm SID Security ID TCG Trusted Computing Group Aug 29, 2024
Approved algorithm
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|
| AES256 (FIPS 197 / SP800-38A) | #A2837 | CBC | Key Size: 256 bits/ Key Strength: 256 bits | Data and Key Encryption/ Decryption |
| Physical single-chip | | The sub-chip cryptographic | | The associated |
|---|
| | subsystem soft circuitry core | | firmware |
| TC58NC1137GTC 0001 TC58NC1138GTC 0001 | TC58NC1137GTC/TC58NC1138GTC CRPT module 0001 | | SC01DN | |
Section 2
- Cryptographic Module Specification KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip (listed in Section2.1 Product Version) is used for solid state drive (SSD) data security. The CM is a single chip hardware module implemented as a sub-chip compliant with IG 2.3.B in the TC58NC1137GTC 0001 SoC and TC58NC1138GTC 0001 SoC (see Figure 1 in Section 7). Overall Security Rating of the CM is Level2 (See Table 1 in Section 1 for individual security area levels). The CM is embedded in TCG OPAL compliant SSD controllers which provides user data encryption/decryption through build-in HW engines. The CM provides various cryptographic services using approved algorithms. The CM has multiple functions, but they do not support the degraded operation. The physical boundary of the CM is the TC58NC1137GTC 0001 SoC and TC58NC1138GTC 0001 SoC, and the logical boundary of the CM is TC58NC1137GTC/TC58NC1138GTC CRPT module. The CM has one approved mode of operation and CM is always in approved mode of operation after initial operations are performed (See Section 11). In approved mode, the CM provides services defined in Table 7 in Section 4.2. Section 2.1
- Product Version The CM is validated with the following versions: Table 2 ‐ Cryptographic Module Tested Configuration Section 2.2
- Security Functions The CM executes following approved algorithms: Aug 29, 2024
Approved algorithm
| Name | CAVP Cert | Mode Method | Key Size | |
|---|
| AES256 (FIPS 197 / SP800-38E) | #A2837 | XTS1 | Key Size: 256 bits/ Key Strength: 256 bits | Data Encryption/ Decryption (only be used for storage) |
| SHA2-256/SHA2-384 (FIPS 180-4) | #A2837 | N/A | N/A | Hashing messages |
| HMAC-SHA2-256 (FIPS 198-1) | #A2837 | N/A | Key Size: 256 bits/ Key Strength: 256 bits | Message Authentication Code |
| RSASSA-PKCS#1-v1_5 (FIPS 186-4) | #A2837 | N/A | Key Size: 3072 bits/ Key Strength: 128 bits | Signature verification |
| ECDSA (FIPS 186-4) | #A2883 | N/A | Curve: P-384/ Key Strength: 192 bits | Signature generation/ verification |
| Hash_DRBG (SP800-90A Rev.1) | #A2862 | N/A | Hash based: SHA2-256 | Deterministic Random Bit Generation |
| KBKDF (SP800-108 Revised) | #A2861 | Counter | MACs: HMAC-SHA2-256/ Key Size: 256 bits/ Key Strength: 256 bits | Key derivation |
| KTS (IG D.G) | #A2837 | N/A | Combination of AES256 CBC Mode and HMAC-SHA2-256 / Key Size: 256 bits/ Key Strength: 256 bits | Key Transport Scheme |
| CKG (SP800-133 Rev.2) | Vendor Affirmation | N/A | Methods described in section 4 of the SP800-133 Rev.2 | Cryptographic Key Generation |
| Entropy Source (SP800-90B) | ENT(P) | N/A | N/A | Hardware RNG used to seed the approved Hash_DRBG. |
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Table 3 ‐ Approved Algorithm The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of Operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different Aug 29, 2024
Ports and interfaces
| Name | Physical Port | Logical Interface | Data That Passes |
|---|
| Mailbox AES circuit DMAC Lock Checker | Mailbox AES circuit DMAC Lock Checker | Data Input | Mailbox input parameter. User data. Read/Write destination address information. |
| Mailbox AES circuit DMAC | Mailbox AES circuit DMAC | Data Output | Mailbox output parameter. User data. |
| Mailbox Lock Checker | Mailbox Lock Checker | Control Input | Mailbox command information. Lock status confirmation request signal. |
| Mailbox Lock Checker | Mailbox Lock Checker | Status Output | Mailbox command result. Lock status confirmation result signal. |
| Power PIN | Power PIN | Power Input | Power |
Section 2.3
- Module Configuration Overview block diagram of the CM is shown below. Figure 1
- Configuration of module and peripheral components Components of the CM is shown with gray background include processor and memories (volatile and non-volatile memory) and HW circuitry for cryptographic processing. Physical ports bordering outside the CM’s boundary and the data passing over them are also indicated (see Section 3 for details on physical ports and interfaces). Section 3
- Cryptographic Module Interface Note: Control output is omitted in the table above because the CM does not implement this type of interface. Table 4 ‐ Ports and Interface Aug 29, 2024
Service
| Name | | | |
|---|
| Download Port Lock/Unlock | FIPS Crypto Officer (AdminSP.SID) | Mailbox command | Mailbox command result |
| Set PIN (for AdminSP.Admin1) | FIPS Crypto Officer (AdminSP.Admin1) | Mailbox command | Mailbox command result |
| Band Lock/Unlock | FIPS Crypto Officer (LockingSP.Admin1-4) | Mailbox command | Mailbox command result |
| Data Read/Write | | Encrypted/Decrypted data | Decrypted/Encrypted data |
| Band Lock/Unlock for Band of Single User Mode (for GlobalRange) | FIPS Crypto Officer (LockingSP.User1) | Mailbox command | Mailbox command result |
Section 4
- Roles Services and Authentication The relation between Roles and Services in this CM is shown below. external firmware is verified (RSASSA-PKCS#1-v1_5). Aug 29, 2024
| Cryptographic Erase and Initialize Band State (for GlobalRange) | | |
|---|
| Set Band position and Size for Band of Single user Mode (for GlobalRange | | |
| Set PIN (for LockingSP.User1), Set PIN for Band of Single User Mode (for LockingSP.Use1) | | |
| Format Namespace | | |
| Namespace Create/Delete | | |
| Data Read/Write | Encrypted/Decrypted data | Decrypted/Encrypted data |
| FIPS Crypto Officer (LockingSP.User2) | Band Lock/Unlock for Band of Single User Mode (for Band1) | | |
| Cryptographic Erase for Band of Single User Mode (for Band1) | Mailbox command | Mailbox command result |
| Cryptographic Erase and Initialize Band State (for Band1) | | |
| Set Band position and Size for Band of Single user Mode (for Band1) | | |
| Set PIN (for LockingSP.User2), Set PIN for Band of Single User Mode (for LockingSP.User2) | | |
| Format Namespace | | |
| Data Read/Write | Encrypted/Decrypted data | Decrypted/Encrypted data |
| … | … | … | … |
| FIPS Crypto Officer (LockingSP.User192) | Band Lock/Unlock for Band of Single User Mode (for Band191) | Mailbox command | Mailbox command result |
| Cryptographic Erase for Band of Single User Mode (for Band191) | | |
| Cryptographic Erase and Initialize Band State (for Band191) | | |
| Set Band position and Size for Band of Single user Mode (for Band191) | | |
| Set PIN (for LockingSP.User192), Set PIN for Band of Single User Mode (for LockingSP.User192) | | |
| Format Namespace | | |
| Data Read/Write | Encrypted/Decrypted data | Decrypted/Encrypted data |
| None | Firmware Verification | Mailbox command | Mailbox command result |
| Random Number Generation | | |
| Show Status | | |
| Zeroisation | | |
| Signature Generation | | |
| Signature Verification | | |
| Calculate Hash Digest | | |
| Check Lock State | Read/Write Command | Lock state of each Band |
Sensitive security parameter
| Name | Type | Strength | | Authentication | |
|---|
| AdminSP.SID | Crypto Officer | 1 / 264 < 1 / 1,000,000 | Role | PIN | 60,000 / 264 < 1 / 100,000 |
| AdminSP.Admin1 | Crypto Officer | 1 / 264 < 1 / 1,000,000 | Role | PIN | 60,000 / 264 < 1 / 100,000 |
| LockingSP.Admin1-4 | Crypto Officer | 1 / 264 < 1 / 1,000,000 | Role | PIN | 60,000 / 264 < 1 / 100,000 |
| LockingSP.User1 | Crypto Officer | 1 / 264 < 1 / 1,000,000 | Role | PIN | 60,000 / 264 < 1 / 100,000 |
| LockingSP.User2 | Crypto Officer | 1 / 264 < 1 / 1,000,000 | Role | PIN | 60,000 / 264 < 1 / 100,000 |
| … | … | … | … | … | … |
| LockingSP.User192 | Crypto Officer | 1 / 264 < 1 / 1,000,000 | Role | PIN | 60,000 / 264 < 1 / 100,000 |
N/A Table 5 ‐ Roles, Service Commands, Input and output The CM supports the configuration of roles and services. The authenticated operator is expected to configure locked bands for data storage, the associated role and the lock-based authentication data (PIN) per Table 5 (refer to section 11 for detail settings to maintain secure operation). Bands that are not configured are considered unprotected or plaintext. This configuration enables Data Read/Write service using the lock-based authentication model (IG 4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the bands must be controlled by a trusted operator outside of the module who has authenticated the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1
- Roles and Authentication This section describes roles, authentication method, and strength of authentication. … … … … … … Table 6 ‐ Identification and Authentication Policy The CM performs role authentication by comparing whether the PIN entered by the user matches the information stored inside the CM. PINs are hashed with SHA2-256 to store them on the CM. The PIN entered by the user is hashed and compared to the stored PIN hash. PINs can be changed by executing the Set PIN Service (see Section4.2) with appropriate roles authenticated. The CM refuses to set a PIN less than 8 bytes, and responds with an error if such Aug 29, 2024
Service
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|
| Band Lock/Unlock | Lock or unlock read / write of user data in a band. | LockingSP.Admin 1-4 | KDK MEKs System MAC Key | KBKDF HMAC-SHA2-256 | E G E | Mailbox command result |
| Band Lock/Unlock for Band of Single User Mode | Lock or unlock read / write of user data in band ”X” of single user mode. | LockingSP.User”X +1” | | | | |
| Check Lock State | Check a lock state of band that read / write user data. | None | N/A | N/A | N/A | Band Lock state |
| Data Read/Write | Encryption / decryption of user data to/from unlocked band of SSD4. | LockingSP.Admin 1-4 LockingSP.User1- 192 | MEKs | AES256-XTS | E | Readable/Writab le signal from lock check module |
| Cryptographic Erase | Erase user data (in cryptographic means) by changing the key that derives the data encryption key. | LockingSP.Admin 1-4 | KDK KDK MEKs System MAC Key System Enc Key KDK | CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | G, Z E G, Z E E W, R | Mailbox command result |
| Cryptographic Erase for Band of Single User Mode | Erase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key. | LockingSP.user”X +1” | | | | |
a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264 < 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 1ms when authentication attempt fails, so the maximum number of authentication attempts is 60,000 times in 1 min. Therefore, the probability that random attempts in 1min will succeed is 60,000 / 264 < 1 / 100,000. The Roles of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set initial authentication data to null (means data of length 0). These role’s authentication data are need to be replaced upon the first-time authentication. Otherwise, the operator who assumes these roles cannot execute services except Set PIN and services that does not need authorized roles. Section 4.2
- Services This section describes services which the CM provides. E 1-4 G E +1” N/A N/A N/A E 1-4 G, Z 1-4 E G, Z E E W, R +1” The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively. Aug 29, 2024
Approved algorithm
| Name | Use Function | | | | | |
|---|
| Cryptographic Erase and Initialize Band State | Cryptographic Erase and Initialize Band State | Erase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key, and initialize the band state. | KDK KDK MEKs System MAC Key System Enc Key KDK | LockingSP.Admin 1-4 LockingSP.user”X +1” | | |
| N/A | Download Port Lock/Unlock | Lock / unlock firmware download. | N/A | AdminSP.SID | N/A | Mailbox command result |
| RSASSA-PKCS#1- v1_5 | Firmware Verification | Digital signature verification for firmware outside the CM. | Public Key embedded on the CM’s code | None | E | Mailbox command result |
| SHA2-384 RSASSA-PKCS#1- v1_5 | Firmware Download | Download a firmware image5. | PubKey1 PubKey1 | AdminSP.SID | W, E E | Mailbox command result |
| Hash_DRBG | Random Number Generation | Provide a random number generated by the CM. | DRBG Internal Value | None | E | Mailbox command result |
| CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Set Band Position and Size | Set the location and size of the band. | KDK KDK MEKs System MAC Key System Enc Key KDK | LockingSP.Admin 1-4 | G, Z E G, Z E E W, R | Mailbox command result |
| Set Band Position and Size for Band of Single User Mode | Set Band Position and Size for Band of Single User Mode | Set the location and size of the band ”X” of single user mode. | | LockingSP.Admin 1-4 LockingSP.User”X +1” | | |
| SHA2-256 HMAC-SHA2-256 AES256-CBC KTS | Set PIN | Set PIN (authentication data). | PINs System MAC Key System Enc Key PINs | AdminSP.SID, AdminSP.Admin1 LockingSP.Admin 1-4 LockingSP.User1- 192 | W, E E E W, R | Mailbox command result |
| Set PIN for Band of Single User Mode | Set PIN for Band of Single User Mode | Set PIN (authentication data) of authority for band ”X” of single use mode | | LockingSP.User1- 192 | | |
| HMAC-SHA2-256 AES256-CBC | Authority Enable/Disable | Enable/Disable the authority. | System MAC Key System Enc Key | AdminSP.SID LockingSP.Admin 1-4 | E E | Mailbox command result |
| SHA2-256 HMAC-SHA2-256 AES256-CBC KTS | Data Locking Protection Enable | Enable Data protection with band lock setting. | PINs System MAC Key System Enc Key PINs | AdminSP.SID LockingSP.Admin 1-4 | G, E E E W, R | Mailbox command result |
| CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Sanitize | Erase all user data (in cryptographic means) by changing the key that derives the data encryption key. | KDK KDK MEKs System MAC Key System Enc Key KDK | AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4 | G, Z E G, Z E E W, R | Mailbox command result |
| CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Format Namespace | Erase user data (in cryptographic means) on Namespace by changing the key that derives the data encryption key. | KDK KDK MEKs System MAC Key System Enc Key KDK | AdminSP.SID, AdminSP.Admin1 LockingSP.Admin 1-4 LockingSP.User1- 192 | G, Z E G, Z E E W, R | Mailbox command result |
| CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Namesapace Create/Delete | Create and delete Namespace. | KDK KDK MEKs System MAC Key System Enc Key KDK | AdminSP.SID AdminSP.Admin1 LockingSP.Admin 1-4 LockingSP.User1 | G, Z E G, Z E E W, R | Mailbox command result |
| CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Band Set Enable | Set the location, size and lock state of the band. | KDK KDK MEKs System MAC Key System Enc Key KDK | LockinSP.Admin1 -4 | G, Z E G, Z E E W, R | Mailbox command result |
| CKG (Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Band Set Disable | Initialize the location, size and lock state of the band. | KDK KDK MEKs System MAC Key System Enc Key KDK | LockingSP.Admin 1-4 | G, Z E G, Z E E W, R | Mailbox command result |
| ECDSA | Signature Generation | Generate a signature of the data by using a private key entered from outside of the CM. | Key Pair Private Key | None | W, E, Z | Mailbox command result |
| ECDSA | Signature Verification | Verify input signature by using a public key entered from outside of the CM. | Key Pair Public Key | None | W, E, Z | Mailbox command result |
| SHA2-256 or SHA2-384 | Calculate Hash Digest | Hash the data entered from outside of the CM. | N/A | None | N/A | Mailbox command result |
| N/A | Show Status | Report status of the CM and versioning information. | N/A | None | N/A | Mailbox command result |
| N/A | Zeroisation | Erase SSPs. | RKey KDK MEKs PINs System MAC Key System Enc Key DRBG Internal Value | None6 | Z Z Z Z Z Z Z | Mailbox command result |
| N/A | Reset | Power-OFF: Delete SSPs in RAM. | System MAC Key System Enc Key KDK MEKs PINs DRBG Internal Value PubKey1 | None | Z Z Z Z Z Z Z | N/A |
| RSASSA-PKCS#1- v1_5 KBKDF Entropy Source Hash_DRBG HMAC-SHA2-256 AES256-CBC KTS | | Power-ON: Runs various self-tests to be performed at power-on ( POSTs, CASTs, Firmware Load test ) and generate / import some SSPs. | PubKey1 RKey System MAC Key System Enc Key DRBG Seed DRBG Seed DRBG Internal Value System MAC Key System Enc Key KDK PINs | | W, E E G G G E, Z G E E W W | |
G, Z 1-4 E G, Z +1” E E W, R N/A N/A N/A E W, E E E G, Z 1-4 E G, Z E E W, R 1-4 +1” W, E E 1-4 E W, R Revert E E G, E G, Z lock setting. E 1-4 G, Z 1-4 E E Only the CMVP validated version is to be used. This service only replaces firmware image Aug 29, 2024
N/A Z Z Z Z Z Z Z N/A Z Z Z Z Z Z Z W, E E G G G E, Z G N/A E E W W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Table 7 ‐ Approved services Section 5
- Software/Firmware Security Firmware Security of components in this CM is shown below. ROM Code: ・ Form of the executable code: ELF format ・ Integrity verification method: 32bit CRC ・ Method for integrity test on demand: Power cycling Firmware image (User Code): ・ Form of the executable code: ELF format ・ Integrity verification method: Approved signature verification (RSASSA-PKCS#1-v1_5, see table 3) ・ Method for integrity test on demand: Power cycling Need to input PSID, which is public drive-unique value used for the zeroisation service. Aug 29, 2024
Section 6
- Operational Environment Operational Environment requirements are not applicable because the CM does not employ operating systems and operates in a non-modifiable environment that is the CM cannot be modified and no code can be added or deleted. Any firmware/software loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a success of firmware load test and a separate FIPS 140-3 validation. Section 7
- Physical Security The CM is a sub-chip enclosed in a single chip that is an opaque package. And the CM consists of production-grade components. Gathering information of the module’s internal construction or components is impossible without forcing the package to open. In this case, it is confirmed package damage as a tamper-evidence. Operators of the CM can ensure that the physical security is maintained to confirm the package has no obvious attack damage. If the operator discovers tamper evidence, the CM should be removed. Front Back Figure 1.1 - TC58NC1137GTC 0001 SoC Front Back Aug 29, 2024
Sensitive security parameter
| Name | Strength | Security Function | Generation | Establishment | Storage | Use | Import Export | Zeroisation |
|---|
| RKey | 256 | KBKDF (#A2861) | Hash_DRBG (Method SP800-133 Rev.2 Section 4) | Manufacturing | Plaintext in OTP | Derivation of System Enc Key and System MAC Key | N/A | Explicit Zeroisation service |
| System Enc Key | 256 | AES-CBC (#A2837) | KDF in Counter Mode | Power-On | Plaintext in RAM | Data and Key Encryption / Decryption for KTS | N/A | Explicit Zeroisation service |
| System MAC Key | 256 | HMAC (#A2837) | KDF in Counter Mode | Power-On | Plaintext in RAM | Message Authentication Code generation and verification for KTS | N/A | Explicit Zeroisation service |
| Physical Security Mechanism | | Recommended Frequency of | Inspection/Test Guidance Detail |
|---|
| | Inspection/Test | |
| Passivated opaque package | Every month or every two months | | Confirmation that there is no visual damage |
Figure 1.2 - TC58NC1138GTC 0001 SoC Section 8
- Non-invasive security The CM does not apply Non-invasive security. Section 9
- Sensitive security parameter management The CM uses keys and SSPs in the following table. & N/A 4) N/A / N/A Aug 29, 2024
Approved algorithm
| Name | Key Size | Use Function | | | | | | |
|---|
| Hash_DRBG (Method SP800-133 Rev.2 Section 4) | Derivation of MEKs | Key update services7 | KDK | 256 | KBKDF (#A2861) | Electric Imported and Exported by KTS (see Table 3) | Plaintext in RAM Encrypted in System Area outside the module using the Approved KTS | Explicit Zeroisation service, Key update services |
| KDF in Counter Mode | Data Encryption / Decryption | Band Lock/Unlock service, Key update services | MEKs | 256 | AES-XTS (#A2837) | N/A | Plaintext in AES register | Explicit Zeroisation service, Key update services |
| Electric input | User authentication | Set PIN service | PINs | Referred to in Section 4.1 (Table 6) | SHA2-256 (#A2837) | Electric Imported and Exported by KTS (see Table 3) | Hashed in RAM Hashed + Encrypted in System Area outside the module using the Approved KTS | Explicit Zeroisation service |
| Electric input | Signature generation for arbitrary data | Signature Generation service | Key Pair Private Key | 192 | ECDSA (#A2883) | Electric Imported during | Plaintext in RAM | Implicit Immediately after use8 |
4) 3) N/A / 6) 3) + The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace, Namespace Create/Delete and Band Set Enable. Aug 29, 2024
Approved algorithm
| Name | Key Size | Use Function | | | | | | |
|---|
| Hash_DRBG (#A2862) | V: 440 bits C: 440 bits | N/A | DRBG Internal Value | SP800-90A Instantiation of Hash_DRBG | Power-On | Plaintext in RAM | Explicit Zeroisation service | Random number generation |
| Hash_DRBG (#A2862) | Entropy Input String and Nonce: 1024 bits | N/A | DRBG Seed | Entropy collected from Entropy Source at instantiation (Minimum entropy of 8 bits: 5.67) | Power-On | Plaintext in RAM | Implicit Immediately after use8 | Random number generation |
| RSA (#A2837) | 128 | Electric Imported during FW load. | PubKey1 | Electric input | Power-on FW Download service | Plaintext in RAM Hashed in OTP | Implicit Power-Off (Data in RAM) | Signature verification. |
| ECDSA (#A2883) | 192 | Electric Imported during Signature Verification Service | Key Pair Public Key | Electric input | Signature Verification service | Plaintext in RAM | Implicit Immediately after use8 | Signature verification for arbitrary data |
N/A N/A Table 9 ‐ SSPs Zeroised after input to related algorithm. Aug 29, 2024
Approved algorithm
| Name | Key Size | Use Function | | | | |
|---|
| Details | | | Entropy source | Minimum | | |
| Hardware RNG used to seed the approved Hash_DRBG. | Minimum entropy of 8 bits is 5.67. | | Entropy Source9 | | | |
| AES256-CBC | | Encrypt and Decrypt KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x24) |
| AES256-XTS | | Encrypt and Decrypt KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x23) |
| SHA2-256/ SHA2-384 | | Digest KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x25) |
| HMAC-SHA2-256 | | Digest KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x26) |
| Hash_DRBG | | DRBG KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x18/0x19) |
| RSASSA-PKCS#1- v1_5 | | Signature verification KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x27) |
| ECDSA | | Signature generation KAT | | Before first use | Conditional | Enters Error State (Indicated Error Code: 0x36) |
Approved algorithm
| Name | Key Size | Use Function | | | | |
|---|
| Details | | | Entropy source | Minimum | | |
| Hardware RNG used to seed the approved Hash_DRBG. | Minimum entropy of 8 bits is 5.67. | | Entropy Source9 | | | |
| AES256-CBC | | Encrypt and Decrypt KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x24) |
| AES256-XTS | | Encrypt and Decrypt KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x23) |
| SHA2-256/ SHA2-384 | | Digest KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x25) |
| HMAC-SHA2-256 | | Digest KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x26) |
| Hash_DRBG | | DRBG KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x18/0x19) |
| RSASSA-PKCS#1- v1_5 | | Signature verification KAT | | Power-On | Conditional | Enters Boot Error State. (Indicated Error Code: 0x27) |
| ECDSA | | Signature generation KAT | | Before first use | Conditional | Enters Error State (Indicated Error Code: 0x36) |
Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 10
- Self Tests The CM runs self-tests in the following table. The Entropy Source is a hardware module inside the CM boundary. The Entropy Source supplies the Hash_DRBG with 1024 bits entropy input. From Table 10 this input contains about
725 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.
Approved algorithm
| Name | Mode Method | | | |
|---|
| Signature verification KAT | ECDSA | Conditional | Before first use | Enters Error State (Indicated Error Code: 0x36) |
| KDF KAT | KDF in Counter Mode | Conditional | Power-On | Enters Boot Error State (Indicated Error Code: 0x28) |
| Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. | Entropy Source (Health tests of noise source at startup.) | Conditional | Power-On | Enters Boot Error State (Indicated Error Code: 0x2C/0x2D) |
| Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. | Entropy Source (Continuous noise source health tests during operation.) | Conditional | Entropy output request | Enters Error State. (Indicated Error Code: 0x2C/0x2D) |
| Verify signature of loaded firmware image by RSASSA-PKCS#1-v1_5 | Firmware load test | Conditional10 | Power-On | Enters Power Up Load Test Error State (Indicated Error Code: 0x13) |
| Verify signature of downloaded firmware image by RSASSA-PKCS#1-v1_5 | | | FW download | Enters Conditional Load Test Error State. After reporting Error code, transition from error state to normal state and continue to operate with FW before download. (Indicated Error Code: 0x13) |
| Verify ROM code integrity with 32bit CRC. | Firmware integrity test | Pre-operational | Power-On | Enters Boot Error State (Implicit error reporting by stopping the startup sequence) |
Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). loaded into the CM can be confirmed. Aug 29, 2024
If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:
- The Firmware described in Section 2.1 is downloaded into the CM.
- Initial SSPs are generated.
- Initial authentication information is set to the CM.
- System area including SSPs generated in Step2 and Step3 are encrypted and calculated message authentication code. Initial operations to setup this CM are following:
- Load Firmware into the CM.
- Load system area including SSPs into the CM.
- Execute range state setting method.
- Execute download port setting method.
- Execute service execution state setting method.
- Execute namespace setting method. The CM switches to approved mode after the initial operation success. When the initial operation succeeds, the CM indicates success on the Status Output interface. Operators can confirm that the CM is in approved mode by executing Show Status service and checking that the startup is successfully completed. For secure operation, the following settings must be maintained: Data Locking Protection is Enabled Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11) For maintaining secure condition, the SSD needs several setting at least. Owners of the SSD that embeds the CM must use it securely according to the followings:
- TCG LockingSP is enabled by Activate method.
- Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included GlobalRange) and it must not be modified. Aug 29, 2024
As described in Section 2, the CM is used by being embedded in SSDs. Therefore, there are no maintenance requirements for the CM alone. More detailed guidance for this module is provided to the SSDs developers that embed the CM. Section 12 – Mitigation of Other Attack The CM does not mitigate other attacks beyond the scope of FIPS 140-3 requirements.
- For each band, "Power Cycle" of LockOnReset setting is not change.
- If the LockingSP has been made disabled, the Activate method is re-executed before PowerCycle is performed. Aug 29, 2024