| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 11/3/2029 |
| Caveat | None |
| Vendor | Samsung Electronics Co., Ltd. |
| Algorithm | ACVP Cert |
|---|---|
| AES-ECB | A1157 |
| AES-XTS | A1157 |
| Hash DRBG | A1153 |
| RSA SigVer (FIPS186-4) | A1155 |
| SHA2-256 | A1158 |
flowchart LR
%% Deterministic review-risk graph for Samsung NVMe TCG Opal SSC SEDs PM9A3 Series
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for Samsung NVMe TCG Opal SSC SEDs PM9A3 Series
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;Samsung NVMe TCG Opal SSC SEDs PM9A3 Series Document Version: 1.0 H/W Version: MZ1L2960HCJR-00AMV[1], MZ1L21T9HCLS-00AMV[1], MZ1L23T8HBLA-00AMV[1], MZCL21T9HCJR-00AMV[2], MZCL23T8HCLS-00AMV[2], MZCL27T6HBLA-00AMV[2] and MZEL215THBLA-00AMV[3] F/W Version: GDC76M4Q[1], GDC79M4Q[1], GDC62M4Q[2], GDC63M4Q[2], GDDB3M2Q[3], GDDB4M2Q[3]
Revision History Version Change
Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
| # | Section | Page |
|---|
1. General 1.1. Scope This document outlines the security policy for Samsung Electronics Co., Ltd. Samsung NVMe TCG Opal SSC SEDs PM9A3 Series, herein after referred to as the “cryptographic module” or “module”, SSD (Solid State Drive). This module satisfies all applicable FIPS 140-3 Security Level 1 hardware cryptographic module requirements. It supports TCG Opal SSC based SED (Self-Encrypting Drive) features that is designed to protect unauthorized access to the user data stored in its NAND Flash memories. The cryptographic module’s controller has built-in AES hardware engines that provide on-the-fly encryption and decryption of the user data without performance loss. The SED design also allows for instant data sanitization via cryptographic erase. ISO/IEC 24759 FIPS 140-3 Section Title Security Level Section 6. [Number Below]
12 Mitigation of other attacks N/A
Table
Figure 3. Specification of the PM9A3 E1.L Form Factor Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
2.2. Module Cryptographic Boundary The PM9A3 series utilizes a single-chip controller with an NVMe interface for system side communication and integrates Samsung NAND flash memory for internal storage. The following figure depicts the module’s operational environment. Figure
2.4. Cryptographic Functionality The module does not implement any "Non-Approved Algorithms Not Allowed in the Approved Mode of Operation". 2.4.1. Approved Algorithm The cryptographic module supports the following Approved algorithms for secure data storage: Description/ Mode/ CAVP Cert Algorithm and Standard Key Size(s)/ Use/Function Method Key Strength(s) A1157 AES / ECB 256 bits Prerequisite for AES-XTS (A1157) FIPS 197, SP 800-38A A1157 AES / XTS1 256 bits Data Encryption / Decryption FIPS 197, SP 800-38E A1153 DRBG / Hash_ DRBG N/A Deterministic Random Bit SP 800-90A Rev. 1 (SHA-256) Generation A1155 RSA / FIPS 186-4 SigVer 3072 bits Digital Signature Verification A1158 SHS / FIPS 180-4 SHA-256 N/A Message Digest Vendor CKG / SP 800-133 Rev. 2 Section 4 and N/A Cryptographic Key Generation Affirmed Section 6.1 (Symmetric keys which are direct unmodified outputs from the DRBG) N/A ENT (P) / SP 800-90B N/A N/A Non-deterministic Random Number Generator (only used for generating seed materials for the DRBG). Provides a minimum of 256 bits of entropy for DRBG seed. Table
The module always defaults to an Approved mode of operation. To ensure it remains in this mode, operators must strictly follow the guidance outlined in section
4 Specified type of access of Lock/Unlock an LBA Range service to MEK was limited to only RAM
Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
changing the data DRBG Internal Result: TCG status code encryption key, CKG O O State C value initialize range ENT (P) settings, and DRBG Seed O O reset PINs for DRBG Entropy TCG. O O Input String MEK O O O FW Admin Command: Update the Update the RSA Verification O Firmware Commit firmware firmware Key Result : Status Code DRBG Internal Hash_ DRBG O O State V value Provide a random (SHA-256) DRBG Internal UID: ThisSP Get Random number O O State C value TCG Method: Random Number generated by the CKG DRBG Seed O O Result: TCG status code CM. DRBG Entropy ENT (P) O O Input String NVM Command: Read/Write user IO Command AES-XTS MEK O Write / Read data Result : Status Code DRBG Internal O O Hash_ DRBG State V value Admin Command: (SHA-256) DRBG Internal FormatNVM / Erase user data by O O Format NVM / Sanitize / State C value Sanitize / changing the data Namespace CKG DRBG Seed O O DeleteNS encryption key. Management DRBG Entropy O O Result : Status Code ENT (P) Input String MEK O O O Perform Diagnostics N/A N/A Maintenance N/A Maintenance Table 8. Approved Services Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
5. Software/Firmware Security - The cryptographic module employs a 428-byte error detection code for firmware integrity testing, which is performed during power-on reset. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
6. Operational Environment - The cryptographic module operates in a limited operational environment, consisting of the module’s firmware. This limited operational setting does not require any specific security rules, settings/configurations, or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Firmware download is only available for CMVP validated firmware versions. Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. - Since the cryptographic module is zeroised through the procedure for using maintenance role, it is restricted preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
8. Non-Invasive Security - The module does not implement any non-invasive attack mitigation techniques. Therefore, this section is not applicable. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
9. Sensitive Security Parameter Management - Temporary SSPs and SSPs stored in volatile memory are automatically zeroized upon power-on reset. - The module performs zeroization by overwriting the target SSP with random values generated by the DRBG. - The module does not import or export SSPs. Key / Security Use & SSP Function Import / Strength Generation Establishment Storage Zeroisation related Name / and Cert. Export keys Type Number Hash_ DRBG Implicitly DRBG SP 800-90A Internal Plaintext zeroised by 440-bit (SHA- HASH_DRBG N/A N/A MEK State V in RAM Power on 256) / (SHA-256) value reset A1153 Hash_ DRBG Implicitly DRBG SP 800-90A Internal Plaintext zeroised by 440-bit (SHA- HASH_DRBG N/A N/A MEK State C in RAM Power on 256) / (SHA-256) value reset A1153 Hash_ Implicitly DRBG DRBG Plaintext zeroised by N/A (SHA- ENT (P) N/A N/A MEK Seed in RAM Power on 256) / reset A1153 Hash_ DRBG Implicitly DRBG Entropy Plaintext zeroised by N/A (SHA- ENT (P) N/A N/A MEK Input in RAM Power on 256) / String reset A1153 Implicitly zeroised by Power on reset / Explicitly Plaintext zeroised via in RAM “Unlock an LBA Range” service and Data indicate SP 800-90A encryption AES-XTS / with its MEK 256-bit HASH_DRBG N/A N/A and A1157 indicator (SHA-256) decryption Explicitly of user data zeroised via “Erase an LBA Range’s Plaintext Data”, in Flash “Revert” and “FormatNV M/ Sanitize / Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
DeleteNS” services and indicate with their indicators Implicitly zeroised by Generated Power on Firmware during the reset and Plaintext Verificati RSA / manufacturing after Firmware 128-bit N/A N/A in HW A1155 process, is completion Load Test on Key5 SFR6 included as of “Update part of the FW. the firmware” service Table
6 HW SFR (Special Function Register) is a register within a hardware cryptographic algorithm IP, which has characteristic of volatile memory.
7 Estimated amount of entropy per the source’s output bit is 0.841621 and Samsung conservatively claims to be set at 0.5 per bit.
Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
11. Life-Cycle Assurance The cryptographic module operates in the Approved mode of operation by default once shipped from the vendor’s manufacturing site and does not support a non-approved mode of operation. The following guidance in section 11.1 describes the rules for secure installation and operation which the operator shall follow to operate the cryptographic module in a FIPS 140-3 security level 1 compliant manner. 11.1. Secure Installation
12. Mitigation of Other Attacks The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy