All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Samsung NVMe TCG Opal SSC SEDs PM9A3 Series

Certificate#4864StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorSamsung Electronics Co., Ltd.
Medium review priority  ·  no TCB surface named  ·  last validated 20 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date11/3/2029
CaveatNone
VendorSamsung Electronics Co., Ltd.

Approved Algorithms (5)

AlgorithmACVP Cert
AES-ECBA1157
AES-XTSA1157
Hash DRBGA1153
RSA SigVer (FIPS186-4)A1155
SHA2-256A1158

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Samsung NVMe TCG Opal SSC SEDs PM9A3 Series
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Samsung NVMe TCG Opal SSC SEDs PM9A3 Series
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

Samsung NVMe TCG Opal SSC SEDs PM9A3 Series Document Version: 1.0 H/W Version: MZ1L2960HCJR-00AMV[1], MZ1L21T9HCLS-00AMV[1], MZ1L23T8HBLA-00AMV[1], MZCL21T9HCJR-00AMV[2], MZCL23T8HCLS-00AMV[2], MZCL27T6HBLA-00AMV[2] and MZEL215THBLA-00AMV[3] F/W Version: GDC76M4Q[1], GDC79M4Q[1], GDC62M4Q[2], GDC63M4Q[2], GDDB3M2Q[3], GDDB4M2Q[3]

Page 2

Revision History Version Change

1.0 Initial Version

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 3
Table of Contents
#SectionPage
Page 4

1. General 1.1. Scope This document outlines the security policy for Samsung Electronics Co., Ltd. Samsung NVMe TCG Opal SSC SEDs PM9A3 Series, herein after referred to as the “cryptographic module” or “module”, SSD (Solid State Drive). This module satisfies all applicable FIPS 140-3 Security Level 1 hardware cryptographic module requirements. It supports TCG Opal SSC based SED (Self-Encrypting Drive) features that is designed to protect unauthorized access to the user data stored in its NAND Flash memories. The cryptographic module’s controller has built-in AES hardware engines that provide on-the-fly encryption and decryption of the user data without performance loss. The SED design also allows for instant data sanitization via cryptographic erase. ISO/IEC 24759 FIPS 140-3 Section Title Security Level Section 6. [Number Below]

1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1

12 Mitigation of other attacks N/A

Table

  1. Security Levels 1.2. Acronyms Acronym Description CTRL Controller CPU Central Processing Unit (ARM-based) DRAM Dynamic Random Access Memory DRAM I/F Dynamic Random Access Memory Interface ECC Error Correction Code EDC Error Detection Code KAT Known-answer Test LBA Logical Block Address MEK Media Encryption Key PSID Physical Presence SID (Security Identifier) NAND NAND Flash Memory NAND I/F NAND Flash Interface NVMe Non-Volatile Memory Host Controller Interface Specification ROM Read-Only Memory Table
  2. Acronyms Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 5
  1. Cryptographic Module Specification 2.1. Hardware and Physical Cryptographic Boundary This firmware version, within the scope of this validation, must undergo validation through the FIPS 140-3 CMVP. Any other firmware loaded into this module is beyond the scope of this validation and requires a separate FIPS 140-3 validation. Below are photographs showing the cryptographic module views of each form factor. The multiple-chip embedded cryptographic module includes both hardware and firmware components. The cryptographic boundary of the M.2 module is defined as the physical perimeter of the PCB. Figure
  2. Specification of the PM9A3 M.2 Form Factor Cryptographic Boundary The E1.S and E1.L cryptographic modules are each enclosed in two aluminum alloy cases. These cases define the modules’ cryptographic boundary. Figure
  3. Specification of the PM9A3 E1.S Form Factor Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 6

Figure 3. Specification of the PM9A3 E1.L Form Factor Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 7

2.2. Module Cryptographic Boundary The PM9A3 series utilizes a single-chip controller with an NVMe interface for system side communication and integrates Samsung NAND flash memory for internal storage. The following figure depicts the module’s operational environment. Figure

  1. Block Diagram for Samsung NVMe TCG Opal SSC SEDs PM9A3 Series 2.3. Version information Distinguishing Model Hardware Version Firmware Version Features MZ1L2960HCJR-00AMV 960GB GDC76M4Q MZ1L21T9HCLS-00AMV 1.92TB GDC79M4Q MZ1L23T8HBLA-00AMV 3.84TB MZCL21T9HCJR-00AMV 1.92TB PM9A3 GDC62M4Q MZCL23T8HCLS-00AMV 3.84TB GDC63M4Q MZCL27T6HBLA-00AMV 7.68TB GDDB3M2Q MZEL215THBLA-00AMV 15.36TB GDDB4M2Q Table
  2. Cryptographic Module Tested Configuration Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 8

2.4. Cryptographic Functionality The module does not implement any "Non-Approved Algorithms Not Allowed in the Approved Mode of Operation". 2.4.1. Approved Algorithm The cryptographic module supports the following Approved algorithms for secure data storage: Description/ Mode/ CAVP Cert Algorithm and Standard Key Size(s)/ Use/Function Method Key Strength(s) A1157 AES / ECB 256 bits Prerequisite for AES-XTS (A1157) FIPS 197, SP 800-38A A1157 AES / XTS1 256 bits Data Encryption / Decryption FIPS 197, SP 800-38E A1153 DRBG / Hash_ DRBG N/A Deterministic Random Bit SP 800-90A Rev. 1 (SHA-256) Generation A1155 RSA / FIPS 186-4 SigVer 3072 bits Digital Signature Verification A1158 SHS / FIPS 180-4 SHA-256 N/A Message Digest Vendor CKG / SP 800-133 Rev. 2 Section 4 and N/A Cryptographic Key Generation Affirmed Section 6.1 (Symmetric keys which are direct unmodified outputs from the DRBG) N/A ENT (P) / SP 800-90B N/A N/A Non-deterministic Random Number Generator (only used for generating seed materials for the DRBG). Provides a minimum of 256 bits of entropy for DRBG seed. Table

  1. Approved Algorithms Note that not all algorithms/modes that appear on the module’s CAVP certificates are utilized by the module. Table 4 lists only the algorithms/modes that are utilized by the module. 2.4.2. Non-Approved Algorithm The following algorithms are not intended to be used as security functions, and not used whatsoever to meet any FIPS 140-3 requirements. These algorithms are not provided through a non-approved services to an operator. Algorithm Caveat Use / Function No Security Claimed; AES-XTS is only AES-XTS / used for firmware decryption during Firmware Decryption FIPS 197, SP 800-38E ROM initialized. AES-CCM / Key Encryption and Decryption FIPS 197, SP 800-38C No Security Claimed; Non-approved PBKDF2 algorithms here are only used for Key Derivation HMAC / encrypting or obfuscating the CSP. Key Derivation SHA-256 Table
  2. Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed 2.5. Approved Mode of Operation AES-ECB is the pre-requisite for AES-XTS; AES-ECB alone is NOT supported by the cryptographic module in approved mode. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 9

The module always defaults to an Approved mode of operation. To ensure it remains in this mode, operators must strictly follow the guidance outlined in section

  1. The user can verify the module's Approved status using the “Show Status” Service in Table 7 via the NVM Express Identify Controller command.
  2. Cryptographic Module Interfaces The module doesn’t support a Control output interface. Physical port Logical interface Data that passes over port/interface Data Input / Output Plaintext data; signed data; Commands input logically via an API; signals input logically or Control Input NVMe Connector physically via one or more physical ports Status information output logically via an API; signal outputs Status Output logically or physically via one or more physical ports Control Input Signals input logically or physically via one or more physical ports JTAG Signal outputs logically or physically via one or more physical Status Output ports Table
  3. Ports and Interfaces Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 10
  1. Roles, Services, and Authentication 4.1. Role The module does not support role authentication. Roles are implicitly assumed based on the service they are invoking. Role Service Input Output Show Status N/A Status Lock/Unlock an LBA Range LBA Range Status Erase an LBA Range’s Data LBA Range Status Cryptographic Update the firmware FW image binary Status Officer (CO) Get Random Number N/A Status IO Command LBA Status FormatNVM / Sanitize / DeleteNS LBA Range Status Revert PSID N/A Maintenance2 Diagnostics N/A N/A Table
  2. Roles, Service Commands, Input and Output 4.2. Approved Services The cryptographic module does not offer bypass capabilities. E: EXECUTE; W: WRITE; G: GENERATE; Z: ZEROISE Access Approved rights to Keys and/or Service Description Security Roles Keys and Indicator3 SSPs Functions SSPs E W G Z Show approved Cryptographic NVM Command: version status of Officer (CO) Identify Controller Show Status N/A N/A the module / FIPS command fail mode Result : Status Code UID: Block or allow Locking_GlobalRange / Lock/Unlock an read (decrypt) / N/A MEK4 O O Locking_RangeNNNN LBA Range write (encrypt) of TCG Method: Set user data. Result: TCG status code DRBG Internal O O UID: Hash_ DRBG State V value K_AES_256_GlobalRange (SHA-256) DRBG Internal Erase user data by O O _Key / Erase an LBA State C value changing the data K_AES_256_RangeNNNN Range’s Data CKG DRBG Seed O O encryption key. _Key DRBG Entropy O O TCG Method: GenKey ENT (P) Input String Result: TCG status code MEK O O O Erase user data in Hash_ DRBG DRBG Internal UID: SPObj(AdminSP) Revert O O all Range by (SHA-256) State V value TCG Method: Revert
2 Maintenance role is operator that is responsible for using the JTAG
3 The result of NVMe or TCG command is used as an indicator

4 Specified type of access of Lock/Unlock an LBA Range service to MEK was limited to only RAM

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 11

changing the data DRBG Internal Result: TCG status code encryption key, CKG O O State C value initialize range ENT (P) settings, and DRBG Seed O O reset PINs for DRBG Entropy TCG. O O Input String MEK O O O FW Admin Command: Update the Update the RSA Verification O Firmware Commit firmware firmware Key Result : Status Code DRBG Internal Hash_ DRBG O O State V value Provide a random (SHA-256) DRBG Internal UID: ThisSP Get Random number O O State C value TCG Method: Random Number generated by the CKG DRBG Seed O O Result: TCG status code CM. DRBG Entropy ENT (P) O O Input String NVM Command: Read/Write user IO Command AES-XTS MEK O Write / Read data Result : Status Code DRBG Internal O O Hash_ DRBG State V value Admin Command: (SHA-256) DRBG Internal FormatNVM / Erase user data by O O Format NVM / Sanitize / State C value Sanitize / changing the data Namespace CKG DRBG Seed O O DeleteNS encryption key. Management DRBG Entropy O O Result : Status Code ENT (P) Input String MEK O O O Perform Diagnostics N/A N/A Maintenance N/A Maintenance Table 8. Approved Services Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 12

5. Software/Firmware Security - The cryptographic module employs a 428-byte error detection code for firmware integrity testing, which is performed during power-on reset. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 13

6. Operational Environment - The cryptographic module operates in a limited operational environment, consisting of the module’s firmware. This limited operational setting does not require any specific security rules, settings/configurations, or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Firmware download is only available for CMVP validated firmware versions. Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. - Since the cryptographic module is zeroised through the procedure for using maintenance role, it is restricted preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 14
  1. Physical Security The following physical security mechanisms are implemented in the cryptographic module: • Production grade components. The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained: Physical Security Recommended Frequency Inspection/Test Guidance Details Mechanisms of Inspection/Test Production grade N/A N/A components Table
  2. Inspection/Testing of Physical Security Mechanisms The cryptographic module supports the Maintenance role. To assume the Maintenance role, operators must comply with the following rule: • The operator must zeroise all SSPs listed in the Table 10 by invoking the Revert service in the Table 8 and initiate the Power on reset before entering the Maintenance role. • To exit the Maintenance role, the operator must procedurally perform the Revert service in the Table 8 and perform a power-on reset of the module. To finish with, the operator performing the Show Status service in Table 8 confirms the original firmware version listed in the Table 3 remains unchanged. • The operator is responsible for managing the module's JTAG port and should conduct regular inspections associated with the enabled JTAG port as frequently as possible in order to prevent potential security risks such as potential code modifications with no firmware load test, reading and writing of register information or other impactful security changes. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 15

8. Non-Invasive Security - The module does not implement any non-invasive attack mitigation techniques. Therefore, this section is not applicable. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 16

9. Sensitive Security Parameter Management - Temporary SSPs and SSPs stored in volatile memory are automatically zeroized upon power-on reset. - The module performs zeroization by overwriting the target SSP with random values generated by the DRBG. - The module does not import or export SSPs. Key / Security Use & SSP Function Import / Strength Generation Establishment Storage Zeroisation related Name / and Cert. Export keys Type Number Hash_ DRBG Implicitly DRBG SP 800-90A Internal Plaintext zeroised by 440-bit (SHA- HASH_DRBG N/A N/A MEK State V in RAM Power on 256) / (SHA-256) value reset A1153 Hash_ DRBG Implicitly DRBG SP 800-90A Internal Plaintext zeroised by 440-bit (SHA- HASH_DRBG N/A N/A MEK State C in RAM Power on 256) / (SHA-256) value reset A1153 Hash_ Implicitly DRBG DRBG Plaintext zeroised by N/A (SHA- ENT (P) N/A N/A MEK Seed in RAM Power on 256) / reset A1153 Hash_ DRBG Implicitly DRBG Entropy Plaintext zeroised by N/A (SHA- ENT (P) N/A N/A MEK Input in RAM Power on 256) / String reset A1153 Implicitly zeroised by Power on reset / Explicitly Plaintext zeroised via in RAM “Unlock an LBA Range” service and Data indicate SP 800-90A encryption AES-XTS / with its MEK 256-bit HASH_DRBG N/A N/A and A1157 indicator (SHA-256) decryption Explicitly of user data zeroised via “Erase an LBA Range’s Plaintext Data”, in Flash “Revert” and “FormatNV M/ Sanitize / Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 17

DeleteNS” services and indicate with their indicators Implicitly zeroised by Generated Power on Firmware during the reset and Plaintext Verificati RSA / manufacturing after Firmware 128-bit N/A N/A in HW A1155 process, is completion Load Test on Key5 SFR6 included as of “Update part of the FW. the firmware” service Table

  1. SSPs - The module contains an entropy source, compliant with SP 800-90B, within the module’s cryptographic boundary. Minimum number of bits Entropy sources Details of entropy ENT (P) 0.5 entropy per bit7 Entropy source for Hash_DRBG Table
  2. Non-Deterministic Random Number Generation Specification
5 This is not considered an SSP.

6 HW SFR (Special Function Register) is a register within a hardware cryptographic algorithm IP, which has characteristic of volatile memory.

7 Estimated amount of entropy per the source’s output bit is 0.841621 and Samsung conservatively claims to be set at 0.5 per bit.

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 18
  1. Self-Tests All cryptographic algorithm self-tests are executed during power-on. While executing the following self-tests, all data output is inhibited until the self-test completes. To execute the pre-operational tests on-demand, the operator may power-cycle the module. Cryptographic algorithm self-tests are performed prior to the approved algorithms’ first use. If a cryptographic module fails a self-test, the module will enter an error state. While in this state, all data output is inhibited. 10.1. Pre-Operational Test Algorithm Type Description Firmware Firmware integrity test is performed by using 428 byte error EDC integrity test correction code (ECC) at power-on. Table
  2. Pre-operational Self-tests 10.2. Conditional Test Algorithm Type Description Duplicate Key Test for AES-XTS described in FIPS 140-3 IG C.I (i.e. key_1 ≠ AES Critical function test key_2) when key is generated Cryptographic KAT: AES-256 XTS mode encryption and decryption AES algorithm self-test Cryptographic KAT: AES-256 ECB mode encryption and decryption AES algorithm self-test Cryptographic KAT: SHA-256 hash digest SHS algorithm self-test Cryptographic KAT: RSA-3072 verification is performed before firmware load test RSA algorithm self-test RSA-3072 with SHA-256 signature verification is performed if new FW is RSA Firmware load test downloaded. Cryptographic KATs: HASH-DRBG(SHA2-256), SP 800-90A Health testing on Instantiate, DRBG algorithm self-test Generate and Reseed functions Cryptographic Startup and Conditional SP800-90B Heath tests: Repetition count test, ENT (P) algorithm self-test Adaptive proportion test Table
  3. Conditional Self-tests The cryptographic module enters the error state upon failure of Self-tests. All commands from the Host (General Purpose Computer (GPC) outside the cryptographic boundary) are rejected in the error state and the cryptographic module returns an FIPS Fail Mode (SC=0x6, SCT=0x0) defined in NVMe specification via the status output. Cryptographic services and data output are explicitly inhibited when in the error state. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 19

11. Life-Cycle Assurance The cryptographic module operates in the Approved mode of operation by default once shipped from the vendor’s manufacturing site and does not support a non-approved mode of operation. The following guidance in section 11.1 describes the rules for secure installation and operation which the operator shall follow to operate the cryptographic module in a FIPS 140-3 security level 1 compliant manner. 11.1. Secure Installation

Page 20

12. Mitigation of Other Attacks The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy