| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 11/4/2029 |
| Caveat | When installed, initialized and configured as specified in Section 2.4 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy. |
| Vendor | SK hynix NAND Product Solutions Corp (d/b/a Solidigm) |
| Algorithm | ACVP Cert |
|---|---|
| AES-ECB | A2879 |
| AES-ECB | A2881 |
| AES-KW | A2881 |
| AES-XTS Testing Revision 2.0 | A2879 |
| HMAC DRBG | A2881 |
| HMAC-SHA2-256 | A2881 |
| KDF SP800-108 | A2881 |
| RSA SigVer (FIPS186-4) | A2880 |
| RSA SigVer (FIPS186-4) | A2881 |
| SHA2-256 | A2880 |
| SHA2-256 | A2881 |
flowchart LR
%% Deterministic review-risk graph for Solidigm® P5520 SSD (ADP-RR)
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>show status<br/>Status output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Solidigm® P5520 SSD (ADP-RR)
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>show status<br/>Status output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Solidigm® P5520 SSD (ADP-RR) Security Policy Solidigm® Corporation Solidigm® P5520 SSD (ADP-RR) FIPS 140-3 Cryptographic Module Version: 1.3 Date: July 28, 2025 Prepared by: www.acumensecurity.net
Solidigm® P5520 SSD (ADP-RR) Security Policy Table of Contents
Solidigm® P5520 SSD (ADP-RR) Security Policy List of Tables Table 4 - Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security List of Figures
Solidigm® P5520 SSD (ADP-RR) Security Policy © 2025 Solidigm® Corporation. This document can be reproduced and distributed only whole and
Solidigm® P5520 SSD (ADP-RR) Security Policy About FIPS 140-3 Federal Information Processing Standards Publication 140-3
Solidigm® P5520 SSD (ADP-RR) Security Policy 1. General
This document describes the cryptographic module security policy for the Solidigm® P5520 SSD (ADP-RR), Hardware and Firmware versions described in Table 2. It contains specification of the security rules, under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-3 standard.
The Solidigm® P5520 SSD (ADP-RR) is a hardware module in a multi-chip embedded embodiment which provides data-at-rest protection, using AES-XTS-256 to encrypt user data prior to being written to media. Authentication and access controls in the module are provided by the Opal Storage Specification (v2.01) by the Trusted Computing Group Storage Workgroup. The module is designed to be installed in a data center environment configured as a Single Port NVMe storage device. The following table lists the level of validation for each area in FIPS 140-3: ISO/IEC 24759 FIPS 140-3 Section Title Security Level Section 6 [Number Below]
Table 1 - Security Levels The module meets the overall Security Level 2 requirements. The Module implementation is compliant with:
Solidigm® P5520 SSD (ADP-RR) Security Policy
Solidigm® P5520 SSD (ADP-RR) Security Policy 2. Cryptographic Module Specification The multi-chip embedded Module, pictured below in Figure 1, is intended for use by US Federal agencies and other markets that require FIPS 140-3 validated Self Encrypting Solid State Disks. Figure 1
Solidigm® P5520 SSD (ADP-RR) Security Policy Figure 3- E1.L Module Picture (Top Side with secured black latch) Figure 4
Solidigm® P5520 SSD (ADP-RR) Security Policy Figure 6
The module was tested in two different form factors (U.2 and E1.L), each with two different capacities. Hardware Distinguishing Model [Part Number and Firmware Version Features Version] U.2 2.5”x 15mm drive P/N: SSDPF2KX019T1T in 1920GB capacity, Ver: M16410-10102 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KX038T1T in 3840GB capacity, Ver: M16414-10102 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded Solidigm® P5520 SSD U.2 2.5”x 15mm drive P/N: SSDPF2KX076T1T in 7680GB capacity, Ver: M16427-10102 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KX153T1T in 15360GB capacity, Ver: M17283-10009 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded
Solidigm® P5520 SSD (ADP-RR) Security Policy Hardware Distinguishing Model [Part Number and Firmware Version Features Version] U.2 2.5”x 15mm drive P/N: SSDPF2KE016T1T in 1600GB capacity, Ver: M16410-10102 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KE032T1T in 3200GB capacity, Ver: M16414-10102 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KE064T1T in 6400GB capacity, Ver: M16427-10102 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm in P/N: SSDPF2KE128T1T 12800GB capacity, Ver: M17283-10009 with 1.4.0 Intel or Solidigm TEL P/N: M52551-001 branded P/N: SSDPFWKX153T1D E1.L 9.5 mm drive in Ver: M21006-10101 with 15360GB capacity, 9CV10490 TEL P/N: M45818-002 and Intel or Solidigm Latch P/N: AA0015502 branded U.2 2.5”x15mm drive P/N: SSDPF2KX019T1X in 1920GB capacity, Ver: M16410-10102 with 9CV10490/9CV10510 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KX038T1X in 3840GB capacity, Ver: M16414-10102 with 9CV10490/9CV10510 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KX076T1X in 7680GB capacity, Ver: M16427-10102 with 9CV10490/9CV10510 Intel or Solidigm TEL P/N: M52551-001 branded U.2 2.5”x 15mm drive P/N: SSDPF2KX153T1X in 15360GB capacity, Ver: M17283-10009 with 9CV10490/9CV10510 Intel or Solidigm TEL P/N: M52551-001 branded Table 2 - Cryptographic Module Tested Configuration
The Module implements the Approved cryptographic functions listed in the table below.
Solidigm® P5520 SSD (ADP-RR) Security Policy CAVP Algorithm and Mode/Method Description / Key Use / Function Cert1 Standard Size(s) / Key Strength(s) A2881 AES [FIPS 197, SP ECB 256 bits Encryption and Decryption of 800-38A] encryption Keys A2881 AES [FIPS 197, SP KW 256 bits Encryption and Decryption of the 800-38F] Keys for key storage A2879 AES [FIPS 197, SP XTS, ECB2 256 bits XTS Encryption and Decryption 800-38A, SP 800- operations within storage 38E] applications Vendor CKG [SP 800-133, Section 4, 6.1, 256 bits Direct seed and symmetric key Affirmed rev 2] 6.2 generation using unmodified DRBG IG D.H output A2881 DRBG [SP 800-90A, HMAC_DRBG 256 bits Generate random bits used to rev 1] create cryptographic keys ENT ENT (P) [SP 800- Physical entropy Entropy Source Broadcom TRNG 90B] source A2881 HMAC [FIPS 198-1] HMAC-SHA2- 256 bits HMAC-DRBG, KBKDF, KDF A2881 KBKDF [SP 800-108, Counter Mode 256 bits Used to derive symmetric rev 1] encryption keys used internal to the drive A2881 PBKDF [SP 800- KDF with Option 256 bits Used as part of authentication of 132] 1a Cryptographic Officer role - HMAC-based Note: The keys derived from KDF using SHA2passwords are only used for storage applications -10,0003 iteration count A2880 RSA [FIPS 186-4 sigVer PKCS1.5 2048 bits Digital Signature Verification and PKCS #1 v2.1 with SHA2-256 (Firmware Integrity test) (PKCS1.5)] A2881 RSA [FIPS 186-4 sigVer PKCS1.5 2048 bits Digital Signature Verification and PKCS #1 v2.1 with SHA2-256 (Firmware Download, Maintenance (PKCS1.5)] authentication) A2880 SHS [FIPS 180-4] SHA2-256 N/A Hashing for Digital Signature Verification for the integrity test A2881 SHS [FIPS 180-4] SHA2-256 N/A Hashing for Digital Signature Verification, HMAC DRBG, Key Based-KDF operations Table 3
Solidigm® P5520 SSD (ADP-RR) Security Policy Algorithm Caveat Use/Function AES-CTR (non-compliant) Used for added protection of Used to wrap key data stored keys but is not required (Encrypted Key Blob) using a for security non-SSP. Note, this algorithm was CAVP tested but is not used in a way that claims security. Table 4 - Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed The module does not implement any of the following algorithms:
The cryptographic boundary is defined as the external perimeter of the SSD enclosure and is composed of the following components:
The Module ships from the manufacturing facility with either the Approved firmware identified in Table
To determine if a module is using an Approved firmware version, the Compliance Descriptor will be retrieved via the Read Compliance (show status) service and the following information will be verified (Note: Byte references below are from a starting index of zero):
Solidigm® P5520 SSD (ADP-RR) Security Policy
Solidigm® P5520 SSD (ADP-RR) Security Policy
The Module design corresponds to the Module security rules. This section documents the security rules enforced by the cryptographic Module to implement the security requirements of this FIPS 140-3 Level 2 Module.
Solidigm® P5520 SSD (ADP-RR) Security Policy
Solidigm® P5520 SSD (ADP-RR) Security Policy Power interface Power interface UART Control input UART interface for Debug (available with latch removal in E1.L) Status output UART interface for Debug (available with latch removal in E1.L) LED (E1.L only) Status output Signals to illuminate module LED status Table 5
Solidigm® P5520 SSD (ADP-RR) Security Policy 4. Roles, Services, and Authentication
The Module supports three (3) distinct roles: Cryptographic Officer (CO), User, and Maintenance roles. The cryptographic Module enforces the separation of CO and User roles using a credential (named password or PIN) that is provisioned for the administrator (CO) role as part of taking ownership and personalization of the Opal security subsystem. The credential is verified as part of authentication as the specific role during session startup to the Opal Security Subsystem. Access control over configuration mechanisms under control of the administrator is enforced by the Module firmware. The Maintenance role is entered via authentication of an RSA 2048-bit challenge/response protocol with 512-bit nonce and PSID verification (to prove physical presence). This role grants maintenance and recovery capabilities to the Module implementer. The PSID is a unique identifier of each device and is classified as a non-CSP. A unique PSID value is printed on each device label and stored in the module’s OTP. No security is claimed from this value but is used solely to prove physical presence. It is feasible for the Module to process concurrent operations by roles. However, the Module can only support one Opal session at a time. This implies that authentication to the Module by various roles must be serialized. Once authenticated, various roles may interact with the Module simultaneously. As an example, the CO role may perform administrative tasks while the User role is simultaneously reading and writing data to the module. Role Service Input Output Cryptographic
Solidigm® P5520 SSD (ADP-RR) Security Policy Role Service Input Output
Solidigm® P5520 SSD (ADP-RR) Security Policy Role Service Input Output User (Opal
Solidigm® P5520 SSD (ADP-RR) Security Policy Role Authentication Method Authentication Strength verification (to prove The security strength of the physical presence) authentication method is greater than
Therefore, the probability of a random attempt of generating a matching signed challenge is 1/2^112 which is smaller than 1/10^6
All services implemented by the Module in Approved mode are listed in Table 7 below. Each service description also describes all usage of CSPs by the service. The service names highlighted in bold can be called in the uninitialized state. Note:
Solidigm® P5520 SSD (ADP-RR) Security Policy Service Description Approved Security Keys and/or Roles Access rights to Keys Indicator Functions SSPs and/or SSPs Take Obtain the default PBKDF2 AdminSP SID, CO W Compliance descriptor Ownership credential (SID = MSID) for Salt and success return the Opal and configure code the Opal credential to a unique value (SID != MSID) Data Protects access to the AES-XTS MEK CO, U E Compliance descriptor Encryption/Dec Media Encryption Keys and success return ryption stored in the Module in code ciphertext form The cryptographic officer or user password is used to generate an intermediate key (Pkey) which is used to unwrap a Key Ring Encryption Key which is then used to unwrap the Media Key Encryption Key which is then used to unwrap the Media Encryption Key Activate Opal Enable through TCG Opal PBKDF2, AES-KW, User CO G, E Compliance descriptor Activate command AES-ECB, KBKDF, Password, and success return HMAC, SHS User PKey, code User KREK, MKEK, Opal Admin PKey, Opal Admin KREK
Solidigm® P5520 SSD (ADP-RR) Security Policy Service Description Approved Security Keys and/or Roles Access rights to Keys Indicator Functions SSPs and/or SSPs Change Admin Change any password in PBKDF2 Opal Admin CO G, E Compliance descriptor Password AdminSP PKey and success return code Zeroise/Admin Destroy user data (TCG DRBG, ENT, HMAC, All CSPs CO Z Compliance descriptor SP Revert Revert) SHS and success return code Disable Disable authorities to PBKDF2 Opal Admin CO E Compliance descriptor Authorities make them invalid and no KREK and success return longer able to code authenticate to the drive Enable Enable authorities to PBKDF2 Opal Admin CO E Compliance descriptor Authorities make them valid for a user KREK and success return to be able to authenticate code to the drive Configure Configure locking ranges PBKDF2 User KREK CO, U (if G Compliance descriptor Locking Ranges in the CM enabled by and success return CO) code Format NVM/ Destroy any data PBKDF2, DRBG, ENT, MEK, MKEK, CO, U G, E Compliance descriptor Crypto Erase (changing key) HMAC, SHS, CKG, AES- Device Root and success return CTR Key (Non- code SSP), Ephemeral Blob Encryption Key (NonSSP), DRBG-EI, DRBG-Seed, DRBG-State
Solidigm® P5520 SSD (ADP-RR) Security Policy Service Description Approved Security Keys and/or Roles Access rights to Keys Indicator Functions SSPs and/or SSPs TCG RevertSP Revert and keep data PBKDF2, AES-KW, AES- MKEK, User CO Z, E Compliance descriptor and Keep Data Reset all configuration ECB, KBKDF, HMAC, KREK and success return data in the locking SP but SHS code do not destroy user data in the Global Range Set Data Store Set data store
Solidigm® P5520 SSD (ADP-RR) Security Policy Service Description Approved Security Keys and/or Roles Access rights to Keys Indicator Functions SSPs and/or SSPs Maintenance The module allows the RSASSA-PKCS1-v1.5, RSA Public MR E Compliance descriptor FW Update firmware to be updated SHS ADU and success return through a vendor unique Verification code command in the event of Key, RSA a firmware failure Public This authentication Firmware mechanism is used to Verification verify the firmware using Key RSASSA-PKCS1-v1.5 signature verification with SHA2-256 and the internal RSA Public FW Verification Key Module Reset Reset the Module by N/A N/A CO, U N/A N/A power cycle, or (Self-Test) performing NVMe Controller or NVM Subsystem reset Performs self-tests, firmware integrity check Low Power Place the module into a CKG [SP 800-133, REK CO, U G, E The module stops State Entry low power state rev2] MEK processing commands AES KW [SP800-38F] from the host Low Power Resume the module from AES KW [SP800-38F] REK CO, U E The module resumes State Exit the low power state MEK processing commands from the host
Solidigm® P5520 SSD (ADP-RR) Security Policy Service Description Approved Security Keys and/or Roles Access rights to Keys Indicator Functions SSPs and/or SSPs Read Query the module for N/A N/A CO, U N/A N/A Compliance configuration information (show status) by reading the TCG defined Level 0 Feature Descriptor, the NVMe defined Identify command, and the T10 Compliance Descriptor as defined in [SFSC]. This service provides the module version information. Firmware Download new firmware RSASSA-PKCS1-v1.5, RSA Public CO, U, MR E Compliance descriptor Update images to the module SHS Firmware and success return using NVMe defined Verification code Firmware Download and Key Commit commands NVMe-MI Basic Retrieves drive status N/A N/A U N/A N/A Management (status flags, SMART Command warnings, temperature, VID, serial number, etc.) NVMe Issue administrative N/A N/A U N/A N/A Administration commands (not previously mentioned) to the module, as defined in the NVMe specification This may include Vendor Unique public commands that are in compliance with the NVMe specification
Solidigm® P5520 SSD (ADP-RR) Security Policy Service Description Approved Security Keys and/or Roles Access rights to Keys Indicator Functions SSPs and/or SSPs Block SID Allows host pre-OS PBKDF2 AdminSP SID CO E Compliance descriptor application to lock access and success return to the SID authority by code subsequently loaded host software MBR Shadow Read/write Pre-Boot PBKDF2 AdminSP SID CO E Compliance descriptor Application (PBA) to a and success return reserved area of Module code non-volatile memory Table 8
Solidigm® P5520 SSD (ADP-RR) Security Policy
Solidigm® P5520 SSD (ADP-RR) Security Policy 6. Operational Environment This section is not applicable to the module.
Solidigm® P5520 SSD (ADP-RR) Security Policy
Solidigm® P5520 SSD (ADP-RR) Security Policy Figure 7 - U.2 Module Seal Application Locations - Front Figure 8 - E1.L Module (Intel Branded) Seal Application Locations -- Back
Some modules may be shipped without the required tamper- evident seals. The tamper-evident seals shall be installed for the module to operate in Approved mode of operation. To convert the module to Approved mode of operation, the following procedure must be followed to apply the provided seals to the module:
Solidigm® P5520 SSD (ADP-RR) Security Policy Figure 9 - Applying Tamper-Evident Seals EFP/EFT testing of the module is not applicable as the module does not claim Security Level 3 or above. 8. Non-invasive Security This section is not applicable to the module.
Solidigm® P5520 SSD (ADP-RR) Security Policy 9. Sensitive Security Parameter Management Key/SSP Strength Security Generation Import/ Establishment Storage Zeroisation Use & related keys Name/Type Function and Export Cert. Number DRBG-EI 256 DRBG [SP 800- ENT (P) N/A N/A Volatile Cleared DRBG entropy input used to (CSP) 90A, rev1] (Whenever memory automatically derive the DRBG-Seed (#A2881) encryption (plaintext) after key keys are derivation derived by operation the module) completes or Reset DRBG-State 256 DRBG [SP 800- DRBG N/A N/A Volatile Cleared HMAC_DRBG internal state (CSP) 90A, rev1] (Whenever memory automatically (V and Key) derived from (#A2881) encryption (plaintext) after key the DRBG-Seed keys are derivation derived by operation the module) completes or Reset DRBG-Seed 256 DRBG [SP 800- DRBG N/A N/A Volatile Cleared DRBG HMAC seed derived (CSP) 90A, rev1] (Whenever memory automatically from the DRBG_EI (#A2881) encryption (plaintext) after key keys are derivation derived by operation the module) completes or Reset Opal Admin 256 AES KW KBKDF [SP N/A N/A ASIC AdminSP Opal Admin Key Ring KREK (CSP) [SP800-38F] 800-108, internal Revert Encryption Key is used to (#A2881) rev1] (At TCG memory protect/encrypt the Admin Opal (plaintext), Locking Range Key Ring(s) Activation NAND (encrypted with Opal
Solidigm® P5520 SSD (ADP-RR) Security Policy Admin Pkey) AdminSP Varies, must PBKDF2 [SP External to Import: N/A Temporaril Internally AdminSP SID (Password)is SID (CSP) be of 800-132] the module Plaintext y in volatile zeroized once used to authenticate the CO minimum (#A2881) (By the CO (electroni memory the Admin has and is used to derive the length of 8 role) cally) (plaintext) been Opal Admin PKey bytes Export: authenticated enforced by N/A the module Opal Admin 256 AES KW PBKDF2 [SP N/A N/A ASIC Internally Admin password Key used PKey (CSP) [SP800-38F] 800-132] - internal zeroized once to encrypt / decrypt Opal (#A2881) Derived from volatile the Admin has Admin KREK and is derived admin memory been from the AdminSP SID password (plaintext) authenticated and salt (During Authenticati on) MEK (CSP) 256 AES XTS CKG [SP 800- N/A N/A ASIC From ASIC Media Encryption Keys are [SP800-38E] 133, rev2] internal internal used to protect user data CKG [SP 800- volatile memory when stored to non-volatile 133, rev2] memory during Power memory (#A2879) (plaintext), Cycle, Hard NAND Reset, (encrypted Maintenance by MKEK) Mode From NVM at Opal Activation and Crypto Erase commands, or issuance of NVMe Format
Solidigm® P5520 SSD (ADP-RR) Security Policy NVM, Crypto Erase, or Sanitize commands MKEK (CSP) 256 AES KW CKG [SP 800- N/A N/A ASIC From ASIC Media Key Encryption Keys [SP800-38F] 133, retv2] internal internal are used to protect Media CKG [SP 800- volatile memory Encryption Keys (MEKs) 133, rev2] memory during Power (#A2881) (plaintext), Cycle, Hard NAND Reset, (encrypted Maintenance by User Mode KREK) From NAND at TCG Opal Activation or Reactivate User KREK 256 AES KW KBKDF [SP N/A N/A ASIC On AdminSP User Key Ring Encryption (CSP) [SP800-38F] 800-108, internal Revert Key is used to protect the (#A2881) rev1] (During volatile MKEK Opal memory Activation; (plaintext), During User NAND Locking (encrypted Range with User Creation) PKey) User Varies, must PBKDF2 [SP Externally Import: N/A Temporaril Internally Opal User password is used Password be of 800-132] (By the User Plaintext y in volatile zeroized once to authenticate the User (CSP) minimum (#A2881) role) (electroni memory the User has and is used to derive the length of 8 cally) (plaintext) been User PKey bytes Export: authenticated enforced by N/A the module
Solidigm® P5520 SSD (ADP-RR) Security Policy User PKey 256 AES KW PBKDF2 [SP N/A N/A ASIC Power Cycle, User password Key used to (CSP) [SP800-38F] 800-132] internal Hard Reset, encrypt / decrypt User KREK (#A2881) Derived from volatile Maintenance user memory Mode password (plaintext) and salt (During Authenticati on) Reset 256 AES KW CKG [SP 800- N/A N/A ASIC Power Cycle, Reset Ephemeral Key Ephemeral [SP800-38F] 133, rev2] At internal Hard Reset, enables recovery of Media Key (REK) CKG [SP 800- Power on of volatile Maintenance Encryption Keys across Low (CSP) 133, rev2] the Device memory Mode Power transitions (#A2881) (plaintext) RSA Public 112 RSA Key External N/A N/A Burned N/A 2048-bit RSA public Key Firmware Verification into (Protected used to verify the RSA Verification [FIPS 186-4 and Hardware from Signature of the Module’s Key (PSP) PKCS #1 v2.1 ROM modification main firmware (on Boot and (PKCS1.5)] (plaintext) and stored Firmware Download / (#A2880, with an Commit) #A2881) integrity value per IG 9.7.A) Salt (CSP) 160 PBKDF2 [SP DRBG [SP N/A N/A ASIC On AdminSP PBKDF2 Salt, 20-byte value 800-132] 800-90A, internal Revert (#A2881) rev1] volatile Whenever memory symmetric (plaintext), encryption NAND keys are (encrypted) generated by the module RSA Public 112 RSA Signature External Import: N/A Built into N/A 2048-bit RSA public Key ADU Verification (Built into Plaintext firmware (Protected used to verify the signature [FIPS 186-4 and in binary
Solidigm® P5520 SSD (ADP-RR) Security Policy Verification PKCS #1 v2.1 firmware firmware from of the request to unlock the Key (PSP) (PKCS1.5)] binary) image modification) drive for diagnostic access ( #A2881) Table 10
Solidigm® P5520 SSD (ADP-RR) Security Policy Entropy sources Minimum number of bits of Details entropy SP 800-90B compliant ENT (P) 0.259 bits of min entropy per bit Physical noise source from the The DRBG is seeded with 2048 Broadcom TRNG used to seed bits of random data providing the DRBG approximately 530 bits of entropy. Table 11
Solidigm® P5520 SSD (ADP-RR) Security Policy 10. Self-Tests Each time the Module is powered up, it tests that the cryptographic algorithms operate correctly, and that sensitive data has not been damaged. Pre-operational and conditional cryptograph algorithm tests are available on demand by power cycling the Module or the Module Reset service. On power-up or reset, the Module performs the Self-Tests described below. All Cryptographic Algorithm Self-Tests (CASTS) must be completed successfully prior to any other use of cryptography by the Module. If one of the CASTs fails, the Module enters an error state requiring reset of the Module. The module uses RSA 2048 with SHA2-256 to satisfy the pre-operational integrity self-test requirement. Pre-operational Software/Firmware Description Integrity Test RSA Integrity Test Signature verification with RSA 2048 bit key and SHA2-256 (Cert. #A2880) Conditional Self-Tests Description Test Target AES-CTR (Cert. #A2881) CASTs: Encryption in CTR mode with 256 bit key KAT, Decryption in CTR mode with 256 bit key KAT AES-KW (Cert. #A2881) CASTs: Encryption in KW mode with 256 bit key KAT, Decryption in KW mode with 256 bit key KAT AES-XTS (Cert. #A2879) CASTs: Encryption in XTS mode with 256 bit key KAT, Decryption in XTS mode with 256 bit key KAT DRBG (Cert. #A2881) CASTs: HMAC DRBG (inclusive of instantiate, generate and reseed) PBKDF (Cert. #A2881) CASTs: Key Derivation Iterations: 10,000 KBKDF (Cert. #A2881) CASTs: HMAC-SHA2-256 Key Derivation KAT RSA (Cert. #A2881) CASTs: Signature Verification with 2048 bit key and SHA2-256 SP 800-90B Health NIST SP 800-90B ENT Health Tests, per SP 800-90B Section 4.5 Tests
Solidigm® P5520 SSD (ADP-RR) Security Policy Firmware Load Test Firmware signature verification based on RSA PKCS#1 v1.5 with SHA2-256 and 2048-bit key. Key Equality Check When an XTS key is generated, the module verifies that Key1!=Key2 If a self-test fails, the Module will indicate the following information:
Solidigm® P5520 SSD (ADP-RR) Security Policy 11. Life-Cycle Assurance
The module is shipped using a certified mail carrier. The shipping container protecting the module or set of modules in transit should be verified for tamper evidence. The module is shipped in a shipping container with yellow tape. The tape should be sealing the container. Additionally, the module is contained within a clamshell with seals that should be inspected for tampering. If the shipping container or clamshell appears to be tampered with, the CO should contact Solidigm.
On receipt of the Module, the CO should examine the product to ensure it has not been tampered with during shipping according to the procedures outlined in the Section 7. Upon verification that the Module has not been tampered with, the user should initialize the module as described in Section 2.4.
See instructions in section 2.4 for module start-up information.
Solidigm® P5520 SSD (ADP-RR) Security Policy 12. Mitigation of Other Attacks This module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3.
Solidigm® P5520 SSD (ADP-RR) Security Policy References and Definitions The following standards are referred to in this Security Policy. Abbreviation Full Specification Name [ISO/IEC 19790] Information technology - Security techniques - Security requirements for cryptographic modules, June 25, 2014 [SP800-140C] CMVP Approved Security Functions [SP800-131Arev2] Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, March 2019 [TCG-OPAL] Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00 [SFSC] Information technology
Solidigm® P5520 SSD (ADP-RR) Security Policy Acronym Definition SSD Solid State Drive SID Secure ID TCG Trusted Computing Group XTS XEX Tweakable Block Cipher with Ciphertext Stealing