| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 11/13/2026 |
| Caveat | Interim Validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service |
| Vendor | Samsung Electronics Co., Ltd. |
flowchart LR
%% Deterministic review-risk graph for Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series Document Version: 1.1 H/W Version: MZWLO1T9HCJR-00AD9 [1, 4], MZWLO3T8HCLS-00AD9 [1, 4], MZWLO7T6HBLA-00AD9 [1, 4], MZWLO15THBLA-00AD9 [1, 4], MZWLO1T6HCJR-00AD9 [1, 4], MZWLO3T2HCLS-00AD9 [1, 4], MZWLO6T4HBLA-00AD9 [1, 4], MZWLO12THBLA-00AD9 [1, 4], MZWLO1T9HCJR-00AH9 [2], MZWLO3T8HCLS-00AH9 [2], MZWLO7T6HBLA-00AH9 [2], MZWLO15THBLA-00AH9 [2], MZWLO1T9HCJR-00AH8 [3], MZWLO3T8HCLS-00AH8 [3], MZWLO7T6HBLA-00AH8 [3], MZWLO15THBLA-00AH8 [3] F/W Version: OPP90D5Q [1], 3P00 [2], 3R00 [3], 3.1.0 [4]
Revision History Version Change
Samsung Electronics Co., Ltd.
| # | Section | Page |
|---|
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 2
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
Table
Figure
2.3. Cryptographic Functionality 2.3.1. Approved Algorithm1 The cryptographic module supports the following Approved algorithms for secure data storage: Description/ CAVP Mode/ Key Size(s)/ Algorithm and Standard Use/Function Cert Method Key Strength(s) A4661 AES-ECB / ECB 256-bit keys Prerequisite for AES-XTS FIPS 197, SP 800-38A with 256-bit (A4661) key strength A4661 AES-XTS / XTS2 256-bit keys Data Encryption / Decryption FIPS 197, SP 800-38E with 256-bit key strength A4662 AES-ECB / ECB 256-bit keys Prerequisite for Counter FIPS 197, SP 800-38A with 256-bit DRBG (A4662) key strength A4662 Counter DRBG / CTR_ DRBG3 AES 256 bits All Cryptographic Key SP 800-90Arev1 (AES-256) with Generation for version Derivation ‘OPP90D5Q’ and ‘3.1.0’ Function firmware Enabled A4846 AES-ECB / ECB 256-bit keys Prerequisite for Counter FIPS 197, SP 800-38A with 256-bit DRBG (A4846) key strength A4846 Counter DRBG / CTR_ DRBG4 AES 256 bits All Cryptographic Key SP 800-90Arev1 (AES-256) with Generation for version ‘3P00’ Derivation and ‘3R00’ firmware Function Enabled A4663 AES-ECB / ECB 256-bit keys Prerequisite for AES-GCM FIPS 197, SP 800-38A with 256-bit (A4663) key strength A4663 AES-GCM / GCM5 256-bit keys Key Encryption / Decryption FIPS 197, SP 800-38D with 256-bit key strength IV: 96 bits A4663 ECDSA SigVer / FIPS 186-4 ECDSA SigVer Curve P-384 Digital Signature Verification with SHA2A4663 HMAC-SHA2-256 / FIPS 198-1 HMAC6 256-bit keys Message Authentication HMACSHA2-256 with λ=256
1 Not all algorithms/modes that appear on the module’s CAVP certificates are utilized by the module.
2 AES-ECB is the pre-requisite for AES-XTS (#4661); AES-ECB alone is NOT supported by the cryptographic module in Approved Mode.
3 AES-ECB is the pre-requisite for Counter DRBG (#4662); AES-ECB alone is NOT supported by the cryptographic module in Approved Mode.
4 AES-ECB is the pre-requisite for Counter DRBG (#4662); AES-ECB alone is NOT supported by the cryptographic module in Approved Mode.
5 2nd technique of IG C.H for generating an IV is implemented in this module. In other words, Key and IV are generated internally using by
approved CTR-DRBG (A4662 and A4846). And AES-ECB is the pre-requisite for AES-GCM (#4663); AES-ECB alone is NOT supported by the cryptographic module in Approved Mode.
6 HMAC is the pre-requisite for PBKDF2 (#4663); HMAC alone is NOT supported by the cryptographic module in Approved Mode.
Samsung Electronics Co., Ltd.
A4663 SHA2-256 / FIPS 180-4 SHA2-2567 SHA2-256 Message Digest A4663 SHA2-384 / FIPS 180-4 SHA2-384 SHA2-384 Message Digest A4663 PBKDF2 / HMAC 256 bits Key Derivation8 SP 800-132 SHA2-256 Option 2a using AES-GCM encryption Vendor CKG / SP 800-133rev2 Section 4 N/A Symmetric Cryptographic Key Affirmed Section 6.1 Generation Section 6.3 - ENT (P) / SP800-90B N/A N/A ENT (P) provides a minimum of 256 bits of entropy for DRBG seed materials in key generation. Table
7 SHA2-265 is the pre-requisite for PBKDF2 (#4663); SHA2-256 alone is NOT supported by the cryptographic module in Approved Mode.
8 The Iteration Count parameter is 281. It was set accordingly in order to meet the minimum response time required from the application while
maintaining acceptable performance. Samsung Electronics Co., Ltd.
Access right Approved Keys and/or to Keys Service Description Security Roles Indicator9 SSPs and/or SSPs Functions E W G Z A4663 CO Password O O O UID: AdminSP_SID_C_PIN / PBKDF2 AdminSP_Admin1_C_PIN Change the Change CO CPK O O O HMAC-SHA2- CO TCG Method: Set Password password
256 KPK O O O Result: TCG status code
SHA2-256 (Success: 00h) A4663 User Password O O O UID: LockingSP_Admin1~4_C_PIN / PBKDF2 Set User Set User CPK O O O LockingSP_User1~9_C_PIN HMAC-SHA2- User Password Password TCG Method: Set SHA2-256 KPK O O O Result: TCG status code (Success: 00h) Block or allow MEK O O UID: Locking_GlobalRange / Locking_RangeNNNN Lock/Unlock an read (decrypt) / A4663 KEK O O O TCG Method: Set LBA Range10 write (encrypt) AES-GCM of user data. KPK O O Result: TCG status code (Success: 00h) NVM Command: Encrypt / A4661 Write / Read IO Command11 Decrypt User MEK O AES-XTS CO, User Result: NVM Status Code data (Success: 00h) A4662/A4846 DRBG V O O O O UID: Erase user data CTR_ DRBG DRBG Key O O O O K_AES_256_GlobalRange_Key / Erase an LBA by changing the (AES-256) K_AES_256_RangeNNNN_Key Range’s Data data encryption DRBG Seed O O O O TCG Method: GenKey ENT (P) key. Result: TCG status code CKG MEK O O O (Success: 00h) Table 9. Approved Services - Authenticated - The following table displays unauthenticated services. Initially, it is possible to use the services in the table without authentication. The operator can configure settings that comply with NVM and TCG specifications. Access right Approved Keys and/or to Keys Indicator12 Service Description Security Roles SSPs and/or SSPs Functions E W G Z Show approved NVM Command: version status of Identify Controller command Show Status N/A N/A N/A the module / Result: NVM Status Code Error state (Success: 00h) CO Password O O O UID: AdminSP_SID / A4663 N/A AdminSP_Admin1 / User PBKDF2 O O O LockingSP_Admin1~4 / Authenticate Password Authentication HMAC-SHA2- LockingSP_User1~9 the module CPK O O O TCG Method: Authenticate SHA2-256 Result: TCG status code KPK O (Success: 00h)
10 This service can lock/unlock an “IO Command” Service that doesn’t require any authentication specified in the Role column.
11The “IO Command” service is unlocked in advance by using the “Lock/Unlock an LBA Range” service, which complies with IG 4.1.A Additional Comment 8. Power cycling the module re-locks this service.
12 The result of NVM or TCG command is used as an indicator. NVM status code is stated in NVM Express® Base Specification and TCG status
code is stated in TCG Storage Architecture Core Specification. Samsung Electronics Co., Ltd.
A4662/A4846 DRBG V O O O O Provide a UID: ThisSP CTR_ DRBG Get Random random number DRBG Key O O O O TCG Method: Random (AES-256) Number generated by Result: TCG status code the CM. DRBG Seed O O O O (Success: 00h) ENT (P) Entropy Input O O O O A4662/A4846 DRBG V O O O O CTR_ DRBG DRBG Key O O O O (AES-256) DRBG Seed O O O O Entropy Input O O O O Erase user data ENT (P) UID: SPObj(AdminSP) in all Range by A4663 TCG Method: Revert Revert changing the PBKDF2 Result: TCG status code data HMAC-SHA2- CPK O O O (Success: 00h) SHA2-256 MEK O O O CKG KEK O O O A4662/A4846 DRBG V O O O O CTR_ DRBG DRBG Key O O O O (AES-256) DRBG Seed O O O O ENT (P) Entropy Input O O O O Erase user data Admin Command: by changing the A4663 Format NVM FormatNVM data encryption PBKDF2 Result: NVM Status Code key. HMAC2-SHA- CPK O O O (Success: 00h) SHA2-256 MEK O O O CKG KEK O O A4662/A4846 DRBG V O O O O CTR_ DRBG DRBG Key O O O O (AES-256) DRBG Seed O O O O Entropy Input O O O O Admin Command: Erase user data ENT (P) Sanitize / Namespace Sanitize / by changing the A4663 Management DeleteNS data encryption PBKDF2 Result: NVM Status Code key. HMAC-SHA2- CPK O O O (Success: 00h) SHA2-256 MEK O O O CKG KEK O O O A4663 Admin Command: ECDSA, Firmware Update the Update the Firmware Commit Verification O firmware13 firmware Result: NVM Status Code A4663 Key (Success: 00h) SHA2-384 All cryptographic The module enters operational Power cycling algorithms state upon successful the module to Perform Self-tests listed in Table N/A N/A completion; otherwise, it perform self-
14 and Table indicates failure via the Show
15 “Self- Status Service.
tests”. Table 10. Approved Services - Unauthenticated
13 This service is exempted from being authenticated by exception clause (c) of IG 4.1.A.
Samsung Electronics Co., Ltd.
5. Software/Firmware Security - The cryptographic module employs ECDSA P-384 with SHA2-384 for firmware integrity testing, which is performed during power-on reset. Samsung Electronics Co., Ltd.
6. Operational Environment - The cryptographic module operates in a limited operational environment, consisting of the module’s firmware because this module does not have any operating system but designed in a manner to allow controlled validated firmware modification by an authenticated limited operator. This limited operational setting does not require any specific security rules, settings/configurations, or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. Samsung Electronics Co., Ltd.
8. Non-Invasive Security - Non-invasive security is not applicable to this cryptographic module Samsung Electronics Co., Ltd.
9. Sensitive Security Parameter Management - Temporary SSPs stored in RAM are zeroised during power on reset. - The zeroisation is performed by overwriting the target SSP with a random value generated through the DRBG. - The module does not export SSPs. - All SSPs in volatile memory, including HW SFR, are automatically zeroised instantly either after key generation/use or upon performing power-on-reset, depending on the characteristics of volatile memory. - This module does not support SSP establishment. Security Key/SSP Use & Function Import Establish Name/ Strength Generation Storage Zeroisation14 related and Cert. /Export -ment Type keys Number Implicitly Generate A4662/A4846 SP 800-90A DRBG V / zeroised by s the 128-bit CTR_DRBG CTR_DRBG N/A N/A CSP Power on MEK and (AES-256) (AES-256) Reset KEK Implicitly Generate A4662/A4846 SP 800-90A DRBG Key / zeroised by s the 256-bit CTR_DRBG CTR_DRBG N/A N/A CSP Power on MEK and (AES-256) (AES-256) N/A Reset KEK Entropy (HW Implicitly Generate input: A4662/A4846 internal) DRBG Seed / zeroised by s the
512 bits CTR_DRBG ENT (P) N/A N/A
CSP Power on MEK and Nonce (AES-256) Reset KEK
Implicitly Generate A4662/A4846 Entropy 512-bit / zeroised by s the CTR_DRBG ENT (P) N/A N/A Input / CSP 256-bit Power on MEK and (AES-256) Reset KEK Manual Implicitly CO Distribution / Min. 64- A4663 Plaintext in zeroised by Derives Password / N/A Electronic N/A bit PBKDF2 RAM Power on CPK/KPK CSP Entry in Reset plaintext Manual Implicitly User Distribution / Min. 64- A4663 Plaintext in zeroised by Derives Password / N/A Electronic N/A bit PBKDF2 RAM Power on CPK/KPK CSP Entry in Reset plaintext Explicitly zeroised via these services: Performing via Set User Password, Derived Plaintext in Change the from Derived via CPK / CSP 256-bit N/A N/A N/A RAM and password and User and PBKDF2 Flash Revert; CO FormatNVM; Password Sanitize / DeleteNS service, and zeroisation is shown through
Samsung Electronics Co., Ltd.
the indicator of that service in Table 9, 10 Explicitly zeroised via Derived these services: Obfuscated from Performing via (AES-XTS [no User and Authentication A4663 Derived via security CO KPK / CSP 256-bit N/A N/A service, and AES-GCM PBKDF2 claimed]) in Password zeroisation is Plaintext in shown through RAM Wraps the indicator of KEK those service in Table 9 Explicitly zeroised via these services: Performing via Plaintext in Revert; RAM, Cipher CKG / SP FormatNVM; text (AES800- Sanitize / GCM) and A4663 133rev2; DeleteNS; Wraps KEK / CSP 256-bit N/A N/A obfuscated AES-GCM SP 800-90A Lock/Unlock an MEK (AES-XTS [no CTR_DRBG LBA Range security (AES-256) service, and claimed]) in zeroisation is Flash shown through the indicator of that service in Table 9, 10 Explicitly zeroised via these services: Performing via Revert; FormatNVM; CKG / SP Sanitize / Plaintext in 800- DeleteNS; RAM, Cipher IO A4661 133rev2; Lock/Unlock an MEK / CSP 256-bit N/A N/A text (AES- Comman AES-XTS SP 800-90A LBA Range; GCM) in d CTR_DRBG Erase an LBA Flash (AES-256) Range’s Data service, and zeroisation is shown through the indicator of that service in Table 9, 10 Firmwar e Load Implicitly Test Firmware zeroised by Verification A4663 Entered during Right after *Note: 256-bit N/A N/A HW SFR15 Key / Non- ECDSA manufacturing Firmware Load This is SSP Test not completed. consider ed an SSP as
15 HW SFR (Special Function Register) is a register within a hardware cryptographic algorithm IP, which has characteristic of volatile memory.
Samsung Electronics Co., Ltd.
per ISO/IEC 19790:20 section
included in the list for complete ness Table
16 Estimated amount of entropy per the source’s output bit is 0.85444 and Samsung conservatively claims to be set at 0.5 per bit.
Samsung Electronics Co., Ltd.
Samsung Electronics Co., Ltd.
12. Mitigation of Other Attacks The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3. Samsung Electronics Co., Ltd.