| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 11/24/2026 |
| Caveat | Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs |
| Vendor | Motorola Solutions, Inc. |
flowchart LR
%% Deterministic review-risk graph for Key Variable Loader (KVL) 5000 PIKE
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for Key Variable Loader (KVL) 5000 PIKE
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;Key Variable Loader (KVL) 5000 PIKE Non-Proprietary FIPS 140-3 Security Policy Document Version: 1.2 Date: November 14, 2024 Motorola Solutions Public Material
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1 – Security Levels | 4 |
| Table 2 – Cryptographic Module Tested Configuration | 5 |
| Table 3 – Approved Mode Drop-in Algorithms | 5 |
| Table 4 – Approved Algorithms | 10 |
| Table 5 – Non-Approved but Allowed Cryptographic Functions | 11 |
| Table 6 – Non-Approved but Allowed Cryptographic Functions with No Security Claimed | 11 |
| Table 7 – Ports and Interfaces | 12 |
| Table 8 – Roles, Service Commands, Input and Output | 14 |
| Table 9 – Roles and Authentication | 15 |
| Table 10 – Approved Services | 16 |
| Table 11 – Physical Security Inspection Guidelines | 23 |
| Table 12 – SSP Management Methods | 25 |
| Table 13 – CSPs Management | 26 |
| Table 14 – Non-Deterministic Random Number Generation Specification | 28 |
| Table 15 – Error States and Indicators | 29 |
| Table 16 – Pre-Operational Self-Test | 29 |
| Table 17 – Conditional Self-Tests | 30 |
| Table 18 – References | 33 |
| Table 19 – Acronyms and Definitions | 34 |
| Figure 1: KVL 5000 Key Variable Loader (KVL) | 6 |
| Figure 2: Motorola PIKE Chip | 7 |
| Figure 3: Cryptographic Boundary | 8 |
This document defines the Security Policy for the Key Variable Loader (KVL) 5000 PIKE module by Motorola Solutions, Inc., hereafter denoted the Module. The KVL 5000 is a portable key distribution device that consists of the KVL Host Application processor and KVL 5000 PIKE Hardware Security Module (HSM). The PIKE IC is integrated into the HSM. The Module is a single-chip cryptographic module to meet FIPS 140-3 Level 2 physical security requirements as defined by FIPS 140-3. The Module allows the user to generate, transport, and load encryption keys, securely and efficiently into secure communication products thereby enabling secure encrypted communications The FIPS 140-3 security levels for the Module are as follows: Table 1
1 General 2
2 Cryptographic Module Specification 2
3 Cryptographic Module Interfaces 2
4 Roles, Services and, Authentication 3
5 Software/Firmware Security 3
7 Physical Security 2
9 Sensitive Security Parameter Management 2
10 Self-Tests 2
11 Life-Cycle Assurance 3
12 Mitigation of Other Attacks N/A
Overall 2 Motorola Solutions Public Material
The PIKE cryptographic module is a single chip hardware cryptographic module. The Motorola Solutions Inc. module is used in the KVL 5000 Key Variable Loader product. The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated overall Security Level 2.
The Module is tested on the following operational environment. Table 2
The KVL 5000 Key Variable Loader (KVL) production diagram is shown in Figure 1. The Motorola PIKE chip is shown in Figure 2 provides the data security services required by the KVL 5000 Key Variable Loader. MOTOROLA PIKE Chip (FIPS validated module sits inside the product as a chip) KVL 5000 Host Application Figure 1: KVL 5000 Key Variable Loader (KVL) Motorola Solutions Public Material
Figure 2: Motorola PIKE Chip The FIPS Boundary is drawn around Motorola PIKE chip, as shown in Figure 3. Motorola Solutions Public Material
FIPS Boundary Internal Flash Power Clock Motorola PIKE Chip RS-232 Port KYLD Port GPIO SPI EBI External Flash KVL 5000 HOST Figure 3: Cryptographic Boundary Motorola Solutions Public Material
The KVL 5000 Key Variable Loader (KVL) module is originally non-compliant and must be configured to operate in an approved mode of operation. The Crypto Officer shall configure the Module to operate in an approved mode of operation. In order for the Module to operate in the approved mode, the Module must be properly installed, initialized and configured, which includes the creation of the passwords for the Crypto Officer (CO) and User role. Documented below in Section 2.3.1 are the additional configuration settings that are required for the Module to be used in a FIPS 140-3 approved mode of operation at overall Security Level 2. The settings menu of the KVL Host application graphical user interface in the settings menu will be used to determine whether the KVL 5000 is operating in an approved mode. When operating in an approved mode the display will indicate.
In order to configure the Module for an Approved mode at overall Security Level 2, the operator shall use the Configure KVL service to set the following configuration parameters as shown below.
Only Approved algorithms may be loaded into the Module; in particular AES-128 Cert. #C908) and/or AES-256 (Cert. #C909). At a minimum, one of these “drop-in algorithms” must be added from the Module independent of the base firmware via the Program Update service. In addition to the approved algorithms, external entropy must also be supplied to the Module from the host application upon successful authentication of the operator of the Module. The loading of non-validated firmware within the validated cryptographic module invalidates the module’s validation. Motorola Solutions Public Material
The Module implements the Approved and Non-Approved but Allowed cryptographic functions listed in the tables below. Table 4
3 (CTR_DRBG) and set required bits into the module by using Load Entropy service listed in section 4.3.
Since entropy is loaded passively into the module, there is no assurance of the minimum strength of generated keys. Motorola Solutions Public Material
Cert Algorithm Mode Description Functions/Caveats mechanism (i.e., 128-bit keys cannot wrap 256-bit keys) Key establishment methodology C931 KTS [IG D.G] GCM Key Size: 256 provides 256 bits of encryption strength SHS SHA2-256 Message Digest Generation, SHS [180]
1345 SHA2-384 Password Obfuscation
Table 5
The Module shall be installed in the Motorola KVL 5000 Key Variable Loader product. Prior to the initial use of the Module, the operator is required to set the passwords for the Crypto Officer (CO) and User roles. The Module is not usable until the passwords for both the CO and User are set. The Module shall be operated such that only approved Drop-in algorithms listed in Table 3 are installed and configured as per Section 2.3.1.
The Module’s ports and associated logical interface categories are listed in Table 7. Table 7
Physical Port Logical Interface Data that passes over port/interface Clock Control Input Clock input. NOTE: The module does not have Control Output. Motorola Solutions Public Material
The Module supports two distinct operator roles, User and Cryptographic Officer (CO). Table 8 lists all operator roles supported by the Module and their related services. In addition, the Module supports services which do not require to be authenticated, listed as UA in Table 8. Table 8
Role Service Input Output CO User UA Combination of receive and transfer key variable X X − Key Sharing TEKs and KEKs services. Transport keys between two KVLs. Success/failure status. Reset the databases and module parameters to X X X Factory Reset Command In system defaults. Success/failure status. Provides current Module Id, FW version, and FIPS X X − Module Info Command In status. Validate CO Successful authentication will allow access to the − − X Password Password services allowed for CO role. Validate User Successful authentication will allow access to the − − X Password Password services allowed for User role. − − X Diagnostics Command In Success/failure status. − − X Perform Self-Tests Command In Success/Reset.
The Module supports two distinct operator roles (User and Crypto-Officer). The Module uses 30-byte long hexadecimal number to authenticate the User and CO roles. The Module enforces the separation of roles using login credentials and re-authentication is enforced when changing roles. The module ensures that there is no visible display of the authentication data. Table 9
All services implemented by the Module are listed in Table 10. The Module does not allow any nonapproved service while operating in FIPS 140-3 level 2 mode. Motorola Solutions Public Material
The SSPs modes of access shown in Table 10 are defined as:
Approved Access Rights Service Description Security SSPs Roles to Keys Indicator Functions and/or SSPs SHS Cert. User PWD Z #SHS 1345 PWD Hash Z Logs out CO Approved Logout CO N/A N/A CO N/A role. Mode AES Key DRBG-EI/Seed WE Load entropy Unwrap, AES DRBG-State G Cert. #C931, Approved Load Entropy into the CO, User FCK E Mode Module. DRBG Cert. #C949 KPK G FCK E AES Key Change the Unwrap, AES KPK Z Change User current Cert. #C931, Approved CO PWD CO, User Z Password password for Mode User role. SHS Cert. User PWD Z #SHS 1345 PWD Hash Z Logout User Approved Logout User N/A N/A User N/A role. Mode Query module firmware Version and version Approved Algorithm List number and N/A N/A CO, User N/A Mode Query list of algorithms over the SPI interface. FCK E Transfer KEKs AES Key and TEKs to Unwrap, AES BKK E Transfer Key the target Cert. #C931, Approved KPK CO, User E Variable devices over Mode the KYLD and AES GCM KEK R SPI interfaces. Cert. #C931 TEK R AES Key FCK E Receive KEKs, Unwrap, AES Receive Key TEKs over the KPK E Approved Cert. #C931, CO, User Variable KYLD and SPI KEK W Mode interfaces. AES GCM Cert. #C931 TEK W Generate Key Auto- DRBG Cert. KEK G Approved CO, User Variable generate #C949 TEK G Mode Motorola Solutions Public Material
Approved Access Rights Service Description Security SSPs Roles to Keys Indicator Functions and/or SSPs KEKs and TEKs. DRBG-State EG Validate the correctness of Approved Key Check a key based N/A N/A CO, User N/A Mode on algorithm properties. Zeroize KEKs KEK Z and TEKs in the KVL and Approved Zeroize Keys N/A CO, User target devices TEK Z Mode over the KYLD interface. FCK E Encrypt AES Cert. BKK E plaintext data #C908, KPKEK E to be AES Cert. #C909, Approved Encrypt transferred KPK CO, User E Mode over the SPI, AES Cert. KEK E KYLD, and EBI #C931, interfaces. CKG (VA) TEK E DRBG-State E IDK E FCK E AES Cert. Decrypt #C908, BKK E ciphertext AES Cert. received over KPKEK E Approved Decrypt #C909, CO, User the SPI, KYLD, KPK E Mode and EBI AES Cert. interfaces. #C931, KEK E CKG (VA) TEK E DRBG-State E FCK E Receive KEKs AES Key Store and and TEKs Unwrap, AES BKK E Approved from the KMF CO, User Forward (SAF) Certs. #C930, KPK E Mode into the #C931, module, and KEK E Motorola Solutions Public Material
Approved Access Rights Service Description Security SSPs Roles to Keys Indicator Functions and/or SSPs then transfer AES GCM those keys Cert. #C931 (forward) to the target TEK E device attached to the KVL. Combination KEK RW of receive and transfer KEKs Approved Key Sharing N/A CO, User and TEKs Mode TEK RW between two KVLs. Reset the KPK Z databases CO PWD Z and module parameters User PWD Z to system Approved Factory Reset defaults via a N/A CO, User, UA Mode command over the SPI PWD Hash Z interface or a manual reset button. Show Module ID, FW Approved Module Info N/A N/A CO, User N/A version, and Mode FIPS status. Validate the FCK E current KPK GEZ CryptoOfficer AES Key CO PWD Z password Unwrap, AES Validate CO used to User PWD Z Approved Cert. #C931, UA Password identify and Mode authenticate SHS Cert. the Crypto- #SHS 1345 PWD Hash Z Officer role via the SPI interface. Validate the AES Key FCK E current User Unwrap, AES KPK GEZ Validate User Cert. #C931, Approved password UA Password CO PWD Z Mode used to SHS Cert. identify and #SHS 1345 User PWD Z Motorola Solutions Public Material
Approved Access Rights Service Description Security SSPs Roles to Keys Indicator Functions and/or SSPs authenticate the User role via the SPI PWD Hash Z interface. Read logs, run LED test, test external flash erase and write, and other non- Approved Diagnostics N/A N/A UA N/A security Mode relevant status information over the RS-
Perform module selftests comprised of cryptographic algorithms Perform Self- test and Approved N/A N/A UA N/A Tests firmware test. Mode Initiated by a transition from power off state to power on state. Motorola Solutions Public Material
The Module is composed of a base firmware version identified in Table 2, and at least one of the drop-in algorithms listed in Table 3. The firmware components are protected with the authentication technique(s) Firmware Load Public Programmed Signature Key described in Table 16 The Module includes a firmware verification and load service to support necessary updates using ECDSA SigVer (ECDSA Cert. #ECDSA 183). The operator can initiate the firmware integrity test on demand by power cycling the Module. Motorola Solutions Public Material
The Module has a limited operational environment under the FIPS 140-3 definitions. The tested operational environment is listed in Table 2. The Module includes a Program Update service to support necessary updates. Firmware versions validated through the FIPS 140-3 CMVP will be explicitly identified on a validation certificate. Any firmware not identified in this Security Policy does not constitute the Module defined by this Security Policy or covered by this validation. Motorola Solutions Public Material
The Module is a production grade, single-chip cryptographic module as defined by FIPS 140-3 and is designed to meet level 2 physical security requirements. The Module is covered with a hard-opaque epoxy coating that provides evidence of attempts to tamper with the Module. The security provided from the hardness of the Module's epoxy encapsulate is claimed at ambient temperature (25 degrees Celsius) only. No assurance of the epoxy hardness is claimed for this physical security mechanism outside of this range. The Module does not contain any doors, removable covers, or ventilation holes or slits. No maintenance access interface is available. No special procedures are required to maintain physical security of the Module while delivering to operators. Table 11
The Module does not implement any mitigation method against non-invasive attack. Motorola Solutions Public Material
The SSPs access methods are described in Table 12 below: Table 12
All SSPs (CSPs and PSPs) used by the Module are described in this section. All usage of the CSPs by the Module is described in the services detailed in 4.3. Table 13
256 G2 N/A N/A S1 Z2
State AES ECB and Key (AES 256) Cert. # C931 per IG D.L AES OFB A 256-bit AES OFB Cert. #C931, key used for BKK 256 G1 N/A N/A S1, S2 Z1, Z2 encrypting keys ECDSA Cert. exported over KYLD #ECDSA 183 port. A 256-bit AES OFB AES OFB key used for Cert. #C931, decrypting CSP FCK 256 G1 N/A N/A S1, S2 Z1, Z2 ECDSA Cert. entered into the #ECDSA 183 module over the SPI port. A 256-bit AES CBC key used in the reAES CBC construction of IDK IDK ROM 256 G1 N/A N/A S1, S2 Z1, Z2 Cert. # C931 per SP800-133r2 (Section 6.3 #2) via XOR using IDK Block. A 256-bit AES CBC AES CBC key used in the reCert. #C931, construction of IDK IDK Block 256 G1 E1 N/A S1, S2 Z1, Z2 ECDSA Cert. per SP800-133r2 #ECDSA 183 (Section 6.3 #2) via XOR using IDK ROM. AES CBC A 256-bit AES CBC IDK 256 Cert. #C931 G5 N/A N/A S1, S2 Z1, Z2 key used to decrypt downloaded images. Motorola Solutions Public Material
Key/SSP Security Strength Gene- Import Establish- ZeroizaName/Typ Function / Storage Use / Related SSPs (in bits) ration /Export ment tion e Cert. AES GCM A 256-bit AES GCM Cert. #C931, key used to encrypt KPKEK 256 G1 N/A N/A S1, S2 Z1, Z2 ECDSA Cert. the KPK. #ECDSA 183 A 256-bit AES GCM AES GCM Z1, Z2, key used to encrypt Cert. #C931, Z3, Z4, KPK 256 G3 N/A N/A S1, S3 all TEK and KEK Z5, Z6, DRBG #C949 stored in the Z7, Z8 external flash. AES-KW A 128/256-bit AES Cert. #C930, key used for AES OFB, E2, E3, encryption of keys in KEK 128/256 CFB8 Cert. G3 N/A S1 Z2 the Store and E4, E6 Forward, and #C931, Transfer Key Variable DRBG #C949 services. AES ECB, CBC, OFB, GCM Cert. #C931, A 128/256-bit AES AES ECB, Key used for CBC, CFB8, E2, E3, TEK 128/256 G3 N/A S1 Z2 enabling secure OFB E4, E6 communication in Certs. target devices. #C908, C909, DRBG Cert. #C949 AES OFB Z2, Z3, A 30-byte long E2 Cert. #C931 Z4, Z5, hexadecimal number CO PWD N/A N/A (Input N/A S1 Z6, Z7, to authenticate the only) Z8 CO role Z2, Z3, A 30-byte long E2 AES OFB Z4, Z5, hexadecimal number User PWD N/A N/A (Input N/A S1 Cert. #C931 Z6, Z7, to authenticate the only) Z8 User role SHS Cert. Z2, Z3, #SHS 1345 Z4, Z5, 384-bit password PWD Hash 192 G4 E5 N/A S1 Z6, Z7, hash. SHA2-384 Z8 PSPs AES CBC FW Load: 384-bit FW-LD-Pub 192 G1 N/A N/A S1, S2 Z1, Z2 Cert. #C931, ECDSA signature Motorola Solutions Public Material
Key/SSP Security Strength Gene- Import Establish- ZeroizaName/Typ Function / Storage Use / Related SSPs (in bits) ration /Export ment tion e Cert. ECDSA Cert. key to validate the #ECDSA 183 signature of the firmware image upon download into the Module. Table 14
The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3, these are categorized as either pre-operational self-tests or conditional self-tests. Power-up self–tests are available on demand by power cycling the Module. All Cryptographic Algorithm Self-Tests (CAST) must be completed successfully prior to any other use of cryptographic functionality by the Module. The Module outputs a status indicator via the LED output interface to indicate all self-tests passed or when a critical error state is entered due to a failed self-test. LED status solid green means power-up self-tests passed, flashing amber means self-tests is in progress, solid red means the Module is in critical error state due to power-up self-tests failure or critical error condition. The self-tests error states and status indicator are described in Table 15 below: Table 15
Table 17
The Module is originally a non-compliant and must be initialized to be in approved mode. There is no non-approved mode. During initialization the operator shall configure the Key Variable Loader (KVL)
The Key Variable Loader (KVL) 5000 PIKE is embedded in Key Variable Loader (KVL). Motorola uses commercially available courier systems such as UPS, FedEx, and DHL with a tracking number and requires a signature at the end by an authorized client.
Use the Key Variable Loader (KVL) 5000 user guide available on the www.motorolasolutions.com website for secure operations.
Use the Key Variable Loader (KVL) 5000 user guide available on the www.motorolasolutions.com website for secure operations.
The Key Variable Loader (KVL) 5000 PIKE does not require any special maintenance.
After the end-of-life, the operator should zeroize all SSPs using the “Zeroize all keys and password“ service listed in the Section 4.3 followed by shredding the Key Variable Loader (KVL) 5000 PIKE chip. Motorola Solutions Public Material
The Module does not implement any mitigation method against other attacks. Motorola Solutions Public Material
The following standards are referred to in this Security Policy. Table 18
Table 19
Acronym Definition PWD Hash Password Hash SSI Synchronous Serial Interface SSP Sensitive Security Parameter TEK Traffic Encryption Key UA Unauthenticated Service User PWD User Password Motorola Solutions Public Material