All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series

Certificate#4934StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorSamsung Electronics Co., Ltd.
Medium review priority  ·  no TCB surface named  ·  last validated 19 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date12/26/2026
EntropyENT (P)
CaveatInterim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy
VendorSamsung Electronics Co., Ltd.
Hardware versionsMZILG960HCHQ-00AC9 [7, 8, 9], MZILG1T9HCJR-00AC9 [7, 8, 9], MZILG3T8HCLS-00AC9 [7, 8, 9], MZILG7T6HBLA-00AC9 [7, 8, 9], MZILG15THBLA-00AC9 [7, 8, 9], MZILG960HCHQ-00AD9 [3, 4], MZILG1T9HCJR-00AD9 [3, 4], MZILG3T8HCLS-00AD9 [3, 4], MZILG7T6HBLA-00AD9 [3, 4], MZILG3T8HCLS-00AG6 [15], MZILG3T8HCLS-00AG7 [14], MZILG3T8HCLS-00AVF [13], MZILG1T9HCJR-00AH9 [1, 2], MZILG3T8HCLS-00AH9 [1, 2], MZILG7T6HBLA-00AH9 [1, 2], MZILG15THBLA-00AH9 [1, 2], MZILG800HCHQ-00AC9 [10, 11, 12], MZILG1T6HCJR-00AC9 [10, 11, 12], MZILG3T2HCLS-00AC9 [10, 11, 12], MZILG800HCHQ-00AD9 [5, 6], MZILG1T6HCJR-00AD9 [5, 6], MZILG3T2HCLS-00AD9 [5, 6]

Approved Algorithms (4)

AlgorithmACVP Cert
AES-XTSA1767
Counter DRBGDRBG 2186
RSA SigVer (FIPS186-4)A1765
SHA2-256A1766

Security Levels (Table 1)

Requirement areaLevel
Mitigation of Other Attacks2

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>3P00[1], 3P01[2], DXG0[3], DXG2[4], DZG0[5],…</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Update the firmware</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C6 clue;
  class I1,I2,I3,I6 infer;
  class R1,R2,R3,R6 risk;
  class E1,E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>3P00[1], 3P01[2], DXG0[3], DXG2[4], DZG0[5],…</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Update the firmware</i><br/>src: securityPolicy.services"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output<br/>unauthenticated</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2 clueHigh;
  class C3,C6 clueLow;

Security Policy, page by page

Page 1

` Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series Document Version: 1.0 H/W Version: MZILG960HCHQ-00AC9, MZILG1T9HCJR-00AC9, MZILG3T8HCLS-00AC9, MZILG7T6HBLA-00AC9, MZILG15THBLA-00AC9, MZILG800HCHQ-00AC9, MZILG1T6HCJR-00AC9, MZILG3T2HCLS-00AC9, MZILG960HCHQ-00AD9, MZILG1T9HCJR-00AD9, MZILG3T8HCLS-00AD9, MZILG7T6HBLA-00AD9, MZILG800HCHQ-00AD9, MZILG1T6HCJR-00AD9, MZILG3T2HCLS-00AD9, MZILG3T8HCLS-00AG6, MZILG3T8HCLS-00AG7, MZILG3T8HCLS-00AVF, MZILG1T9HCJR-00AH9, MZILG3T8HCLS-00AH9, MZILG7T6HBLA-00AH9, MZILG15THBLA-00AH9 F/W Version: EXG0, EZG0, EXG5, EZG5, EXG6, EZG6, NA50, MS00, 3P00, 3P01, DXG0, DZG0, DXG2, DZG2 and LEB0

Page 2
VersionChanges
1.0Initial version

Revision History 1.0 Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 3
Table of Contents
#SectionPage
1General4
1.1Scope4
1.2Acronyms4
1.3Security Levels4
2Cryptographic module specification5
2.1Hardware and Physical Perimeter5
2.2Firmware and Cryptographic Boundary6
2.3Version Information6
2.4Cryptographic Functionality7
2.4.1Approved Algorithm7
2.4.2Non-Approved Algorithm7
2.5Approved Mode of Operation7
3Cryptographic module interfaces8
4Roles, services, and authentication9
4.1Role9
4.2Approved service9
4.3Authentication11
5Software/Firmware security12
6Operational environment13
7Physical security14
8Non-invasive security15
9Sensitive security parameter management16
10Self-tests18
10.1Pre-operational Test18
10.2Conditional Test18
11Life-cycle assurance19
11.1C.Secure Installation19
11.2Operational Description of Module19
12Mitigation of other attacks20
Page 4
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication2
55Software/Firmware security2
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
AcronymDescription
CTRLRGX Controller (SAMSUNG RGX SAS TLC/MLC SSD Controller)
DRAM I/FDynamic Random Access Memory Interface
LBALogical Block Address
MD/EEManual Distribution/Electronic Entry
MEKMedia Encryption Key
MSIDManufactured SID (Security Identifier)
NAND I/FNAND Flash Interface
NDRNGNon-Deterministic Random Number Generator
PMICPower Management Integrated Circuit
ROMRead Only Memory
SAS I/FSerial Attached SCSI Interface
SEDSelf-Encrypting Drive
SICOCSelf-Initiated Cryptographic Output Capability
SSCSecurity Subsystem Class
SSPSensitive Security Parameter
TCGTrusted Computing Group

1.1. Scope herein after referred to as a “cryptographic module” or “module”, SSD (Solid State Drive), satisfies all applicable FIPS 1403 security level 2 requirements, supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES hardware engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase. 1.2. Acronyms Table

  1. Acronyms 1.3. Security Levels The cryptographic module is intended to meet requirements of FIPS 140-3 Security Level 2 overall. The following table lists Table
  2. Security Levels Samsung Electronics Co., Ltd. SSD FIPS Security Policy N/A N/A N/A
Page 5
  1. Cryptographic module specification 2.1. Hardware and Physical Perimeter This firmware version within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-3 validation. The following photographs show the cryptographic module’s top and bottom views. The multiple-chip standalone cryptographic module consists of hardware and firmware components that are all enclosed in two aluminum alloy cases, which serve as the physical perimeter of the module. Figure
  2. Specification of the Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS Security Policy
Page 6
Module configuration
NameModelFirmware Version
PM1653MZILG960HCHQ-00AC9960GBPM1653EXG0 EXG5 EXG6
MZILG1T9HCJR-00AC9MZILG1T9HCJR-00AC91.9TB
MZILG3T8HCLS-00AC9MZILG3T8HCLS-00AC93.8TB
MZILG7T6HBLA-00AC9MZILG7T6HBLA-00AC97.6TB
MZILG15THBLA-00AC9MZILG15THBLA-00AC915TB
MZILG960HCHQ-00AD9MZILG960HCHQ-00AD9960GBDXG0 DXG2
MZILG1T9HCJR-00AD9MZILG1T9HCJR-00AD91.9TB
MZILG3T8HCLS-00AD9MZILG3T8HCLS-00AD93.8TB
MZILG7T6HBLA-00AD9MZILG7T6HBLA-00AD97.6TB
MZILG3T8HCLS-00AG6MZILG3T8HCLS-00AG63.8TBNA50
MZILG3T8HCLS-00AG7MZILG3T8HCLS-00AG73.8TBMS00
MZILG3T8HCLS-00AVFMZILG3T8HCLS-00AVF3.8TBLEB0
MZILG1T9HCJR-00AH9MZILG1T9HCJR-00AH91.9TB3P00 3P01
MZILG3T8HCLS-00AH9MZILG3T8HCLS-00AH93.8TB
MZILG7T6HBLA-00AH9MZILG7T6HBLA-00AH97.6TB
MZILG15THBLA-00AH9MZILG15THBLA-00AH915TB
PM1655MZILG800HCHQ-00AC9800GBPM1655EZG0 EZG5 EZG6
MZILG1T6HCJR-00AC9MZILG1T6HCJR-00AC91.6TB
MZILG3T2HCLS-00AC9MZILG3T2HCLS-00AC93.2TB
MZILG800HCHQ-00AD9MZILG800HCHQ-00AD9800GBDZG0 DZG2
MZILG1T6HCJR-00AD9MZILG1T6HCJR-00AD91.6TB
MZILG3T2HCLS-00AD9MZILG3T2HCLS-00AD93.2TB

2.2. Firmware and Cryptographic Boundary The PM1653/PM1655 series use a single chip controller with a SAS interface on the system side and Samsung NAND flash internally. The following figure depicts the Module operational environment. Figure

  1. Block Diagram for Samsung SAS TCG Enterprise SSC SEDs PM1653 Series 2.3. Version Information Table
  2. Cryptographic Module Tested Configuration Samsung Electronics Co., Ltd. SSD FIPS Security Policy
Page 7
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionDescription/ Key Size(s)/ Key Strength(s)
AES / FIPS 197, SP 800-38EA17671XTS256-bitsData Encryption / Decryption
CKG2/ SP800-133 Rev 2Vendor AffirmedSection 4 Section 6.1 Section 6.3N/ASymmetric Cryptographic Key Generation
DRBG / SP 800-90A Rev. 1DRBG 2186CTR_DRBG (AES-256)N/ADeterministic Random Bit Generation
RSA / FIPS 186-4A1765PKCS PSS3072-bitsDigital Signature Verification
SHS / FIPS 180-4A1766SHA-256N/AMessage Digest
ENT (P) / SP800-90BE43N/AN/AENT (P) provides a minimum of 256 bits of entropy for DRBG seed
AES-XTS / FIPS 197, SP 800-38EAES-XTS / FIPS 197, SP 800-38ENo Security Claimed; AES-XTS is only used for firmware decryption during ROM initialized.Firmware Decryption
AES-CCM / FIPS 197, SP 800-38CAES-CCM / FIPS 197, SP 800-38CNo Security Claimed; Non-approved algorithms here are only used for encrypting or obfuscating the CSPKey Encryption and Decryption
PBKDF2PBKDF2Key Derivation
HMAC / SHA-256 (SHS Cert.# A1766)HMAC / SHA-256 (SHS Cert.# A1766)Key Derivation

2.4. Cryptographic Functionality 2.4.1. The cryptographic module supports the following approved algorithms for secure data storage: N/A N/A N/A N/A N/A 2.4.2. Following algorithms are not intended to be used as a security function, and not used whatsoever to meet any FIPS 1403 requirements. These algorithms are not provided through a non-approved service to an operator. 2.5. The cryptographic module has only one mode of operation, which is the approved mode of operation. The operator is responsible for following the guidance outlined in section 12. The module shows the approved mode through validated version status by Show Status Service and in Table 8 via SCSI Inquiry command. AES-ECB is the pre-requisite for AES-XTS; AES-ECB alone is NOT supported by the cryptographic module in approved mode. CKG is applied to generate the MEK in compliance with sections 4, 6.1 and 6.3 of SP800-133. Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 8
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
SAS ConnectorSAS ConnectorData Inputplaintext data; signed data; authentication data
Data OutputData Outputplaintext data;
Control InputControl Inputcommands input logically via an API (e.g. for the software and firmware components of the cryptographic module); signals input logically or physically via one or more physical ports (e.g. for the hardware components of the cryptographic module);
Status OutputStatus Outputstatus information output logically via an API; signal outputs logically or physically via one or more physical ports;
Power InputPower InputPower input

Table 6. Ports and Interfaces Note: The module does not implement the Control Output Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 9
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutputWZG
Change the Password.Crypto Officer (CO)CO PasswordStatus
Set User PasswordUserUser PasswordStatus
Lock/Unlock an LBA RangeCO and UserLBA RangeStatus
Erase an LBA Range’s DataLBA RangeStatus
Update the firmwareFirmware Loader (FL)3Firmware ImageStatus
Change the Password.Change CO passwordCOCO PasswordSHA-256OUID: AdminSP_SID_C_PIN / AdminSP_Admin1_C_PIN TCG Method: Set Result: TCG status codeOO
Set User PasswordSet User PasswordUserUser PasswordSHA-256OUID: LockingSP_Admin1~4_C_PIN / LockingSP_User1~9_C_PIN TCG Method: Set Result: TCG status codeOO
Lock/Unlock an LBA RangeBlock or allow read (decrypt) / write (encrypt) of user data.CO, UserMEKAES-XTSOUID: Locking_GlobalRange / Locking_RangeNNNN TCG Method: Set Result: TCG status codeOO
Erase an LBA Range’s DataErase user data by changing the data encryption key.DRBG Internal StateCTR_ DRBG (AES-256)OUID: K_AES_256_GlobalRange_Key / K_AES_256_RangeNNNN_Key TCG Method: Erase Result: TCG status codeOOO
MEKMEKOOO
Update the firmwareUpdate the firmwareFLFirmware Verification KeyRSAOWRITE BUFFER Command Result : Status Code
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutputWZG
Change the Password.Crypto Officer (CO)CO PasswordStatus
Set User PasswordUserUser PasswordStatus
Lock/Unlock an LBA RangeCO and UserLBA RangeStatus
Erase an LBA Range’s DataLBA RangeStatus
Update the firmwareFirmware Loader (FL)3Firmware ImageStatus
Change the Password.Change CO passwordCOCO PasswordSHA-256OUID: AdminSP_SID_C_PIN / AdminSP_Admin1_C_PIN TCG Method: Set Result: TCG status codeOO
Set User PasswordSet User PasswordUserUser PasswordSHA-256OUID: LockingSP_Admin1~4_C_PIN / LockingSP_User1~9_C_PIN TCG Method: Set Result: TCG status codeOO
Lock/Unlock an LBA RangeBlock or allow read (decrypt) / write (encrypt) of user data.CO, UserMEKAES-XTSOUID: Locking_GlobalRange / Locking_RangeNNNN TCG Method: Set Result: TCG status codeOO
Erase an LBA Range’s DataErase user data by changing the data encryption key.DRBG Internal StateCTR_ DRBG (AES-256)OUID: K_AES_256_GlobalRange_Key / K_AES_256_RangeNNNN_Key TCG Method: Erase Result: TCG status codeOOO
MEKMEKOOO
Update the firmwareUpdate the firmwareFLFirmware Verification KeyRSAOWRITE BUFFER Command Result : Status Code
  1. Roles, services, and authentication 4.1. The following table defines the roles, type of authentication, and associated authenticated data types supported by the cryptographic module. Table
  2. Roles, Service Commands, Input and Output 4.2. E: EXECUTE; W: WRITE; G: GENERATE; Z: ZEROISE E W G Z O O O O O O O O O Table
  3. Authenticated Services Firmware Loader role is classified as a Cryptographic Officer. It means that “Write” and “Zeroise” perform in each storage of SSPs that is described in Table
  4. The (R)ead column, which is specified in NIST SP 800-140B, is not applicable to the module.
5 The result of SCSI or TCG command is used as an indicator.

Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 10
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show Status8Show the module status - FIPS fail modeN/AN/AN/AINQUIRY Command Result : Status Code
Show Version9Show module versionN/AN/ASECURITY PROTOCOL IN 00h, 02h, 02h, 01h Result: Status Code
AuthenticationAuthenticate the moduleCO PasswordSHA-256OUID: AdminSP_SID / AdminSP_Admin1 / LockingSP_Admin1~4 / LockingSP_User1~9 TCG Method: Authenticate Result: TCG status code
User PasswordUser PasswordO
Get Random NumberProvide a random number generated by the CM.DRBG Internal StateCTR_ DRBG (AES-256)OUID: ThisSP TCG Method: Random Result: TCG status codeO
IO Command10Read/Write user dataMEKAES-XTSOWRITE / READ Command Result : Status Code
RevertErase user data in all Range by changing the dataDRBG Internal StateCTR_ DRBG (AES-256)OUID: SPObj(AdminSP) TCG Method: Revert Result: TCG status codeO
MEKMEKOOO
SanitizeErase user data by changing the data encryption key.DRBG Internal StateCTR_ DRBG (AES-256)OSANITIZE Command Result : Status CodeOOO
MEKMEKOOO

The following table shows unauthenticated services. It is initially possible to use the services in following table without authentication. The operator can configure the setting that complied with Samsung SAS, TCG spec. e E W G Z N/A N/A N/A N/A O O O N/A O O O O O O O O O O O O O O Table

  1. Unauthenticated Services It means that “Write” and “Zeroise” perform in each storage of SSPs that is described in Table
  2. The (R)ead column, which is specified in NIST SP 800-140B, is not applicable to the module.

7 The module only supports approved services in an approved manner. The module uses implicit indicators through the result of the SCSI or

9 The cryptographic module shows the hardware version and firmware version through the ‘COMPLIANCE DESCRIPTOR HARDWARE VERSION’

and ‘COMPLIANCE DESCRIPTOR VERSION’ of FIPS 140 compliance descriptor Structure.

10 Through Step3 to Step4 in the Section 12.1, the procedure handled by EraseMaster (CO) enforces to configure SICOC functionality which

Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 11
RoleAuthentication MethodAuthentication Strength
COPassword (Min: 8 bytes, Max: 32 bytes)Probability of 1/264 in a single random attempt. Probability of 80/264 in multiple random attempts in a minute.
User
FLRSA signature verificationProbability of 1/2128 in a single random attempt. Probability of 6000/2128 in multiple random attempts in a minute.

4.3. The module supports role-based authentication that requires authentication to assume for the authorization of each role. Table 10. Roles and Authentication The CO and User role requires password-based authentication, where each byte can be any of 0x00 to 0xFF. Each password authentication failure holds the cryptographic module for 750ms. This restricts the maximum attempts for a one-minute to less than 80 attempts (60,000ms/750ms) no matter how large Trylimit 11 is set. The FL role is implemented by RSA signature verification. The firmware signed by Samsung is authenticated by verifying the 3072-bit RSA signature which has 128 security strength in every power-on. Each signature verification attempt takes at least 10ms. This can be enforced with up to 6,000 attempts in a minute. Trylmit is maximum number of failed authentication attempts that are able to be made using password for each role. Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 12

5. Software/Firmware security The cryptographic module implements the 482 bytes per 4KB error detection code and SHA-256 hash verification for firmware integrity test. The firmware integrity test is performed every power on reset. Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 13

6. Operational environment The cryptographic module operates in a limited operational environment that is consist of the module’s firmware. This operational environment does not require any specific security rules, settings/configurations or restrictions to be set. The cryptographic module does not provide any general-purpose operating system to the operator. Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 14
Physical Security MechanismsRecommended Frequency of Inspection/TestInspection/Test Guidance Details
Production grade casesAs often as feasibleInspect the entire perimeter for cracks, gouges, lack of screw(s) and other signs of tampering. Remove from service if tampering found.
Tamper-evident sealing labelsInspect the sealing labels for scratches, gouges, cuts and other signs of tampering. Remove from service if tampering found.

The following physical security mechanisms are implemented in the cryptographic module:

2 tamper-evident labels are applied over both top and bottom cases of the module at the Samsung manufacturing. The

tamper-evident labels cannot be removed and reapplied without remaining tamper evidence. The following table summarizes the actions required by the Crypto Officer Role to ensure that physical security is maintained: Figure 3. Module Seal Application Location Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 15

8. Non-invasive security Non-invasive security has not applicable for this cryptographic module. Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 16
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageImport ExportKey / SSP Name/ TypeZeroisation
MEK256-bitCTR_ DRBG (AES-256) / DRBG 2186SP 800-90A CTR_DRBG (AES-256)N/AN/A (HW IP internal)N/ADRBG Internal State12Power on Reset
MEK256-bit Nonce: 128-bitCTR_ DRBG (AES-256) / DRBG 2186ENT (P)N/AN/A (HW IP internal)N/ADRBG SeedPower on Reset
MEK256-bitCTR_ DRBG (AES-256) / DRBG 2186ENT (P)N/AN/A (HW IP internal)N/ADRBG Entropy Input StringPower on Reset
N/AMin. 64- bitN/AN/AN/ARAMMD/EECO PasswordPower on Reset
N/AMin. 64- bitN/AN/AN/ARAMMD/EEUser PasswordPower on Reset
N/A128-bitSHA-256 / A1766Hashed from Password as per SHA-256N/AFlashN/AHashed CO Authentica tion DataVia “Change the Password” and Revert” service
N/A128-bitSHA-256 / A1766Hashed from Password as per SHA-256N/AFlashN/AHashed User Authentica tion DataVia “Set User Password” and Revert” service
N/A256-bitCKG / AES-XTS / A1767SP800-133Rev2/ SP 800-90A CTR_DRBG (AES-256)N/APlain Text in RAM, FlashN/AMEKVia “Lock an LBA Range”, “Erase an LBA Range’s Data”, “Revert” and “Sanitize” service
Firmware load test128-bitRSA / A1765N/AN/AHW SFREntered during manufact uringFirmware Verification KeyRight after FW load test
FlashFlashN/A
  1. Sensitive security parameter management Temporary SSPs are zeroised when power on reset. Firmware integrity temporary values are zeroised after the firmware integrity test is complete. The zeroisation is performed before overwriting to the target SSP with random value which is generated from the DRBG. SSP’s are not exported outside the module. Min. 64bit Min. 64bit N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Table
  2. SSPs
12 The values of V and Key are the critical value of the internal state

Samsung Electronics Co., Ltd. SSD FIPS Security Policy N/A N/A N/A N/A N/A N/A

Page 17
Approved algorithm
NameKey Size
DetailsMinimum Number of Bits of EntropyEntropy Sources
Provides entropy input and Nonce to construct Entropy source seed for CTR_DRBG The number of bits input/output to the derivation function are n =3072 and in n =384. out- 0.2262 entropy per bit - Minimum of 256 bits of entropy for DRBG seed (total seed length of 384 bits).Cert #E43 ENT (P)

The module contains an entropy source, compliant with SP 800-90B, within the module’s cryptographic boundary. nout=384. Table 13. Non-Deterministic Random Number Generation Specification Samsung Electronics Co., Ltd. SSD FIPS Security Policy

Page 18
Self test
NameAlgorithm Or TestTest TypeDetails
SHSSHSKATSHA-256 hash digest
DRBGDRBGKATsSP 800-90A Section 11.3 Health Tests of CTR_DRBG (AES-256)
AESAESKATAES-256 XTS mode encryption and decryption
SHSSHSKATSHA-256 hash digest
RSARSAKATRSA-3072 signature verification
  1. Self-tests While executing the following self-tests, all data output is inhibited until the self-test is completed. To execute the preoperational tests on-demand, the operator may run the power-cycle of the module. If the self-test fails, the module enters an error state. All data output is inhibited during self-tests or in an error state. 10.1. Pre-operational Test • Firmware integrity test – SHA-256 hash-based verification is performed at power-on. – 482-byte error detection code is performed at power-on. 10.2. Conditional Test • The cryptographic algorithm test can be executed on-demand during the pre-operational test at power-on. Table
  2. Self-tests • • Firmware load test Firmware load test is performed using RSA-3072 with SHA-256. The firmware load test can be executed on-demand by executing the Update the firmware service. The cryptographic module has performed the below 2 types of tests and each test includes the Repetition Count Test and Adaptive Proportion Test described in SP800-90B. Start-up test is performed for Entropy Source every power on reset. Continuous test is performed for Entropy Source while the module is operating. Samsung Electronics Co., Ltd. SSD FIPS Security Policy
Page 19

11. Life-cycle assurance The cryptographic module can operate in approved mode once shipped from the vendor's manufacturing site. The followings describe the security rules for secure installation and operation which the cryptographic module and Crypto Officer shall be enforced under FIPS 140-3 security level 2 compliant manner: 11.1. C.Secure Installation

Page 20
Other AttacksMitigationSpecific Limitations
Mechanism
N/AN/AN/A

The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3. N/A N/A N/A Table 15. Mitigation of Other Attacks Samsung Electronics Co., Ltd. SSD FIPS Security Policy