Derived Review-Risk Graph (review prompts, not findings)
flowchart LR
%% Deterministic review-risk graph for KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>SC01CN</i>"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C6 clue;
class I1,I2,I3,I6 infer;
class R1,R2,R3,R6 risk;
class E1,E2,E3,E6 evidence;Underlying clues
flowchart LR
%% Deterministic clue tier for KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>SC01CN</i><br/>src: certificate.firmwareVersions"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1 clueHigh;
class C2,C3,C6 clueLow;Security Policy, page by page
KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip KIOXIA CORPORATION Rev 3.0.5 Dec 23, 2024
Security level
| Name | ISO Section | Requirement | Level |
|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic Module Specification | 2 |
| 3 | 3 | Cryptographic Module Interfaces | 2 |
| 4 | 4 | Roles, Services, and Authentication | 2 |
| 5 | 5 | Software/Firmware Security | 2 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 2 |
| 8 | 8 | Non-invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 2 |
| 10 | 10 | Self-tests | 2 |
| 11 | 11 | Life-cycle Assurance | 2 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
This document explains precise specification of the security rules about KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. [Number Below] N/A N/A N/A Table 1 ‐ Security Levels This document is non-proprietary and may be reproduced in its original entirety. Section 1.1 - Acronyms AES Advanced Encryption Standard CM SSP DRBG Deterministic Random Bit Generator HMAC The Keyed-Hash Message Authentication code KAT Known Answer Test POST Power on Self-Test CAST Cryptographic Algorithm Self-Test PSID Printed SID SED Self-Encrypting Drive SHA Secure Hash Algorithm SID Security ID TCG Trusted Computing Group Dec 23, 2024
Approved algorithm
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|
| AES256 (FIPS 197 / SP800-38A) | #A2402 | CBC | Key Size: 256 bits/ Key Strength: 256 bits | Data and Key Encryption/ Decryption |
| Physical single-chip | | The sub-chip cryptographic | | The associated |
|---|
| | subsystem soft circuitry core | | firmware |
| TC58NC1030GTB 0002 | TC58NC1030GTB CRPT module 0001 | | SC01CN | |
Section 2
- Cryptographic Module Specification KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip (listed in Section2.1 Product Version) is used for solid state drive data security. The CM is a single chip hardware module implemented as a sub-chip compliant with IG 2.3.B in the TC58NC1030GTB 0002 SoC (see Figure 1 in Section 7). Overall Security Rating of the CM is Level 2 (See Table 1 in Section 1 for individual security area levels). The CM is embedded in TCG OPAL compliant solid state drive controllers which provides user data encryption/decryption through build-in HW engines. The CM provides various cryptographic services using approved algorithms. The CM has multiple functions, but they do not support the degraded operation. The physical boundary of the CM is the TC58NC1030GTB 0002 SoC and the logical boundary of the CM is The CM has one approved mode of operation and CM is always in approved mode of operation after initial operations are performed (See Section 11). In approved mode, the CM provides services defined in Table 7 in Section 4.2. Section 2.1
- Product Version The CM is validated with the following versions: Table 2 ‐ Cryptographic Module Tested Configuration Section 2.2
- Security Functions The CM executes the following approved algorithms: Dec 23, 2024
Approved algorithm
| Name | CAVP Cert | Mode Method | Key Size | |
|---|
| AES256 (FIPS 197 / SP800-38A, SP800-38E) | #A2402 | XTS, ECB1 | Key Size: 256 bits/ Key Strength: 256 bits | Data Encryption/ Decryption |
| SHA2-256 (FIPS 180-4) | #A2402 | N/A | N/A | Hashing messages |
| HMAC-SHA2-256 (FIPS 198-1) | #A2402 | N/A | Key Size: 256 bits/ Key Strength: 256 bits | Message Authentication Code |
| RSASSA-PKCS#1-v1_5 (FIPS 186-4) | #A2402 | N/A | Key Size: 2048, 3072 bits/ Key Strength: 112, 128 bits | Signature verification |
| ECDSA (FIPS 186-4) | #A2450 | N/A | Curve: P-256/ Key Strength: 128 bits | Signature generation/ verification |
| Hash_DRBG (SP800-90A Rev.1) | #A2432 | N/A | Hash based: SHA2-256 | Deterministic Random Bit Generation |
| KBKDF (SP800-108 Revised) | #A2433 | Counter | MACs: HMAC-SHA2-256/ Key Size: 256 bits/ Key Strength: 256 bits | Key derivation |
| KTS (IG D.G) | #A2402 | N/A | Combination of AES256 CBC Mode and HMAC-SHA2-256 / Key Size: 256 bits/ Key Strength: 256 bits | Key Transport Scheme |
| CKG (SP800-133 Rev.2) | Vendor Affirmation | N/A | Methods described in section 4 of the SP800-133 Rev.2 | Cryptographic Key Generation |
| Entropy Source (SP800-90B) | #E143 | N/A | N/A | Hardware RNG used to seed the approved Hash_DRBG. |
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Note 1: The “CAVP Cert” of KTS comes from the fact that KTS is composed of AES256-CBC and HMAC-SHA2-256 (#A2402). Note 2: There are algorithms, modes, and keys that have been CAVP tested but not used by the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used by the module. Table 3 ‐ Approved Algorithms The CM does not have any Non-approved algorithms allowed in the approved mode of operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different according to IG C.I. AES-XTS is only used for encryption/decryption of data stored in solid state drives equipped with this CM. Dec 23, 2024
Ports and interfaces
| Name | Physical Port | Logical Interface | Data That Passes |
|---|
| Mailbox AES circuit DMAC Lock Checker | Mailbox AES circuit DMAC Lock Checker | Data Input | Mailbox input parameter. User data. Read/Write destination address information. |
| Mailbox AES circuit DMAC | Mailbox AES circuit DMAC | Data Output | Mailbox output parameter. User data. |
| Mailbox Lock Checker | Mailbox Lock Checker | Control Input | Mailbox command information. Lock status confirmation request signal. |
| Mailbox Lock Checker | Mailbox Lock Checker | Status Output | Mailbox command result. Lock status confirmation result signal. |
| Power PIN | Power PIN | Power Input | Power |
Section 2.3
- Module Configuration Overview block diagram of the CM is shown below. Figure 1
- Configuration of module and peripheral components Components of the CM is shown with gray background blocks include processor, memories (volatile and non-volatile memory) and HW circuitry for cryptographic processing. Cryptographic algorithms implemented as FW are shown in light-gray background block. Physical ports bordering outside the CM’s boundary and the data passing over them are also indicated (see Section 3 for details on physical ports and interfaces). Section 3
- Cryptographic Module Interfaces Note 1: Control output is omitted in the table above because the CM does not implement this type of interface. Table 4 ‐ Ports and Interfaces Dec 23, 2024
Service
| Name | | | |
|---|
| Download Port Lock/Unlock | FIPS Crypto Officer (AdminSP.SID) | Mailbox command | Mailbox command result |
| Set PIN (for AdminSP.Admin1) | FIPS Crypto Officer (AdminSP.Admin1) | Mailbox command | Mailbox command result |
| Band Lock/Unlock | FIPS Crypto Officer (LockingSP.Admin1-4) | Mailbox command | Mailbox command result |
| Data Read/Write | | Encrypted/Decrypted data | Decrypted/Encrypted data |
| Band Lock/Unlock for Band of Single User Mode (for GlobalRange) | FIPS Crypto Officer (LockingSP.User1) | Mailbox command | Mailbox command result |
Section 4
- Roles, Services, and Authentication The relation between Roles and Services in this CM is shown below. external firmware is verified (RSASSA-PKCS#1-v1_5). Dec 23, 2024
| Band State (for GlobalRange) | | |
|---|
| Set Band position and Size for Band of Single user Mode (for GlobalRange | | |
| Set PIN (for LockingSP.User1), Set PIN for Band of Single User Mode (for LockingSP.Use1) | | |
| Format Namespace | | |
| Namespace Create/Delete | | |
| Data Read/Write | Encrypted/Decrypted data | Decrypted/Encrypted data |
| FIPS Crypto Officer (LockingSP.User2) | Band Lock/Unlock for Band of Single User Mode (for Band1) | Mailbox command | Mailbox command result |
| Cryptographic Erase for Band of Single User Mode (for Band1) | | |
| Cryptographic Erase and Initialize Band State (for Band1) | | |
| Set Band position and Size for Band of Single user Mode (for Band1) | | |
| Set PIN (for LockingSP.User2), Set PIN for Band of Single User Mode (for LockingSP.User2) | | |
| Format Namespace | | |
| Data Read/Write | Encrypted/Decrypted data | Decrypted/Encrypted data |
| … | … | … | … |
| FIPS Crypto Officer (LockingSP.User192) | Band Lock/Unlock for Band of Single User Mode (for Band191) | Mailbox command | Mailbox command result Exported encryption key Range information |
| Cryptographic Erase for Band of Single User Mode (for Band191) | | |
| Cryptographic Erase and Initialize Band State (for Band191) | | |
| Set Band position and Size for Band of Single user Mode (for Band191) | | |
| Set PIN (for LockingSP.User192), Set PIN for Band of Single User Mode (for LockingSP.User192) | | |
| Format Namespace | | |
| Data Read/Write | Encrypted/Decrypted data | Decrypted/Encrypted data |
| None | Firmware Verification | Mailbox command | Mailbox command result |
| Random Number Generation | | |
| Show Status | | |
| Zeroisation | | |
| Signature Generation | | |
| Signature Verification | | |
| Calculate Hash Digest | | |
| Check Lock State | Read/Write Command | Lock state of each Band |
| Reset | Power | N/A |
… … … … N/A Note: There are LockingSP.Users from user 1 to user 192, but user 3 to user 191 are omitted in the table above. Dec 23, 2024
| Role | | Authentication Method | | Authentication Strength |
|---|
| AdminSP.SID | | Role based PIN authentication | | Single random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000 | |
| AdminSP.Admin1 | | Role based PIN authentication | | Single random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000 | |
| LockingSP.Admin1-4 | | Role based PIN authentication | | Single random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000 | |
| LockingSP.User1 | | Role based PIN authentication | | Single random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000 | |
| LockingSP.User2 | | Role based PIN authentication | | Single random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000 | |
| … | | … | | … | |
| LockingSP.User192 | | Role based PIN authentication | | Single random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000 | |
Table 5 ‐ Roles, Service Commands, Input and output The CM supports the configuration of roles and services. The authenticated operator is expected to configure locked bands for data storage, the associated role and the lock-based authentication data (PIN) per Table 5 (refer to section 11 for detail settings to maintain secure operation). Bands that are not configured are considered unprotected or plaintext. This configuration enables Data Read/Write service using the lock-based authentication model (IG 4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the bands must be controlled by a trusted operator outside of the module who has authenticated the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1
- Roles and Authentication This section describes roles, authentication method, and strength of authentication. … … … Note 1: All roles to be authenticated are FIPS Crypto Officer Note 2: There are LockingSP.Users from user 1 to user 192, but user 3 to user 191 are omitted in the table above. Table 6 ‐ Identification and Authentication Policy The CM provides a role-based PIN authentication function. The CM stores PINs that has been previously hashed with SHA2-256, and verifies the PIN entered by the operator matches the stored information at the time of authentication. PINs can be changed by executing the Set PIN Service (see Section4.2) with appropriate roles authenticated. The CM refuses to set a PIN less than 8 bytes, and responds with an error if such Dec 23, 2024
Service
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|
| Band Lock/Unlock | Lock or unlock read / write of user data in a band. | LockingSP.Admin 1-4 | KDK MEKs System MAC Key | KBKDF HMAC-SHA2-256 | E G E | Mailbox command result |
| Band Lock/Unlock for Band of Single User Mode | Lock or unlock read / write of user data in band ”X” of single user mode. | LockingSP.User”X +1” | | | | |
| Check Lock State | Check a lock state of band that read / write user data. | None | N/A | N/A | N/A | Band Lock state |
| Data Read/Write | Encryption / decryption of user data to/from unlocked band of SSD4. | LockingSP.Admin 1-4 LockingSP.User1- 192 | MEKs | AES256-XTS | E | Readable/Writab le signal from lock check module |
| Cryptographic Erase | Erase user data (in cryptographic means) by changing the key that derives the data encryption key. | LockingSP.Admin 1-4 | | | | |
a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264 < 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 1ms when authentication attempt fails, so the maximum number of authentication attempts is 60,000 times in 1 min. succeed is 60,000 / 2 Consequently, the probability that random attempts in 1min will < 1 / 100,000. Initial PINs of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set to null (i.e., data length is 0). These role’s authentication data are need to be replaced upon the first-time authentication. Otherwise, the operator who assumes these roles cannot execute services except Set PIN and services that does not need authorized roles. Section 4.2
- Services This section describes services which the CM provides. E 1-4 G E +1” N/A N/A N/A E 1-4 DRBG Internal Value 1-4 G, Z E G, Z E AES256-CBC E KTS W, R CKG(Hash_DRBG) E The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively. Dec 23, 2024
Approved algorithm
| Name | Use Function | | | | | |
|---|
| Cryptographic Erase for Band of Single User Mode | Cryptographic Erase for Band of Single User Mode | Erase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key. | LockingSP.user”X +1” | | | |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Cryptographic Erase and Initialize Band State | Erase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key, and initialize the band state. | LockingSP.Admin 1-4 LockingSP.user”X +1” | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| N/A | Download Port Lock/Unlock | Lock / unlock firmware download. | AdminSP.SID | N/A | N/A | Mailbox command result |
| RSASSA-PKCS#1- v1_5 | Firmware Verification | Digital signature verification for firmware outside the CM. | None | Public Key embedded on the CM’s code | E | Mailbox command result |
| SHA2-256 RSASSA-PKCS#1- v1_5 | Firmware Download | Download a firmware image5. | AdminSP.SID | PubKey1 PubKey1 | W, E E | Mailbox command result |
| Hash_DRBG | Random Number Generation | Provide a random number generated by the CM. | None | DRBG Internal Value | E | Mailbox command result |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Set Band Position and Size | Set the location and size of the band. | LockingSP.Admin 1-4 | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| Set Band Position and Size for Band of Single User Mode | Set Band Position and Size for Band of Single User Mode | Set the location and size of the band ”X” of single user mode | LockingSP.Admin 1-4 LockingSP.User”X +1” | | | |
| SHA2-256 HMAC-SHA2-256 AES256-CBC KTS | Set PIN | Set PIN (authentication data). | AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4, LockingSP.User1- 192 | PINs System MAC Key System ENC Key PINs | W, E E E W, R | Mailbox command result |
| Set PIN for Band of Single User Mode | Set PIN for Band of Single User Mode | Set PIN (authentication data) of authority for band “X” of single use mode | LockingSP.User1- 192 | | | |
| SHA2-256 CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Revert | Initialize the band State and disable band lock setting. | AdminSP.SID, AdminSP.Admin1 LockingSP.Admin 1-4, | PINs DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key PINs KDK | W, E E G, Z E G, Z E E W, R W, R | Mailbox command result |
| SHA2-256 HMAC-SHA2-256 AES256-CBC KTS | Data Locking Protection Enable | Enable Data protection with band lock setting. | AdminSP.SID LockingSP.Admin 1-4 | PINs System MAC Key System Enc Key PINs | W, E E E W, R | Mailbox command result |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Sanitize | Erase all user data (in cryptographic means) by changing the key that derives the data encryption key. | AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4 | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Format Namespace | Erase user data (in cryptographic means) on Namespace by changing the key that derives the data encryption key. | AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4, LockingSP.User1- 192 | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Namespace Create/Delete | Create and delete Namespace. | AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4, LockingSP.User1 | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Band Set Enable | Set the location, size and lock state of the band. | LockinSP.Admin1 -4 | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTS | Band Set Disable | Initialize the location, size and lock state of the band. | LockingSP.Admin 1-4 | DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDK | E G, Z E G, Z E E W, R | Mailbox command result |
| ECDSA | Signature Generation | Generate a signature of the data by using a private key entered from outside of the CM. | None | Key Pair Private Key | W, E, Z | Mailbox command result |
| ECDSA | Signature Verification | Verify input signature by using a public key entered from outside of the CM. | None | Key Pair Public Key | W, E, Z | Mailbox command result |
| SHA2-256 | Calculate Hash Digest | Hash the data entered from outside of the CM. | None | N/A | N/A | Mailbox command result |
| N/A | Show Status | Report status of the CM and versioning information. | None | N/A | N/A | Mailbox command result |
| N/A | Zeroisation | Erase SSPs. | None6 | RKey KDK MEKs PINs System MAC Key System Enc Key DRBG Internal Value | Z Z Z Z Z Z Z | Mailbox command result |
| N/A | Reset | Power-OFF: Delete SSPs in RAM. | None | System MAC Key System Enc Key KDK MEKs PINs DRBG Internal Value PubKey1 | Z Z Z Z Z Z Z | N/A |
| RSASSA-PKCS#1- v1_5 KBKDF Entropy Source Hash_DRBG HMAC-SHA2-256 AES256-CBC KTS | | Power-ON: Runs various self-tests to be performed at power-on ( POSTs, CASTs, Firmware Load test ) and generate / import some SSPs. | | PubKey1 RKey System MAC Key System Enc Key DRBG Seed DRBG Seed DRBG Internal Value System MAC Key System Enc Key KDK PINs | W, E E G G G E, Z G E E W W | |
+1” 1-4 E G, Z +1” E G, Z E E W, R N/A N/A N/A E W, E E 1-4 E G, Z E G, Z E E W, R 1-4 +1” E W, E E , E 1-4, W, R E Only the CMVP validated version is to be used Dec 23, 2024
W, E, Z W, E, Z N/A N/A N/A N/A N/A N/A Z Z Z Z Z Z Z N/A Z Z Z Z Z Z Z W, E E G G G E, Z G N/A E E W W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Note 2: A cryptographic module is required to provide services “Show module’s versioning information”, “Show status”, “Perform self-tests”, “Perform approved security functions” and “Perform zeroisation”. In this CM, “Show module’s information” zeroisation” is executed by the Zeroisation service. All other services fall under “Perform approved security functions”. Need to input PSID, which is public drive-unique value used for the zeroisation service. Dec 23, 2024
Table 7 ‐ Approved services The CM does not provide Non-approved services. Section 5
- Software/Firmware Security Firmware Security of components in this CM is shown below. ROM Code: ・ Form of the executable code: ELF format ・ Integrity verification method: 32bit CRC ・ Method for integrity test on demand: Power cycling Firmware image (User Code): ・ Form of the executable code: ELF format ・ Integrity verification method: Approved signature verification (RSASSA-PKCS#1-v1_5, see table 3) ・ Method for integrity test on demand: Power cycling The CM supports the partial loading that replaces the current Firmware image, excluding the ROM Code, with a new Firmware image loaded from outside the module. In this case the CM becomes another validated one. Section 6
- Operational Environment Operational Environment requirements are not applicable because the CM does not employ operating systems and operates in a limited operational environment under the FIPS 140-3 definitions. Section 7
- Physical Security The CM is a sub-chip enclosed in a single chip that is an opaque package. Gathering information of the module’s internal construction or components is impossible without forcing the package to open. In this case, it is confirmed package damage as a tamper-evidence. Operators of the CM can ensure that the physical security is maintained to confirm the package has no obvious attack damage. If the operator discovers tamper evidence, the CM should be removed. Dec 23, 2024
Sensitive security parameter
| Name | Strength | Security Function | Generation | Establishment | Storage | Use | Import Export | Zeroisation |
|---|
| RKey | 256 | KBKDF (#A2433) | Hash_DRBG (Method SP800-133 Rev.2 Section 4) | Installation | Plaintext in OTP | Derivation of System Enc Key and System MAC Key | N/A | Explicit Zeroisation service |
| System Enc Key | 256 | AES-CBC (#A2402) | KDF in Counter Mode | Power-On | Plaintext in RAM | Data and Key Encryption / Decryption for KTS | N/A | Explicit Zeroisation service |
| System MAC Key | 256 | HMAC (#A2402) | KDF in Counter Mode | Power-On | Plaintext in RAM | Message Authentication Code generation | N/A | Explicit Zeroisation service |
| Physical Security Mechanism | | Recommended Frequency of | Inspection/Test Guidance Detail |
|---|
| | Inspection/Test | |
| Passivated opaque package | Every month or every two months | | Confirmation that there is no visual damage |
Front Back Figure 2 - TC58NC1030GTB 0002 SoC Section 8
- Non-invasive security The CM does not apply Non-invasive security. Section 9
- Sensitive security parameter management The CM uses keys and SSPs in the following table. N/A 4) N/A / N/A Dec 23, 2024
Approved algorithm
| Name | Mode Method | Key Size | Use Function | | | | | | |
|---|
| Implicit Power-Off | | | | Implicit Power-Off | and verification for KTS | | | | |
| KBKDF (#A2433) | Hash_DRBG (Method SP800-133 Rev.2 Section 4) | 256 | Imported and Exported by KTS (see Table 3) | Explicit Zeroisation service, Key update services | Derivation of MEKs | KDK | Key update services7 | Plaintext in RAM Encrypted in System Area outside the module using the Approved KTS | |
| AES-XTS (#A2402) | KDF in Counter Mode | 256 | N/A | Explicit Zeroisation service, Key update services | Data encryption / decryption | MEKs | Band Lock/Unlock service, Key update services | Plaintext in AES register | |
| SHA2-256 (#A2402) | Electric input | Referred to in Section 4.1 (Table 6) | Imported and Exported by KTS (see Table 3) | Explicit Zeroisation service | User authentication | PINs | Set PIN service | Hashed in RAM Hashed + Encrypted in System Area outside the module using the Approved KTS | |
| ECDSA (#A2450) | Electric input | 128 | Imported during Signature Generation Service | Implicit Immediately after use8 | Signature generation for arbitrary data | Key Pair Private Key | Signature Generation service | Plaintext in RAM | |
| Hash_DRBG (#A2432) | SP800-90A Instantiation of Hash_DRBG | V: 440 bits C: 440 bits | N/A | Explicit Zeroisation service | Random number generation | DRBG Internal Value | Power-On | Plaintext in RAM | |
| Hash_DRBG (#A2432) | Entropy collected from Entropy Source at instantiation (Minimum | Entropy Input String and Nonce: 1024 bits | N/A | Implicit Immediately after use8 | Random number generation | DRBG Seed | Power-On | Plaintext in RAM | |
| RSA (#A2402) | Electric input | 112 | Imported during FW load. | Implicit Power-Off (Data in RAM) | Signature verification | PubKey1 | Power-on, FW Download service | Plaintext in RAM Hashed in OTP | |
| ECDSA (#A2450) | Electric input | 128 | Imported during Signature Verification Service | Implicit Immediately after use8 | Signature verification for arbitrary data | Key Pair Public Key | Signature Verification service | Plaintext in RAM | |
| Details | | | | | | Entropy source | | | Minimum |
| Hardware RNG used to seed the approved Hash_DRBG. | | Minimum entropy of 8 bits is 3.00. | | | | Entropy Source9 | | | |
4) N/A 6) + N/A N/A The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace, Namespace Create/Delete and Band Set Enable. Zeroised after input to related algorithm. Dec 23, 2024
Approved algorithm
| Name | Mode Method | Key Size | Use Function | | | | | | |
|---|
| RSA (#A2402) | Electric input | 112 | Imported during FW load. | PubKey1 | Power-on, FW Download service | Plaintext in RAM Hashed in OTP | Implicit Power-Off (Data in RAM) | Signature verification | |
| ECDSA (#A2450) | Electric input | 128 | Imported during Signature Verification Service | Key Pair Public Key | Signature Verification service | Plaintext in RAM | Implicit Immediately after use8 | Signature verification for arbitrary data | |
| Details | | | | Entropy source | | | | | Minimum |
| Hardware RNG used to seed the approved Hash_DRBG. | | Minimum entropy of 8 bits is 3.00. | | Entropy Source9 | | | | | |
Table 9 ‐ SSPs Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. The Entropy Source is a hardware module inside the CM boundary. The Entropy Source supplies the Hash_DRBG with 1024 bits entropy input. From Table 10 this input contains about
384 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.
Approved algorithm
| Name | Use Function | | | |
|---|
| AES256-CBC | Encrypt KAT | Conditional | Power-On | Enters Boot Error State. (Indicated Error Code: 0x24) |
| AES256-XTS | Encrypt KAT | Conditional | Power-On | Enters Boot Error State. (Indicated Error Code: 0x23) |
| SHA2-256 | Digest KAT | Conditional | Power-On | Enters Boot Error State. (Indicated Error Code: 0x25) |
| HMAC-SHA2-256 | Digest KAT | Conditional | Power-On | Enters Boot Error State. (Indicated Error Code: 0x26) |
| Hash_DRBG | DRBG KAT | Conditional | Power-On | Enters Boot Error State. (Indicated Error Code: 0x18/0x19) |
| RSASSA-PKCS#1 -v1_5 | Signature verification KAT | Conditional | Power-On | Enters Boot Error State. (Indicated Error Code: 0x27) |
| ECDSA | Signature generation KAT | Conditional | Power-On | Enters Boot Error State (Indicated Error Code: 0x10) |
| ECDSA | Signature verification KAT | Conditional | Before first use | Enters Error State (Indicated Error Code: 0x10) |
| KDF in Counter Mode | KDF KAT | Conditional | Power-On | Enters Boot Error State (Indicated Error Code: 0x28) |
| Entropy Source (Health tests of noise source at startup.) | Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. | Conditional | Power-On | Enters Boot Error State (Indicated Error Code: 0x2C/0x2D) |
| Entropy Source (Continuous noise source health tests during operation.) | Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. | Conditional | Entropy output request | Enters Error State (Conditional Test). (Indicated Error Code: 0x2C/0x2D) |
Section 10
- Self Tests The CM runs self-tests in the following table. Dec 23, 2024
| Firmware load test | Conditional10 | Power-On | Verify signature of loaded firmware image by RSASSA-PKCS#1-v1_5 | Enters Power Up Load Test Error State (Indicated Error Code: 0x13) |
|---|
| | FW download | Verify signature of downloaded firmware image by RSASSA-PKCS#1-v1_5 | Enters Conditional Load Test Error State. After reporting Error code, transition from error state to normal state and continue to operate with FW before download. (Indicated Error Code: 0x13) |
| Firmware integrity test | Pre-operational | Power-On | Verify ROM code integrity with 32bit CRC. | Enters Boot Error State (Implicit error reporting by stopping the startup sequence) |
Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:
- The Firmware described in Section 2.1 is downloaded into the CM.
- Initial SSPs are generated.
- Initial authentication information is set to the CM.
- System area including SSPs generated in Step2 and Step3 are encrypted and calculated message authentication code. Initial operations to setup this CM are following: loaded into the CM can be confirmed. Dec 23, 2024
- Load system area including SSPs into the CM.
- Execute range state setting method.
- Execute download port setting method.
- Execute service execution state setting method.
- Execute namespace setting method. The CM switches to approved mode after the initial operation success. When the initial operation succeeds, the CM indicates success on the Status Output interface. Users can confirm that the CM is in approved mode by executing Show Status service and checking that the startup is successfully completed. For secure operation, the following settings must be maintained: Data Locking Protection is Enabled Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11 ) As described in Section 2, the CM is used by being embedded in the solid state drive. Therefore, there are no maintenance requirements for the CM alone. Guidance for this module is provided to solid state drive developers who embed the CM. The usage and maintenance of solid state drives with the CM built-in are outside of the scope of this document. Section 12 – Mitigation of Other Attacks The CM does not mitigate other attacks beyond the scope of FIPS 140-3 requirements. For maintaining secure condition, the SSD needs several setting at least. Owners of the SSD that embeds the CM must use it securely according to the followings:
- TCG LockingSP is enabled by Activate method.
- Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included Global Range) and it must not be modified.
- For each band, “Power Cycle" of LockOnReset setting is not change.
- If the LockingSP has been made disabled, the Activate method is re-executed before PowerCycle is performed. Dec 23, 2024