All modules
CMVP Validated Module · FIPS 140-3 Security Policy

KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip

Certificate#4946StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorKIOXIA Corporation
High review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 18 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date1/18/2030
EntropyENT (P)
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service.
VendorKIOXIA Corporation
Hardware versions0001

Approved Algorithms (10)

AlgorithmACVP Cert
AES-CBCA2402
AES-ECBA2402
AES-XTS Testing Revision 2.0A2402
ECDSA SigGen (FIPS186-4)A2450
ECDSA SigVer (FIPS186-4)A2450
Hash DRBGA2432
HMAC-SHA2-256A2402
KDF SP800-108A2433
RSA SigVer (FIPS186-4)A2402
SHA2-256A2402

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Roles, Services, and Authentication2
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Sensitive Security Parameter Management2
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>SC01CN</i>"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>update</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C6 clue;
  class I1,I2,I3,I6 infer;
  class R1,R2,R3,R6 risk;
  class E1,E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>SC01CN</i><br/>src: certificate.firmwareVersions"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>update</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1 clueHigh;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip KIOXIA CORPORATION Rev 3.0.5 Dec 23, 2024

Page 3
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services, and Authentication2
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-tests2
1111Life-cycle Assurance2
1212Mitigation of Other AttacksN/A

This document explains precise specification of the security rules about KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. [Number Below] N/A N/A N/A Table 1 ‐ Security Levels This document is non-proprietary and may be reproduced in its original entirety. Section 1.1 - Acronyms AES Advanced Encryption Standard CM SSP DRBG Deterministic Random Bit Generator HMAC The Keyed-Hash Message Authentication code KAT Known Answer Test POST Power on Self-Test CAST Cryptographic Algorithm Self-Test PSID Printed SID SED Self-Encrypting Drive SHA Secure Hash Algorithm SID Security ID TCG Trusted Computing Group Dec 23, 2024

Page 4
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES256 (FIPS 197 / SP800-38A)#A2402CBCKey Size: 256 bits/ Key Strength: 256 bitsData and Key Encryption/ Decryption
Physical single-chipThe sub-chip cryptographicThe associated
subsystem soft circuitry corefirmware
TC58NC1030GTB 0002TC58NC1030GTB CRPT module 0001SC01CN

Section 2

Page 5
Approved algorithm
NameCAVP CertMode MethodKey Size
AES256 (FIPS 197 / SP800-38A, SP800-38E)#A2402XTS, ECB1Key Size: 256 bits/ Key Strength: 256 bitsData Encryption/ Decryption
SHA2-256 (FIPS 180-4)#A2402N/AN/AHashing messages
HMAC-SHA2-256 (FIPS 198-1)#A2402N/AKey Size: 256 bits/ Key Strength: 256 bitsMessage Authentication Code
RSASSA-PKCS#1-v1_5 (FIPS 186-4)#A2402N/AKey Size: 2048, 3072 bits/ Key Strength: 112, 128 bitsSignature verification
ECDSA (FIPS 186-4)#A2450N/ACurve: P-256/ Key Strength: 128 bitsSignature generation/ verification
Hash_DRBG (SP800-90A Rev.1)#A2432N/AHash based: SHA2-256Deterministic Random Bit Generation
KBKDF (SP800-108 Revised)#A2433CounterMACs: HMAC-SHA2-256/ Key Size: 256 bits/ Key Strength: 256 bitsKey derivation
KTS (IG D.G)#A2402N/ACombination of AES256 CBC Mode and HMAC-SHA2-256 / Key Size: 256 bits/ Key Strength: 256 bitsKey Transport Scheme
CKG (SP800-133 Rev.2)Vendor AffirmationN/AMethods described in section 4 of the SP800-133 Rev.2Cryptographic Key Generation
Entropy Source (SP800-90B)#E143N/AN/AHardware RNG used to seed the approved Hash_DRBG.

N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Note 1: The “CAVP Cert” of KTS comes from the fact that KTS is composed of AES256-CBC and HMAC-SHA2-256 (#A2402). Note 2: There are algorithms, modes, and keys that have been CAVP tested but not used by the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used by the module. Table 3 ‐ Approved Algorithms The CM does not have any Non-approved algorithms allowed in the approved mode of operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different according to IG C.I. AES-XTS is only used for encryption/decryption of data stored in solid state drives equipped with this CM. Dec 23, 2024

Page 6
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Mailbox AES circuit DMAC Lock CheckerMailbox AES circuit DMAC Lock CheckerData InputMailbox input parameter. User data. Read/Write destination address information.
Mailbox AES circuit DMACMailbox AES circuit DMACData OutputMailbox output parameter. User data.
Mailbox Lock CheckerMailbox Lock CheckerControl InputMailbox command information. Lock status confirmation request signal.
Mailbox Lock CheckerMailbox Lock CheckerStatus OutputMailbox command result. Lock status confirmation result signal.
Power PINPower PINPower InputPower

Section 2.3

Page 7
Service
Name
Download Port Lock/UnlockFIPS Crypto Officer (AdminSP.SID)Mailbox commandMailbox command result
Set PIN (for AdminSP.Admin1)FIPS Crypto Officer (AdminSP.Admin1)Mailbox commandMailbox command result
Band Lock/UnlockFIPS Crypto Officer (LockingSP.Admin1-4)Mailbox commandMailbox command result
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
Band Lock/Unlock for Band of Single User Mode (for GlobalRange)FIPS Crypto Officer (LockingSP.User1)Mailbox commandMailbox command result

Section 4

Page 8
Band State (for GlobalRange)
Set Band position and Size for Band of Single user Mode (for GlobalRange
Set PIN (for LockingSP.User1), Set PIN for Band of Single User Mode (for LockingSP.Use1)
Format Namespace
Namespace Create/Delete
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
FIPS Crypto Officer (LockingSP.User2)Band Lock/Unlock for Band of Single User Mode (for Band1)Mailbox commandMailbox command result
Cryptographic Erase for Band of Single User Mode (for Band1)
Cryptographic Erase and Initialize Band State (for Band1)
Set Band position and Size for Band of Single user Mode (for Band1)
Set PIN (for LockingSP.User2), Set PIN for Band of Single User Mode (for LockingSP.User2)
Format Namespace
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
FIPS Crypto Officer (LockingSP.User192)Band Lock/Unlock for Band of Single User Mode (for Band191)Mailbox commandMailbox command result Exported encryption key Range information
Cryptographic Erase for Band of Single User Mode (for Band191)
Cryptographic Erase and Initialize Band State (for Band191)
Set Band position and Size for Band of Single user Mode (for Band191)
Set PIN (for LockingSP.User192), Set PIN for Band of Single User Mode (for LockingSP.User192)
Format Namespace
Data Read/WriteEncrypted/Decrypted dataDecrypted/Encrypted data
NoneFirmware VerificationMailbox commandMailbox command result
Random Number Generation
Show Status
Zeroisation
Signature Generation
Signature Verification
Calculate Hash Digest
Check Lock StateRead/Write CommandLock state of each Band
ResetPowerN/A

… … … … N/A Note: There are LockingSP.Users from user 1 to user 192, but user 3 to user 191 are omitted in the table above. Dec 23, 2024

Page 9
RoleAuthentication MethodAuthentication Strength
AdminSP.SIDRole based PIN authenticationSingle random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000
AdminSP.Admin1Role based PIN authenticationSingle random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000
LockingSP.Admin1-4Role based PIN authenticationSingle random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000
LockingSP.User1Role based PIN authenticationSingle random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000
LockingSP.User2Role based PIN authenticationSingle random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000
LockingSP.User192Role based PIN authenticationSingle random attempt: 1 / 264 < 1 / 1,000,000 Multi attempt per minute: 60,000 / 264 < 1 / 100,000

Table 5 ‐ Roles, Service Commands, Input and output The CM supports the configuration of roles and services. The authenticated operator is expected to configure locked bands for data storage, the associated role and the lock-based authentication data (PIN) per Table 5 (refer to section 11 for detail settings to maintain secure operation). Bands that are not configured are considered unprotected or plaintext. This configuration enables Data Read/Write service using the lock-based authentication model (IG 4.1.A). To Read/Write data from/to each band, an operator must unlock the bands with appropriate authenticated roles. Once the bands are unlocked, Read and Write access to the bands must be controlled by a trusted operator outside of the module who has authenticated the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1

Page 10
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Band Lock/UnlockLock or unlock read / write of user data in a band.LockingSP.Admin 1-4KDK MEKs System MAC KeyKBKDF HMAC-SHA2-256E G EMailbox command result
Band Lock/Unlock for Band of Single User ModeLock or unlock read / write of user data in band ”X” of single user mode.LockingSP.User”X +1”
Check Lock StateCheck a lock state of band that read / write user data.NoneN/AN/AN/ABand Lock state
Data Read/WriteEncryption / decryption of user data to/from unlocked band of SSD4.LockingSP.Admin 1-4 LockingSP.User1- 192MEKsAES256-XTSEReadable/Writab le signal from lock check module
Cryptographic EraseErase user data (in cryptographic means) by changing the key that derives the data encryption key.LockingSP.Admin 1-4

a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264 < 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 1ms when authentication attempt fails, so the maximum number of authentication attempts is 60,000 times in 1 min. succeed is 60,000 / 2 Consequently, the probability that random attempts in 1min will < 1 / 100,000. Initial PINs of AdminSP.Admin1, LockingSP.Admin2-4 and LockingSP.User1-192 are set to null (i.e., data length is 0). These role’s authentication data are need to be replaced upon the first-time authentication. Otherwise, the operator who assumes these roles cannot execute services except Set PIN and services that does not need authorized roles. Section 4.2

Page 11
Approved algorithm
NameUse Function
Cryptographic Erase for Band of Single User ModeCryptographic Erase for Band of Single User ModeErase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key.LockingSP.user”X +1”
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSCryptographic Erase and Initialize Band StateErase user data in band ”X” of single user mode (in cryptographic means) by changing the key that derives the data encryption key, and initialize the band state.LockingSP.Admin 1-4 LockingSP.user”X +1”DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
N/ADownload Port Lock/UnlockLock / unlock firmware download.AdminSP.SIDN/AN/AMailbox command result
RSASSA-PKCS#1- v1_5Firmware VerificationDigital signature verification for firmware outside the CM.NonePublic Key embedded on the CM’s codeEMailbox command result
SHA2-256 RSASSA-PKCS#1- v1_5Firmware DownloadDownload a firmware image5.AdminSP.SIDPubKey1 PubKey1W, E EMailbox command result
Hash_DRBGRandom Number GenerationProvide a random number generated by the CM.NoneDRBG Internal ValueEMailbox command result
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSSet Band Position and SizeSet the location and size of the band.LockingSP.Admin 1-4DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
Set Band Position and Size for Band of Single User ModeSet Band Position and Size for Band of Single User ModeSet the location and size of the band ”X” of single user modeLockingSP.Admin 1-4 LockingSP.User”X +1”
SHA2-256 HMAC-SHA2-256 AES256-CBC KTSSet PINSet PIN (authentication data).AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4, LockingSP.User1- 192PINs System MAC Key System ENC Key PINsW, E E E W, RMailbox command result
Set PIN for Band of Single User ModeSet PIN for Band of Single User ModeSet PIN (authentication data) of authority for band “X” of single use modeLockingSP.User1- 192
SHA2-256 CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSRevertInitialize the band State and disable band lock setting.AdminSP.SID, AdminSP.Admin1 LockingSP.Admin 1-4,PINs DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key PINs KDKW, E E G, Z E G, Z E E W, R W, RMailbox command result
SHA2-256 HMAC-SHA2-256 AES256-CBC KTSData Locking Protection EnableEnable Data protection with band lock setting.AdminSP.SID LockingSP.Admin 1-4PINs System MAC Key System Enc Key PINsW, E E E W, RMailbox command result
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSSanitizeErase all user data (in cryptographic means) by changing the key that derives the data encryption key.AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSFormat NamespaceErase user data (in cryptographic means) on Namespace by changing the key that derives the data encryption key.AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4, LockingSP.User1- 192DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSNamespace Create/DeleteCreate and delete Namespace.AdminSP.SID, AdminSP.Admin1 , LockingSP.Admin 1-4, LockingSP.User1DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSBand Set EnableSet the location, size and lock state of the band.LockinSP.Admin1 -4DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
CKG(Hash_DRBG) KBKDF HMAC-SHA2-256 AES256-CBC KTSBand Set DisableInitialize the location, size and lock state of the band.LockingSP.Admin 1-4DRBG Internal Value KDK KDK MEKs System MAC Key System Enc Key KDKE G, Z E G, Z E E W, RMailbox command result
ECDSASignature GenerationGenerate a signature of the data by using a private key entered from outside of the CM.NoneKey Pair Private KeyW, E, ZMailbox command result
ECDSASignature VerificationVerify input signature by using a public key entered from outside of the CM.NoneKey Pair Public KeyW, E, ZMailbox command result
SHA2-256Calculate Hash DigestHash the data entered from outside of the CM.NoneN/AN/AMailbox command result
N/AShow StatusReport status of the CM and versioning information.NoneN/AN/AMailbox command result
N/AZeroisationErase SSPs.None6RKey KDK MEKs PINs System MAC Key System Enc Key DRBG Internal ValueZ Z Z Z Z Z ZMailbox command result
N/AResetPower-OFF: Delete SSPs in RAM.NoneSystem MAC Key System Enc Key KDK MEKs PINs DRBG Internal Value PubKey1Z Z Z Z Z Z ZN/A
RSASSA-PKCS#1- v1_5 KBKDF Entropy Source Hash_DRBG HMAC-SHA2-256 AES256-CBC KTSPower-ON: Runs various self-tests to be performed at power-on ( POSTs, CASTs, Firmware Load test ) and generate / import some SSPs.PubKey1 RKey System MAC Key System Enc Key DRBG Seed DRBG Seed DRBG Internal Value System MAC Key System Enc Key KDK PINsW, E E G G G E, Z G E E W W

+1” 1-4 E G, Z +1” E G, Z E E W, R N/A N/A N/A E W, E E 1-4 E G, Z E G, Z E E W, R 1-4 +1” E W, E E , E 1-4, W, R E Only the CMVP validated version is to be used Dec 23, 2024

Page 13

W, E, Z W, E, Z N/A N/A N/A N/A N/A N/A Z Z Z Z Z Z Z N/A Z Z Z Z Z Z Z W, E E G G G E, Z G N/A E E W W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Note 2: A cryptographic module is required to provide services “Show module’s versioning information”, “Show status”, “Perform self-tests”, “Perform approved security functions” and “Perform zeroisation”. In this CM, “Show module’s information” zeroisation” is executed by the Zeroisation service. All other services fall under “Perform approved security functions”. Need to input PSID, which is public drive-unique value used for the zeroisation service. Dec 23, 2024

Page 14

Table 7 ‐ Approved services The CM does not provide Non-approved services. Section 5

Page 15
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageUseImport ExportZeroisation
RKey256KBKDF (#A2433)Hash_DRBG (Method SP800-133 Rev.2 Section 4)InstallationPlaintext in OTPDerivation of System Enc Key and System MAC KeyN/AExplicit Zeroisation service
System Enc Key256AES-CBC (#A2402)KDF in Counter ModePower-OnPlaintext in RAMData and Key Encryption / Decryption for KTSN/AExplicit Zeroisation service
System MAC Key256HMAC (#A2402)KDF in Counter ModePower-OnPlaintext in RAMMessage Authentication Code generationN/AExplicit Zeroisation service
Physical Security MechanismRecommended Frequency ofInspection/Test Guidance Detail
Inspection/Test
Passivated opaque packageEvery month or every two monthsConfirmation that there is no visual damage

Front Back Figure 2 - TC58NC1030GTB 0002 SoC Section 8

Page 16
Approved algorithm
NameMode MethodKey SizeUse Function
Implicit Power-OffImplicit Power-Offand verification for KTS
KBKDF (#A2433)Hash_DRBG (Method SP800-133 Rev.2 Section 4)256Imported and Exported by KTS (see Table 3)Explicit Zeroisation service, Key update servicesDerivation of MEKsKDKKey update services7Plaintext in RAM Encrypted in System Area outside the module using the Approved KTS
AES-XTS (#A2402)KDF in Counter Mode256N/AExplicit Zeroisation service, Key update servicesData encryption / decryptionMEKsBand Lock/Unlock service, Key update servicesPlaintext in AES register
SHA2-256 (#A2402)Electric inputReferred to in Section 4.1 (Table 6)Imported and Exported by KTS (see Table 3)Explicit Zeroisation serviceUser authenticationPINsSet PIN serviceHashed in RAM Hashed + Encrypted in System Area outside the module using the Approved KTS
ECDSA (#A2450)Electric input128Imported during Signature Generation ServiceImplicit Immediately after use8Signature generation for arbitrary dataKey Pair Private KeySignature Generation servicePlaintext in RAM
Hash_DRBG (#A2432)SP800-90A Instantiation of Hash_DRBGV: 440 bits C: 440 bitsN/AExplicit Zeroisation serviceRandom number generationDRBG Internal ValuePower-OnPlaintext in RAM
Hash_DRBG (#A2432)Entropy collected from Entropy Source at instantiation (MinimumEntropy Input String and Nonce: 1024 bitsN/AImplicit Immediately after use8Random number generationDRBG SeedPower-OnPlaintext in RAM
RSA (#A2402)Electric input112Imported during FW load.Implicit Power-Off (Data in RAM)Signature verificationPubKey1Power-on, FW Download servicePlaintext in RAM Hashed in OTP
ECDSA (#A2450)Electric input128Imported during Signature Verification ServiceImplicit Immediately after use8Signature verification for arbitrary dataKey Pair Public KeySignature Verification servicePlaintext in RAM
DetailsEntropy sourceMinimum
Hardware RNG used to seed the approved Hash_DRBG.Minimum entropy of 8 bits is 3.00.Entropy Source9

4) N/A 6) + N/A N/A The following service are applicable, Cryptographic Erase, Cryptographic Erase for Band of Single User Mode, Cryptographic Erase and Initialize Band State, Set Band Position and Size, Set Band Position and Size for Band of Single User Mode, Revert, Sanitize, Format Namespace, Namespace Create/Delete and Band Set Enable. Zeroised after input to related algorithm. Dec 23, 2024

Page 17
Approved algorithm
NameMode MethodKey SizeUse Function
RSA (#A2402)Electric input112Imported during FW load.PubKey1Power-on, FW Download servicePlaintext in RAM Hashed in OTPImplicit Power-Off (Data in RAM)Signature verification
ECDSA (#A2450)Electric input128Imported during Signature Verification ServiceKey Pair Public KeySignature Verification servicePlaintext in RAMImplicit Immediately after use8Signature verification for arbitrary data
DetailsEntropy sourceMinimum
Hardware RNG used to seed the approved Hash_DRBG.Minimum entropy of 8 bits is 3.00.Entropy Source9

Table 9 ‐ SSPs Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. The Entropy Source is a hardware module inside the CM boundary. The Entropy Source supplies the Hash_DRBG with 1024 bits entropy input. From Table 10 this input contains about

384 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.

Page 18
Approved algorithm
NameUse Function
AES256-CBCEncrypt KATConditionalPower-OnEnters Boot Error State. (Indicated Error Code: 0x24)
AES256-XTSEncrypt KATConditionalPower-OnEnters Boot Error State. (Indicated Error Code: 0x23)
SHA2-256Digest KATConditionalPower-OnEnters Boot Error State. (Indicated Error Code: 0x25)
HMAC-SHA2-256Digest KATConditionalPower-OnEnters Boot Error State. (Indicated Error Code: 0x26)
Hash_DRBGDRBG KATConditionalPower-OnEnters Boot Error State. (Indicated Error Code: 0x18/0x19)
RSASSA-PKCS#1 -v1_5Signature verification KATConditionalPower-OnEnters Boot Error State. (Indicated Error Code: 0x27)
ECDSASignature generation KATConditionalPower-OnEnters Boot Error State (Indicated Error Code: 0x10)
ECDSASignature verification KATConditionalBefore first useEnters Error State (Indicated Error Code: 0x10)
KDF in Counter ModeKDF KATConditionalPower-OnEnters Boot Error State (Indicated Error Code: 0x28)
Entropy Source (Health tests of noise source at startup.)Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B.ConditionalPower-OnEnters Boot Error State (Indicated Error Code: 0x2C/0x2D)
Entropy Source (Continuous noise source health tests during operation.)Verify not deviating from the intended behavior of the noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B.ConditionalEntropy output requestEnters Error State (Conditional Test). (Indicated Error Code: 0x2C/0x2D)

Section 10

Page 19
Firmware load testConditional10Power-OnVerify signature of loaded firmware image by RSASSA-PKCS#1-v1_5Enters Power Up Load Test Error State (Indicated Error Code: 0x13)
FW downloadVerify signature of downloaded firmware image by RSASSA-PKCS#1-v1_5Enters Conditional Load Test Error State. After reporting Error code, transition from error state to normal state and continue to operate with FW before download. (Indicated Error Code: 0x13)
Firmware integrity testPre-operationalPower-OnVerify ROM code integrity with 32bit CRC.Enters Boot Error State (Implicit error reporting by stopping the startup sequence)

Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:

  1. The Firmware described in Section 2.1 is downloaded into the CM.
  2. Initial SSPs are generated.
  3. Initial authentication information is set to the CM.
  4. System area including SSPs generated in Step2 and Step3 are encrypted and calculated message authentication code. Initial operations to setup this CM are following: loaded into the CM can be confirmed. Dec 23, 2024
Page 20
  1. Load system area including SSPs into the CM.
  2. Execute range state setting method.
  3. Execute download port setting method.
  4. Execute service execution state setting method.
  5. Execute namespace setting method. The CM switches to approved mode after the initial operation success. When the initial operation succeeds, the CM indicates success on the Status Output interface. Users can confirm that the CM is in approved mode by executing Show Status service and checking that the startup is successfully completed. For secure operation, the following settings must be maintained:  Data Locking Protection is Enabled  Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11 ) As described in Section 2, the CM is used by being embedded in the solid state drive. Therefore, there are no maintenance requirements for the CM alone. Guidance for this module is provided to solid state drive developers who embed the CM. The usage and maintenance of solid state drives with the CM built-in are outside of the scope of this document. Section 12 – Mitigation of Other Attacks The CM does not mitigate other attacks beyond the scope of FIPS 140-3 requirements. For maintaining secure condition, the SSD needs several setting at least. Owners of the SSD that embeds the CM must use it securely according to the followings:
  6. TCG LockingSP is enabled by Activate method.
  7. Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included Global Range) and it must not be modified.
  8. For each band, “Power Cycle" of LockOnReset setting is not change.
  9. If the LockingSP has been made disabled, the Activate method is re-executed before PowerCycle is performed. Dec 23, 2024