All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Samsung TCG Opal SSC Cryptographic Sub-Chip

Certificate#4965StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorSamsung Electronics Co., Ltd.
Medium review priority  ·  no TCB surface named  ·  last validated 17 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date2/12/2030
CaveatWhen operated in approved mode
VendorSamsung Electronics Co., Ltd.

Approved Algorithms (11)

AlgorithmACVP Cert
AES-ECBA4135
AES-ECBA4252
AES-GCMA4252
Counter DRBGA4135
ECDSA KeyGen (FIPS186-4)A4252
ECDSA SigVer (FIPS186-4)A4252
HMAC-SHA2-256A4252
KAS-ECC-SSC Sp800-56Ar3A4252
KDF SP800-108A4252
SHA2-256A4252
SHA2-384A4252

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Samsung TCG Opal SSC Cryptographic Sub-Chip
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Rollback</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Show Status<br/>self-test</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3 clue;
  class I2,I3 infer;
  class R2,R3 risk;
  class E2,E3 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Samsung TCG Opal SSC Cryptographic Sub-Chip
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Rollback</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Show Status<br/>self-test</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueLow;

Security Policy, page by page

Page 1

Samsung TCG Opal SSC Cryptographic Sub-Chip Document Version: 1.2 Last update: 2025-01-28 Prepared for: Samsung Electronics Co., Ltd. 1-1, Samsungjeonja-ro Hwaseong-si, Gyeonggi-do Korea, 18448 www.samsung.com Prepared by: atsec information security corporation

4516 Seton Center Pkwy Suite 250

Austin, TX 78759 www.atsec.com

Page 2
Table of Contents
#SectionPage
Page 3

©2025 Samsung Electronics Co., Ltd., and atsec information security.

3 of 32
Page 4

©2025 Samsung Electronics Co., Ltd., and atsec information security.

4 of 32
Page 5
1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy of the Samsung TCG Opal SSC Cryptographic Sub-Chip cryptographic module (hereafter referred to as “the module”). This Security Policy contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 2 module. This Non-Proprietary Security Policy may be reproduced and distributed, but only whole, intact, and must include this notice. Other documentation is proprietary to their authors. Table 1 describes the individual security areas of FIPS 140-3, as well as the security levels of the module with respect to each of those individual areas.

1.2 Security Levels

ISO/IEC 24759 Section 6 FIPS 140-3 Section Title Security [Subsection Num. Level Below]

1 General 2
2 Cryptographic Module Specification 2
3 Cryptographic Module Interfaces 2
4 Roles, Services, and Authentication 2
5 Software/Firmware Security 2
6 Operational Environment N/A
7 Physical Security 2
8 Non-invasive Security N/A
9 Sensitive Security Parameter 2
10 Self-tests 2
11 Life-cycle Assurance 2
12 Mitigation of Other Attacks N/A

Overall 2 Table 1: Security Levels ©2025 Samsung Electronics Co., Ltd., and atsec information security.

5 of 32
Page 6
2.1 Description

Purpose and Use: The Samsung TCG Opal SSC Cryptographic Sub-Chip (referred to as “the module” in the rest of this document) is a hardware cryptographic module which provides FIPS 140-

3 certified security functionality to Samsung’s TCG Opal SEDs.

Module Type: Hardware Module Embodiment: Single Chip Module Characteristics: The sub-chip hardware is contained within the Samsung S4LV006A01 SSD controller found within a Samsung TCG Opal SEDs. Cryptographic Boundary: The cryptographic boundary of the module consists of following components: - S-Core, - A dedicated OTP on the SoC for the S-Core - A set of fuses on the SoC which are dedicated to the S-Core - Sub-Chip’s main firmware and bootloader. Figure 1: Block Diagram ©2025 Samsung Electronics Co., Ltd., and atsec information security.

6 of 32
Page 7
2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

2.3 Excluded Components

The vendor does not claim any excluded components within the module’s boundary.

2.4 Modes of Operation

Modes List and Description: Name Description Type Status Indicator Approved Automatically entered whenever FIPS Equivalent to the indicator of Mode an approved service is requested the requested service Non-approved Automatically entered whenever nonFIPS Equivalent to the indicator of Mode a non-approved service is the requested service requested Table 3: Modes List and Description Mode change instructions and status indicators: After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on startup, the module automatically transitions to the approved mode. The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of operation is equivalent to the indicator of the service that was requested. For each service the module provides a response message that includes the service indicator for the requested service. Output “1” suggests that the service is approved and the output “0” suggests that the service is non-approved. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

7 of 32
Page 8
2.5 Algorithms

Approved Algorithms: Key Size/ Cert1 Algorithm and Standard Mode/Method Strength Use/Function A4252 AES [FIPS 197, SP 800-38A] ECB 256 bits / 256 bits Encryption A4252 AES [FIPS 197, SP 800-38D] GCM (internal IV) 256 bits / 256 bits Authenticated Section 8.2.2 of SP 800- Encryption/Decryption 38D A4252 ECDSA key generation Appendix B.4.2 Testing P-384 / 192 bits key generation [FIPS 186-4] Candidates A4252 ECDSA signature Using SHA2-384 P-384 / 192 bits signature verification verification [FIPS 186-4] A4252 HMAC [FIPS 198-1] SHA2-256 112-512 bits / 112- Message Authentication

256 bits Code

A4252 KAS-ECC-SSC staticUnified P-384 / 192 bits Shared secret [SP 800-56Arev3] computation A4252 KDA [SP 800-56Crev2] One step no counter 256 bits / 256 bits Key derivation A4252 KDF [SP 800-108] Counter using HMAC- 256 bits Key derivation SHA2-256 A4252 SHS [FIPS 180-4] SHA2-256, N/A Hashing SHA2-384 A4135 AES [FIPS 197, SP 800-38A] ECB 256 bits / 256 bits Encryption A4135 CTR_DRBG [SP 800-90A] AES-256 with derivation 256 bits / 256 bits Random number function generation Table 4: Approved Algorithms Vendor Affirmed Algorithms: The module implements Cryptographic Key Generation (CKG), as a vendor affirmed algorithm compliant to SP 800-133r2, Section 4 and Section 5.2. See section 2.9 for details. Non-approved, Allowed Algorithms: The module does not implement any non-approved algorithms that could be used in an approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement any non-approved algorithms that could be used in an approved mode of operation. Non-Approved, Not-Allowed Algorithms: Name Use and Function AES-XTS Used for Decrypt Firmware to decrypt FW provided by H-Core Used for Verify Decrypt Firmware together with ECDSA signature verification to decrypt and verify signature of FW provided by H-Core RSA Encrypt Used for Get Dump Key to encrypt the AES-XTS dump key

1 The CAVP certs also list ECB decryption and ECDSA signature generation algorithm which is not used by the module.

©2025 Samsung Electronics Co., Ltd., and atsec information security.

8 of 32
Page 9

ECDSA verification with AES XTS Used for Verify Decrypt Firmware together with AES-XTS decryption decryption to verify a signature of and encrypted FW provided by H-Core Table 5: Non-Approved, Not Allowed Algorithms ©2025 Samsung Electronics Co., Ltd., and atsec information security.

9 of 32
Page 10
2.6 Security Function Implementations

Name Type Description Properties Algorithms/CAVP Cert ECDH Key KAS SP 800-56Arev3. P-384 curve providing 192 bits of KAS-ECC-SSC / A4252 agreement KAS-ECC per IG security strength KDA / A4252 D.F Scenario 2 path (2) AES GCM KTS SP 800-38D and 256-bit key providing 256 bits of AES GCM / A4252 SP 800-38F. KTS security strength (key wrapping and unwrapping) per IG D.G Table 5A: Security Function Implementation

2.7 Algorithm Specific Information

The ECDSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5 on February 3, 2024. For the current module context, FIPS 186-4 can still be used in the approved mode. See IG C.K for details.

2.8 RNG and Entropy

Entropy Information: Name Type Operational Sample Size Entropy Per Sample Conditioning Environment Component Samsung TRNG Physical See Table 2 1 Bit 0.5 Bits None (Cert. E81) Table 6: Entropy RNG Information: The module implements SP 800-90ARev1 CTR_DRBG that with AES-256 as the block cipher and has a derivation function. The CTR_DRBG is provided with a 256-bit nonce and 512-bits of entropy input from the entropy source, which provides 256-bit of entropy.

2.9 Key Generation

Name Type Properties ECDSA key pair CKG EC Curve: P-384; Security strength: 192 bits generation Method: FIPS 186-4 Appendix B.4.2 Testing Candidates Compliant to SP 800-133r2, Section 5.2 Symmetric key CKG Symmetric key generated using SP 800-90ARev1 DRBG generation Compliant to SP 800-133r2, Section 4 Table 7: Key Generation

2.10 Key Establishment

Name Type Properties ECDH Key KAS-ECC-SSC Curves: P-384; Security strength: 192 bits agreement with SP 800- KDF: One Step KDF with no counter 56Crev2 Compliant with SP 800-56Ar3 and IG D.F Scenario 2 (2) ©2025 Samsung Electronics Co., Ltd., and atsec information security.

10 of 32
Page 11

AES Key Transport GCM AES GCM using 256 bit Key Compliant with IG D.G and SP 800-38F Table 8: Key Establishment

2.11 Industry Protocols

The module does not implement any industry protocols. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

11 of 32
Page 12
3.1 Ports and Interfaces

Physical Port Logical Interface Data That Passes Mailbox/DMA Data Input Input Parameters DMA Data Output Output parameters Mailbox Control Input Command Input Mailbox Status Output Status information Power Port Power Input N/A Table 9: Ports and Interfaces This module does not have a Control Output interface. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

12 of 32
Page 13

4. Roles, Services, and Authentication

4.1 Authentication Methods

Method Description Security Strength Per Strength Name Mechanism Attempt Per Minute Key- Operator keys that are necessary to access The module Probability of Probability of Based authenticated commands, are access controlled waits for success: 1/264 success: KDF using 256-bit Credential Protection Key (CPK) 750ms after a 80/264 which is derived from SP 800-108 KDF using failed attempt. Authority ID, Password and KDK_CPK i.e. key derivation key for CPK. Only the operator with valid Authority ID and Password (minimum of 8 bytes) can lead to derivation of valid CPK which will allow the operator to access the authenticated commands. The module does not support concurrent operators and it does not maintain any authentication results across power cycle. Table 10: Authentication Methods

4.2 Roles

Name Type Authentication Methods SysID CO Key-Based KDF AdminSP.SID CO Key-Based KDF AdminSP.Admin1 CO Key-Based KDF LockingSP.Admin1~4 CO Key-Based KDF LockingSP.User1~9 User Key-Based KDF Table 11: Roles ©2025 Samsung Electronics Co., Ltd., and atsec information security.

13 of 32
Page 14
4.3 Approved Services

Name Descriptio Indicator Inputs Outputs Security Role SSP Access n Functions Show Status Provide the 1 None Module None N/A None module versioning versioning information information and current status of the module Create Create 1 None Success/ AES-GCM, SysID EWGZ: [CK, Namespace Namespace Failure ECDH Key PK, SK]; Agreement, EWZ: [KEK, CTR_DRBG, KPK]; SHA, E: [SMK, HMAC KMK, REK] Delete Delete 1 Namespace Success/ AES-GCM, SysID EWGZ: Namespace Namespace Selection Failure CTR_DRBG, [MEK]; HMAC EWZ: [KEK, KPK]; E: [SMK, KMK, REK] Format NVM Cryptograph 1 None Success/ AES-GCM, SysID EWGZ: ically erase Failure CTR_DRBG, [MEK]; a specific HMAC EWZ: [KEK, Namespace' KPK]; s MEK E: [SMK, KMK, REK] Permanent Enable 1 None Success/ AES-GCM, SysID EWZ: [KPK, Write NVMe write Failure HMAC KEK]; Protection protection E: [SMK, KMK, REK] Sanitize Erase all 1 None Success/ AES-GCM, SysID EWGZ: MEKs and Failure CTR_DRBG, [MEK]; generate HMAC EWZ: [KEK, new MEK to KPK]; support E: [SMK, NVMe KMK, REK] Sanitize Crypto Erase all 1 None Success/ AES-GCM, SysID EWGZ: Erase MEKs and Failure CTR_DRBG, [MEK]; generate HMAC EWZ: [KEK, new MEK to KPK]; support E: [SMK, NVMe KMK, REK] CryptoErase Activate Make 1 PIN Success/ AES-GCM, AdminSP.SI EWGZ: AdminSP to Failure CTR_DRBG, D [KPK, MEK, transition to HMAC, CPK, the ECDH Key KDK_CPK, Manufacture Agreement, KDK_KPK]; d2 state KBKDF, EWZ: [PIN]; SHA WGZ: [SK, PK]; E: [REK, SMK, KMK] ©2025 Samsung Electronics Co., Ltd., and atsec information security.

14 of 32
Page 15

Name Descriptio Indicator Inputs Outputs Security Role SSP Access n Functions Reactivate Support TCG 1 PIN Success/ AES-GCM, AdminSP.SI EWGZ: SUM Failure CTR_DRBG, D [KPK, MEK, method that HMAC, CPK, change to ECDH Key AdminSP.Ad KDK_CPK, min1 "Single User Agreement, KDK_KPK]; Mode" from KBKDF, SHA EWZ: [PIN]; TCG Opal WGZ: [SK, feature set PK]; spec. E: [REK, SMK, KMK] Assign Support TCG 1 Target Success/ AES-GCM, LockingSP.A EWGZ: CNL method Namespace, Failure ECDH Key dmin1~4 [MEK, CK, to couple Target Agreement, PK, SK]; LockingSP.U EGZ: [KEK, LockingObje Locking CTR_DRBG, ct from ser1~9 KPK]; Object SHA, HMAC NSGlobal E: [REK, Range SMK, KMK] Deassign Support TCG 1 Target Success/ AES-GCM, LockingSP.A EWGZ: CNL method Namespace, Failure ECDH Key dmin1~4 [MEK, CK, to decouple Target Agreement, PK, SK]; LockingObje Locking CTR_DRBG, LockingSP.U EGZ: [KEK, ct from Object SHA, HMAC ser1~9 KPK]; NSGlobal E: [REK, Range SMK, KMK] Erase Support TCG 1 Target Success/ AES-GCM, LockingSP.A EWGZ: SUM Namespace Failure CTR_DRBG, dmin1~4 [MEK, CPK, method to HMAC, KDK_CPK, LockingSP.U crypto ECDH Key KDK_CPK, erase. Agreement, ser1~9 PK, SK]; EraseGlobal KBKDF, SHA EWZ: [KPK]; crypto erase EZ: [PIN]; MEK which E: [REK, assign to SMK, KMK] Global Range Genkey Support TCG 1 Target Success/ AES-GCM, LockingSP.A EWGZ: method to Namespace Failure CTR_DRBG, dmin1~4 [MEK]; crypto HMAC EWZ: [KEK, erase. LockingSP.U KPK]; ser1~9 GenkeyNon E: [REK, Global SMK, KMK] crypto erase MEK which assign to Global Range Grant Support TCG 1 Target Success/ AES-GCM, LockingSP.A EWGZ: [CK, method that Authority Failure ECDH Key dmin1~4 PK, SK]; grants a Agreement, EWZ: [KEK, User’s CTR_DRBG, LockingSP.U KPK]; authority to SHA, HMAC ser1~9 E: [REK, another SMK, KMK] authority Random Provides 1 None DRBG CTR_DRBG N/A DRBG random Output Output number ©2025 Samsung Electronics Co., Ltd., and atsec information security.

15 of 32
Page 16

Name Descriptio Indicator Inputs Outputs Security Role SSP Access n Functions from the module Revert Support TCG 1 PIN Success/ AES-GCM, AdminSP.SI EWGZ: method to Failure CTR_DRBG, D [KEK, KPK, make a TCG HMAC, MEK, CPK, state to KBKDF, SHA AdminSP.Ad KDK_CPK, Manufacture min1 KDK_KPK]; d2 WGZ: [SK, inactivate PK]; state with EZ: [PIN]; password E: [REK, SMK, KMK] RevertWithP Support TCG 1 PIN Success/ AES-GCM, SysID EWGZ: SID method to Failure CTR_DRBG, [KEK, KPK, make a TCG HMAC, MEK, CPK, state to KBKDF, SHA KDK_CPK, Manufacture KDK_KPK]; d2 WGZ: [SK, inactivate PK]; state with EZ: [PIN]; PSID E: [REK, SMK, KMK] RevertSP Clear state 1 PIN, Success/Fail AES-GCM, LockingSP.A EWGZ: of TCG Target SP ure CTR_DRBG, dmin1~4 [KPK, MEK, Service KBKDF, SHA CPK, Provider(SP) KDK_CPK, i.e. it causes KDK_KPK]; the SP to WGZ: [SK, revert to its PK]; factory2 EWZ: [PIN, state. KEK]; E: [REK, SMK, KMK] SetC_PIN Set PIN 1 PIN, Success/ CTR_DRBG, All roles EWGZ: New PIN Failure AES-GCM, [KPK, MEK, ECDH Key CPK, Agreement, KDK_CPK, KBKDF, KDK_KPK]; SHA, HMAC WGZ: [SK, PK]; EWZ: [PIN, KEK]; E: [REK, SMK, KMK] SetRange Set Range 1 Target Success/ AES-GCM, LockingSP.A EWZ: [KPK, for using Range Failure HMAC dmin1~4 KEK, MEK]; TCG E: [REK, LockingSP.U SMK, KMK] ser1~9 Authenticat Load the 1 Authority Success/ CTR_DRBG, All roles EWGZ: e3* KPK for Index, Failure AES-GCM, [KPK, MEK, authority PIN ECDH Key CPK, and decrypt Agreement, KDK_CPK,

2 Manufactured or Factory state refers to TCG Opal SSC’s policy state, not a FIPS 140-3 module state.

3* “authenticate” and “deauthenticate” services are not functions used to comply with FIPS authentication requirements but instead used as part of the TCG Opal SSC specification’s commands. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

16 of 32
Page 17

Name Descriptio Indicator Inputs Outputs Security Role SSP Access n Functions related KBKDF, KDK_KPK]; encryption SHA, HMAC WGZ: [SK, keys. PK]; EWZ: [PIN, KEK]; E: [REK, SMK, KMK] Deauthentic Zeroise the 1 None Success/ N/A All roles Z: [KPK] ate3* KPK for Failure authority and zeroise related encryption keys. TperReset Reset the 1 None Success/ AES-GCM, SysID EWZ: [KPK, lock state Failure HMAC KEK, MEK]; information E: [REK, SMK, KMK] VerifyFW Verify 1 None Success/ ECDSA, SysID EWZ: [FW Firmware Failure SHA-384 Verification Key] Prevent FW Update the 1 None Success/ None SysID None Rollback4 Anti- Failure Rollback index Revoke FW Revoke the 1 None Success/ None SysID None verification ECDSA FW Failure key4 verification key of Firmware integrity by updating the key index pointer stored in OTP SHA Digest Provide to 1 Input Data Hash SHA-256 N/A None generate the SHA digest Revoke Root Revoke REK 1 None Success/ CTR_DRBG SysID WZ: [REK] Encryption and Failure Key Generate new REK OTP Zeroises None None Success/ None SysID Z: [Root Zeroisation root key in Failure Key] OTP

4 These services are only indicated for use within the firmware update process. If any of these services are called

during operation of the module outside of a firmware update process, the module will fail to verify the firmware during boot, resulting in halting during boot and becoming unavailable for use. Also note that use of any firmware version other than the one specific in Table 2 is not part of validated module. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

17 of 32
Page 18

Name Descriptio Indicator Inputs Outputs Security Role SSP Access n Functions On demand Module None None Module None All roles Z: All SSPs self-test reset by reset in volatile setting the memory SFR SW_RST12 Table 12: Approved Services

4.4 Non-Approved Services

Name Description Input Output Indicator Algorithm Role Accessed Decrypt Decrypt FW Firmware Decrypted 0 AES-XTS in S- N/A Firmware provided by H- location firmware Core (Unauthenticat Core ed) Verify Decrypt Verify and Firmware Decrypted 0 ECDSA, SHA- N/A Firmware Decrypt location firmware if 384, AES-XTS (Unauthenticat Firmware5 verification is ed) provided by H- successful else Core error. Get Dump Key Module N/A Dump key with 0 CTR_DRBG, N/A generates AES RSA RSA encrypt (Unauthenticat XTS dump key ed) using DRBG and then exports it after encrypting with RSA Clear Dump Removes N/A Success/ 0 None N/A Key dump key error (Unauthenticat stored in the ed) module Dump Encrypts the Dump data Encrypted 0 AES-XTS in S- N/A Encryption dump data location dump data Core (Unauthenticat provided by H- ed) Core using dump key Table 13: Non-Approved Services

4.5 External Software and Firmware Loaded

The module loads its firmware component from outside of the sub-chip boundary during module start up. The module uses firmware load test described in Section 5.1 to ensure the firmware’s validity.

5 Note: the firmware does not pertain to the module.

©2025 Samsung Electronics Co., Ltd., and atsec information security.

18 of 32
Page 19
5.1 Integrity Techniques

The module’s firmware component (i.e., main firmware and bootloader) is in executable form and is verified with ECDSA signature verification using P-384 ECDSA curve and SHA-384 by the ROM code. The corresponding firmware verification key (i.e., ECDSA public key) used for verification is stored in the ROM and its key index is stored in the OTP memory within the subchip. During the module startup time the firmware component is loaded from outside of the module’s sub-chip boundary. The firmware provides the “key index” of the public key stored in the OTP. The module reads this key index and its corresponding public key, which is then used to perform signature verification, i.e., the firmware load test required per IG 2.3.B. Only when the signature verification is successful the firmware component is loaded, and the module proceeds to boot. If the signature verification fails, the module enters Power on Error state. The module does not provide any data output until the firmware load test is successful.

5.2 Initiate on Demand

The integrity tests can be invoked on demand by module reset. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

19 of 32
Page 20
6.1 Operational Environment Type and Requirements

The module has a non-modifiable operational environment; therefore, this section is not applicable. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

20 of 32
Page 21

7. Physical Security The module is hosted in a single chip that forms the physical perimeter of the module. The SoC is enclosed within production grade components. At the time of manufacturing, the module is embedded into its host SoC (shown in Figure 2), preventing visibility into the module’s internal circuitry. In addition, the layer process which embeds the module into the SoC prevents tampering of the module’s physical components without leaving tamper evidence. The module is intended to be deployed within a storage device which itself is made from production grade, commercially available components. The storage device’s enclosure surrounds the module’s SoC.

7.1 Mechanisms and Actions Required

Mechanism Inspection Frequency Inspection Guidance Tamper evident coating N/A N/A Table 14: Mechanisms and Actions Required ©2025 Samsung Electronics Co., Ltd., and atsec information security.

21 of 32
Page 22

8. Non-Invasive Security This module does not implement a non-invasive security technique. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

22 of 32
Page 23

9. Sensitive Security Parameter Management

9.1 Storage Areas

Storage Area Name Description Persistence Type Registers The module has internal registers that Dynamic may store SSPs for use by the module. S-Core Dedicated OTP (OTP) Stores Root Keys Static S-Core ROM (SROM) Stores Firmware Verification Key Static S-Core RAM (SRAM) S-Core exclusive RAM Dynamic Table 15: Storage Areas

9.2 SSP Input-Output Methods

Name From To Format Type Distribution Type Entry Type Mailbox H-Core Module Plaintext N/A per IG 2.3.B as transfer is only Electronic between the sub-chip module and the components residing on the same SoC DMA NAND Module Encrypted Automated Electronic Table 16: SSP Input-Output

9.3 SSP Zeroisation Methods

All data output via data output interface is inhibited until completion of zeroization. Zeroisation Method Description Rationale Operator Initiation Module reset Loss of volatile SSP data stores N/A Powering off the module upon power down. Mailbox Writing zeroes over the SSP that is N/A Performed automatically by the Zeroisation used within a service. module as part of each service that receives an SSP as input OTP Zeroisation Zeroising Root key stored in OTP. N/A Call to OTP Zeroisation service Table 17: SSP Zeroisation Methods

9.4 SSPs

Type Descriptio Size - Catego Generated Establish Name n Strength ry By ed By Used By DRBG Internal N/A CSP CTR_DRBG N/A CTR_DRBG Internal State state of DRBG DRBG Seed Derived 256 bits/ CSP CTR_DRBG N/A CTR_DRBG from 256 bits entropy input per SP 80090ARev1 ©2025 Samsung Electronics Co., Ltd., and atsec information security.

23 of 32
Page 24

Type Descriptio Size - Catego Generated Establish Name n Strength ry By ed By Used By Entropy Input Output from 512 bits/ CSP ENT (P) N/A CTR_DRBG Entropy 256 bits source Password Operator 64-256- CSP N/A N/A All authenticated provided bits / 64 services listed in Table password bits - 256 12 bits CPK Credential 256-bit / CSP Derived Encrypted All authenticated Protection 256-bits using SP Import and services listed in Table Key 800-108 export 12 KBKDF (AES GCM) to NAND CK Common P-384 / CSP SP 800- N/A Grant Key i.e., 192 bits 56Arev3 ECDH Shared shared secret secret computation KDK_KPK Key 256-bits / CSP CTR_DRBG Encrypted All authenticated Derivation 256-bits Import and services listed in Table Key for the export 12 KPK (AES GCM) to NAND KDK_CPK Key 256-bits / CSP CTR_DRBG Encrypted All authenticated Derivation 256-bits Import and services listed in Table Key for the export 12 CPK (AES GCM) to NAND KPK Key 256-bits / CSP KBKDF N/A All authenticated Protection 256-bits services listed in Table Key 12 SK ECDSA P-384 / CSP FIPS 186-4 Encrypted Grant private Key 192 bits EC key Import and generation export (AES GCM) to NAND PK ECDSA P-384 / PSP FIPS 186-4 Encrypted Grant Public Key 192 bits EC key Import and generation export (AES GCM) to NAND GRK Grant Key 256-bits / CSP N/A SP 800- Grant (AES GCM 256-bits 56ARev3 Key) ECDH key agreement KEK Key 256-bits / CSP CTR_DRBG Encrypted CreateNamespace, Encryption 256-bits Import and DeleteNamespace, Key export FormatNVM, (AES GCM (AES GCM) PermanentWriteProtect Key) to NAND ion, Sanitze, CryptoErase, Assign, Deassign, Genkey, ©2025 Samsung Electronics Co., Ltd., and atsec information security.

24 of 32
Page 25

Type Descriptio Size - Catego Generated Establish Name n Strength ry By ed By Used By Grant, Revert, RevertWithPSID, RevertSP, Authenticate MEK Media 256-bits / CSP CTR_DRBG Encrypted DeleteNamespace, Encryption 256-bits Import and FormatNVM, Key export Sanitize, (AES GCM (AES GCM) CryptoErase, Key) to NAND Activate, Reactivate, Assign, Deassign, Erase, Genkey, Revert, RevertWithPSID, RevertSP, SetRange, Authenticate, TperReset REK Root 256-bits / CSP Derived N/A All authenticated Encryption 256-bits from Root services listed in Table Key key using 12 (AES GCM KBKDF Key) Root Key Stored in 256-bits / CSP N/A, loaded N/A All authenticated the OTP 256-bits at services listed in Table during manufacturi 12 manufacturi ng ng (key derivation key) SMK Service 256-bits / CSP Derived N/A Module Startup metadata 256-bits from Root Mac Key key using (HMAC key) KBKDF KMK Secret Key 256-bits / CSP Derived N/A All authenticated metadata 256-bits from Root services listed in Table Mac Key key using 12 (HMAC key) KBKDF Table 18: SSP Information First Input Name Output Storage Storge Duration Zeroisation Type Related SSPs DRBG N/A HW registers Until Module reset Module reset DRBG seed, entropy input, Internal MEK, KEK, SK, KDK_CPK, State KDK_KPK DRBG N/A HW registers DRBG internal state, Seed entropy input, MEK, KEK, SK, KDK_CPK, KDK_KPK Entropy N/A HW registers Until Module reset Module reset DRBG seed, DRBG internal Input state ©2025 Samsung Electronics Co., Ltd., and atsec information security.

25 of 32
Page 26

Input Name Output Storage Storge Duration Zeroisation Type Related SSPs Password Mailbox SRAM For the duration of Overwrite CPK, KPK the service CPK DMA SRAM Mailbox Zeroisation KDK_CPK, Password CK N/A SRAM Overwrite GRK KDK_KPK DMA SRAM Mailbox Zeroisation KPK, Password KDK_CPK SRAM CPK, Password KPK N/A SRAM KDK_KPK, Password SK DMA SRAM GRK PK SRAM GRK GRK N/A SRAM SK, PK, CK KEK DMA SRAM For the duration of Mailbox Zeroisation MEK SK, PK, CK, GRK the service MEK DMA SRAM KEK REK N/A SRAM Root Key, KMK, SMK Root Key N/A OTP Until OTP OTP zeroisation REK zeroisation SMK DMA SRAM Until Module reset Mailbox Zeroisation REK KMK DMA SRAM REK Table 19: SSP Information Second ©2025 Samsung Electronics Co., Ltd., and atsec information security.

26 of 32
Page 27
10.1 Pre-Operational Self-Tests

Algorithm Implementa Test Test Method Test Type Indicator Details tion Properties ECDSA Firmware P-384 with Signature Firmware Module is Verifies Main SHA2-384 Verification Integrity operational FW and Bootloader Table 20: Pre-Operational Self-Tests

10.2 Conditional Self-Tests

Test Test Implementatio Propertie Test Typ Algorithm n s Method e Indic. Details Conditions ECDSA Firmware P-384 with KAT CAS Module is Before Module SHA2-384 T operationa firmware Startup l integrity check AES-GCM6 AES-256 KAT CAS Encrypt/ T Decrypt SHA2-256 N/A KAT CAS Hashing T SHA2-384 N/A KAT CAS Hashing T HMAC SHA2-256 KAT CAS Message T authenticatio n CTR_DRBG Hardware AES-256 KAT CAS Random T number generation7 KBKDF Firmware HMAC KAT CAS Key SHA2-256 T Derivation ECDH SSC P-384 KAT CAS Shared T secret computation One step KDF SHA-256 KAT CAS Key (KDA) T Derivation ENT (P) Hardware SP 800- 1024 RCT Entropy Entropy Boot Up 90B samples & source is source startStartup APT operationa up test Tests l SP 800- Continuousl RCT Entropy Continuousl 90B y & source y APT

6 Even though the module implements AES ECB mode, it is not available as a standalone service and therefore does not

include any self-test. ECB encryption is only used internally by module’s AES GCM and DRBG algorithm which have their own self-test.

7 Including instantiate, generate, and reseed function per section 11.3 of SP 800-90A DRBG.

©2025 Samsung Electronics Co., Ltd., and atsec information security.

27 of 32
Page 28

Test Test Implementatio Propertie Test Typ Algorithm n s Method e Indic. Details Conditions Continuou continuous s Tests test ECDSA Firmware SHA2-256 PCT CAS Key Per SP 800- Key T generatio 56ARev3 Generation n section successful 5.6.2.1.4 b Table 21: Conditional Self-Tests

10.3 Periodic Self-Tests

The module does not implement any periodic self-tests.

10.4 Error States

Name Description Conditions Recovery Method Indicator Power ON The module is not pre-operational test Power cycle or Internal the module is not Error State operational. All or CAST failure Reset Signal started, and no data output is services are inhibited. available. Operational The module does PCT or runtime Power cycle or Internal FIPS_FAIL message Error state not provide any health test failure Reset Signal in Show Status crypto operation. Service All data output is inhibited. Only status output is allowed. Table 22: Error States ©2025 Samsung Electronics Co., Ltd., and atsec information security.

28 of 32
Page 29
11.1 Installation, Initialization and Startup Procedures

The vendor uses trusted delivery courier to dispatch the SoC that hosts the module. The Crypto officer should verify the package and the received SoC to verify that there is no tamper evidence present.

11.2 Administrator Guidance

The Crypto officer shall power up the module and call the “Show Status” service to verify the following output is provided. This confirms that the SoC is running a FIPS validated module that has booted successfully passing the pre-operational self-tests. - Tested Configuration: S4LV006A01 - Hardware Version: S01 - Firmware Version: SS0100

11.3 Non-Administrator Guidance

The module generates GCM IV internally in compliance with scenario 2 of IG C.H. The IV length is 96 bits, and the IV value is obtained from the SP 800-90ARev1 approved DRBG implemented by the module. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

29 of 32
Page 30

12. Mitigation of Other Attacks The module does not provide additional mitigations against other types of attacks. ©2025 Samsung Electronics Co., Ltd., and atsec information security.

30 of 32
Page 31

13. Abbreviations AES Advanced Encryption Standard CAVP Cryptographic Algorithm Validation Program CMVP Cryptographic Module Validation Program CK Common Key CPK Credential Protection Key CSP Critical Security Parameter CTR Counter Mode DRBG Deterministic Random Bit Generator DTRNG Deterministic True Random Number Generator ECB Electronic Code Book ENT NIST SP 800-90B Compliant Entropy Source FIPS Federal Information Processing Standards GCM Galois Counter Mode GRK Grant Key HMAC Hash Message Authentication Code KAT Known Answer Test KDF Key Derivation Function KDK_CPK Key Derivation Key for CPK KDK_KPK Key Derivation Key for KPK KMK Secret Key metadata Mac Key KPK Key Protection Key NVM Non-Volatile Memory OTP One Time Programmable PK Public Key PKE Public Key Encryption PSP Public Security Parameter ROM Read Only Memory RSA Rivest, Shamir, Addleman SED Self-Encrypting Device SHA Secure Hash Algorithm SHS Secure Hash Standard SID Security ID ©2025 Samsung Electronics Co., Ltd., and atsec information security.

31 of 32
Page 32

SK Secret key SoC System on Chip SSC Security Subsystem Class SSP Sensitive Security Parameter TCG Trusted Computing Group XTS XEX-based Tweaked-codebook mode with ciphertext stealing ©2025 Samsung Electronics Co., Ltd., and atsec information security.

32 of 32