All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Samsung SATA TCG Opal SSC SEDs PM893 Series

Certificate#4983StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorSamsung Electronics Co., Ltd.
Low review priority  ·  no TCB surface named  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date3/5/2030
CaveatNone
VendorSamsung Electronics Co., Ltd.

Approved Algorithms (5)

AlgorithmACVP Cert
AES-ECBA2108
AES-XTSA2108
Hash DRBGA2107
RSA SigVer (FIPS186-4)A2110
SHA2-256A2109

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Samsung SATA TCG Opal SSC SEDs PM893 Series
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Show Status<br/>Status Output</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>bootloader</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Samsung SATA TCG Opal SSC SEDs PM893 Series
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Show Status<br/>Status Output</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>bootloader</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

Samsung SATA TCG Opal SSC SEDs PM893 Series Document Version: 1.0 Hardware Version: MZ7L3480HCHQ-00AMV, MZ7L3960HCJR-00AMV Firmware Version: JXTC1M8Q

Page 2

Revision History Version Change

1.0 Initial Version

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 3
Table of Contents
#SectionPage
Page 4

I. Introduction I.1. Scope referred to as a “cryptographic module” or “module”. The SSD (Solid State Drive) satisfies all applicable FIPS 140-3 Security Level 1 requirements, supporting TCG Opal SSC based SED (Self-Encrypting Drive) features. It is designed to protect unauthorized access to the user data stored in its NAND flash memories. The built-in AES hardware engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase. I.2. Acronyms Acronym Description CTRL Controller CPU Central Processing Unit (ARM-based) DRAM Dynamic Random Access Memory DRAM I/F Dynamic Random Access Memory Interface ECC Error Correcting Code KAT Known Answer Test LBA Logical Block Address MEK Media Encryption Key PSID Physical Presence SID (Security Identifier) NAND NAND Flash Memory NAND I/F NAND Flash Interface SATA Serial ATA(Advanced Technology Attachment) ROM Read-Only Memory Table 1. Acronyms Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 5
  1. General ISO/IEC 24759 Section
  2. FIPS 140-3 Section Title Security Level [Number Below]
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A

Table 2. Security Levels Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 6
  1. Cryptographic Module Specification 2.1. Cryptographic Boundary The following photographs depict the different views of the cryptographic module. This multiple-chip embedded module comprises both hardware and firmware components. The module type is hardware. The cryptographic boundary of the module is the physical perimeter of the PCB as following. Figure
  2. Specification of the PM893 2.5’’ Form Factor Cryptographic Boundary Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 7

The firmware utilizes a single-chip controller with a SATA interface on the system side, as well as Samsung NAND flash. The following figure depicts the module’s operational environment. The firmware version included within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any firmware loaded onto this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation. Figure

  1. Block Diagram for Samsung SSD SATA TCG Opal SSC SEDs PM893 Series 2.2. Version Information Model Hardware Version Firmware Version Distinguishing Features MZ7L3480HCHQ-00AMV 480GB PM893 JXTC1M8Q MZ7L3960HCJR-00AMV 960GB Table
  2. Cryptographic Module Tested Configuration Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 8

2.3. Cryptographic Functionality The module does not implement any "Non-Approved Algorithms Not Allowed in the Approved Mode of Operation". 2.3.1. Approved Algorithm The cryptographic module supports the following approved algorithms for secure data storage: Description / CAVP Cert Algorithm and Standard Mode / Method Key Size(s) / Use / Function Key Strength(s) A2107 Hash DRBG / Hash_ DRBG Prediction Resistance: No Deterministic Random Bit SP 800-90A Rev. 1 (SHA2-256) Supports Reseed Generation A2108 AES-ECB / ECB 256-bit keys with 256-bit Prerequisite for AES-XTS FIPS 197, SP 800-38A key strength (A2108) A2108 AES-XTS / XTS 256-bit keys with 256-bit Data Encryption and FIPS 197, SP 800-38E key strength Decryption A2109 SHA2-256 / SHA2-256 SHA2-256 Message Digest FIPS 180-4 A2110 RSA SigVer / PSS SigVer (SHA2- 2048 bits Digital Signature Verification FIPS 186-4 256) Vendor Affirmed CKG / N/A N/A Cryptographic Key Generation SP 800-133 Rev. 2 using DRBG. (Section 4, 5.1, 6.3) N/A ENT (P) / N/A N/A Non-deterministic Random SP 800-90B Number Generator (only used for generating seed materials for the DRBG). Provides a minimum of 256 bits of entropy for DRBG seed. Table 4. Approved Algorithms Note that not all algorithms/modes that appear on the module’s CAVP certificates are utilized by the module. Table 4 lists only the algorithms/modes that are utilized by the module. 2.3.2. Non-Approved Algorithm Algorithm Caveat Use / Function AES-CCM / No Security Claimed; Non-approved Key obfuscation and removal FIPS 197, SP 800-38C algorithm here is only used for of obfuscation obfuscation and removal of obfuscation the CSP. (IG 2.4.A Scenario #1) AES-XTS / No security claimed; AES-XTS is only Firmware obfuscation removal FIPS 197, SP 800-38E used to remove obfuscation from the firmware during ROM initialized. HMAC-SHA2-256 / Non-approved algorithm here are only Store authentication data FIPS 198-1 used as pre-requisite algorithms for (non-compliant) PBKDF2 which is used for storing authentication data. (IG 2.4.A Scenario #1) PBKDF2 / Non-approved algorithms here are only Store authentication data SP 800-132 used for storing authentication data using PBKDF2 (IG 2.4.A Scenario #1) SHA2-256 / Non-approved algorithm here are only Store authentication data FIPS 180-4 used as pre-requisite algorithms for (non-compliant) PBKDF2 which is used for storing authentication data. (IG 2.4.A Scenario #1) Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 9

Table

  1. Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed 2.4. Approved Mode of Operation The module only supports one mode of operation: the Approved mode, in which the Approved cryptographic functions are available. The module automatically transitions to the Approved mode of operation after completing its pre-operational self-tests. The cryptographic module indicates its approved mode through the validated version status, displayed by the Show Status Service in Table 8 via the ATA Identify Controller command. In the approved mode of operation, non-approved algorithms are allowed, but with no security claims in the module.
  2. Cryptographic Module Interfaces The module doesn’t support a Control output interface. Physical Port Logical Interface Type Data that Passes Over Port / Interface Data Input / Output Plaintext data; signed data; User Data Input / Output SATA Command Input logically via an API; signals input Control Input logically or physically via one or more physical ports SATA Connector SATA Command Execution Response logically via an API; Status Output signal outputs logically or physically via one or more physical ports Control Input JTAG signal input logically or physically via physical ports JTAG Diagnostic Information outputs logically or physically via Status Output one or more physical ports Table
  3. Ports and Interfaces Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 10
  1. Roles, Services, and Authentication 4.1. Role The cryptographic module does not support role-based authentication. Roles are implicitly assumed based on the service they are invoking. Role Service Input Output Show Status ATA Command Status Lock/Unlock an LBA Range LBA Range Status Erase an LBA Range’s Data LBA Range Status Update the firmware Firmware image binary Status Cryptographic Get Random Number TCG Command Status Officer (CO) IO Command LBA Range Status Sanitize LBA Range Status Revert PSID N/A Perform the Self-tests N/A Status Authentication N/A Status Maintenance1 Diagnostics N/A N/A Table
  2. Roles, Service Commands, Input and Output 4.2. Approved Services The cryptographic module only supports the following approved services and does not support any non-approved services. The abbreviations of the type of access to keys and SSPs have the following interpretation: • E = Execute: The module performs approved security functions with the SSPs. • G = Generate: The module generates or derives the SSP. • W = Write: The SSP is updated, imported, or written to the volatile storage specified in Table 12. • Z = Zeroise: The module zeroises the SSP. E: EXECUTE; W: WRITE; G: GENERATE; Z: ZEROISE Approved Type(s) of Service Description Security SSPs Roles Access Indicator2 Functions E W G Z Show approved CO ATA Command: version status of Identify Controller Show Status N/A N/A the module / command FIPS fail mode Result : Status Code Block or allow UID: Locking_GlobalRange / Lock / Unlock read (decrypt) / Locking_RangeNNNN N/A MEK3 O O O an LBA Range write (encrypt) TCG Method: Set of user data. Result: TCG status code Hash_ DRBG DRBG “V” UID: Erase user data O O / A2107 Value K_AES_256_GlobalRange_K Erase an LBA by changing the DRBG “C” ey / Range’s Data data encryption O O SHA2-256 / Value K_AES_256_RangeNNNN_K key. A2109 DRBG Seed O O ey
1 Maintenance role is an operator responsible for using the JTAG.
2 The result of ATA or TCG command is used as an indicator.

3 Specified type of access of Lock/Unlock an LBA Range service to MEK was limited to only RAM.

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 11

CKG TCG Method: GenKey DRBG Entropy O O Result: TCG status code Input String ENT(P) MEK O O O Firmware Admin Command: Update the Update the RSA SigVer / Verification O DOWNLOAD MICROCODE Firmware firmware A2110 Key Result : Status Code Hash_ DRBG DRBG “V” O O / A2107 Value DRBG “C” Provide a O O SHA2-256 / Value UID: ThisSP Get Random random number A2109 DRBG Seed O O TCG Method: Random Number generated by the Result: TCG status code CM CKG DRBG Entropy O O Input String ENT(P) ATA Command: Read / Write AES-XTS / IO Command MEK O Read / Write user data A2108 Result : Status Code Hash_ DRBG DRBG “V” O O / A2107 Value DRBG “C” Erase user data O O Admin Command: SHA2-256 / Value by changing the SANITIZE DEVICE / Sanitize A2109 DRBG Seed O O data encryption SECURITY ERASE UNIT key DRBG Entropy Result : Status Code CKG O O Input String ENT(P) MEK O O O Hash_ DRBG DRBG “V” O O / A2107 Value DRBG “C” Erase user data O O SHA2-256 / Value UID: SPObj (Admin SP) in all Range by Revert A2109 DRBG Seed O O TCG Method: Revert changing the DRBG Entropy Result: TCG status code data O O CKG Input String ENT(P) MEK O O O Power cycling Level 0 Discovery CMD Perform the the module to N/A N/A return a failure as a failure Self-tests perform selfindicator tests No Security Claimed

Page 12

5. Software/Firmware Security - The LDPC (Low-density parity-check) code is applied for integrity test to firmware components of cryptographic module. - When firmware is downloaded into the module, 1024 bytes LDPC parity data per each 8KB data size is generated and integrity test is performed by verifying it every time it is loaded to initiate. - The firmware integrity test is performed when power on reset. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 13

6. Operational Environment - The cryptographic module operates in a limited operational environment, consisting of the module’s firmware. This limited operational environment does not require any specific security rules, settings, configurations, or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Firmware download is only available for CMVP validated firmware versions. Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test. - Since the cryptographic module is zeroized through the maintenance role procedure, it is restricted to prevent uncontrolled access to CSPs and unauthorized modifications to SSPs. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 14
  1. Physical Security The following physical security mechanisms are implemented in a cryptographic module: • Production grade components. The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained: Physical Security Recommended Frequency of Inspection/Test Guidance Details Mechanisms Inspection/Test Production grade N/A N/A components Table
  2. Inspection / Testing of Physical Security Mechanisms The cryptographic module supports the Maintenance role. To assume the Maintenance role, operators must comply with the following rule: • The operator must zeroise all SSPs listed in the Table 10 by invoking the Revert service in the Table 8 and initiate the Power on reset before entering the Maintenance role. • To exit the Maintenance role, the operator must procedurally perform the Revert service in the Table 8 and perform a power-on reset of the module. To finish with, the operator performing the Show Status service in Table 8 confirms the original firmware version listed in the Table 3 remains unchanged. • The operator is responsible for managing the module's JTAG port and should conduct regular inspections associated with the enabled JTAG port as frequently as possible in order to prevent potential security risks such as potential code modifications with no firmware load test, reading and writing of register information or other impactful security changes. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 15

8. Non-Invasive Security The module does not implement any non-invasive attack mitigation techniques. Therefore, this section is not applicable. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 16

9. Sensitive Security Parameter Management - Temporary SSPs and SSPs stored in volatile memory are automatically zeroized upon power-on reset. - The module performs zeroization by overwriting the target SSP with random values generated by the DRBG. - The module does not import or export SSPs. Key / Security Function Import / Establish Zeroisatio Use & SSP Name Strength Generation Storage and Cert. Number Export -ment n Related Keys / Type SP 800-90A Hash_ DRBG / Implicitly Hash_ DRBG / A2107 DRBG “C” A2107 Plaintext in zeroised Generates 440-bit N/A N/A Value / CSP RAM by Power the MEK SHA2-256 / A2109 SHA2-256 / on reset A2109 SP 800-90A Hash_ DRBG / Implicitly Hash_ DRBG / A2107 DRBG “V” A2107 Plaintext in zeroised Generates 440-bit N/A N/A Value / CSP RAM by Power the MEK SHA2-256 / A2109 SHA2-256 / on reset A2109 Entropy Implicitly input: Hash_ DRBG / A2107 DRBG Seed Plaintext in zeroised Generates 512-bit ENT (P) N/A N/A / CSP RAM by Power the MEK Nonce SHA2-256 / A2109 on reset 256-bit Hash_ DRBG / A2107 DRBG Implicitly Entropy 512-bit / Plaintext in zeroised Generates SHA2-256 / A2109 ENT (P) N/A N/A Input 256-bit RAM by Power the MEK String / CSP on reset ENT (P) Implicitly zeroised by Power on reset / Explicitly zeroised Plain Text via “Lock in RAM an LBA Range” and SP 800-90A indicate Data Hash_ DRBG / with its AES-XTS / A2108 encryption A2107 indicator MEK / CSP 256-bit N/A N/A and Explicitly CKG decryption SHA2-256 / zeroised of user data A2109 via “Erase an LBA Range’s Plaintext in Data”, Flash “Revert” and “Sanitize” services and indicate Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 17

with their indicator Implicitly zeroised by Power on reset / Explicitly zeroised Plaintext in by after Hardware Firmware completio RSA SigVer / A2110 SFR4 Verification Entered during n of Firmware 112-bit N/A N/A “Update Key / Non- manufacturing Load Test SHA2-256 / A2109 the SSP firmware” with its indicator Plaintext in N/A ROM Table

  1. SSPs - The module contains an entropy source, compliant with SP 800-90B, within the module’s cryptographic boundary. Minimum Number of bits of Entropy sources Details Entropy ENT (P) 0.5 entropy per bit 5 Entropy source for Hash_DRBG Table
  2. Non-Deterministic Random Number Generation Specification HW SFR (Special Function Register) is a register within a hardware cryptographic algorithm IP, which has characteristic of volatile memory.

5 Estimated amount of entropy per the source’s output bit is 0.72595 and Samsung conservatively claims to be set at 0.5 per bit.

Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 18
  1. Self-Tests All cryptographic algorithm self-tests are executed during power-on. During the executing these self-tests, all data output is inhibited until the tests are completed. To execute the periodic self-test on-demand, the operator can power-cycle the module. If a cryptographic module fails a self-test, the module will enter an error state. While in this state, all data output is inhibited. Any additional requests for cryptographic services return a failure indicator. 10.1. Pre-operational Test Algorithm Type Description Firmware Firmware integrity test is performed by using 1024 byte error LDPC integrity test correction code (ECC) at power-on. Table
  2. Pre-operational Self-tests 10.2. Conditional Test - The module does not support Periodic Self-Testing. Algorithm Type Description Duplicate Key Test for AES-XTS described in FIPS 140-3 IG C.I (i.e. key_1 ≠ AES-XTS Critical function test key_2) when key is generated Cryptographic KAT: AES-256 XTS mode encryption and decryption AES-XTS algorithm self-test Cryptographic KAT: AES-256 ECB mode encryption and decryption AES-ECB algorithm self-test Cryptographic KAT: SHA2-256 hash digest SHA2-256 algorithm self-test Cryptographic KAT: RSA-2048 with SHA2-256 signature verification is performed before RSA SigVer algorithm self-test firmware load test RSA-2048 with SHA2-256 signature verification is performed if new FW is RSA SigVer Firmware load test downloaded or at every power-on-reset Cryptographic Hash DRBG KATs: HASH-DRBG(SHA2-256) algorithm self-test Cryptographic Hash DRBG SP 800-90A Health testing on Instantiate, Generate and Reseed functions algorithm self-test Cryptographic Startup and Conditional SP800-90B Heath tests: Repetition count test, ENT (P) algorithm self-test Adaptive proportion test Table
  3. Conditional Self-Tests Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy
Page 19

10.3. Error States Name Description Conditions Recovery Method Indicator The module Any conditional Power Cycle The firmware rejects Error State does not known answer test all subsequent SATA provide any failure. commands by crypto When the Integrity responding with Download Mode operation. Test for the 'Abort,' as specified in Bootloader fails. the SATA specification, When the Integrity and sets the device Hang Test for the Main status to 'Device Fault.' Firmware fails. Table 14: Error States Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy

Page 20

11. Life-Cycle Assurance The cryptographic module operates in the Approved mode of operation by default upon shipment from the vendor’s manufacturing site and does not support a non-approved mode of operation. Section 11.1 provides guidance on the rules for secure installation and operation. Operators must follow this guidance to ensure the cryptographic module operates in compliance with FIPS 140-3 security level 1 requirements. 11.1. Secure Installation

Page 21

12. Mitigation of Other Attacks The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-3. Samsung Electronics Co., Ltd. SSD FIPS 140-3 Security Policy