| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 10/31/2028 |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service |
| Vendor | KIOXIA Corporation |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | C1925 |
| AES-ECB | C1925 |
| AES-XTS | C1925 |
| Hash DRBG | C2002 |
| HMAC-SHA2-256 | C1925 |
| KDF SP800-108 | C2001 |
| RSA SigVer (FIPS186-4) | C2009 |
| SHA2-256 | C1925 |
flowchart LR
%% Deterministic review-risk graph for KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware load<br/>Load Firmware</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware load<br/>Load Firmware</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip KIOXIA CORPORATION Rev 2.5.0
Section 1 - General This document explains precise specification of the security rules about KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. Section Level
Section 2
AES256 XTS, Key Size: 256 bits/ Data Encryption/ #C1925 (FIPS 197 / SP800-38A, ECB1 Key Strength: 256 bits Decryption SP800-38E) SHA256 Hashing #C1925 N/A N/A (FIPS 180-4) messages Message HMAC-SHA256 Key Size: 256 bits/ #C1925 N/A Authentication (FIPS 198-1) Key Strength: 256 bits Code RSASSA-PKCS#1-v1_5 Key Size: 2048 bit/ Signature #C2009 N/A (FIPS 186-4) Key Strength: 112 bits verification Deterministic Hash_DRBG Random Bit #C2002 N/A Hash based: SHA256 (SP800-90A Rev.1) Generation MACs: HMAC-SHA256/ KBKDF #C2001 Counter Key Size: 256 bits/ Key derivation (SP800-108 Revised) Key Strength: 256 bits Combination of AES256 CBC Mode and KTS Key Transport #C1925 N/A HMAC-SHA256 / (IG D.G) Scheme Key Size: 256 bits/ Key Strength: 256 bits Methods described in Vendor CKG Cryptographic N/A section 4 of the Affirmation (SP800-133 Rev.2) Key Generation SP800-133 Rev.2 Hardware RNG Entropy Source used to seed the ENT(P) N/A N/A (SP800-90B) approved Hash_DRBG. Table 3 ‐ Approved Algorithm The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of Operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different according to IG C.I. AES-XTS is only used for encryption/decryption of data stored in solid state drives equipped with this CM.
Section 2.3
Section 4
authenticated as the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1
… … … … … … BandMaster64 Crypto Officer Role PIN 64
< 1 / 100,000 Table 6 ‐ Identification and Authentication Policy The CM performs role authentication by comparing whether the PIN entered by the user matches the information stored inside the CM. PINs are hashed with SHA-256 to store them on the CM. The PIN entered by the user is hashed and compared to the stored PIN hash. PINs can be changed by executing the Set PIN Service (see Section4.2) with appropriate roles authenticated. The CM refuses to set a PIN less than 8 bytes, and responds with an error if such a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264 < 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 2sec when authentication attempt fails, so the maximum number of authentication attempts is
30 times in 1 min. Consequently, the probability that random attempts in 1min will succeed is
Section 4.2
3 The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively.
The band has to be unlocked by corresponding BandMaster beforehand. Only the CMVP validated version is to be used
HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS KDK W, R SHA256 PINs EraseMaster W, E SID Set PIN HMAC-SHA256 System MAC Key E BandMaster0 Set PIN (authentication AES256-CBC System ENC Key E Mailbox command result … data). KTS PINs BandMaster6 W, R Report status of the N/A N/A None N/A Show Status CM and versioning Mailbox command result information. N/A RKey None7 Z KDK Z MEKs Z PINs Z Zeroisation Erase SSPs. Mailbox command result System MAC Key Z System Enc Key Z DRBG Internal Z Value Power-OFF: N/A System MAC Key None Z System Enc Key Z Delete SSPs in RAM. KDK Z MEKs Z PINs Z DRBG Internal Z Value PubKey1 Z Power-ON: RSASSA-PKCS#1-v PubKey1 W, E 1_5 Runs various KBKDF Rkey E N/A Reset System MAC Key G self-tests to be System Enc Key G performed at Entropy Source DRBG Seed G power-on ( POSTs, Hash_DRBG DRBG Seed E, Z DRBG Internal G CASTs, Firmware Value Load test ) and HMAC-SHA256 System MAC Key E generate / import AES256-CBC System Enc Key E some SSPs. KTS KDK W PINs W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Note 2: “PINs” in the above table means “SID/BandMaster(s)/EraseMaster PINs”. Table 7 ‐ Approved services Each role can set a PIN for themselves only. Need to input PSID, which is public drive-unique value used for the zeroisation service.
Section 5
Section 7
Section 9 – Sensitive security parameter management The CM uses keys and SSPs in the following table. Security Key/SSP Strength Function Import/ Use & related Name/Ty Generation Establishment Storage Zeroisation (bit) and Cert Export keys pe Number Critical Security Parameters (CSPs) RKey 256 KBKDF Hash_DRBG N/A Manufacturing Plaintext in Explicit Derivation of (#C2001) (Method OTP Zeroisation System Enc Key and SP800-133 service System MAC Key Rev.2 Section
MEKs 256 AES-XTS KDF in N/A Band Lock/Unlock Plaintext in Explicit Data encryption / (#C1925) Counter Mode service, AES Zeroisation decryption Cryptographic register service, Erase service, Cryptographic Set Band Position Erase service, and Size service Set Band Position and Size service Implicit Power-Off SID/BandMa Referred to SHA256 Electronic Imported Set PIN service Hashed in Explicit User authentication ster(s)/Erase in Section (#C1925) input and RAM Zeroisation Master PINs 4.1 (Table Exported by service
instantiation (Minimum entropy of 8
bits: 6.31) Public Security Parameters (PSPs) PubKey1 112 RSA Electronic Imported Power-on Plaintext in Implicit Signature (#C2009) input during FW FW Download RAM Power-Off verification. load. service (Data in RAM) Hashed in OTP Table 9 ‐ SSPs Entropy source Minimum number of Details bits of entropy Entropy Source9 Minimum entropy of 8 Hardware RNG used to seed the approved bits is 6.31. Hash_DRBG. Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 10
404 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.
(Indicated Error Code: 0x23) SHA256 Conditional Power-On Digest KAT Enters Boot Error State. (Indicated Error Code: 0x25) HMAC-SHA256 Conditional Power-On Digest KAT Enters Boot Error State. (Indicated Error Code: 0x26) Hash_DRBG Conditional Power-On DRBG KAT Enters Boot Error State. (Indicated Error Code: 0x18/0x19) RSASSA-PKCS#1-v Conditional Power-On Signature verification KAT Enters Boot Error State. 1_5 (Indicated Error Code: 0x27) KDF in Counter Conditional Power-On KDF KAT Enters Boot Error State Mode (Indicated Error Code: 0x28) Entropy Source Conditional Power-On Verify not deviating from Enters Boot Error State (Health tests of noise the intended behavior of the (Indicated Error Code: 0x2C/0x2D) source at startup.) noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. Hash_DRBG Conditional Random Verify newly generated Enters Error State. number random number not equal to (Indicated Error Code: 0x1D) generation previous one Entropy Source Conditional Entropy Verify newly generated Enters Error State. output random number not equal to (Indicated Error Code: 0x1E) request previous one Entropy Source Conditional Entropy Verify not deviating from Enters Error State. (Continuous noise output the intended behavior of the (Indicated Error Code: 0x2C/0x2D) source health tests request noise source by Repetition during operation.) Count Test and Adaptive Proportion Test specified in SP800-90B. Firmware load test Conditional Power-on Verify signature of loaded Enters Power Up Load Test Error firmware image by State RSASSA-PKCS#1-v1_5 (Indicated Error Code: 0x13) FW download Verify signature of Enters Conditional Load Test Error
10 Firmware load test is also run at the time of Power-up, and the integrity of the Firmware
loaded into the CM can be confirmed.
downloaded firmware image State. After reporting Error code, by RSASSA-PKCS#1-v1_5 transition from error state to normal state and continue to operate with FW before download. (Indicated Error Code: 0x13) Firmware integrity Pre-operational Power-On Verify ROM code integrity Enters Boot Error State test with 32bit CRC. (Implicit error reporting by stopping the startup sequence) Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:
that the CM is in approved mode by executing Show Status service and checking that the startup is successfully completed. For secure operation, the following settings must be maintained: Data Locking Protection is Enabled Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11 ) As described in Section 2, the CM is used by being embedded in the solid state drive. Therefore, there are no maintenance requirements for the CM alone. Guidance for this module is provided to solid state drive developers who embed the CM. The usage and maintenance of solid state drives with the CM built-in are outside of the scope of this document. Section 12
Owners of the SSD that embeds the CM must use it securely according to the followings: