All modules
CMVP Validated Module · FIPS 140-3 Security Policy

KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip

Certificate#4984StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorKIOXIA Corporation
Medium review priority  ·  no TCB surface named  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date10/31/2028
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service
VendorKIOXIA Corporation

Approved Algorithms (8)

AlgorithmACVP Cert
AES-CBCC1925
AES-ECBC1925
AES-XTSC1925
Hash DRBGC2002
HMAC-SHA2-256C1925
KDF SP800-108C2001
RSA SigVer (FIPS186-4)C2009
SHA2-256C1925

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware load<br/>Load Firmware</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware load<br/>Load Firmware</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip KIOXIA CORPORATION Rev 2.5.0

1 Oct 22, 2024
Page 2
2 Oct 22, 2024
Page 3

Section 1 - General This document explains precise specification of the security rules about KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip. The Cryptographic Module (CM) meets the requirements of FIPS 140-3 Security Level 2 Overall. The Table below shows the security level detail. Section Level

  1. General 2
  2. Cryptographic Module Specification 2
  3. Cryptographic Module Interfaces 2
  4. Roles, Services, and Authentication 2
  5. Software/Firmware Security 2
  6. Operational Environment N/A
  7. Physical Security 2
  8. Non-invasive Security N/A
  9. Sensitive Security Parameter Management 2
  10. Self-tests 2
  11. Life-cycle Assurance 2
  12. Mitigation of Other Attacks N/A Overall Level 2 Table 1 ‐ Security Levels This document is non-proprietary and may be reproduced in its original entirety. Section 1.1 - Acronyms AES Advanced Encryption Standard CM Cryptographic Module SSP Sensitive Security Parameter DRBG Deterministic Random Bit Generator HMAC The Keyed-Hash Message Authentication code KAT Known Answer Test POST Pre-Operational Self-Test CAST Cryptographic Algorithm Self-Test PSID Printed SID SED Self-Encrypting Drive SHA Secure Hash Algorithm SID Security ID TCG Trusted Computing Group
3 Oct 22, 2024
Page 4

Section 2

4 Oct 22, 2024
Page 5

AES256 XTS, Key Size: 256 bits/ Data Encryption/ #C1925 (FIPS 197 / SP800-38A, ECB1 Key Strength: 256 bits Decryption SP800-38E) SHA256 Hashing #C1925 N/A N/A (FIPS 180-4) messages Message HMAC-SHA256 Key Size: 256 bits/ #C1925 N/A Authentication (FIPS 198-1) Key Strength: 256 bits Code RSASSA-PKCS#1-v1_5 Key Size: 2048 bit/ Signature #C2009 N/A (FIPS 186-4) Key Strength: 112 bits verification Deterministic Hash_DRBG Random Bit #C2002 N/A Hash based: SHA256 (SP800-90A Rev.1) Generation MACs: HMAC-SHA256/ KBKDF #C2001 Counter Key Size: 256 bits/ Key derivation (SP800-108 Revised) Key Strength: 256 bits Combination of AES256 CBC Mode and KTS Key Transport #C1925 N/A HMAC-SHA256 / (IG D.G) Scheme Key Size: 256 bits/ Key Strength: 256 bits Methods described in Vendor CKG Cryptographic N/A section 4 of the Affirmation (SP800-133 Rev.2) Key Generation SP800-133 Rev.2 Hardware RNG Entropy Source used to seed the ENT(P) N/A N/A (SP800-90B) approved Hash_DRBG. Table 3 ‐ Approved Algorithm The CM does not implement any Non-Approved Algorithms Allowed in the Approved Mode of Operation. ECB mode is used as a prerequisite of XTS mode. ECB is not directly used in services of the Cryptographic Module. The CM performs a check that the XTS Key1 and XTS Key2 are different according to IG C.I. AES-XTS is only used for encryption/decryption of data stored in solid state drives equipped with this CM.

5 Oct 22, 2024
Page 6

Section 2.3

6 Oct 22, 2024
Page 7

Section 4

7 Oct 22, 2024
Page 8

authenticated as the associated role until powered off. The module prevents Data read/write service for locked bands. If Read and Write access needs to be inhibited prior to power off, the operator who authenticates the role must set the bands to the locked state again. Section 4.1

1 / 2 < 1 / 1,000,000 30 / 264 < 1 / 100,000

… … … … … … BandMaster64 Crypto Officer Role PIN 64

1 / 2 < 1 / 1,000,000 30 / 2 64

< 1 / 100,000 Table 6 ‐ Identification and Authentication Policy The CM performs role authentication by comparing whether the PIN entered by the user matches the information stored inside the CM. PINs are hashed with SHA-256 to store them on the CM. The PIN entered by the user is hashed and compared to the stored PIN hash. PINs can be changed by executing the Set PIN Service (see Section4.2) with appropriate roles authenticated. The CM refuses to set a PIN less than 8 bytes, and responds with an error if such a setting is attempted. Therefore, the probability that a random attempt will succeed is 1 / 264 < 1 / 1,000,000 (the CM accepts any value (0x00-0xFF) as each byte of PIN). The CM waits 2sec when authentication attempt fails, so the maximum number of authentication attempts is

30 times in 1 min. Consequently, the probability that random attempts in 1min will succeed is

30 / 264 < 1 / 100,000.
8 Oct 22, 2024
Page 9

Section 4.2

3 The letters (G, R, W, E, Z) mean Generate, Read, Write, Execute and Zeroise respectively.

The band has to be unlocked by corresponding BandMaster beforehand. Only the CMVP validated version is to be used

9 Oct 22, 2024
Page 10

HMAC-SHA256 System MAC Key E AES256-CBC System Enc Key E KTS KDK W, R SHA256 PINs EraseMaster W, E SID Set PIN HMAC-SHA256 System MAC Key E BandMaster0 Set PIN (authentication AES256-CBC System ENC Key E Mailbox command result … data). KTS PINs BandMaster6 W, R Report status of the N/A N/A None N/A Show Status CM and versioning Mailbox command result information. N/A RKey None7 Z KDK Z MEKs Z PINs Z Zeroisation Erase SSPs. Mailbox command result System MAC Key Z System Enc Key Z DRBG Internal Z Value Power-OFF: N/A System MAC Key None Z System Enc Key Z Delete SSPs in RAM. KDK Z MEKs Z PINs Z DRBG Internal Z Value PubKey1 Z Power-ON: RSASSA-PKCS#1-v PubKey1 W, E 1_5 Runs various KBKDF Rkey E N/A Reset System MAC Key G self-tests to be System Enc Key G performed at Entropy Source DRBG Seed G power-on ( POSTs, Hash_DRBG DRBG Seed E, Z DRBG Internal G CASTs, Firmware Value Load test ) and HMAC-SHA256 System MAC Key E generate / import AES256-CBC System Enc Key E some SSPs. KTS KDK W PINs W Note 1: “CKG(Hash_DRBG)” means direct use of Hash_DRBG output as a key. Note 2: “PINs” in the above table means “SID/BandMaster(s)/EraseMaster PINs”. Table 7 ‐ Approved services Each role can set a PIN for themselves only. Need to input PSID, which is public drive-unique value used for the zeroisation service.

10 Oct 22, 2024
Page 11

Section 5

11 Oct 22, 2024
Page 12

Section 7

12 Oct 22, 2024
Page 13

Section 9 – Sensitive security parameter management The CM uses keys and SSPs in the following table. Security Key/SSP Strength Function Import/ Use & related Name/Ty Generation Establishment Storage Zeroisation (bit) and Cert Export keys pe Number Critical Security Parameters (CSPs) RKey 256 KBKDF Hash_DRBG N/A Manufacturing Plaintext in Explicit Derivation of (#C2001) (Method OTP Zeroisation System Enc Key and SP800-133 service System MAC Key Rev.2 Section

  1. System Enc 256 AES-CBC KDF in N/A Power-On Plaintext in Explicit Data Encryption / Key (#C1925) Counter Mode RAM Zeroisation Decryption for KTS service Implicit Power-Off System MAC 256 HMAC KDF in N/A Power-On Plaintext in Explicit Message Key (#C1925) Counter Mode RAM Zeroisation Authentication service Code generation Implicit and verification for Power-Off KTS KDK 256 KBKDF Hash_DRBG Imported Cryptographic Plaintext in Explicit Derivation of MEKs (#C2001) (Method and Erase service, Set RAM Zeroisation SP800-133 Exported by Band Position and service, Rev.2 Section KTS (see Size service Encrypted Cryptographic
  2. Table 3) in System Erase service, Area Set Band outside the Position and module Size service using the Implicit Approved Power-Off KTS
13 Oct 22, 2024
Page 14

MEKs 256 AES-XTS KDF in N/A Band Lock/Unlock Plaintext in Explicit Data encryption / (#C1925) Counter Mode service, AES Zeroisation decryption Cryptographic register service, Erase service, Cryptographic Set Band Position Erase service, and Size service Set Band Position and Size service Implicit Power-Off SID/BandMa Referred to SHA256 Electronic Imported Set PIN service Hashed in Explicit User authentication ster(s)/Erase in Section (#C1925) input and RAM Zeroisation Master PINs 4.1 (Table Exported by service

  1. KTS (see Hashed + Table
  2. Encrypted Implicit in System Power-Off Area outside the module using the Approved KTS DRBG V: 440 bits Hash_DRBG SP800-90A N/A Power-On Plaintext in Explicit Random number Internal C: 440 bits (#C2002) Instantiation RAM Zeroisation generation Value of service Hash_DRBG Implicit Power-Off DRBG Seed Entropy Hash_DRBG Entropy N/A Power-On Plaintext in Implicit Random number Input String (#C2002) collected RAM Immediately generation and Nonce: from Entropy after use8
512 bits Source at

instantiation (Minimum entropy of 8

8 Zeroised after input to Hash_DRBG algorithm.
14 Oct 22, 2024
Page 15

bits: 6.31) Public Security Parameters (PSPs) PubKey1 112 RSA Electronic Imported Power-on Plaintext in Implicit Signature (#C2009) input during FW FW Download RAM Power-Off verification. load. service (Data in RAM) Hashed in OTP Table 9 ‐ SSPs Entropy source Minimum number of Details bits of entropy Entropy Source9 Minimum entropy of 8 Hardware RNG used to seed the approved bits is 6.31. Hash_DRBG. Table 10 ‐ Non-Deterministic Random Number Generation Specification For the Entropy Source listed in the table above, self-tests are performed each time before data is obtained (see Section 10 for details of these self-tests). When these tests detect that the Entropy Source cannot generate the sufficient amount of entropy, the CM is transient to error state. The CM can be recovered from the error state by rebooting the module, and the obtaining of Entropy data is attempted again. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 10

404 bits of entropy, which is sufficient entropy to obtain 256 bits of security strength.

15 Oct 22, 2024
Page 16

(Indicated Error Code: 0x23) SHA256 Conditional Power-On Digest KAT Enters Boot Error State. (Indicated Error Code: 0x25) HMAC-SHA256 Conditional Power-On Digest KAT Enters Boot Error State. (Indicated Error Code: 0x26) Hash_DRBG Conditional Power-On DRBG KAT Enters Boot Error State. (Indicated Error Code: 0x18/0x19) RSASSA-PKCS#1-v Conditional Power-On Signature verification KAT Enters Boot Error State. 1_5 (Indicated Error Code: 0x27) KDF in Counter Conditional Power-On KDF KAT Enters Boot Error State Mode (Indicated Error Code: 0x28) Entropy Source Conditional Power-On Verify not deviating from Enters Boot Error State (Health tests of noise the intended behavior of the (Indicated Error Code: 0x2C/0x2D) source at startup.) noise source by Repetition Count Test and Adaptive Proportion Test specified in SP800-90B. Hash_DRBG Conditional Random Verify newly generated Enters Error State. number random number not equal to (Indicated Error Code: 0x1D) generation previous one Entropy Source Conditional Entropy Verify newly generated Enters Error State. output random number not equal to (Indicated Error Code: 0x1E) request previous one Entropy Source Conditional Entropy Verify not deviating from Enters Error State. (Continuous noise output the intended behavior of the (Indicated Error Code: 0x2C/0x2D) source health tests request noise source by Repetition during operation.) Count Test and Adaptive Proportion Test specified in SP800-90B. Firmware load test Conditional Power-on Verify signature of loaded Enters Power Up Load Test Error firmware image by State RSASSA-PKCS#1-v1_5 (Indicated Error Code: 0x13) FW download Verify signature of Enters Conditional Load Test Error

10 Firmware load test is also run at the time of Power-up, and the integrity of the Firmware

loaded into the CM can be confirmed.

16 Oct 22, 2024
Page 17

downloaded firmware image State. After reporting Error code, by RSASSA-PKCS#1-v1_5 transition from error state to normal state and continue to operate with FW before download. (Indicated Error Code: 0x13) Firmware integrity Pre-operational Power-On Verify ROM code integrity Enters Boot Error State test with 32bit CRC. (Implicit error reporting by stopping the startup sequence) Table 11 ‐ Self Tests As shown in the table above, self-tests are performed automatically at the CM startup and before execution certain security functions. Operator can also initiate self-test on-demand for periodic testing by using the Reset service which is automatically invoked when the module is powered-off and powered-on (rebooted). If the self-tests fail, the CM reports error status and enters to the error state. In this case, the CM must be powered-off to clear error condition. When power-on is executed again, self-tests are also executed like an on-demand operator reset. If the CM continuously enters in error state in spite of several trials of reboot, the CM may be sent back to factory to recover from error state. Section 11 – Life-cycle Assurance In the SSD’s manufacturing process, installation is executed as below:

  1. The Firmware described in Section 2.1 is downloaded into the CM.
  2. Initial SSPs are generated.
  3. Initial authentication information is set to the CM.
  4. System area including SSPs generated in Step2 and Step3 are encrypted and calculated message authentication code. Initial operations to setup this CM are following:
  5. Load Firmware into the CM.
  6. Load System area including SSPs into the CM.
  7. Execute Range state setting method.
  8. Execute Download port setting method. The CM switches to approved mode after the initial operation success. When the initial operation succeeds, the CM indicates success on the Status Output interface. Users can confirm
17 Oct 22, 2024
Page 18

that the CM is in approved mode by executing Show Status service and checking that the startup is successfully completed. For secure operation, the following settings must be maintained:  Data Locking Protection is Enabled  Each Band is set to be locked when power-on. Bands that are not configured are considered unprotected or plaintext. (Refer to SSD setting procedure11 ) As described in Section 2, the CM is used by being embedded in the solid state drive. Therefore, there are no maintenance requirements for the CM alone. Guidance for this module is provided to solid state drive developers who embed the CM. The usage and maintenance of solid state drives with the CM built-in are outside of the scope of this document. Section 12

11 For maintaining secure condition, the SSD needs several setting at least.

Owners of the SSD that embeds the CM must use it securely according to the followings:

  1. Both ReadLockEnabled and WriteLockEnabled are set to “True” for each band (included Global Range) and it must not be modified.
  2. For each band, “Power Cycle” of LockOnReset setting is not change.
18 Oct 22, 2024