All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Micron® MTC21-P4 Controller Sub Chip Security Subsystem

Certificate#4994StandardFIPS 140-3Level2TypeHardwareEmbodimentSingle ChipStatusActiveVendorMicron Technology, Inc.
Medium review priority  ·  exposes boot-chain verification, debug/recovery interface, HSM/SE firmware trust anchor  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date3/30/2030
EntropyENT (P)
CaveatNone
VendorMicron Technology, Inc.
Hardware versionsTC v2.1

Approved Algorithms (27)

AlgorithmACVP Cert
AES-CTRC1278
AES-ECBA2833
AES-ECBA2835
AES-ECBC1278
AES-KWA2828
AES-XTS Testing Revision 2.0A2833
AES-XTS Testing Revision 2.0A2835
Conditioning Component Block Cipher Derivation Function SP800-90BA2272
Counter DRBGC1278
ECDSA KeyGen (FIPS186-4)A2827
ECDSA KeyGen (FIPS186-4)A4269
ECDSA KeyVer (FIPS186-4)A2827
ECDSA KeyVer (FIPS186-4)A4269
ECDSA SigGen (FIPS186-4)A2827
ECDSA SigGen (FIPS186-4)A4269
ECDSA SigVer (FIPS186-4)A2827
ECDSA SigVer (FIPS186-4)A4269
HMAC-SHA2-384A2830
HMAC-SHA2-512A2830
HMAC-SHA2-512/256A2830
KDF SP800-108A2832
KTS-IFCA2829
PBKDFA2826
RSA SigVer (FIPS186-4)A2831
SHA2-384A2834
SHA2-512A2834
SHA2-512/256A2834

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces2
Software/Firmware Security2
Operational EnvironmentN/A
Physical Security2
Non-Invasive SecurityN/A
Sensitive Security Parameter Management2
Self-Tests2
Life-Cycle Assurance2
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Micron® MTC21-P4 Controller Sub Chip Security Subsystem
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>Bootloader v1.0 [a], v1.1 [b, c], v1.0a [d]<br/>Boot ROM v1.0</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>NVMe Update Key<br/>TCG Update Key<br/>ES2</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-Test<br/>ES3</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>External Interrupt (JTAG, AHB bypass and inter-CPU…<br/>JTAG / AHB-32 bypass<br/>UART</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C6 clue;
  class I1,I2,I3,I4,I6 infer;
  class R1,R2,R3,R4,R6 risk;
  class E1,E2,E3,E4,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Micron® MTC21-P4 Controller Sub Chip Security Subsystem
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>Bootloader v1.0 [a], v1.1 [b, c], v1.0a [d]<br/>Boot ROM v1.0</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>NVMe Update Key<br/>TCG Update Key<br/>ES2</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-Test<br/>ES3</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>External Interrupt (JTAG, AHB bypass and inter-CPU…<br/>JTAG / AHB-32 bypass<br/>UART</i><br/>src: securityPolicy.portsAndInterfaces"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C6 clueLow;

Security Policy, page by page

Page 1

Micron Technology, Inc. Micron Technology, Inc. Micron® MTC21-P4 Controller Sub Chip Security Subsystem Non-Proprietary FIPS 140-3 Security Policy Document Version: 1.6 Date: March 27, 2025 Micron Technology, Inc. Public Material

Page 2

Micron Technology, Inc. Table of Contents Document Version 1.6 Micron Technology, Inc. Public Material

Page 3

Micron Technology, Inc. List of Tables List of Figures Document Version 1.6 Micron Technology, Inc. Public Material

Page 4
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic Module Specification2
33Cryptographic Module Interfaces2
44Roles, Services and, Authentication2
55Software/Firmware Security2
66Operational EnvironmentN/A
77Physical Security2
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management2
1010Self-Tests2
1111Life-Cycle Assurance2
1212Mitigation of Other AttacksN/A
OverallOverall2
The Module incorporates numerous hardware and firmware implementations of cryptographic
algorithms, as outlined in Section 2.4. The following is an overview of how the cryptographic algorithm
implementations relate to the Module:
- CAVP Certificates #A2830, #A2831, #A2832, and #A2834 are hardware implementations of
algorithms within the Module.
- CAVP Certificates #A2833 and #A2835 are hardware IP cores implementing the AES algorithm.
- CAVP Certificates #C1278 and #A2272 are firmware implementations provided by Synopsys, which
have been ported into the Runtime SCSS firmware for the purposes of entropy generation.
- CAVP Certificates #2826, #A2827, # A2828, #A2829, and #A4269 are firmware implementations
implemented in the Runtime SCSS firmware.
Each of the hardware and firmware implementations listed above are independently version controlled
from the rest of the hardware and firmware. Any change to the hardware implementation listed above
will result in the implementation version update, as well as the Module hardware version update. Any
change to the firmware implementation listed above will result in the implementation version update,
as well as the Module firmware version update.

Micron Technology, Inc. MTC21-P4 Controller Sub Chip Security Subsystem module, hereafter denoted the Module. The Module Guidance 2.3.B. Table 1

Page 5
Module configuration
NameModelHardware VersionFirmware VersionTested Configuration
Micron® MTC21-P4 Controller Sub Chip Security SubsystemMicron® MTC21-P4TC v2.1Runtime SCSS v2.2,Micron® MTC21-P4 Controller Sub Chip Security SubsystemRuntime SCSS v2.2, Bootloader v1.0, Function ROM v3.0, Boot ROM v1.0Micron® MTC21-P4 SSD ControllerMicron® MTC21-P4 SSD Controller
Controller Sub ChipController Sub ChipBootloader v1.0, Function
Security SubsystemSecurity SubsystemROM v3.0, Boot ROM v1.0
Micron® MTC21-P4 Controller Sub Chip Security SubsystemTC v2.1Micron® MTC21-P4 Controller Sub Chip Security SubsystemRuntime SCSS v2.3, Bootloader v1.1, Function ROM v3.0, Boot ROM v1.0Micron® MTC21-P4 SSD Controller
Micron® MTC21-P4 Controller Sub Chip Security SubsystemTC v2.1Micron® MTC21-P4 Controller Sub Chip Security SubsystemRuntime SCSS v2.4, Bootloader v1.1, Function ROM v3.0, Boot ROM v1.0Micron® MTC21-P4 SSD Controller
Micron® MTC21-P4 Controller Sub Chip Security SubsystemTC v2.1Micron® MTC21-P4 Controller Sub Chip Security SubsystemRuntime SCSS v2.5, Bootloader v1.0a, Function ROM v3.0, Boot ROM v1.0Micron® MTC21-P4 SSD Controller

Micron Technology, Inc. Cryptographic Module Specification The Module is a Single-Chip Hardware Sub-Chip cryptographic subsystem. The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated cryptographic controllers. The Module is a security subsystem within the ASIC Micron® MTC21-P4 SSD Controller package, whose intended use environment is within an SSD Controller. The Function ROM v3.0, Boot ROM v1.0 with Firmware Versions as indicated in Table 2 2.1 The cryptographic module is tested on the following: The Module versioning information is provided through the “Get Status” service and is returned as TCG Level 0 discovery content. The Module is Hardware and as such, Tested and Vendor Affirmed Operational Environments do not apply. Document Version 1.6 Micron Technology, Inc. Public Material

Page 6

Micron Technology, Inc. 2.2 Cryptographic Boundary The single-chip hardware, Micron® MTC21-P4 ASIC, is depicted in Figure 1 above, which also defines the physical boundary of the Module. The cryptographic boundary of the Module is defined by the Sub Chip Security Subsystem and includes all cryptographic algorithm implementations, as depicted by the red outline line in Figure 2 below. The TOEPP is defined as the area outside of the cryptographic boundary, but within the physical boundary of the single-chip on which the Module is installed. Micron® SSD Micron® MTC21-P4 ASIC NAND NAND NAND NAND NVMe TCv2.1 Module NAND NAND NAND NAND Sub Chip Security Subystem NAND NAND NAND NAND Single Chip Physical boundary Figure 2

Page 7
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionUse/Function
AES [197]A2272AES 128Conditioning Component Block Cipher Derivation Function SP800-90BConditioning of TRNG data
AES [197]A2833AES-ECB [38A]Key Sizes: 256Encrypt, Decrypt (Auxiliary)
AES-XTS Testing Revision 2.0 [38E]AES-XTS Testing Revision 2.0 [38E]Key Sizes: 256Encrypt, Decrypt (Auxiliary)
AES [197]A2835AES-ECB [38A]Key Sizes: 256Encrypt, Decrypt (Datapath)
AES-XTS Testing Revision 2.0 [38E]AES-XTS Testing Revision 2.0 [38E]Key Sizes: 256Encrypt, Decrypt (Datapath)
AES [197]C1278AES-ECB [38A]Key Sizes: 128, 256Encrypt. Used only within the DRBG. 128-bit key is tested but not used
AES-CTR [38A]AES-CTR [38A]Key Sizes: 128, 256Encrypt. Used only within the DRBG. 128-bit key is tested but not used
Counter DRBG [90A]C1278Counter DRBGCounter DRBG AES 256 [38A] Key Size 256 AES 128 with Key Size 128 tested, but not used.Deterministic Random Bit Generation Security Strength = 256
ECDSA [186]A2827/ A4269ECDSA KeyGenCurve P-384Key generation for attestation
ECDSA [186]ECDSA SigVerCurve P-384 SHA2-384Signature verification for authentication
ECDSA [186]ECDSA SigGenCurve P-384 SHA2-384Signature generation for certificate and measurements
ECDSA [186]ECDSA KeyVerCurve P-384Key verification
ENT [(90B]ENT (P)Security Strength = 256 bitsEntropy generation
HMAC-SHA2- 384 [198]A2830HMAC-SHA2- 384Key Sizes: 384 bits λ = 384Key derivation. Data Authentication
HMAC-SHA2- 512/256 [198]HMAC-SHA2- 512/256Key Sizes: 256 bits λ = 256Key derivation. Data Authentication
HMAC-SHA2- 512 [198]HMAC-SHA2- 512Key Sizes: 512 bits λ = 512Key derivation. Data Authentication Tested but not used
KDF-SP800- 108 [108]A2832CounterHMAC-SHA2-384 HMAC-SHA2-512/256Key Based Key Derivation
KDF-SP800- 108 [108]CounterHMAC-SHA2-512/256Key Based Key Derivation
KTS [38F]A2828AES-KWKey Sizes:256CSP Wrapping/Unwrapping (Uses Auxiliary ECB)
KTS-IFC [56B]A2829KTS-OAEP- basicn = 3072 SHA2-384 n = 4096 SHA2-384Key transport methodology provides between 128 and 150 bits of encryption strength
PBKDF [132]A2826Option 1asLen = 256bits C = 300 HMAC- SHA2-512/256 Key Size 256Password Based Key Derivation. Keys derived from passwords may only be used in storage applications. Derived keys are used as input to AES-KW to wrap and unwrap sensitive data. Password length and format are specified in Table 11 and are 32 bytes long. Use of the derived password in the associated unwrap process is limited to 5 retries at which time the Module will need to be reset. This effectively eliminates the possibility of determining the password through exhaustive methods. The PBKDF iteration count (C) is chosen to be as high as can be tolerated without impacting the performance of the system boot up process
RSA [186]A2831RSA SigVern = 3072 SHA2-384/SHA2-512 n = 4096 SHA2-384/SHA2-512Signature verification
SHS [180]A2834SHA2-384 SHA2-512SHA2Message Digest Generation
SHA2-512/256SHA2-512/256SHA2-512/256 is tested but not used
CKG [IG D.H][133] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output [133] Section 6.2.2 Symmetric Keys Derived from a Pre-existing Key [133] Section 6.2.3 Derivation of symmetric keys from a password [133] Section 6.3 Symmetric Keys Produced by Combining Multiple Keys and Other DataKey Generation

Micron Technology, Inc. 2.4 Security Functions The Module implements the Approved cryptographic functions listed in the table below. The numbers and letters within square brackets reference standards which are defined in the References and Definitions section of this Security Policy. Notes: The AES XTS algorithm implementation includes a check to ensure Key_1 ≠ Key_2; Key_1 and Key_2 are generated independently. AES XTS is only used for storage purposes per SP 800-38E Table 3

Page 8

Micron Technology, Inc. KTS-OAEPbasic PKCS1_v1.5 PKCS1_PSS Document Version 1.6 Micron Technology, Inc. Public Material

Page 9
Approved algorithm
NameMode MethodUse FunctionUse/Function
SHA2-512/256SHA2-512/256SHA2-512/256 is tested but not used
CKG [IG D.H][133] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output [133] Section 6.2.2 Symmetric Keys Derived from a Pre-existing Key [133] Section 6.2.3 Derivation of symmetric keys from a password [133] Section 6.3 Symmetric Keys Produced by Combining Multiple Keys and Other DataKey Generation
Service
NameDescriptionApproved FunctionsTypeProperties
KTSAES-KW – AES Cert. #A2828AES-KW/Cert. #A2828KTSKey establishment methodology provides 256 bits of encryption strength Key size: 256 bits
KTS-IFCKTS-IFC - RSA Cert. #A2829KTS-IFC/Cert. #A2829KTSKey transport methodology provides between 128 and 150 bits of encryption strength. Modulo: 3072, 4096 KTS-OAEP-basic Hash Algorithm: SHA2-384

Micron Technology, Inc. Table 4 – Vendor Affirmed Approved Algorithms The module does not support any non-Approved algorithms whatsoever. This includes algorithms that would otherwise be allowed in the Approved mode of operation, allowed in the Approved mode of operation with no security claimed, as well as not allowed in the Approved mode of operation. The module’s entropy was assessed before the ESV program was established and thus an entropy certificate is not applicable. 2.5 Security Function Implementation The following table shows the Security Function Implementations of the Module: Table 5 - Security Function Implementation (SFI) 2.6 Overall Security Design 1. 2. 3. 4.

  1. The Module provides one distinct operator role: Controller, which acts as the Cryptographic Officer The Module provides role-based authentication. The Module clears previous authentications on reset. An operator does not have access to any cryptographic services prior to assuming an authorized role. The Module allows the operator to initiate power-up self-tests by power cycling or resetting the Module.
  2. Power up self-tests do not require any operator action. Document Version 1.6 Micron Technology, Inc. Public Material – May be reproduced only in its original entirety (without revision).
Page 10

Micron Technology, Inc.

  1. Data outputs are inhibited during firmware loading, self-tests, zeroization, and error states.
  2. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module.
  3. There are no restrictions on which keys or SSPs are zeroized by the zeroization service, except for the KManifestPUB_ROM.
  4. The Module does not support concurrent operators.
  5. The Module does not support a maintenance interface or role.
  6. The Module does not support manual SSP establishment method.
  7. The Module does not have any proprietary external input/output devices used for entry/output of data.
  8. The Module does not output plaintext CSPs or intermediate key values.
  9. The Module does not provide bypass services. 2.7 Rules of Operation The Module is embedded within the Micron® MTC21-P4 controller of the SSD. The Module shall be operated according to Section
  10. Document Version 1.6 Micron Technology, Inc. Public Material – May be reproduced only in its original entirety (without revision).
Page 11
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
AESE (encryption engine)AESE (encryption engine)Control in | Data in | Data out | Status outUser data
AESD (decryption engine)AESD (decryption engine)Control in | Data in | Data out | Status outUser data
Mbox (Mailbox)Mbox (Mailbox)Control in| Status outService info input
Controller output (response to Mbox)Controller output (response to Mbox)Data outService info output
External Interrupt (JTAG, AHB bypass and inter-CPU interrupts)External Interrupt (JTAG, AHB bypass and inter-CPU interrupts)DisabledDisabled
Reset/InterruptReset/InterruptControl inNone
BMG-128 (S-DMA Interface)BMG-128 (S-DMA Interface)Data in, Data outService info data (command/response)
PowerPowerPower inNone
JTAG / AHB-32 bypassJTAG / AHB-32 bypassDisabledDisabled
LDPC DecoderLDPC DecoderData InFirmware Images
UARTUARTStatus outStatus Data

Micron Technology, Inc. Cryptographic Module Interfaces The Module’s ports and associated logical interface categories are listed in Table 6. Table 6

Page 12
Service
NameRolesInputOutput
Self-TestAnyN/AN/A
SUP AuthenticateControllerPasswordResponse
SUP GenerateControllerNoneEncrypted blob
TCG AuthenticateControllerWrapped RdsKey or SumRdsKey, PasswordResponse
Clear TCG AuthenticationsControllerNoneResponse
RandomControllerSize/LocationRandom Value
NVMe Allocate and associate KeyControllerNamespace InformationResponse
NVMe Deallocate and disassociate KeyControllerNamespace informationResponse
NVMe Update KeyControllerNamespace informationResponse
Public HMAC GenerationControllerTarget inputHMAC
Load Range and KeyControllerRange and key (index) InformationResponse
AWORControllerNoneEncrypted block
TCG Allocate and associate KeyControllerRange InformationResponse
TCG Deallocate and disassociate KeyControllerRange InformationResponse
TCG Update KeyControllerRange InformationResponse
TCG Set PINControllerPasswordResponse
TCG Revert, Activate, ReactivateControllerCommand informationResponse
TCG HMAC GenerationControllerTarget HMACHMAC
Manifest LoadControllerManifestVerification status
CSP LoadControllerCSP BlockVerification status
Write/ReadControllerRead/Write LocationRead information Status
Get StatusControllerNoneStatus
Firmware Signature CheckControllerFirmware blockVerification status
Factory AuthControllerSignatureVerification status
AttestationControllerAttestation Request InformationAttestation response Info
Device DeprovisionController*Deprovision IDStatus
Generate KeyDerivationKeyController*ModeStatus
ZeroizeController*NoneStatus

Micron Technology, Inc. Roles, Services and Authentication 4.1 Assumption of Roles and Related Services The Module supports one distinct operator role, the Controller (Cryptographic Officer). Table 6 lists the Controller (Cryptographic Officer) related services. In addition to the services listed in Table 6, the Module also supports a Self-Test service, which is invoked by power cycling the Module. All services are associated with the Controller (Cryptographic Officer) role with a sub-set of Controller services requiring an additional layer of authentication described in Table 7 below as “factoryrestricted”. These “factory-restricted” services require a second signature verification. The Module does not support a maintenance role or bypass capability. The Module does not support concurrent operators. *Requires additional authorization N/A N/A Document Version 1.6 Micron Technology, Inc. Public Material

Page 13
Approved algorithm
NameUse Function
RSA 3072/4096 has a key strength of 128/150 bits. The probability of a successful verification from a single random attempt is at least 1/2128 which is < 1/1,000,000. This effectively eliminates the possibility of determining the private key through exhaustive methods. Each verification attempt takes 8ms, the maximum number of attempts which can be made in 1 minute is 7500, which results in a probability of 7500/2128 that a brute force attack within a given minute of time will be successful. For the factory-restricted services, the Controller must authenticate with a second RSA 3072/4096 key. This verification has an associated retry limit of 5. This controls the number of unsuccessful attempts before authentication is blocked until a system restart occurs.Signature VerificationController

Micron Technology, Inc. 4.2 The role-based authentication methods are defined in Table 7 below. Table 8

Page 14
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Self-TestRun KAT tests on all cryptographic algorithmsAnyEntropy InputAllG,ECCS
DrbgSeedDrbgSeedG,E
DrbgStateDrbgStateG
SUP AuthenticateUnwrap SUP blob using PBKDF derived keyControllerPasswordPBKDF, AES- KWW, ECCS
PasswordWrapKeyPasswordWrapKeyG, E
SUP GenerateKTS-RSA wrap an internally generated randomControllerDrbgStateDRBG, CKG, KTS-RSA, AES-KW, PBKDFW, ECCS
KDeviceWrappingPub;KDeviceWrappingPub;E
PasswordWrapKeyPasswordWrapKeyG, E, Z
SUP SeedSUP SeedG, E, Z
TCG AuthenticateUnwrap TCG SSP using PBKDF derived keyControllerPasswordPBKDF, AES- KW, CKGECCS
SumRdsKeySumRdsKeyW
RdsKeyRdsKeyW
PasswordWrapKeyPasswordWrapKeyG, E, Z
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
Clear TCG AuthenticationsRemove status of all past authentication and their privilegesControllerNANAN/ACCS
RandomReturns a 256-bit random numberControllerDrbgStateDRBGE, WCCS
NVMe Allocate and associate KeyGenerate a key, wrap key and associate key with an entityControllerDrbgStateDRBG, AES- KW, CKGE, WCCS
WrapKeyWrapKeyE
RdsKeyRdsKeyG, E, R
SumRdsKeySumRdsKeyG, E, R
NamespaceDEKNamespaceDEKG, R
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
NVMe Deallocate and disassociate KeyZeroize key and disassociate key from an entityControllerNamespaceDEKAES, AES-KWZCCS
WrapKeyWrapKeyE
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
NVMe Update KeyErase user data in a namespace by changing the encryption keyControllerDrbgStateDRBG, AES- KW, CKGECCS
WrapKeyWrapKeyE
RdsKeyRdsKeyE
SumRdsKeySumRdsKeyW, E
NamespaceDEKNamespaceDEKZ, G, R
LockingObjectDEKLockingObjectDEKZ, G, R
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
Public HMAC GenerationGenerate an HMAC over the prescribed contentControllerRootPublicMacKeyHMAC SHA256ECCS
PspHmacKeyPspHmacKeyE
Load Range and KeyLoad DEK into DPE for indicated rangeControllerTweakKeyAES-KWWCCS
LockingObjectDEKLockingObjectDEKW
NamespaceDEKNamespaceDEKW
RdsKeyRdsKeyE
SumRdsKeySumRdsKeyW, E
WrapKeyWrapKeyE
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
AworWrapKey;AworWrapKey;E
AWORSave, restore security operational contextControllerAworHmacKeyKBKDF, AES- KW, HMAC, CKGECCS
WrapKeyWrapKeyW, R
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyW, R
PspHmacKeyPspHmacKeyW, R
TweakKeyTweakKeyW, R
RdsKeyRdsKeyW, R
SumRdsKeySumRdsKeyW, R
RootHmacKeyRootHmacKeyW, R
RootKeyWrapKeyRootKeyWrapKeyW, R
RootPublicMacKeyRootPublicMacKeyW, R
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyW, R
TCG Allocate and associate KeyGenerate a key, wrap key and associate key with an entityControllerDrbgStateDRBG, AES- KW, CKGECCS
WrapKeyWrapKeyE
RdsKeyRdsKeyG, E, R
SumRdsKeySumRdsKeyG, E, R
LockingObjectDEKLockingObjectDEKG, R
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
TCG Deallocate and disassociate KeyZeroize key and disassociate key from an entityControllerWrapKeyNAECCS
LockingObjectDEKLockingObjectDEKZ, R
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
TCG Update KeyErase user data in a namespace by changing the encryption keyControllerDrbgStateDRBG, AES- KW, CKGECCS
WrapKeyWrapKeyE
RdsKeyRdsKeyE
SumRdsKey;SumRdsKey;E, W
LockingObjectDEKLockingObjectDEKZ, G, R
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
TCG Set PINSet PIN which is used in generating a key to wrap a TCG credentialControllerPasswordPBKDF, DRBG, AES- KW, CKG, HMACW, E, ZCCS
DrbgStateDrbgStateE
WrapKeyWrapKeyE
PasswordWrapKeyPasswordWrapKeyG, E, Z
RdsKeyRdsKeyG, W
SumRdsKeySumRdsKeyG, W
EphemeralSumRdskWrapKeyEphemeralSumRdskWrapKeyE
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
TCG Revert, Activate, ReactivateRevert to FOB, Revert to FOB with TCG ActivatedControllerRootHmacKeyAES-KW, HMAC, DRBG, CKGECCS
DrbgStateDrbgStateE
WrapKeyWrapKeyE;
RdsKeyRdsKeyZ
SumRdsKeySumRdsKeyZ
NameSpaceDEKNameSpaceDEKZ, G
LockingObjecDEKLockingObjecDEKZ, G
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyE
TCG HMAC GenerationGenerate an HMAC over the prescribed TCG contentControllerAuthenticatedUseHmacKeyHMACECCS
DrbgStateDrbgStateR
RootKeyWrapKeyRootKeyWrapKeyE
TweakKeyTweakKeyR
WrapKeyWrapKeyE, R
PasswordPasswordG, E
PassordWrapKeyPassordWrapKeyG, E
Manifest LoadRSA Verify trusted list of PKsControllerKManifestPub_ROMRSA VerifyECCS
CSP LoadRestore persistent SSPsControllerRootHmacKeyAES-KW, HMACECCS
RootKeyWrapKeyRootKeyWrapKeyE
DrbgStateDrbgStateW

Micron Technology, Inc. Table 9

Page 15

Micron Technology, Inc. W, R W, R W, R W, R W, R W, R W, R W, R W, R W, R E G, E, R G, E, R G, R E E Z, R E E E E, W Z, G, R E E E E G, E, Z G, W G, W E E E E; Z Z Z, G Z, G E R E R E, R G, E G, E E W Document Version 1.6 Micron Technology, Inc. Public Material

Page 16
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Write/ReadEncryption / Decryption of user data to / from a user data rangeControllerNamespaceDEKDPE-AES-XTSECCS
LockingObjectDEKLockingObjectDEKE
TweakKeyTweakKeyE
Get StatusGet information about the operational state of the drive, as well as versioning information.ControllerNANANACCS
Firmware Signature CheckVerify firmware image signature before persistingControllerKFWCBootloaderVerifyRSA VerifyECCS
KFWModuleVerifyKFWModuleVerifyE
KFWControllerVerifyKFWControllerVerifyE
Factory AuthAuthentication for factory-restricted servicesControllerKAuthPuRSA Verify, DRBGECSSb
KVSAuthPubKVSAuthPubE
DrbgStateDrbgStateE
Device DeprovisionDeprovision the device, zeroize all SSPsControllerAll CSPsNAZCCS
Generate KeyDerivationKeyGenerate a new KeyDerivationKeyControllerDrbgStateDRBG, CKGG, ECCS
KeyDerivationKeyKeyDerivationKeyG, E
RootHmacKeyRootHmacKeyG, E
RootKeyWrapKeyRootKeyWrapKeyG, E
RootPublicMacKeyRootPublicMacKeyG
AworHmacKeyAworHmacKeyG
AworWrapKeyAworWrapKeyG
WrapKeyWrapKeyG, E
AuthenticatedUseHmacKeyAuthenticatedUseHmacKeyG, E
PspHmacKeyPspHmacKeyG
TweakKeyTweakKeyG
ZeroizeDestroys all keys. Must be performed under the direct control of the operatorControllerAll CSPsFactory zeroization processZCCS
AttestationDevice cryptographic identity and attestationControllerKDeviceIDPrivaEC-DSA Generate, EC-DSA Sign, DRBG, AES- KW, SHSG, E, R, W, ZCCSte
KDeviceIDPublKDeviceIDPublG, Ric
KAliasPrivateKAliasPrivateG, E
KAliasPublicKAliasPublicG, R
DrbgStateDrbgStateE
KDeviceIDWrapKeyKDeviceIDWrapKeyG, E, Z
UDSUDSG,E
UDS_KDKUDS_KDKE

Micron Technology, Inc. KAuthPub W W W W E E E E E E G, E G, E G, E G G G G, E G, E G G KDeviceIDPrivate KDeviceIDPublic G, R G, E G, R E G, E, Z G,E E The module does not support any non-Approved services, as it does not support a non-Approved mode of operation. The Module is composed of the following component(s):

Page 17

Micron Technology, Inc. The Runtime SCSS firmware and Bootloader firmware are loadable components and are protected with the firmware load test using RSA signatures with a 3072-bit or 4096-bit key. This signature is also used to verify the integrity of the firmware prior to firmware execution. Firmware load and integrity checks are defined in the self-test section of this Security Policy. The ROM components are implemented in Non-Reconfigurable-Memory and are not subject to firmware integrity tests per FIPS 140-3 IG 5.A The operator can initiate the firmware integrity test on demand by power cycling/resetting the Module. Operational Environment The Module has a limited operational environment under the FIPS 140-3 definitions. The hardware tested configuration is listed in Table 2. The Module includes a firmware verification and load service to support necessary updates. Firmware versions validated through the FIPS 140-3 CMVP will be explicitly identified on a validation certificate. Any firmware not identified in this Security Policy does not constitute the Module defined by this Security Policy or covered by this validation. Document Version 1.6 Micron Technology, Inc. Public Material

Page 18
Physical SecurityRecommended Frequency ofInspection/Test Guidance Details
MechanismInspection/Test
IC packagingOn initial receipt of the device and periodically afterwardsInspect for evidence of prying or removal of the chip packaging. If tampering is suspected, then the device containing the IC should be removed from service and the site administrator should be contacted. See Example below

Micron Technology, Inc. The Module is a Single-Chip Hardware Sub-Chip cryptographic, and the embodiment is a production grade single chip. The chip is encapsulated in a standard IC package. The IC packaging itself provides the necessary opacity and tamper evidence required for Level 2 conformance. Table 10

2 compliance.

Non-Invasive Security The Module does not implement any mitigation method against non-invasive attack. Document Version 1.6 Micron Technology, Inc. Public Material

Page 19
Approved algorithm
NameKey SizeUse Function
Key/SSP/Name/TFunctionEstablish-Zeroiza-Use & Related
ypeCert.menttionkeys
AuthenticatedUse HmacKey (HMAC SHA2-256)256E3 / O2 by RootKeyWrapKey or AworWrapKeyHMAC / A2830N/AZ1, Z2Integrity generation and checking of TCG table dataG2S1
AworWrapKey (AES-KW)256N/AKTS / A2828N/AZ1, Z2Key encryptionG3 from KeyDeriv ationKeyS1
AworHmacKey (HMAC SHA2- 512/256)256N/AHMAC / A2830N/AZ1, Z2Integrity generation and checking of TCG context dataG3 from KeyDeriv ationKeyS1
DrbgState256N/ADRBG / C1278N/AZ1, Z2CTR_DRBG internal state Key and VG2S1
Key/SSP/Name/TFunctionEstablish-Zeroiza-Use & Related
ypeCert.menttionkeys
DrbgSeed256N/ADRBG / C1278N/AZ1, Z2Used to seed the DRBG.G5S1
EphemeralSumRd skWrapKey (AES- KW)256E3 / O2 by AworWrapKeyKTS /A2828N/AZ1, Z2Key wrap of: SumRdsKeys,G2S1
Entropy Input256N/AENT (P)N/AZ1Used to create DrbgSeed.G5S1
KeyDerivationKey256N/AKDF SP800- 108 / A2832N/AZ2Master key used to derive other keysG1S2
LockingObjectDEK (AES-XTS)256E3 / O2 by RdsKey, SumRdsKey, or WrapKeyAES-XTS Testing Revision 2.0 / A2833N/AZ1, Z2Data encryptionG2S1, S3
NamespaceDEK (AES-XTS)256E3 / O2 by RdsKey, SumRdsKey, or WrapKeyAES-XTS Testing Revision 2.0 / A2833N/AZ1, Z2Data encryptionG2S1, S3
Password256E1PBKDF2/ A2826N/AZ1Used with PBKDF2 to derive the PasswordWrapK ey Password is 32 bytes of binary dataN/AS1
PasswordWrapKey (AES-KW)256N/AKTS /A2828N/AZ1Derived using PBKDF and Password. Key encryption of: RdsKey or SumRdsKeyG4S1
PspHmacKey (HMAC SHA2- 512/256)256E3 / O2 by AworWrapKey or RootKeyWrapKeyHMAC /A2830N/AZ1, Z2Integrity generation and checking public TCG contentG2S1
RdsKey (AES-KW)256E3 / O2 PasswordWrapKey or AworWrapKeyKTS /A2828N/AZ1, Z2Key encryption of: LockingObjectDE K, NameSpaceDEKG2S1
RootHmacKey (HMAC SHA2- 512/256)256E3 / O2 by AworWrapKeyHMAC / A2830N/AZ1, Z2Integrity checkingG3 from KeyDeriv ationKeyS1
Key/SSP/Name/TFunctionEstablish-Zeroiza-Use & Related
ypeCert.menttionkeys
RootKeyWrapKey (AES-KW)256E3 / O2 by AworWrapKeyKTS /A2828N/AZ1, Z2Key encryption of: DrbgState WrapKey, AuthenticatedUs eHmacKey TweakKey, RdsKey,G3 from KeyDeriv ationKeyS1
RootPublicMacKey (HMAC SHA2- 512/256)256E3 / O2 by AworWrapKeyHMAC / A2830N/AZ1, Z2Integrity checking of TCG content of files stored outside of the boundary.G3 from KeyDeriv ationKeyS1
SumRdsKey (AES- KW)256E3 / O2 by AworWrapKey, EphemeralSumRdsk WrapKey, or PasswordWrapKeyKTS /A2828N/AZ1, Z2Key encryption of: LockingObjectDE K, NameSpaceDEKG2S1
SUP Seed256O3 by KDeviceWrappingPubPBKDF2 / A2826N/AZ1Random value used to create an internal password.G2S1
TweakKey (AES- XTS)256E3 / O2 by RootKeyWrapKey or by AworWrapKeyAES-XTS Testing Revision 2.0 /A2833N/AZ1, Z2Data encryption in conjuction with: LockingObjectDE K or NameSpaceDEKG2S1, S3
WrapKey (AES- KW)256E3 / O2 by RootKeyWrapKey or by AworWrapKeyKTS /A2828N/AZ1, Z2Key encryption of: LockingObjectDE K, NameSpaceDEKG2S1
KFWModuleVerify (Non-SSP)150 128E2RSA SigVer (FIPS186- 4) / A2831N/AZ1RSA 3072/4096 Public Key for the Module runtime firmware signature verificationN/AS1
KFWControllerVerify150 128E2RSA SigVer (FIPS186- 4) / A2831N/AZ1RSA 3072/4096 Public Key used to authenticate the Controller.N/AS1
150150E2 / O1RSA SigVerN/AZ1RSA 3072/4096 Public Key usedN/AS1
Key/SSP/Name/TFunctionEstablish-Zeroiza-Use & Related
ypeCert.menttionkeys
128128(FIPS186- 4) / A2831to authenticate the Controller for factory- restricted hardware configuration services.
K VSAuthPub150 128E2 / O1RSA- SigVer (FIPS186- 4) / A2831N/AZ1RSA 3072/4096 Public Key used to authenticate the Controller for factory restricted system configuration servicesN/AS1
150 128150 128E2 / O1KTS-IFC / A2829N/AZ1RSA 3072/4096 Public Key for SUP GenerateN/AS1
150 128150 128N/A. Pre-installed.RSA SigVer (FIPS186- 4) / A2831N/AN/A. Used solely for self- tests and can be revokedRSA 3072/4096 Public Key for manifest signature verificationN/AS4
KFWCBootloaderVerify150 128E2RSA SigVer (FIPS186- 4) / A2831N/AZ1RSA 3072/4096 Public Key for Bootloader firmware signature verificationN/AS1
UDS-KDK384N/AKDF SP800- 108 / A2832N/AZ2UDS derivationG1S2
UDS (HMAC SHA2- 384)384N/AHMAC / A2830N/AZ1CDI calculation, which is used in attestations.G3 from UDS-KDKS1
KDeviceIDWrapKey (AES-KW)256N/AKTS /A2828N/AZ1Key encryptionG3 from KDKS1
KDeviceIDPrivate192E3 / O2 by KDeviceIDWrapKeyECDSA SigGen / A2827 or A4269N/AZ1Signature generation to validate Alias CertificateG2S1
Key/SSP/Name/TFunctionEstablish-Zeroiza-Use & Related
ypeCert.menttionkeys
KAliasPrivate192N/AECDSA SigGen / A2827 or A4269N/AZ1Signature generation to validate system measurementsG2S1
KDeviceIDPublic192O1ECDSA SigVer / A2827 or A4269N/AZ1External Signature verification/auth enticationG2S1
KAliasPublic192O1EC-DSA SigVer / A2827 or A4269N/AZ1External Signature verification/Auth enticationG2S1
EntropyMinimum number of bits of entropyDetailsEntropy
Ring oscillator-based entropy source, which utilizes an AES-256-bits of entropyENT (P)ENT (P)

Micron Technology, Inc. Sensitive Security Parameter (SSP) Management The SSPs management methods as shown Table 10 are defined as:

Page 20

Micron Technology, Inc. SP800108 /

2.0 /
2.0 /

GeneratImport/Export N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document Version 1.6 Micron Technology, Inc. Public Material

Page 21

Micron Technology, Inc. GeneratImport/Export N/A N/A N/A N/A SumRdsKey (AESKW) K, TweakKey (AESXTS) 2.0 N/A WrapKey (AESKW) N/A N/A (FIPS1864) / N/A N/A (FIPS1864) / N/A N/A N/A KAuthPub Document Version 1.6 Micron Technology, Inc. Public Material

Page 22

Micron Technology, Inc. Function GeneratStrength (FIPS1864) / KVSAuthPub N/A N/A N/A (FIPS1864) / N/A N/A (FIPS1864) / N/A SP800108 / N/A N/A N/A. for selftests N/A N/A N/A N/A KDeviceWrappingPub 150 KManifestPub_ROM for factoryrestricted RSAN/A (FIPS1864) / Document Version 1.6 Micron Technology, Inc. Public Material

Page 23
Approved algorithm
NameKey SizeUse Function
Key/SSP/Name/TFunctionEstablish-Zeroiza-Use & Related
ypeCert.menttionkeys
KAliasPrivate192N/AECDSA SigGen / A2827 or A4269N/AZ1Signature generation to validate system measurementsG2S1
KDeviceIDPublic192O1ECDSA SigVer / A2827 or A4269N/AZ1External Signature verification/auth enticationG2S1
KAliasPublic192O1EC-DSA SigVer / A2827 or A4269N/AZ1External Signature verification/Auth enticationG2S1
EntropyMinimum number of bits of entropyDetailsEntropy
Ring oscillator-based entropy source, which utilizes an AES-256-bits of entropyENT (P)ENT (P)
Service
NameDescriptionIndicatorIndicator
ES1The Function ROM fails a KATTriggered by cryptographic KAT failure. The ModuleES1
ES2The Module fails the firmware load test or the Firmware Integrity testThe Module enters the ES2 error state and outputs aES2
ES3The Module enters the ES3 error state and will output a self-test failure status to any service requestES3The Module fails conditional KAT self-test.

Micron Technology, Inc. 9.2 GeneratImport/Export N/A N/A N/A N/A The DRBG Randomness source (i.e., entropy) is using an internal ENT (P) source conformant to [90B]. Table 12

10 - Self-Tests

The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either pre-operational self-tests or conditional self-tests. Pre-operational and Conditional self-tests are both available on demand by resetting or power cycling the Module. All Conditional self-tests are performed before first use of the associated algorithm they are The self-tests error states and status indicator are described in Table 13 below: Table 13

Page 24
API call
NameCallDescriptionMethodError state
Bootloader Firmware integrity testAn RSA 3072 or 4096-bit Signature Verification isBootloader Firmware integrity testRSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512ES2
the Module usingthe Module usingKFWCBootloaderVerify
Runtime SCSS Firmware integrity testAn RSA 3072 or 4096-bit Signature Verification isRuntime SCSS Firmware integrity testRSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512ES2
copied into the Module usingcopied into the Module usingKFWModuleVerify
ROM SHSROM SHSSHA2-512 SHS KAT, which satisfies the self-testROM SHSKATES1KATES1
ROM HMACROM HMACHMAC SHA2-384 HMAC KATKATES3
ROM RSAROM RSA3072 RSA PKCS#1_v1.5 Verification with SHA-384 KAT,ROM RSAKATES1KATES1
AES – KW(Auxiliary) AES-256 KW Encrypt KAT – Inclusive of AESAES – KWKATES3
AES – KW(Auxiliary) AES-256 Decrypt KAT – Inclusive of AES ECBAES – KWKATES3
AES XTS – AUX andAES XTS – AUX and256-bit AES-XTS encryption Comparative Answer TestComparativeES3
DPEDPEwith the AES-AUX and DPE AES-XTS implementations
AES XTS – AUX andAES XTS – AUX and256-bit AES-XTS decryption Comparative Answer TestComparativeES3
DPEDPEwith the AES-AUX and DPE AES-XTS implementations
DRBGDRBGAES-256 CTR_DRBG KATDRBGKATES3
Conditioner AESConditioner AESSP800-90B Conditioning Component (AES-128)KATES3
KBKDFKBKDFCounter mode KBKDF KAT. Inclusive of HMAC-SHA2-KBKDFKATES3KATES3
API call
NameCallDescriptionMethodError state
Bootloader Firmware integrity testAn RSA 3072 or 4096-bit Signature Verification isBootloader Firmware integrity testRSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512ES2
the Module usingthe Module usingKFWCBootloaderVerify
Runtime SCSS Firmware integrity testAn RSA 3072 or 4096-bit Signature Verification isRuntime SCSS Firmware integrity testRSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512ES2
copied into the Module usingcopied into the Module usingKFWModuleVerify
ROM SHSROM SHSSHA2-512 SHS KAT, which satisfies the self-testROM SHSKATES1KATES1
ROM HMACROM HMACHMAC SHA2-384 HMAC KATKATES3
ROM RSAROM RSA3072 RSA PKCS#1_v1.5 Verification with SHA-384 KAT,ROM RSAKATES1KATES1
AES – KW(Auxiliary) AES-256 KW Encrypt KAT – Inclusive of AESAES – KWKATES3
AES – KW(Auxiliary) AES-256 Decrypt KAT – Inclusive of AES ECBAES – KWKATES3
AES XTS – AUX andAES XTS – AUX and256-bit AES-XTS encryption Comparative Answer TestComparativeES3
DPEDPEwith the AES-AUX and DPE AES-XTS implementations
AES XTS – AUX andAES XTS – AUX and256-bit AES-XTS decryption Comparative Answer TestComparativeES3
DPEDPEwith the AES-AUX and DPE AES-XTS implementations
DRBGDRBGAES-256 CTR_DRBG KATDRBGKATES3
Conditioner AESConditioner AESSP800-90B Conditioning Component (AES-128)KATES3
KBKDFKBKDFCounter mode KBKDF KAT. Inclusive of HMAC-SHA2-KBKDFKATES3KATES3

Micron Technology, Inc. Boot ROM v1.0 are implemented in non-reconfigurable-memory and are not subject to the firmware Document Version 1.6 Micron Technology, Inc. Public Material

Page 25
Self test
NameAlgorithm Or TestTest MethodDetailsENT (P) SP800-90 B APT and RCT.ES3Error state ES3 ES3
BootLoader Firmware Load testBootLoader FirmwareRSA PKCS#1_v1.5A 3072 or 4096-bit RSA Signature Verification isBootLoader Firmware Load testA 3072 or 4096-bit RSA Signature Verification is executed on the bootloader copied into the ModuleES2ES2
Load testLoad test/PSSexecuted on the bootloader copied into the Module
Runtime SCSS Firmware Load testRSA PKCS#1_v1.5Runtime SCSS Firmware Load testA 3072 or 4096-bit RSA Signature Verification is executed on the Runtime SCSS firmware copied into the ModuleES2
EC-DSA Key generationEC-DSA Sign/VerifyEC-DSA Key generationA pairwise consistency check is performed on EC-DSA private/public key on generationES3
generation/Verificationgeneration/VerificationSHA-384
11 Life-Cycle Assurance

This section documents the operational behavior of the Module.

11.1 Operational Behavior of the Device
  1. The Module clears previous authentications on power cycle.
  2. Data output is inhibited during key generation, firmware loading, self-tests, zeroization, and error states.
  3. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module.
  4. The Module zeroizes temporary values generated and used during self-tests.
  5. The Module does not support a maintenance interface or role.
  6. The Module does not support manual key entry.
  7. The Module does not provide access to internal data structures.
11.2 Security Initialization

The device is shipped from the factory in the Approved mode of operation. The keys generated during manufacturing are used to encrypt/decrypt data. On receipt of the Module, examine the product to ensure it has not been tampered with during shipping according to the procedures outlined in Section 7.

12 Mitigation of Other Attacks

The Module does not implement any mitigation method against other attacks. Document Version 1.6 Micron Technology, Inc. Public Material

Page 26
Acronyms
NameTermDefinitionAbbreviationFull Specification Name
[FIPS140-3][FIPS140-3]Security Requirements for Cryptographic Modules, March 22, 2019
[ISO19790][ISO19790]International Standard, ISO/IEC 19790, Information technology — Security techniques — Test requirements for cryptographic modules, Third edition, March 2017
[ISO24759][ISO24759]International Standard, ISO/IEC 24759, Information technology — Security techniques — Test requirements for cryptographic modules, Second and Corrected version, 15 December 2015
[IG][IG]Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, October 7, 2022
[108][108]NIST Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), October 2009
[131A][131A]Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Revision 2, March 2019
[132][132]NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, December 2010
[133][133]NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, Revision 2, June 2020
[186][186]National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July 2013
[197][197]National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001
[198][198]National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008
[180][180]National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015
[38A][38A]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001
[38E][38E]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Special Publication 800-38E, January 2010
[38F][38F]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, Special Publication 800-38F, December 2012
[56Br2][56Br2]NIST Special Publication 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Finite Field Cryptography, March 2019
[90A][90A]National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015
[90B][90B]National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018
[ACS-3][ACS-3]ACS-3 Reporting Security Compliance December 1,2009
[TCG-SSC-Opal][TCG-SSC-Opal]TCG Storage Security Subsystem Class: Opal, Specification
[TCG-SACS][TCG-SACS]TCG Storage Architecture Core Specification
[TCG-SIIS][TCG-SIIS]TCG Storage Interface Interactions Specification
AcronymAcronymDefinition
KATKATKnown Answer Test
AKAKAuthentication key
DEKDEKData Encryption Key
LBALBALogical Block Address
SEDSEDSelf-Encrypting Drive
SIDSIDSecurity ID, PIN for Drive Owner CO Role – TCG OPAL
TCGTCGTrusted Computing Group
13 References and Definitions

The following standards are referred to in this Security Policy. Table 16

Page 27

Micron Technology, Inc. Table 17