| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 3/30/2030 |
| Entropy | ENT (P) |
| Caveat | None |
| Vendor | Micron Technology, Inc. |
| Hardware versions | TC v2.1 |
| Algorithm | ACVP Cert |
|---|---|
| AES-CTR | C1278 |
| AES-ECB | A2833 |
| AES-ECB | A2835 |
| AES-ECB | C1278 |
| AES-KW | A2828 |
| AES-XTS Testing Revision 2.0 | A2833 |
| AES-XTS Testing Revision 2.0 | A2835 |
| Conditioning Component Block Cipher Derivation Function SP800-90B | A2272 |
| Counter DRBG | C1278 |
| ECDSA KeyGen (FIPS186-4) | A2827 |
| ECDSA KeyGen (FIPS186-4) | A4269 |
| ECDSA KeyVer (FIPS186-4) | A2827 |
| ECDSA KeyVer (FIPS186-4) | A4269 |
| ECDSA SigGen (FIPS186-4) | A2827 |
| ECDSA SigGen (FIPS186-4) | A4269 |
| ECDSA SigVer (FIPS186-4) | A2827 |
| ECDSA SigVer (FIPS186-4) | A4269 |
| HMAC-SHA2-384 | A2830 |
| HMAC-SHA2-512 | A2830 |
| HMAC-SHA2-512/256 | A2830 |
| KDF SP800-108 | A2832 |
| KTS-IFC | A2829 |
| PBKDF | A2826 |
| RSA SigVer (FIPS186-4) | A2831 |
| SHA2-384 | A2834 |
| SHA2-512 | A2834 |
| SHA2-512/256 | A2834 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 2 |
| Software/Firmware Security | 2 |
| Operational Environment | N/A |
| Physical Security | 2 |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 2 |
| Self-Tests | 2 |
| Life-Cycle Assurance | 2 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Micron® MTC21-P4 Controller Sub Chip Security Subsystem
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>Bootloader v1.0 [a], v1.1 [b, c], v1.0a [d]<br/>Boot ROM v1.0</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>NVMe Update Key<br/>TCG Update Key<br/>ES2</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-Test<br/>ES3</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>External Interrupt (JTAG, AHB bypass and inter-CPU…<br/>JTAG / AHB-32 bypass<br/>UART</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C6 clue;
class I1,I2,I3,I4,I6 infer;
class R1,R2,R3,R4,R6 risk;
class E1,E2,E3,E4,E6 evidence;flowchart LR
%% Deterministic clue tier for Micron® MTC21-P4 Controller Sub Chip Security Subsystem
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>Bootloader v1.0 [a], v1.1 [b, c], v1.0a [d]<br/>Boot ROM v1.0</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>NVMe Update Key<br/>TCG Update Key<br/>ES2</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-Test<br/>ES3</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>External Interrupt (JTAG, AHB bypass and inter-CPU…<br/>JTAG / AHB-32 bypass<br/>UART</i><br/>src: securityPolicy.portsAndInterfaces"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C6 clueLow;Micron Technology, Inc. Micron Technology, Inc. Micron® MTC21-P4 Controller Sub Chip Security Subsystem Non-Proprietary FIPS 140-3 Security Policy Document Version: 1.6 Date: March 27, 2025 Micron Technology, Inc. Public Material
Micron Technology, Inc. Table of Contents Document Version 1.6 Micron Technology, Inc. Public Material
Micron Technology, Inc. List of Tables List of Figures Document Version 1.6 Micron Technology, Inc. Public Material
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic Module Specification | 2 |
| 3 | 3 | Cryptographic Module Interfaces | 2 |
| 4 | 4 | Roles, Services and, Authentication | 2 |
| 5 | 5 | Software/Firmware Security | 2 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 2 |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 2 |
| 10 | 10 | Self-Tests | 2 |
| 11 | 11 | Life-Cycle Assurance | 2 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
| Overall | Overall | 2 |
| The Module incorporates numerous hardware and firmware implementations of cryptographic | |
|---|---|
| algorithms, as outlined in Section 2.4. The following is an overview of how the cryptographic algorithm | |
| implementations relate to the Module: | |
| - CAVP Certificates #A2830, #A2831, #A2832, and #A2834 are hardware implementations of | |
| algorithms within the Module. | |
| - CAVP Certificates #A2833 and #A2835 are hardware IP cores implementing the AES algorithm. | |
| - CAVP Certificates #C1278 and #A2272 are firmware implementations provided by Synopsys, which | |
| have been ported into the Runtime SCSS firmware for the purposes of entropy generation. | |
| - CAVP Certificates #2826, #A2827, # A2828, #A2829, and #A4269 are firmware implementations | |
| implemented in the Runtime SCSS firmware. | |
| Each of the hardware and firmware implementations listed above are independently version controlled | |
| from the rest of the hardware and firmware. Any change to the hardware implementation listed above | |
| will result in the implementation version update, as well as the Module hardware version update. Any | |
| change to the firmware implementation listed above will result in the implementation version update, | |
| as well as the Module firmware version update. |
Micron Technology, Inc. MTC21-P4 Controller Sub Chip Security Subsystem module, hereafter denoted the Module. The Module Guidance 2.3.B. Table 1
| Name | Model | Hardware Version | Firmware Version | Tested Configuration | |||
|---|---|---|---|---|---|---|---|
| Micron® MTC21-P4 Controller Sub Chip Security Subsystem | Micron® MTC21-P4 | TC v2.1 | Runtime SCSS v2.2, | Micron® MTC21-P4 Controller Sub Chip Security Subsystem | Runtime SCSS v2.2, Bootloader v1.0, Function ROM v3.0, Boot ROM v1.0 | Micron® MTC21-P4 SSD Controller | Micron® MTC21-P4 SSD Controller |
| Controller Sub Chip | Controller Sub Chip | Bootloader v1.0, Function | |||||
| Security Subsystem | Security Subsystem | ROM v3.0, Boot ROM v1.0 | |||||
| Micron® MTC21-P4 Controller Sub Chip Security Subsystem | TC v2.1 | Micron® MTC21-P4 Controller Sub Chip Security Subsystem | Runtime SCSS v2.3, Bootloader v1.1, Function ROM v3.0, Boot ROM v1.0 | Micron® MTC21-P4 SSD Controller | |||
| Micron® MTC21-P4 Controller Sub Chip Security Subsystem | TC v2.1 | Micron® MTC21-P4 Controller Sub Chip Security Subsystem | Runtime SCSS v2.4, Bootloader v1.1, Function ROM v3.0, Boot ROM v1.0 | Micron® MTC21-P4 SSD Controller | |||
| Micron® MTC21-P4 Controller Sub Chip Security Subsystem | TC v2.1 | Micron® MTC21-P4 Controller Sub Chip Security Subsystem | Runtime SCSS v2.5, Bootloader v1.0a, Function ROM v3.0, Boot ROM v1.0 | Micron® MTC21-P4 SSD Controller |
Micron Technology, Inc. Cryptographic Module Specification The Module is a Single-Chip Hardware Sub-Chip cryptographic subsystem. The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated cryptographic controllers. The Module is a security subsystem within the ASIC Micron® MTC21-P4 SSD Controller package, whose intended use environment is within an SSD Controller. The Function ROM v3.0, Boot ROM v1.0 with Firmware Versions as indicated in Table 2 2.1 The cryptographic module is tested on the following: The Module versioning information is provided through the “Get Status” service and is returned as TCG Level 0 discovery content. The Module is Hardware and as such, Tested and Vendor Affirmed Operational Environments do not apply. Document Version 1.6 Micron Technology, Inc. Public Material
Micron Technology, Inc. 2.2 Cryptographic Boundary The single-chip hardware, Micron® MTC21-P4 ASIC, is depicted in Figure 1 above, which also defines the physical boundary of the Module. The cryptographic boundary of the Module is defined by the Sub Chip Security Subsystem and includes all cryptographic algorithm implementations, as depicted by the red outline line in Figure 2 below. The TOEPP is defined as the area outside of the cryptographic boundary, but within the physical boundary of the single-chip on which the Module is installed. Micron® SSD Micron® MTC21-P4 ASIC NAND NAND NAND NAND NVMe TCv2.1 Module NAND NAND NAND NAND Sub Chip Security Subystem NAND NAND NAND NAND Single Chip Physical boundary Figure 2
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use/Function |
|---|---|---|---|---|---|
| AES [197] | A2272 | AES 128 | Conditioning Component Block Cipher Derivation Function SP800-90B | Conditioning of TRNG data | |
| AES [197] | A2833 | AES-ECB [38A] | Key Sizes: 256 | Encrypt, Decrypt (Auxiliary) | |
| AES-XTS Testing Revision 2.0 [38E] | AES-XTS Testing Revision 2.0 [38E] | Key Sizes: 256 | Encrypt, Decrypt (Auxiliary) | ||
| AES [197] | A2835 | AES-ECB [38A] | Key Sizes: 256 | Encrypt, Decrypt (Datapath) | |
| AES-XTS Testing Revision 2.0 [38E] | AES-XTS Testing Revision 2.0 [38E] | Key Sizes: 256 | Encrypt, Decrypt (Datapath) | ||
| AES [197] | C1278 | AES-ECB [38A] | Key Sizes: 128, 256 | Encrypt. Used only within the DRBG. 128-bit key is tested but not used | |
| AES-CTR [38A] | AES-CTR [38A] | Key Sizes: 128, 256 | Encrypt. Used only within the DRBG. 128-bit key is tested but not used | ||
| Counter DRBG [90A] | C1278 | Counter DRBG | Counter DRBG AES 256 [38A] Key Size 256 AES 128 with Key Size 128 tested, but not used. | Deterministic Random Bit Generation Security Strength = 256 | |
| ECDSA [186] | A2827/ A4269 | ECDSA KeyGen | Curve P-384 | Key generation for attestation | |
| ECDSA [186] | ECDSA SigVer | Curve P-384 SHA2-384 | Signature verification for authentication | ||
| ECDSA [186] | ECDSA SigGen | Curve P-384 SHA2-384 | Signature generation for certificate and measurements | ||
| ECDSA [186] | ECDSA KeyVer | Curve P-384 | Key verification | ||
| ENT [(90B] | ENT (P) | Security Strength = 256 bits | Entropy generation | ||
| HMAC-SHA2- 384 [198] | A2830 | HMAC-SHA2- 384 | Key Sizes: 384 bits λ = 384 | Key derivation. Data Authentication | |
| HMAC-SHA2- 512/256 [198] | HMAC-SHA2- 512/256 | Key Sizes: 256 bits λ = 256 | Key derivation. Data Authentication | ||
| HMAC-SHA2- 512 [198] | HMAC-SHA2- 512 | Key Sizes: 512 bits λ = 512 | Key derivation. Data Authentication Tested but not used | ||
| KDF-SP800- 108 [108] | A2832 | Counter | HMAC-SHA2-384 HMAC-SHA2-512/256 | Key Based Key Derivation | |
| KDF-SP800- 108 [108] | Counter | HMAC-SHA2-512/256 | Key Based Key Derivation | ||
| KTS [38F] | A2828 | AES-KW | Key Sizes:256 | CSP Wrapping/Unwrapping (Uses Auxiliary ECB) | |
| KTS-IFC [56B] | A2829 | KTS-OAEP- basic | n = 3072 SHA2-384 n = 4096 SHA2-384 | Key transport methodology provides between 128 and 150 bits of encryption strength | |
| PBKDF [132] | A2826 | Option 1a | sLen = 256bits C = 300 HMAC- SHA2-512/256 Key Size 256 | Password Based Key Derivation. Keys derived from passwords may only be used in storage applications. Derived keys are used as input to AES-KW to wrap and unwrap sensitive data. Password length and format are specified in Table 11 and are 32 bytes long. Use of the derived password in the associated unwrap process is limited to 5 retries at which time the Module will need to be reset. This effectively eliminates the possibility of determining the password through exhaustive methods. The PBKDF iteration count (C) is chosen to be as high as can be tolerated without impacting the performance of the system boot up process | |
| RSA [186] | A2831 | RSA SigVer | n = 3072 SHA2-384/SHA2-512 n = 4096 SHA2-384/SHA2-512 | Signature verification | |
| SHS [180] | A2834 | SHA2-384 SHA2-512 | SHA2 | Message Digest Generation | |
| SHA2-512/256 | SHA2-512/256 | SHA2-512/256 is tested but not used | |||
| CKG [IG D.H] | [133] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output [133] Section 6.2.2 Symmetric Keys Derived from a Pre-existing Key [133] Section 6.2.3 Derivation of symmetric keys from a password [133] Section 6.3 Symmetric Keys Produced by Combining Multiple Keys and Other Data | Key Generation |
Micron Technology, Inc. 2.4 Security Functions The Module implements the Approved cryptographic functions listed in the table below. The numbers and letters within square brackets reference standards which are defined in the References and Definitions section of this Security Policy. Notes: The AES XTS algorithm implementation includes a check to ensure Key_1 ≠ Key_2; Key_1 and Key_2 are generated independently. AES XTS is only used for storage purposes per SP 800-38E Table 3
Micron Technology, Inc. KTS-OAEPbasic PKCS1_v1.5 PKCS1_PSS Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Mode Method | Use Function | Use/Function |
|---|---|---|---|
| SHA2-512/256 | SHA2-512/256 | SHA2-512/256 is tested but not used | |
| CKG [IG D.H] | [133] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output [133] Section 6.2.2 Symmetric Keys Derived from a Pre-existing Key [133] Section 6.2.3 Derivation of symmetric keys from a password [133] Section 6.3 Symmetric Keys Produced by Combining Multiple Keys and Other Data | Key Generation |
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| KTS | AES-KW – AES Cert. #A2828 | AES-KW/Cert. #A2828 | KTS | Key establishment methodology provides 256 bits of encryption strength Key size: 256 bits |
| KTS-IFC | KTS-IFC - RSA Cert. #A2829 | KTS-IFC/Cert. #A2829 | KTS | Key transport methodology provides between 128 and 150 bits of encryption strength. Modulo: 3072, 4096 KTS-OAEP-basic Hash Algorithm: SHA2-384 |
Micron Technology, Inc. Table 4 – Vendor Affirmed Approved Algorithms The module does not support any non-Approved algorithms whatsoever. This includes algorithms that would otherwise be allowed in the Approved mode of operation, allowed in the Approved mode of operation with no security claimed, as well as not allowed in the Approved mode of operation. The module’s entropy was assessed before the ESV program was established and thus an entropy certificate is not applicable. 2.5 Security Function Implementation The following table shows the Security Function Implementations of the Module: Table 5 - Security Function Implementation (SFI) 2.6 Overall Security Design 1. 2. 3. 4.
Micron Technology, Inc.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| AESE (encryption engine) | AESE (encryption engine) | Control in | Data in | Data out | Status out | User data |
| AESD (decryption engine) | AESD (decryption engine) | Control in | Data in | Data out | Status out | User data |
| Mbox (Mailbox) | Mbox (Mailbox) | Control in| Status out | Service info input |
| Controller output (response to Mbox) | Controller output (response to Mbox) | Data out | Service info output |
| External Interrupt (JTAG, AHB bypass and inter-CPU interrupts) | External Interrupt (JTAG, AHB bypass and inter-CPU interrupts) | Disabled | Disabled |
| Reset/Interrupt | Reset/Interrupt | Control in | None |
| BMG-128 (S-DMA Interface) | BMG-128 (S-DMA Interface) | Data in, Data out | Service info data (command/response) |
| Power | Power | Power in | None |
| JTAG / AHB-32 bypass | JTAG / AHB-32 bypass | Disabled | Disabled |
| LDPC Decoder | LDPC Decoder | Data In | Firmware Images |
| UART | UART | Status out | Status Data |
Micron Technology, Inc. Cryptographic Module Interfaces The Module’s ports and associated logical interface categories are listed in Table 6. Table 6
| Name | Roles | Input | Output |
|---|---|---|---|
| Self-Test | Any | N/A | N/A |
| SUP Authenticate | Controller | Password | Response |
| SUP Generate | Controller | None | Encrypted blob |
| TCG Authenticate | Controller | Wrapped RdsKey or SumRdsKey, Password | Response |
| Clear TCG Authentications | Controller | None | Response |
| Random | Controller | Size/Location | Random Value |
| NVMe Allocate and associate Key | Controller | Namespace Information | Response |
| NVMe Deallocate and disassociate Key | Controller | Namespace information | Response |
| NVMe Update Key | Controller | Namespace information | Response |
| Public HMAC Generation | Controller | Target input | HMAC |
| Load Range and Key | Controller | Range and key (index) Information | Response |
| AWOR | Controller | None | Encrypted block |
| TCG Allocate and associate Key | Controller | Range Information | Response |
| TCG Deallocate and disassociate Key | Controller | Range Information | Response |
| TCG Update Key | Controller | Range Information | Response |
| TCG Set PIN | Controller | Password | Response |
| TCG Revert, Activate, Reactivate | Controller | Command information | Response |
| TCG HMAC Generation | Controller | Target HMAC | HMAC |
| Manifest Load | Controller | Manifest | Verification status |
| CSP Load | Controller | CSP Block | Verification status |
| Write/Read | Controller | Read/Write Location | Read information Status |
| Get Status | Controller | None | Status |
| Firmware Signature Check | Controller | Firmware block | Verification status |
| Factory Auth | Controller | Signature | Verification status |
| Attestation | Controller | Attestation Request Information | Attestation response Info |
| Device Deprovision | Controller* | Deprovision ID | Status |
| Generate KeyDerivationKey | Controller* | Mode | Status |
| Zeroize | Controller* | None | Status |
Micron Technology, Inc. Roles, Services and Authentication 4.1 Assumption of Roles and Related Services The Module supports one distinct operator role, the Controller (Cryptographic Officer). Table 6 lists the Controller (Cryptographic Officer) related services. In addition to the services listed in Table 6, the Module also supports a Self-Test service, which is invoked by power cycling the Module. All services are associated with the Controller (Cryptographic Officer) role with a sub-set of Controller services requiring an additional layer of authentication described in Table 7 below as “factoryrestricted”. These “factory-restricted” services require a second signature verification. The Module does not support a maintenance role or bypass capability. The Module does not support concurrent operators. *Requires additional authorization N/A N/A Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Use Function | |
|---|---|---|
| RSA 3072/4096 has a key strength of 128/150 bits. The probability of a successful verification from a single random attempt is at least 1/2128 which is < 1/1,000,000. This effectively eliminates the possibility of determining the private key through exhaustive methods. Each verification attempt takes 8ms, the maximum number of attempts which can be made in 1 minute is 7500, which results in a probability of 7500/2128 that a brute force attack within a given minute of time will be successful. For the factory-restricted services, the Controller must authenticate with a second RSA 3072/4096 key. This verification has an associated retry limit of 5. This controls the number of unsuccessful attempts before authentication is blocked until a system restart occurs. | Signature Verification | Controller |
Micron Technology, Inc. 4.2 The role-based authentication methods are defined in Table 7 below. Table 8
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Self-Test | Run KAT tests on all cryptographic algorithms | Any | Entropy Input | All | G,E | CCS |
| DrbgSeed | DrbgSeed | G,E | ||||
| DrbgState | DrbgState | G | ||||
| SUP Authenticate | Unwrap SUP blob using PBKDF derived key | Controller | Password | PBKDF, AES- KW | W, E | CCS |
| PasswordWrapKey | PasswordWrapKey | G, E | ||||
| SUP Generate | KTS-RSA wrap an internally generated random | Controller | DrbgState | DRBG, CKG, KTS-RSA, AES-KW, PBKDF | W, E | CCS |
| KDeviceWrappingPub; | KDeviceWrappingPub; | E | ||||
| PasswordWrapKey | PasswordWrapKey | G, E, Z | ||||
| SUP Seed | SUP Seed | G, E, Z | ||||
| TCG Authenticate | Unwrap TCG SSP using PBKDF derived key | Controller | Password | PBKDF, AES- KW, CKG | E | CCS |
| SumRdsKey | SumRdsKey | W | ||||
| RdsKey | RdsKey | W | ||||
| PasswordWrapKey | PasswordWrapKey | G, E, Z | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| Clear TCG Authentications | Remove status of all past authentication and their privileges | Controller | NA | NA | N/A | CCS |
| Random | Returns a 256-bit random number | Controller | DrbgState | DRBG | E, W | CCS |
| NVMe Allocate and associate Key | Generate a key, wrap key and associate key with an entity | Controller | DrbgState | DRBG, AES- KW, CKG | E, W | CCS |
| WrapKey | WrapKey | E | ||||
| RdsKey | RdsKey | G, E, R | ||||
| SumRdsKey | SumRdsKey | G, E, R | ||||
| NamespaceDEK | NamespaceDEK | G, R | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| NVMe Deallocate and disassociate Key | Zeroize key and disassociate key from an entity | Controller | NamespaceDEK | AES, AES-KW | Z | CCS |
| WrapKey | WrapKey | E | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| NVMe Update Key | Erase user data in a namespace by changing the encryption key | Controller | DrbgState | DRBG, AES- KW, CKG | E | CCS |
| WrapKey | WrapKey | E | ||||
| RdsKey | RdsKey | E | ||||
| SumRdsKey | SumRdsKey | W, E | ||||
| NamespaceDEK | NamespaceDEK | Z, G, R | ||||
| LockingObjectDEK | LockingObjectDEK | Z, G, R | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| Public HMAC Generation | Generate an HMAC over the prescribed content | Controller | RootPublicMacKey | HMAC SHA256 | E | CCS |
| PspHmacKey | PspHmacKey | E | ||||
| Load Range and Key | Load DEK into DPE for indicated range | Controller | TweakKey | AES-KW | W | CCS |
| LockingObjectDEK | LockingObjectDEK | W | ||||
| NamespaceDEK | NamespaceDEK | W | ||||
| RdsKey | RdsKey | E | ||||
| SumRdsKey | SumRdsKey | W, E | ||||
| WrapKey | WrapKey | E | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| AworWrapKey; | AworWrapKey; | E | ||||
| AWOR | Save, restore security operational context | Controller | AworHmacKey | KBKDF, AES- KW, HMAC, CKG | E | CCS |
| WrapKey | WrapKey | W, R | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | W, R | ||||
| PspHmacKey | PspHmacKey | W, R | ||||
| TweakKey | TweakKey | W, R | ||||
| RdsKey | RdsKey | W, R | ||||
| SumRdsKey | SumRdsKey | W, R | ||||
| RootHmacKey | RootHmacKey | W, R | ||||
| RootKeyWrapKey | RootKeyWrapKey | W, R | ||||
| RootPublicMacKey | RootPublicMacKey | W, R | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | W, R | ||||
| TCG Allocate and associate Key | Generate a key, wrap key and associate key with an entity | Controller | DrbgState | DRBG, AES- KW, CKG | E | CCS |
| WrapKey | WrapKey | E | ||||
| RdsKey | RdsKey | G, E, R | ||||
| SumRdsKey | SumRdsKey | G, E, R | ||||
| LockingObjectDEK | LockingObjectDEK | G, R | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| TCG Deallocate and disassociate Key | Zeroize key and disassociate key from an entity | Controller | WrapKey | NA | E | CCS |
| LockingObjectDEK | LockingObjectDEK | Z, R | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| TCG Update Key | Erase user data in a namespace by changing the encryption key | Controller | DrbgState | DRBG, AES- KW, CKG | E | CCS |
| WrapKey | WrapKey | E | ||||
| RdsKey | RdsKey | E | ||||
| SumRdsKey; | SumRdsKey; | E, W | ||||
| LockingObjectDEK | LockingObjectDEK | Z, G, R | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| TCG Set PIN | Set PIN which is used in generating a key to wrap a TCG credential | Controller | Password | PBKDF, DRBG, AES- KW, CKG, HMAC | W, E, Z | CCS |
| DrbgState | DrbgState | E | ||||
| WrapKey | WrapKey | E | ||||
| PasswordWrapKey | PasswordWrapKey | G, E, Z | ||||
| RdsKey | RdsKey | G, W | ||||
| SumRdsKey | SumRdsKey | G, W | ||||
| EphemeralSumRdskWrapKey | EphemeralSumRdskWrapKey | E | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| TCG Revert, Activate, Reactivate | Revert to FOB, Revert to FOB with TCG Activated | Controller | RootHmacKey | AES-KW, HMAC, DRBG, CKG | E | CCS |
| DrbgState | DrbgState | E | ||||
| WrapKey | WrapKey | E; | ||||
| RdsKey | RdsKey | Z | ||||
| SumRdsKey | SumRdsKey | Z | ||||
| NameSpaceDEK | NameSpaceDEK | Z, G | ||||
| LockingObjecDEK | LockingObjecDEK | Z, G | ||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | E | ||||
| TCG HMAC Generation | Generate an HMAC over the prescribed TCG content | Controller | AuthenticatedUseHmacKey | HMAC | E | CCS |
| DrbgState | DrbgState | R | ||||
| RootKeyWrapKey | RootKeyWrapKey | E | ||||
| TweakKey | TweakKey | R | ||||
| WrapKey | WrapKey | E, R | ||||
| Password | Password | G, E | ||||
| PassordWrapKey | PassordWrapKey | G, E | ||||
| Manifest Load | RSA Verify trusted list of PKs | Controller | KManifestPub_ROM | RSA Verify | E | CCS |
| CSP Load | Restore persistent SSPs | Controller | RootHmacKey | AES-KW, HMAC | E | CCS |
| RootKeyWrapKey | RootKeyWrapKey | E | ||||
| DrbgState | DrbgState | W |
Micron Technology, Inc. Table 9
Micron Technology, Inc. W, R W, R W, R W, R W, R W, R W, R W, R W, R W, R E G, E, R G, E, R G, R E E Z, R E E E E, W Z, G, R E E E E G, E, Z G, W G, W E E E E; Z Z Z, G Z, G E R E R E, R G, E G, E E W Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | |
|---|---|---|---|---|---|---|---|
| Write/Read | Encryption / Decryption of user data to / from a user data range | Controller | NamespaceDEK | DPE-AES-XTS | E | CCS | |
| LockingObjectDEK | LockingObjectDEK | E | |||||
| TweakKey | TweakKey | E | |||||
| Get Status | Get information about the operational state of the drive, as well as versioning information. | Controller | NA | NA | NA | CCS | |
| Firmware Signature Check | Verify firmware image signature before persisting | Controller | KFWCBootloaderVerify | RSA Verify | E | CCS | |
| KFWModuleVerify | KFWModuleVerify | E | |||||
| KFWControllerVerify | KFWControllerVerify | E | |||||
| Factory Auth | Authentication for factory-restricted services | Controller | KAuthPu | RSA Verify, DRBG | E | CSS | b |
| KVSAuthPub | KVSAuthPub | E | |||||
| DrbgState | DrbgState | E | |||||
| Device Deprovision | Deprovision the device, zeroize all SSPs | Controller | All CSPs | NA | Z | CCS | |
| Generate KeyDerivationKey | Generate a new KeyDerivationKey | Controller | DrbgState | DRBG, CKG | G, E | CCS | |
| KeyDerivationKey | KeyDerivationKey | G, E | |||||
| RootHmacKey | RootHmacKey | G, E | |||||
| RootKeyWrapKey | RootKeyWrapKey | G, E | |||||
| RootPublicMacKey | RootPublicMacKey | G | |||||
| AworHmacKey | AworHmacKey | G | |||||
| AworWrapKey | AworWrapKey | G | |||||
| WrapKey | WrapKey | G, E | |||||
| AuthenticatedUseHmacKey | AuthenticatedUseHmacKey | G, E | |||||
| PspHmacKey | PspHmacKey | G | |||||
| TweakKey | TweakKey | G | |||||
| Zeroize | Destroys all keys. Must be performed under the direct control of the operator | Controller | All CSPs | Factory zeroization process | Z | CCS | |
| Attestation | Device cryptographic identity and attestation | Controller | KDeviceIDPriva | EC-DSA Generate, EC-DSA Sign, DRBG, AES- KW, SHS | G, E, R, W, Z | CCS | te |
| KDeviceIDPubl | KDeviceIDPubl | G, R | ic | ||||
| KAliasPrivate | KAliasPrivate | G, E | |||||
| KAliasPublic | KAliasPublic | G, R | |||||
| DrbgState | DrbgState | E | |||||
| KDeviceIDWrapKey | KDeviceIDWrapKey | G, E, Z | |||||
| UDS | UDS | G,E | |||||
| UDS_KDK | UDS_KDK | E |
Micron Technology, Inc. KAuthPub W W W W E E E E E E G, E G, E G, E G G G G, E G, E G G KDeviceIDPrivate KDeviceIDPublic G, R G, E G, R E G, E, Z G,E E The module does not support any non-Approved services, as it does not support a non-Approved mode of operation. The Module is composed of the following component(s):
Micron Technology, Inc. The Runtime SCSS firmware and Bootloader firmware are loadable components and are protected with the firmware load test using RSA signatures with a 3072-bit or 4096-bit key. This signature is also used to verify the integrity of the firmware prior to firmware execution. Firmware load and integrity checks are defined in the self-test section of this Security Policy. The ROM components are implemented in Non-Reconfigurable-Memory and are not subject to firmware integrity tests per FIPS 140-3 IG 5.A The operator can initiate the firmware integrity test on demand by power cycling/resetting the Module. Operational Environment The Module has a limited operational environment under the FIPS 140-3 definitions. The hardware tested configuration is listed in Table 2. The Module includes a firmware verification and load service to support necessary updates. Firmware versions validated through the FIPS 140-3 CMVP will be explicitly identified on a validation certificate. Any firmware not identified in this Security Policy does not constitute the Module defined by this Security Policy or covered by this validation. Document Version 1.6 Micron Technology, Inc. Public Material
| Physical Security | Recommended Frequency of | Inspection/Test Guidance Details | ||
|---|---|---|---|---|
| Mechanism | Inspection/Test | |||
| IC packaging | On initial receipt of the device and periodically afterwards | Inspect for evidence of prying or removal of the chip packaging. If tampering is suspected, then the device containing the IC should be removed from service and the site administrator should be contacted. See Example below |
Micron Technology, Inc. The Module is a Single-Chip Hardware Sub-Chip cryptographic, and the embodiment is a production grade single chip. The chip is encapsulated in a standard IC package. The IC packaging itself provides the necessary opacity and tamper evidence required for Level 2 conformance. Table 10
Non-Invasive Security The Module does not implement any mitigation method against non-invasive attack. Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Key Size | Use Function | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Key/SSP/Name/T | Function | Establish- | Zeroiza- | Use & Related | ||||||
| ype | Cert. | ment | tion | keys | ||||||
| AuthenticatedUse HmacKey (HMAC SHA2-256) | 256 | E3 / O2 by RootKeyWrapKey or AworWrapKey | HMAC / A2830 | N/A | Z1, Z2 | Integrity generation and checking of TCG table data | G2 | S1 | ||
| AworWrapKey (AES-KW) | 256 | N/A | KTS / A2828 | N/A | Z1, Z2 | Key encryption | G3 from KeyDeriv ationKey | S1 | ||
| AworHmacKey (HMAC SHA2- 512/256) | 256 | N/A | HMAC / A2830 | N/A | Z1, Z2 | Integrity generation and checking of TCG context data | G3 from KeyDeriv ationKey | S1 | ||
| DrbgState | 256 | N/A | DRBG / C1278 | N/A | Z1, Z2 | CTR_DRBG internal state Key and V | G2 | S1 | ||
| Key/SSP/Name/T | Function | Establish- | Zeroiza- | Use & Related | ||||||
| ype | Cert. | ment | tion | keys | ||||||
| DrbgSeed | 256 | N/A | DRBG / C1278 | N/A | Z1, Z2 | Used to seed the DRBG. | G5 | S1 | ||
| EphemeralSumRd skWrapKey (AES- KW) | 256 | E3 / O2 by AworWrapKey | KTS /A2828 | N/A | Z1, Z2 | Key wrap of: SumRdsKeys, | G2 | S1 | ||
| Entropy Input | 256 | N/A | ENT (P) | N/A | Z1 | Used to create DrbgSeed. | G5 | S1 | ||
| KeyDerivationKey | 256 | N/A | KDF SP800- 108 / A2832 | N/A | Z2 | Master key used to derive other keys | G1 | S2 | ||
| LockingObjectDEK (AES-XTS) | 256 | E3 / O2 by RdsKey, SumRdsKey, or WrapKey | AES-XTS Testing Revision 2.0 / A2833 | N/A | Z1, Z2 | Data encryption | G2 | S1, S3 | ||
| NamespaceDEK (AES-XTS) | 256 | E3 / O2 by RdsKey, SumRdsKey, or WrapKey | AES-XTS Testing Revision 2.0 / A2833 | N/A | Z1, Z2 | Data encryption | G2 | S1, S3 | ||
| Password | 256 | E1 | PBKDF2/ A2826 | N/A | Z1 | Used with PBKDF2 to derive the PasswordWrapK ey Password is 32 bytes of binary data | N/A | S1 | ||
| PasswordWrapKey (AES-KW) | 256 | N/A | KTS /A2828 | N/A | Z1 | Derived using PBKDF and Password. Key encryption of: RdsKey or SumRdsKey | G4 | S1 | ||
| PspHmacKey (HMAC SHA2- 512/256) | 256 | E3 / O2 by AworWrapKey or RootKeyWrapKey | HMAC /A2830 | N/A | Z1, Z2 | Integrity generation and checking public TCG content | G2 | S1 | ||
| RdsKey (AES-KW) | 256 | E3 / O2 PasswordWrapKey or AworWrapKey | KTS /A2828 | N/A | Z1, Z2 | Key encryption of: LockingObjectDE K, NameSpaceDEK | G2 | S1 | ||
| RootHmacKey (HMAC SHA2- 512/256) | 256 | E3 / O2 by AworWrapKey | HMAC / A2830 | N/A | Z1, Z2 | Integrity checking | G3 from KeyDeriv ationKey | S1 | ||
| Key/SSP/Name/T | Function | Establish- | Zeroiza- | Use & Related | ||||||
| ype | Cert. | ment | tion | keys | ||||||
| RootKeyWrapKey (AES-KW) | 256 | E3 / O2 by AworWrapKey | KTS /A2828 | N/A | Z1, Z2 | Key encryption of: DrbgState WrapKey, AuthenticatedUs eHmacKey TweakKey, RdsKey, | G3 from KeyDeriv ationKey | S1 | ||
| RootPublicMacKey (HMAC SHA2- 512/256) | 256 | E3 / O2 by AworWrapKey | HMAC / A2830 | N/A | Z1, Z2 | Integrity checking of TCG content of files stored outside of the boundary. | G3 from KeyDeriv ationKey | S1 | ||
| SumRdsKey (AES- KW) | 256 | E3 / O2 by AworWrapKey, EphemeralSumRdsk WrapKey, or PasswordWrapKey | KTS /A2828 | N/A | Z1, Z2 | Key encryption of: LockingObjectDE K, NameSpaceDEK | G2 | S1 | ||
| SUP Seed | 256 | O3 by KDeviceWrappingPub | PBKDF2 / A2826 | N/A | Z1 | Random value used to create an internal password. | G2 | S1 | ||
| TweakKey (AES- XTS) | 256 | E3 / O2 by RootKeyWrapKey or by AworWrapKey | AES-XTS Testing Revision 2.0 /A2833 | N/A | Z1, Z2 | Data encryption in conjuction with: LockingObjectDE K or NameSpaceDEK | G2 | S1, S3 | ||
| WrapKey (AES- KW) | 256 | E3 / O2 by RootKeyWrapKey or by AworWrapKey | KTS /A2828 | N/A | Z1, Z2 | Key encryption of: LockingObjectDE K, NameSpaceDEK | G2 | S1 | ||
| KFWModuleVerify (Non-SSP) | 150 128 | E2 | RSA SigVer (FIPS186- 4) / A2831 | N/A | Z1 | RSA 3072/4096 Public Key for the Module runtime firmware signature verification | N/A | S1 | ||
| KFWControllerVerify | 150 128 | E2 | RSA SigVer (FIPS186- 4) / A2831 | N/A | Z1 | RSA 3072/4096 Public Key used to authenticate the Controller. | N/A | S1 | ||
| 150 | 150 | E2 / O1 | RSA SigVer | N/A | Z1 | RSA 3072/4096 Public Key used | N/A | S1 | ||
| Key/SSP/Name/T | Function | Establish- | Zeroiza- | Use & Related | ||||||
| ype | Cert. | ment | tion | keys | ||||||
| 128 | 128 | (FIPS186- 4) / A2831 | to authenticate the Controller for factory- restricted hardware configuration services. | |||||||
| K VSAuthPub | 150 128 | E2 / O1 | RSA- SigVer (FIPS186- 4) / A2831 | N/A | Z1 | RSA 3072/4096 Public Key used to authenticate the Controller for factory restricted system configuration services | N/A | S1 | ||
| 150 128 | 150 128 | E2 / O1 | KTS-IFC / A2829 | N/A | Z1 | RSA 3072/4096 Public Key for SUP Generate | N/A | S1 | ||
| 150 128 | 150 128 | N/A. Pre-installed. | RSA SigVer (FIPS186- 4) / A2831 | N/A | N/A. Used solely for self- tests and can be revoked | RSA 3072/4096 Public Key for manifest signature verification | N/A | S4 | ||
| KFWCBootloaderVerify | 150 128 | E2 | RSA SigVer (FIPS186- 4) / A2831 | N/A | Z1 | RSA 3072/4096 Public Key for Bootloader firmware signature verification | N/A | S1 | ||
| UDS-KDK | 384 | N/A | KDF SP800- 108 / A2832 | N/A | Z2 | UDS derivation | G1 | S2 | ||
| UDS (HMAC SHA2- 384) | 384 | N/A | HMAC / A2830 | N/A | Z1 | CDI calculation, which is used in attestations. | G3 from UDS-KDK | S1 | ||
| KDeviceIDWrapKey (AES-KW) | 256 | N/A | KTS /A2828 | N/A | Z1 | Key encryption | G3 from KDK | S1 | ||
| KDeviceIDPrivate | 192 | E3 / O2 by KDeviceIDWrapKey | ECDSA SigGen / A2827 or A4269 | N/A | Z1 | Signature generation to validate Alias Certificate | G2 | S1 | ||
| Key/SSP/Name/T | Function | Establish- | Zeroiza- | Use & Related | ||||||
| ype | Cert. | ment | tion | keys | ||||||
| KAliasPrivate | 192 | N/A | ECDSA SigGen / A2827 or A4269 | N/A | Z1 | Signature generation to validate system measurements | G2 | S1 | ||
| KDeviceIDPublic | 192 | O1 | ECDSA SigVer / A2827 or A4269 | N/A | Z1 | External Signature verification/auth entication | G2 | S1 | ||
| KAliasPublic | 192 | O1 | EC-DSA SigVer / A2827 or A4269 | N/A | Z1 | External Signature verification/Auth entication | G2 | S1 | ||
| Entropy | Minimum number of bits of entropy | Details | Entropy | |||||||
| Ring oscillator-based entropy source, which utilizes an AES- | 256-bits of entropy | ENT (P) | ENT (P) |
Micron Technology, Inc. Sensitive Security Parameter (SSP) Management The SSPs management methods as shown Table 10 are defined as:
Micron Technology, Inc. SP800108 /
GeneratImport/Export N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document Version 1.6 Micron Technology, Inc. Public Material
Micron Technology, Inc. GeneratImport/Export N/A N/A N/A N/A SumRdsKey (AESKW) K, TweakKey (AESXTS) 2.0 N/A WrapKey (AESKW) N/A N/A (FIPS1864) / N/A N/A (FIPS1864) / N/A N/A N/A KAuthPub Document Version 1.6 Micron Technology, Inc. Public Material
Micron Technology, Inc. Function GeneratStrength (FIPS1864) / KVSAuthPub N/A N/A N/A (FIPS1864) / N/A N/A (FIPS1864) / N/A SP800108 / N/A N/A N/A. for selftests N/A N/A N/A N/A KDeviceWrappingPub 150 KManifestPub_ROM for factoryrestricted RSAN/A (FIPS1864) / Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Key Size | Use Function | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Key/SSP/Name/T | Function | Establish- | Zeroiza- | Use & Related | ||||||
| ype | Cert. | ment | tion | keys | ||||||
| KAliasPrivate | 192 | N/A | ECDSA SigGen / A2827 or A4269 | N/A | Z1 | Signature generation to validate system measurements | G2 | S1 | ||
| KDeviceIDPublic | 192 | O1 | ECDSA SigVer / A2827 or A4269 | N/A | Z1 | External Signature verification/auth entication | G2 | S1 | ||
| KAliasPublic | 192 | O1 | EC-DSA SigVer / A2827 or A4269 | N/A | Z1 | External Signature verification/Auth entication | G2 | S1 | ||
| Entropy | Minimum number of bits of entropy | Details | Entropy | |||||||
| Ring oscillator-based entropy source, which utilizes an AES- | 256-bits of entropy | ENT (P) | ENT (P) |
| Name | Description | Indicator | Indicator | |
|---|---|---|---|---|
| ES1 | The Function ROM fails a KAT | Triggered by cryptographic KAT failure. The Module | ES1 | |
| ES2 | The Module fails the firmware load test or the Firmware Integrity test | The Module enters the ES2 error state and outputs a | ES2 | |
| ES3 | The Module enters the ES3 error state and will output a self-test failure status to any service request | ES3 | The Module fails conditional KAT self-test. |
Micron Technology, Inc. 9.2 GeneratImport/Export N/A N/A N/A N/A The DRBG Randomness source (i.e., entropy) is using an internal ENT (P) source conformant to [90B]. Table 12
The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either pre-operational self-tests or conditional self-tests. Pre-operational and Conditional self-tests are both available on demand by resetting or power cycling the Module. All Conditional self-tests are performed before first use of the associated algorithm they are The self-tests error states and status indicator are described in Table 13 below: Table 13
| Name | Call | Description | Method | Error state | |||||
|---|---|---|---|---|---|---|---|---|---|
| Bootloader Firmware integrity test | An RSA 3072 or 4096-bit Signature Verification is | Bootloader Firmware integrity test | RSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512 | ES2 | |||||
| the Module using | the Module using | KFWCBootloaderVerify | |||||||
| Runtime SCSS Firmware integrity test | An RSA 3072 or 4096-bit Signature Verification is | Runtime SCSS Firmware integrity test | RSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512 | ES2 | |||||
| copied into the Module using | copied into the Module using | KFWModuleVerify | |||||||
| ROM SHS | ROM SHS | SHA2-512 SHS KAT, which satisfies the self-test | ROM SHS | KAT | ES1 | KAT | ES1 | ||
| ROM HMAC | ROM HMAC | HMAC SHA2-384 HMAC KAT | KAT | ES3 | |||||
| ROM RSA | ROM RSA | 3072 RSA PKCS#1_v1.5 Verification with SHA-384 KAT, | ROM RSA | KAT | ES1 | KAT | ES1 | ||
| AES – KW | (Auxiliary) AES-256 KW Encrypt KAT – Inclusive of AES | AES – KW | KAT | ES3 | |||||
| AES – KW | (Auxiliary) AES-256 Decrypt KAT – Inclusive of AES ECB | AES – KW | KAT | ES3 | |||||
| AES XTS – AUX and | AES XTS – AUX and | 256-bit AES-XTS encryption Comparative Answer Test | Comparative | ES3 | |||||
| DPE | DPE | with the AES-AUX and DPE AES-XTS implementations | |||||||
| AES XTS – AUX and | AES XTS – AUX and | 256-bit AES-XTS decryption Comparative Answer Test | Comparative | ES3 | |||||
| DPE | DPE | with the AES-AUX and DPE AES-XTS implementations | |||||||
| DRBG | DRBG | AES-256 CTR_DRBG KAT | DRBG | KAT | ES3 | ||||
| Conditioner AES | Conditioner AES | SP800-90B Conditioning Component (AES-128) | KAT | ES3 | |||||
| KBKDF | KBKDF | Counter mode KBKDF KAT. Inclusive of HMAC-SHA2- | KBKDF | KAT | ES3 | KAT | ES3 |
| Name | Call | Description | Method | Error state | |||||
|---|---|---|---|---|---|---|---|---|---|
| Bootloader Firmware integrity test | An RSA 3072 or 4096-bit Signature Verification is | Bootloader Firmware integrity test | RSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512 | ES2 | |||||
| the Module using | the Module using | KFWCBootloaderVerify | |||||||
| Runtime SCSS Firmware integrity test | An RSA 3072 or 4096-bit Signature Verification is | Runtime SCSS Firmware integrity test | RSA PKCS#1_v1.5 /PSS SHA2-384 /SHA2-512 | ES2 | |||||
| copied into the Module using | copied into the Module using | KFWModuleVerify | |||||||
| ROM SHS | ROM SHS | SHA2-512 SHS KAT, which satisfies the self-test | ROM SHS | KAT | ES1 | KAT | ES1 | ||
| ROM HMAC | ROM HMAC | HMAC SHA2-384 HMAC KAT | KAT | ES3 | |||||
| ROM RSA | ROM RSA | 3072 RSA PKCS#1_v1.5 Verification with SHA-384 KAT, | ROM RSA | KAT | ES1 | KAT | ES1 | ||
| AES – KW | (Auxiliary) AES-256 KW Encrypt KAT – Inclusive of AES | AES – KW | KAT | ES3 | |||||
| AES – KW | (Auxiliary) AES-256 Decrypt KAT – Inclusive of AES ECB | AES – KW | KAT | ES3 | |||||
| AES XTS – AUX and | AES XTS – AUX and | 256-bit AES-XTS encryption Comparative Answer Test | Comparative | ES3 | |||||
| DPE | DPE | with the AES-AUX and DPE AES-XTS implementations | |||||||
| AES XTS – AUX and | AES XTS – AUX and | 256-bit AES-XTS decryption Comparative Answer Test | Comparative | ES3 | |||||
| DPE | DPE | with the AES-AUX and DPE AES-XTS implementations | |||||||
| DRBG | DRBG | AES-256 CTR_DRBG KAT | DRBG | KAT | ES3 | ||||
| Conditioner AES | Conditioner AES | SP800-90B Conditioning Component (AES-128) | KAT | ES3 | |||||
| KBKDF | KBKDF | Counter mode KBKDF KAT. Inclusive of HMAC-SHA2- | KBKDF | KAT | ES3 | KAT | ES3 |
Micron Technology, Inc. Boot ROM v1.0 are implemented in non-reconfigurable-memory and are not subject to the firmware Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Algorithm Or Test | Test Method | Details | ENT (P) SP800-90 B APT and RCT. | ES3 | Error state ES3 ES3 | |
|---|---|---|---|---|---|---|---|
| BootLoader Firmware Load test | BootLoader Firmware | RSA PKCS#1_v1.5 | A 3072 or 4096-bit RSA Signature Verification is | BootLoader Firmware Load test | A 3072 or 4096-bit RSA Signature Verification is executed on the bootloader copied into the Module | ES2 | ES2 |
| Load test | Load test | /PSS | executed on the bootloader copied into the Module | ||||
| Runtime SCSS Firmware Load test | RSA PKCS#1_v1.5 | Runtime SCSS Firmware Load test | A 3072 or 4096-bit RSA Signature Verification is executed on the Runtime SCSS firmware copied into the Module | ES2 | |||
| EC-DSA Key generation | EC-DSA Sign/Verify | EC-DSA Key generation | A pairwise consistency check is performed on EC-DSA private/public key on generation | ES3 | |||
| generation/Verification | generation/Verification | SHA-384 |
This section documents the operational behavior of the Module.
The device is shipped from the factory in the Approved mode of operation. The keys generated during manufacturing are used to encrypt/decrypt data. On receipt of the Module, examine the product to ensure it has not been tampered with during shipping according to the procedures outlined in Section 7.
The Module does not implement any mitigation method against other attacks. Document Version 1.6 Micron Technology, Inc. Public Material
| Name | Term | Definition | Abbreviation | Full Specification Name |
|---|---|---|---|---|
| [FIPS140-3] | [FIPS140-3] | Security Requirements for Cryptographic Modules, March 22, 2019 | ||
| [ISO19790] | [ISO19790] | International Standard, ISO/IEC 19790, Information technology — Security techniques — Test requirements for cryptographic modules, Third edition, March 2017 | ||
| [ISO24759] | [ISO24759] | International Standard, ISO/IEC 24759, Information technology — Security techniques — Test requirements for cryptographic modules, Second and Corrected version, 15 December 2015 | ||
| [IG] | [IG] | Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, October 7, 2022 | ||
| [108] | [108] | NIST Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), October 2009 | ||
| [131A] | [131A] | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Revision 2, March 2019 | ||
| [132] | [132] | NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, December 2010 | ||
| [133] | [133] | NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, Revision 2, June 2020 | ||
| [186] | [186] | National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July 2013 | ||
| [197] | [197] | National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001 | ||
| [198] | [198] | National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008 | ||
| [180] | [180] | National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015 | ||
| [38A] | [38A] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001 | ||
| [38E] | [38E] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Special Publication 800-38E, January 2010 | ||
| [38F] | [38F] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, Special Publication 800-38F, December 2012 | ||
| [56Br2] | [56Br2] | NIST Special Publication 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Finite Field Cryptography, March 2019 | ||
| [90A] | [90A] | National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015 | ||
| [90B] | [90B] | National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018 | ||
| [ACS-3] | [ACS-3] | ACS-3 Reporting Security Compliance December 1,2009 | ||
| [TCG-SSC-Opal] | [TCG-SSC-Opal] | TCG Storage Security Subsystem Class: Opal, Specification | ||
| [TCG-SACS] | [TCG-SACS] | TCG Storage Architecture Core Specification | ||
| [TCG-SIIS] | [TCG-SIIS] | TCG Storage Interface Interactions Specification | ||
| Acronym | Acronym | Definition | ||
| KAT | KAT | Known Answer Test | ||
| AK | AK | Authentication key | ||
| DEK | DEK | Data Encryption Key | ||
| LBA | LBA | Logical Block Address | ||
| SED | SED | Self-Encrypting Drive | ||
| SID | SID | Security ID, PIN for Drive Owner CO Role – TCG OPAL | ||
| TCG | TCG | Trusted Computing Group |
The following standards are referred to in this Security Policy. Table 16
Micron Technology, Inc. Table 17