| Standard | FIPS 140-3 |
|---|---|
| Overall level | 3 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 4/20/2030 |
| Caveat | None |
| Vendor | Broadcom, Inc. |
flowchart LR
%% Deterministic review-risk graph for BCM58202B0
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>status output<br/>UnAuth</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for BCM58202B0
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>status output<br/>UnAuth</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;Broadcom, Inc. BCM58202B0 Document Version: 1.2 Date: April 09, 2025 Broadcom Public Material
| # | Section | Page |
|---|
Broadcom Public Material
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Hardware | 7 |
| Table 3: Modes List and Description | 7 |
| Table 4: Approved Algorithms | 9 |
| Table 5: Vendor-Affirmed Algorithms | 10 |
| Table 6: Security Function Implementations | 13 |
| Table 7: Entropy Certificates | 13 |
| Table 8: Entropy Sources | 13 |
| Table 9: Ports and Interfaces | 15 |
| Table 10: Authentication Methods | 17 |
| Table 11: Roles | 18 |
| Table 12: Approved Services | 23 |
| Table 13: Mechanisms and Actions Required | 26 |
| Table 14: EFP/EFT Information | 26 |
| Table 15: Hardness Testing Temperatures | 27 |
| Table 16: Storage Areas | 29 |
| Table 17: SSP Input-Output Methods | 29 |
| Table 18: SSP Zeroization Methods | 29 |
| Table 19: SSP Table 1 | 31 |
| Table 20: SSP Table 2 | 32 |
| Table 21: Pre-Operational Self-Tests | 33 |
| Table 22: Conditional Self-Tests | 36 |
| Table 23: Pre-Operational Periodic Information | 37 |
| Table 24: Conditional Periodic Information | 38 |
| Table 25: Error States | 39 |
| Figure 1 – [Model 1] | 6 |
this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 3 module.
The FIPS 140-3 security levels for the Module are as follows from Table 1: Section Title Security Level
1 General 3
2 Cryptographic module specification 3
3 Cryptographic module interfaces 3
4 Roles, services, and authentication 3
5 Software/Firmware security 3
6 Operational environment N/A
7 Physical security 3
8 Non-invasive security N/A
9 Sensitive security parameter management 3
10 Self-tests 3
11 Life-cycle assurance 3
12 Mitigation of other attacks N/A
Overall Level 3 Table 1: Security Levels
The Module is a highly integrated SoC (System on a Chip). It is marketed with part number BCM58202PB0KFBG10 and is ideally suited for end point security protection applications. Broadcom Public Material
Purpose and Use: The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated cryptographic based security systems to protect sensitive information, access, usage, of computer, telecommunication systems, and property. The Module is intended to be used in commercial personal computers, point of sales terminals, access control devices in physically or electronically access restricted areas. Module Type: Hardware Module Embodiment: SingleChip Cryptographic Boundary: The physical form of the Module is depicted in Figure 1. The Module is a single-chip embodiment. The cryptographic module is encapsulated in an opaque and tamper resistant package material. The cryptographic boundary is the outer perimeter of the IC packaging. Figure 1
Tested Module Identification
BCM58202B0 BCM58202B0 BCM58202PB0KFBG10 Version: 1.0 BCM58202B0 single-chip SoC AAI Version: 2.1 Table 2: Tested Module Identification
There were no components that were excluded from the cryptographic boundary.
Modes List and Description: Mode Description Type Status Indicator Name The module only RESET_OUT_L is high and UART prints Approved supports an Approved Approved the message, “The Device is running in Mode mode of operation. FIPS operational mode: 0xFFFF Table 3: Modes List and Description The BCM58202B0 cryptographic module only supports an Approved mode of operation and does not support a non-Approved mode of operation. The module cannot be configured to operate in a non-compliant state. The Cryptographic Officer (CO) can confirm the Approved mode of operation when the status output RESET_OUT_L is high and UART prints the message, “The Device is running in FIPS operational mode: 0xFFFF”. Broadcom Public Material
In addition, the CO can confirm they are using the appropriate version of the module by consulting the output of the “Get info” service: Global Indicator (4) Global Indicator: 00 00 ff ff SBL Version (2) SBL Version: 01 01 SBI Version (2) SBI Version: 01 00 AAI Version (2) AAI Version: 02 01 CHIP Version: BCM58202PB0KFBG10 BCM58202B0 is configured during manufacturing to operate in the Approved mode. The CO is responsible for confirming the appropriate versions of the SBI and AAI are loaded; no additional configuration is required.
Approved Algorithms: The Module implements the Approved cryptographic algorithms listed in the table below. CAVP Algorithm Properties Reference Cert AES Direction - Decrypt, Encrypt AES-CBC SP 800-38A
AES AES-CCM Key Length - 128, 192, 256 SP 800-38C 5896 AES AES-CTR Key Length - 128, 192, 256 SP 800-38A 5895 AES Direction - Decrypt, Encrypt AES-ECB SP 800-38A
Prediction Resistance - Yes SP 800-90A Counter DRBG A3753 Mode - AES-256 Rev. 1 Derivation Function Enabled - Yes L - 2048 DSA SigGen (FIPS186-4) A4437 N - 256 FIPS 186-4 Hash Algorithm - SHA2-256 L - 2048 DSA SigVer (FIPS186-4) A4437 N - 256 FIPS 186-4 Hash Algorithm - SHA2-256 Curve - P-256 ECDSA KeyGen (FIPS186A3751 Secret Generation Mode - Extra FIPS 186-4 4) Bits Broadcom Public Material
CAVP Algorithm Properties Reference Cert ECDSA KeyVer (FIPS186A3751 Curve - P-256 FIPS 186-4
SHA-3 SHA3-224 - FIPS 202 SHA-3 SHA3-256 - FIPS 202 SHA-3 SHA3-384 - FIPS 202 SHA-3 SHA3-512 - FIPS 202 Table 4: Approved Algorithms KAS [56Ar3] - Per [IG] D.F Scenario 2 path (2), compliant key agreement scheme where testing is performed end-to-end for the shared secret computation and a KDA compliant with SP80056Cr2 without key confirmation. Vendor-Affirmed Algorithms: The Module implements the Vendor Affirmed cryptographic algorithms listed. Broadcom Public Material
Name Properties Implementation Reference Capabilities:Sections 4 and 6.1 Direct symmetric SP800CKG- key generation using unmodified DRBG output; DRBG (A3753) 133r2, IG Sym Section 6.2.1 Derivation of symmetric keys from [D.H] a key agreement shared secret Capabilities:Sections 4 and 5.1 Asymmetric signature key generation using unmodified SP800CKG- ECDSA KeyGen DRBG output; Sections 4 and 5.2 Asymmetric 133r2, IG Asym (A3751) key establishment key generation using [D.H] unmodified DRBG output Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.
Name Type Description Properties Algorithms CKG-Asym Asymmetric Publications:FIPS Curve: P-256 AsymKeyPairAKG Key-Pair 186-4, SP800-90A, ECDSA KeyGen KeyGen Generation IG C.A, IG C.E (FIPS186-4) Counter DRBG Asymmetric Publications:FIPS ECDSA KeyVer AsymKeyPairAKV Key-Pair 186-4, SP800-90A, (FIPS186-4) KeyVer Verification IG C.A, IG C.E Curve: P-256 KAS-ECC-SSC AsymKeyPair- Domain Publication:SP800- Sp800-56Ar3 DPG DomPar Parameters 56Ar3 Curve: P-256 Counter DRBG Broadcom Public Material
Name Type Description Properties Algorithms Counter DRBG Random Publication:SP800- Capabilities: AESDRBG DRBG Number 90A 256 w/ Derivation Generation Function AES-CBC Key Size: 128, 192, 256 AES-CTR Publication:FIPS ENC BC-UnAuth Block Cipher Key Size: 128, 197, SP800-38A 192, 256 AES-ECB Key Size: 128, 192, 256 AES-CCM Authenticated Publication:FIPS ENC-AUTH BC-Auth Key Size: 128, Block Cipher 197, SP800-38C 192, 256 Publication:IG D.H, FIPS 197, SP800-133r2 Symmetric Counter DRBG CKG- Sections 4 and 6.1 CKG Key Key Size: 128, Symmetric Direct symmetric Generation 192, 256 key generation using unmodified DRBG output DSA SigGen (FIPS186-4) Key Size: 2048 ECDSA SigGen (FIPS186-4) Digital Publication:FIPS Curve: P-256, PSigGen DigSig-SigGen Signature 186-4, SP800-90A, 384 Generation FIPS 180-4 RSA SigGen (FIPS186-4) Key Size: 2048, 4096 SHA2-256 Counter DRBG DSA SigVer (FIPS186-4) Key Size: 2048 Digital Publication:FIPS ECDSA SigVer SigVer DigSig-SigVer Signature 186-4, SP800-90A, (FIPS186-4) Verification FIPS 180-4 Curve: P-256, PRSA SigVer Broadcom Public Material
Name Type Description PropertiesAlgorithms (FIPS186-4) Key Size: 2048, 4096 SHA2-256 Counter DRBG Publication:SP800- Counter DRBG ESV ENT-ESV Entropy Source 90B, IG 9.3.A, IG Security Strength: D.J, IG D.O 256 KAS-ECC-SSC Sp800-56Ar3 Scheme: Publication:SP800- Ephemeral Unified 56Ar3, SP800- (Responder) 56Cr2 Curve: P-256 Key Caveat:Key KDA KAS KAS-Full Agreement establishment OneStepNoCounter method provides SP800-56Cr2
encryption strength Function: SHA2Key Length: 128 Counter DRBG Publication:FIPS 197, SP800-38F, IG D.G Caveat:Key Key Transport AES-CCM KTS KTS-Wrap establishment - Wrapping Key Size: 128 methodology provides 128 bits of encryption strength Message Publication:FIPS HMAC-SHA2-256 MAC MAC Authentication 198-1, FIPS 180-4, Capabilities: Key Code IG C.B size < Block size SHA2-256 Message Length: 0 - 51200 Increment Publication:FIPS SHA3-224 Secure Hash SHS SHA 180-4, FIPS 202, Message Length: 0 Standard IG C.B, IG C.C - 51200 Increment SHA3-256 Message Length: 0 - 51200 Increment Broadcom Public Material
Name Type Description Properties Algorithms SHA3-384 Message Length: 0 - 51200 Increment SHA3-512 Message Length: 0 - 51200 Increment Table 6: Security Function Implementations
The module does not have any algorithm specific information.
Cert Vendor Number Name E35 broadcom Table 7: Entropy Certificates The Module uses the following entropy sources: Operational Sample Entropy per Conditioning Name Type Environment Size Sample Component E35 Physical BCM58202B0 32 bits Minimum of 4 bits N/A Table 8: Entropy Sources The entropy source produces 4 bits of entropy per 32 bit sample. When instantiating the DRBG, the module will collect a total of 3072 bits from the entropy source, which has a total of 384 bits of entropy. Per SP800-90Arev1, the module must provide security_strength bits of entropy (i.e., 256-bits) plus another security_strength/2 (i.e., 128-bits) to instantiate a CTR_DRBG to a security strength of 256 bits.
For Key Generation methods, see Section 2.6 Security Function Implementations above. Broadcom Public Material
Key Agreement Information For Key Establishment methods, see Section 2.6 Security Function Implementations above. The module supports KAS-ECC per SP800-56Ar3 using the Ephemeral Unified scheme with the NISTrecommended curve P-256, as tested under CAVP Cert. #A3751. The module employs the SP 800-56Cr2 OneStepKDF, which was validated under CAVP Cert. #A3752. No key confirmation is supported. Key and seed generation is performed in compliance with NIST SP 800-133r2, Section 4, per 140-3 IG D.H without any post-processing. ECDSA Key Generation was tested under CAVP Cert. #A3751 using extra random bits, whereby an extra 64 bits are generated from the Approved DRBG (CAVP Cert. #A3753. Full public key validation is performed according to SP 800-56Ar3, Section 5.6.2.3.3, on both the generated public key, as well as any received public key. All temporary values used during the key agreement process are zeroized after the shared key is established. Key Transport Information For Key Transport methods, see Section 2.6 Security Function Implementations above.
The module does not implement any Industry Protocols> Broadcom Public Material
The Module’s ports and associated defined logical interface categories are listed below. The BCM58202B0 chip has a total of 141 signal pins. Each BCM58202B0 Interface Group listed below contains several BCM58202B0 pins. Unused Interface Groups will be marked as “Disabled” because they are disabled by the cryptographic module. The Module does not provide control output to other cryptographic modules or peripherals performing any cryptographic operations. Physical Logical Data That Passes Port Interface(s) Control Clock Input Clock - 26MHz clock - 32KHz clock; Clock output - 26MHz group Status clock output Output Control Reset Input One reset input; Reset output: Indicates that system power supply group Status is stable. Output Control Input Zeroisation Zeroisation request input (MANU_DEBUG) Status Output Code and data from SPI flash (clock, device select, and four data SPI group Data Input I/O). All Code/Data Input is authenticated by the module. Data Input Data Output Service request input; Service response output; (USB differential Control USB group data bus); Device interface used by the CO to make service Input requests. Requests are authenticated via the KAS secure session. Status Output UART Status Status output (Four UART ports of four signals each.) group Output Over 50 power and ground pins. Power is distributed to the chip Power using designated IO and core power pins that are completely Power group separated from any signal pin groups. Power pins are only connected to the internal power planes of the silicon chip. Alert Data Input Tamper, Voltage, or Temperature event Table 9: Ports and Interfaces Broadcom Public Material
Note: The module does not support Control Output. Broadcom Public Material
Authentication is accomplished via a 256-bit ECDSA-based signature verification process using KOP-PUB. During the manufacturing process, the ECDSA private key, KDI-EC-PRIV, is loaded into SOTP of the Module and the corresponding public key, KDI-EC-PUB, resides in SRAM. KDI-ECPUB is used to authenticate the module to the operator during the establishment of a secure session. After an operator is authenticated successfully, the operator assumes the CO role. A secure session does not persist across power cycles. The Cryptographic Officer must be authenticated to establish a secure session before any cryptographic services are rendered. In addition to the CO, the Module supports services which do not require authentication, listed as UA in Approved Services table. The Module does not support a maintenance role or bypass capability. The Module does not support concurrent operators. The role of the CO is authenticated via the establishment of a mutually authenticated KAS session with ECDSA-based signatures. CO authentication is not carried over a terminated secure session or power cycle. A new secure session requires a complete CO authentication process. Method Security Strength Each Description Strength per Minute Name Mechanism Attempt Based on performance limitations, the probability of successfully The probability authenticating to the The CO role is that a random module within one minute authenticated by attempt will is 3,750/2^128 which is the verification succeed or a Signature less than 1/100,000. The of an ECDSA SigVer false acceptance Verification module will only allow digital signature will occur is one attempt to verify the using a P-256 1/2^128 which is CO
The Module supports a single distinct operator role, the Cryptographic Officer (CO). Broadcom Public Material
The Roles Table below lists all operator roles supported by the Module. The Module does not support concurrent operators. The CO’s Public Key is installed in the SBI. It is protected with the SBI signature. SBI is also integrity protected with a CRC32 checksum. Only one CO public key is present in the SBI. The BCM58202B0 Cryptographic Module supports a single operator role: Cryptographic Officer. Only the authorized operator can establish a secure session with the cryptographic module. The cryptographic module implements identity-based operator authentication to allow only the authorized operator to access cryptographic services. Authentication is accomplished via a 256-bit ECDSA-based signature verification process. A single 256-bit ECDSA public key is embedded in the SBI. The 256-bit ECDSA public key is used to authenticate the CO during the establishment of a secure session between the module and the CO on the external host system. Name Type Operator Type Authentication Methods Cryptographic Officer Identity CO Signature Verification Table 11: Roles
All approved services implemented by the Module are listed in the table below: The SSPs modes of access shown in the table below are defined as:
Securi Descrip Indicato ty SSP Name Inputs Outputs tion r Functi Access ons tion and Global Indicator: - KDI-ECStatus 00 00 ff ff SBL PUB: R Version: (2) SBL Version: 01 01 SBI Version: (2) SBI Version: 01
Version: BCM58202PB0 KFBG10 Input data, input size, key, key size, mode of Symmet operation ric Cryptogra Input : encrypti “Succee Return the phic Symmetric_encr 128 bit on of ded”; ciphertext or an ENC Officer ypt blocks of plaintex “Failed” error status - KAPPplaintext t AES: E Key size: message 128, 192,
Modes: ECB, CBC, CTR Encrypte d input data, Symmet input Cryptogra ric size, key, “Succee Return the phic Symmetric_decr decrypti key size, ded”; plaintext or an ENC Officer ypt on of mode of “Failed” error status - KAPPcipherte operation AES: E xt Input :
blocks of ciphertex Broadcom Public Material
Securi Descrip Indicato ty SSP Name Inputs Outputs tion r Functi Access ons t Key size : 128, 192,
Modes : ECB, CBC, CTR Cryptogra phic Officer Generat Selection - DRBGe AES of AES DRBG EI and or “Succee or CKGSymmetric_key_ Key generation Seed: G,E HMAC ded”; HMAC Symm gen complete status - DRBGkey in “Failed” key slot etric State: G,E selected for key ESV - KAPPkey slot gen AES: G - KAPPHMAC: G Cryptogra Selection phic Load of AES Officer AES or “Succee or - KAPPSymmetric_key_ HMAC ded”; HMAC Load status KTS AES: W import key in “Failed” key slot - KAPPselected for key HMAC: W key slot import - KKASSS: E Key/Cur Cryptogra Generat ve size, “Succee phic Asymmetric_sig e private Digital signature ded”; SigGen Officer _gen signatur key, of message “Failed” - KAPPe plaintext PRIV: E message Key/Cur Cryptogra Signatur “Succee ve size, Status of phic Asymmetric_sig e ded”; public signature SigVer Officer _ver verificat “Failed” key, verification - KAPPion signature PUB: E Broadcom Public Material
Securi Descrip Indicato ty SSP Name Inputs Outputs tion r Functi Access ons Cryptogra phic Officer Generat - DRBGAKG e EI and “Succee AKV Asymmetric_key ECDSA Key generation Seed: G,E ded”; Key slot DPG _gen P-256 complete status - DRBG“Failed” DRBG Key State: G,E ESV Pair - KAPPPRIV: G,E - KAPPPUB: G,E Cryptogra phic Load Asymmet Officer RSA, “Succee ric - KAPPAsymmetric_key ECDSA ded”; Public/Pr Load status KTS PRIV: W _import , DSA “Failed” ivate - KAPPkeys Keys PUB: W - KKASSS: E Cryptogra phic Officer - KDI-ECPRIV: E Establis - KKASAKG ha PRIV: G,E AKV secure - KOPDPG session PUB: E “Succee DRBG with the Public Module’s KAS - KKASSecure_session ded”; ENCCO by Keys public key PUB: G,R “Failed” AUTH generati - KKASSigGen ng a OP-PUB: SigVer shared W,E KAS key - KSS: G,E - KKASSS: G,E - DRBGState: G,E - DRBGBroadcom Public Material
Securi Descrip Indicato ty SSP Name Inputs Outputs tion r Functi Access ons EI and Seed: G,E Cryptogra Device phic Destroy Device Zeroise Inoperati None None Officer all CSPs Inoperative ve - KDI-ECPRIV: Z Cryptogra Generat HMAC “Succee phic HMAC-SHA2- es MAC key, ded”; MAC of message MAC Officer
“Failed” - KAPPmessage message HMAC: E Digest Generat size: 224, “Succee Cryptogra es 256, 384, Digest of SHA3 hashing ded”; SHS phic SHA3 512 bit message “Failed” Officer digest Plaintext message Generat Digest es “Succee size: 256 Cryptogra SHA2-256 Digest of SHA2- ded”; bit SHS phic hashing message
256 “Failed” Plaintext Officer
digest message Cryptogra phic Request Officer “Succee Get Random a DRBG - DRBGded”; None Random number Number random ESV EI and “Failed” number Seed: G,E - DRBGState: G,E Three latest Error Log: the Get self-test last three Cryptogra self-test errors Get Error Log None detected errors None phic error and CRC and the CRC Officer log checksu checksum m of error log Broadcom Public Material
Securi Descrip Indicato ty SSP Name Inputs Outputs tion r Functi Access ons No error Load reported firmwar on Unauthenti e from service Firmware cated an Self-test results executio images, - KSBI: Firmware Load external from SBI SigVer n; signature W,E source execution. Module s - KAAI: at accepts W,E powerCO on requests Table 12: Approved Services
All approved services implemented by the Module are listed in the table below: NOTE: There are no Non-Approved services available.
The module supports external firmware loads per IG 10.3.F, Additional Comment #3A. Both the Secure Boot Image (SBI) and Authenticated Application Image (AAI) are externally loaded into the module during initialization at every power-on. Each externally loaded image must have a valid ECDSA or RSA signature verified before the image is accepted. The hash of the public keys used to validate the candidate images are loaded prior to the firmware images themselves. The public keys are embedded in the SBI and AAI headers respectively. The hash of the embedded keys are validated against the preloaded hash values. Broadcom Public Material
The Module is composed of the following firmware components:
The operator can initiate the integrity test on demand by power cycling the Module. Broadcom Public Material
Type of Operational Environment: Limited How Requirements are Satisfied: The Module has a limited operational environment under the FIPS 140-3 definitions. The Module includes a firmware load service using ECDSA and RSA to support necessary updates. Firmware versions validated to FIPS 140-3 will be explicitly identified on a validation certificate issued by the CMVP. Any firmware not identified in this Security Policy does not constitute the Module defined by this Security Policy or covered by this validation. Broadcom Public Material
The BCM58202B0 Cryptographic Module is a single chip device offering the following physical security mechanisms:
packaging observed, zeroise the module. Table 13: Mechanisms and Actions Required
The nominal operating temperature of the module is 0C to 70C. The nominal voltage range is 3.0V to 3.6V. EFP Temp/Voltage Temperature or Result Type or Voltage EFT LowTemperature -50C EFT Shutdown HighTemperature 130C EFT Shutdown LowVoltage 1.5V EFT Shutdown HighVoltage 3.8V EFT Shutdown Table 14: EFP/EFT Information
Broadcom Public Material
Temperature Temperature Type LowTemperature 0C HighTemperature 70C Table 15: Hardness Testing Temperatures Broadcom Public Material
At present, SP800-140F does not define any non-invasive attack mitigation methods and as such, this section is not applicable. Broadcom Public Material
Storage Persistence Area Description Type Name RAM Only stored in volatile memory (RAM). Dynamic OTP Stored in One-Time Programmable memory Static Table 16: Storage Areas
Format Distribution Entry SFI or Name From To Type Type Type Algorithm KAS-Entry Outside RAM Plaintext Automated Electronic KAS KTS Outside RAM Encrypted Automated Electronic KTS PT-Entry Outside RAM Plaintext Manual Electronic PT-Output RAM Outside Plaintext Manual Electronic Table 17: SSP Input-Output Methods
Zeroization Description Rationale Operator Initiation Method Zeroisation Service Permanently remove Asserting the (MANU_DEBUG pin). sensitive parameters by Z1 MANU_DEBUG Contents of OTP are writing all ‘1’. No new signal overwritten with all ‘1’ data can be loaded. Remove temporary or generated sensitive data Zeroised by Power cycle or Z2 from being carried over Power cycle hard reset. to the next operating session. No operator Zeroise after Secure Session To prevent leakage of Z3 intervention is is established. Secure Session secrets. needed. Table 18: SSP Zeroization Methods Broadcom Public Material
All usage of these SSPs by the Module are described in the services detailed in Section 4.3 Type - Established Used Name Description Size - Strength Generated By Category By By DRBG-EI CTR_DRBG entropy input 3072 - 256 DRBG - CSP ESV DRBG and Seed DRBG- CTR_DRBG internal state (V
256 - 256 DRBG - CSP DRBG DRBG
State and Key) KKAS- Private key for share secret Asymmetric P-256 - 128 AKG KAS PRIV generation CSP KDI-EC- Signing key of messages during Asymmetric - Installed during P-256 - 128 SigGen PRIV secure session establishmen CSP manufacturing. KAPP- Encryption/decryption 128, 192, 256 - 128, Symmetric CKG-Symmetric ENC AES operations 192, 256 CSP KAPP- Symmetric Integrity operations 256 - 256 CKG-Symmetric MAC HMAC CSP DSA: 2048, RSA KAPP- 2048, 4096; Asymmetric General purpose key for sig-gen AKG SigGen PRIV ECDSA: P-256, P- CSP
ENCKKAS- Symmetric AES-CCM secure session key. 128 - 128 KAS AUTH SS CSP KTS Shared secret for session key Symmetric KSS 256 - 256 KAS KAS derivation. CSP KDI-EC- Used by the CO to mutually Asymmetric P-256 - 128 AKG PUB authenticate the secure session. PSP Ephemeral public key from KKAS- Asymmetric Module for shared secret P-256 - 128 AKG KAS PUB PSP establishment Broadcom Public Material
Type - Established Used Name Description Size - Strength Generated By Category By By Ephemeral KAS public key of KKAS- Asymmetric the CO used to establish a secure P-256 - 128 KAS OP-PUB PSP session. DSA: 2048, RSA KAPP- 2048, 4096; Asymmetric General purpose key for sig-ver. AKG SigVer PUB ECDSA: P-256, P- PSP
Public key to authenticate the KOP- Asymmetric CO during secure session P-256 - 128 SigVer PUB PSP establishment Public Key. SBI signature Asymmetric KSBI P-384 - 192 SigVer verification Neither Public Key. AAI signature Asymmetric KAAI 2048 - 112 SigVer verification Neither Table 19: SSP Table 1 Input Name Storage Storage Duration Zeroization Related SSPs Output DRBG-EI and Seed RAM:Plaintext Until use completes Z2 DRBG-State:Initializes DRBG-EI and Seed:Derived From KKAS-PRIV:Generates KKAS-PUB:Generates DRBG-State RAM:Plaintext Until use completes Z2 KAPP-AES:Generates KAPP-HMAC:Generates KAPP-PRIV:Generates KAPP-PUB:Generates Broadcom Public Material
Input Name Storage Storage Duration Zeroization Related SSPs Output KKAS-SS:Derives Z2 KKAS-PRIV RAM:Plaintext Until use completes KKAS-PUB:Paired With Z3 DRBG-State:Generated from RAM:Plaintext KDI-EC-PRIV Until use completes Z1 KDI-EC-PUB:Paired With OTP:Plaintext KAPP-AES KTS RAM:Plaintext Until use completes Z2 DRBG-State:Generated from KAPP-HMAC KTS RAM:Plaintext Until use completes Z2 DRBG-State:Generated from KAPP-PUB:Paired With KAPP-PRIV KTS RAM:Plaintext Until use completes Z2 DRBG-State:Generated from KKAS-SS RAM:Plaintext Until use completes Z2 KSS:Derived From KKAS-PRIV:Derived From Z2 KKAS-PUB:Derived From KSS RAM:Plaintext Until use completes Z3 KKAS-OP-PUB:Derived From KKAS-SS:Derives KDI-EC-PRIV:Paired With KDI-EC-PUB PT-Output RAM:Plaintext Until use completes Z2 DRBG-State:Generated from KKAS-PRIV:Paired With Z2 KKAS-PUB PT-Output RAM:Plaintext Until use completes KKAS-SS:Derives Z3 DRBG-State:Generated from Z2 KKAS-OP-PUB KAS-Entry RAM:Plaintext Until use completes KSS:Derives Z3 KAPP-PRIV:Paired With KAPP-PUB KTS RAM:Plaintext Until use completes Z2 DRBG-State:Generated from KOP-PUB PT-Entry RAM:Plaintext Until use completes N/A KSBI PT-Entry RAM:Plaintext Until use completes N/A KAAI PT-Entry RAM:Plaintext Until use completes N/A Table 20: SSP Table 2 Broadcom Public Material
The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either preoperational self-tests or conditional self-tests. Conditional self–tests are periodically performed by the Module every 10 minutes or by power cycling the Module. The Module accepts one service request at a time. The Module will postpone periodic self-testing while critical operations are in progress. The Module will process a service request after the periodic self-test in progress. The Module logs the latest three (3) self-test errors in the Module’s persistent registers, preserved across reset cycles. The CO can consult the error log by invoking Get Error Log service. The Module performs the following pre-operational self-tests in table below Algorithm or Test Test Test Type Indicator Details Test Properties Method Firmware SW/FW Module has not A CRC-32 is checked on SBI and AAI CRC-32 EDC Integrity Integrity entered error state. respectively before SBI and AAI executes. Table 21: Pre-Operational Self-Tests
The Module performs the following conditional self-tests in the table below Test Test Algorithm or Test Test Properties Indicator Details Conditions Method Type Test name displayed Encryption AES-CBC (AES AES-128, 192 and KAT CAST and module does not Forward cipher Power-On 5895) 256
Test Test Algorithm or Test Test Properties Indicator Details Conditions Method Type Test name displayed AES-CCM (AES AES-128 - CCM Authenticated KAT CAST and module does not Power-On 5896) Encrypt encryption enter ES1 AES-256 Test name displayed Counter DRBG AES-256 CTR_DRBG KAT CAST and module does not Power-On (A3753) CTR_DRBG instantiate, generate, enter ES1 and reseed KATs. 2048-bit Signature Test name displayed DSA SigGen Signature Generation with KAT CAST and module does not Power-On (FIPS186-4) (A4437) Generation SHA2-256 enter ES1 2048-bit Signature Test name displayed DSA SigVer Signature Verification with KAT CAST and module does not Power-On (FIPS186-4) (A4437) Verification SHA2-256 enter ES1 P-256 SHA2-256 Test name displayed ECDSA SigGen Signature and P-384 SHA2- KAT CAST and module does not Power-On (FIPS186-4) (A3751) Generation
P-256 SHA2-256 Test name displayed ECDSA SigVer Signature and P-384 SHA2- KAT CAST and module does not Power-On (FIPS186-4) (A3751) Verification
KAS-SSC KAS-ECC-SSC Test name displayed KAS-SSC Shared Ephemeral Unified Sp800-56Ar3 KAT CAST and module does not Secret generation Power-On Model, C(2,0, ECC (A3751) enter ES1 with P-256 CDH). P-256 Test name displayed and module does not ECDSA Key ECDSA ECDSA KeyGen enter ES1ECDSA Generation P-256 PCT PCT Key (FIPS186-4) (A3751) P-521 Key Sign/Verify Pairwise Generation Generation Pairwise Consistency Test Consistency Test Broadcom Public Material
Test Test Algorithm or Test Test Properties Indicator Details Conditions Method Type An RCT and APT as specified in [90B] Test name displayed SP800-90B Health APT and section 4.4 are ENT CAST and module does not Continuous Test RCT executed before enter ES1 generation of the DRBG entropy input ECDSA P-384 with Signature Module does not Upon SHA2-256 or RSA Signature SW/FW Verification using Firmware Loading enter ES1. Self- firmware
4096 with SHA2- Verification Load ECDSA P-384 (SBI)
256 or RSA 4096 (AAI)
HMAC-SHA256 Test name displayed HMAC-SHA2-256 HMAC-SHA2-256 Key Sizes: λ = 32 KAT CAST and module does not KAT
Test Test Algorithm or Test Test Properties Indicator Details Conditions Method Type Test name displayed SHA2-256 (SHS SHA2-256 KAT CAST and module does not SHA2-256 Power-On 4646) enter ES1 Test name displayed SHA3-224 (SHA-3 SHA3-224 KAT CAST and module does not SHA3-224 Power-On 60) enter ES1 Test name displayed SHA3-256 (SHA-3 SHA3-256 KAT CAST and module does not SHA3-256 Power-On 60) enter ES1 Test name displayed SHA3-384 (SHA-3 SHA3-384 KAT CAST and module does not SHA3-384 Power-On 60) enter ES1 Test name displayed SHA3-512 (SHA-3 SHA3-512 KAT CAST and module does not SHA3-512 Power-On 60) enter ES1 Secure session Pairwise establishment KAC-ECC P-256. Consistency Test as KAS Key KAS Key Generation PCT PCT proceeds and Ephemeral Unified defined by SP800- Generation module does not 56Ar3. enter ES1 Test name displayed AES-CBC (AES AES-128, 192 and Decryption - Inverse KAT CAST and module does not Power-On 5895) 256
Algorithm or Test Test Method Test Type Period Periodic Method Firmware Integrity EDC SW/FW Integrity Ponwer-On Automatically Table 23: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-CBC (AES 5895) KAT CAST 10 minutes Automatically AES-CCM (AES 5896) KAT CAST 10 minutes Automatically Counter DRBG (A3753) KAT CAST 10 minutes Automtically DSA SigGen (FIPS186KAT CAST 10 minutes Automatically
Algorithm or Test Test Method Test Type Period Periodic Method RSA SigGen (FIPS186KAT CAST 10 minutes Automatically
Recovery Name Description Conditions Indicator Method The Module fails a The Module enters the KAT, PCT, conditional The Module FIPS error state and Reboot/Power or periodic self-test, FW enters the SBL fails to boot or ESI cycle the integrity, critical FIPS error continue operation, and module function tests, DRBG state enters a continuous self-tests. reset loop. Table 25: Error States
Self-tests can be initiated by power cycling or issuing a reset to the Module.
The Module is manufactured and fully tested in secure environments under authorized access control. The Module is installed in the final product with the companion external flash device in the manufacturing facility. The CO must ensure the appropriate versions of the SBI and AAI are loaded in the companion external flash device upon first power up of the Module using the “Get Info” service. The CO should also visually inspect the Module for tamper evidence. The Module is a single chip device that does not provide any maintenance service access. At the end of life of the Module, all CSPs shall be zeroised by setting MANU_DEBUG pin high and power cycling the Module. Installation and Initialization: The following steps must be performed in order to securely install, initialize, and start up the BCM58202B0 cryptographic module in the FIPS 140-3 Approved mode of operation: The Module should be installed in the final product with the companion external flash device in the manufacturing facility. The manufacturing process includes a Module customization step which installs SBI and AAI in the module, initializes the Module with per device unique AES and HMAC keys, binding the Module and the flash device. Broadcom Public Material
The CO must ensure the appropriate versions of the SBI and AAI are loaded in the companion external flash device upon first power up of the Module using the “Get Info” service. The CO should also visually inspect the Module for tamper evidence. Delivery: The CO must ensure the appropriate versions of the SBI and AAI are loaded in the companion external flash device upon first power up of the Module using the “Get Info” service. The CO should also visually inspect the Module for tamper evidence.
Before the Module is installed in the end product, the module package should be inspected for integrity and to be free of any tamper evidence. The Module should be installed in the final product with the companion external flash device in a secure manufacturing facility. The manufacturing process includes a Module customization step which installs SBI and AAI in the module. To ensure the appropriate versions of the SBI and AAI are loaded in the companion external flash device, execute the “Get Info” service upon first power up of the Module. Verify the expected versions are reported. While the Module is in service in the end product, it is recommended to perform a visual inspection of the Module at least every 6 months to ensure that the Module package is still intact and void of any tamper evidence. “Get Info” service should be run to ensure that the correct SBI and AAI versions are in operation. Upon the termination of service of the Module, all critically sensitive parameters in the Module should be zeroized by setting the MANU_DEBUG pin high and power cycling the Module. Then, the Module can be disposed of responsibly.
Same as above for Administration Guidance.
Rules of Operation
The Module is a single chip device that does not provide any maintenance service access.
At the end of life of the Module, all CSPs shall be zeroised by setting MANU_DEBUG pin high and power cycling the Module.
The Module does not implement any mitigation method against other attacks. References and Definitions The following standards are referred to in this Security Policy. Broadcom Public Material
Abbreviation* Full Specification Name [FIPS140-3] Security Requirements for Cryptographic Modules, March 22, 2019 [ISO19790] International Standard, ISO/IEC 19790, Information technology
Acronym* Definition APT Adaptive Proportion Test KAT Know Answer Test RCT Repetition Count Test SSP Sensitive Security Parameter Acronyms and Definitions Broadcom Public Material