All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Hitachi Storage Hybrid Firmware Encryption Module

Certificate#5013StandardFIPS 140-3Level1TypeFirmware-hybridEmbodimentMulti-Chip EmbeddedStatusActiveVendorHitachi Vantara, Ltd.
Medium review priority  ·  no TCB surface named  ·  last validated 15 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeFirmware-hybrid
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date4/28/2030
CaveatNo assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
VendorHitachi Vantara, Ltd.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Hitachi Storage Hybrid Firmware Encryption Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C6 clue;
  class I2,I3,I6 infer;
  class R2,R3,R6 risk;
  class E2,E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Hitachi Storage Hybrid Firmware Encryption Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C6 clueLow;

Security Policy, page by page

Page 1

Hitachi Vantara, Ltd. Hitachi Storage Hybrid Firmware Encryption Module © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 2
Table of Contents
#SectionPage
Page 3

© Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)6
Table 3: Tested Module Identification – Hybrid Disjoint Hardware7
Table 4: Tested Operational Environments - Software, Firmware, Hybrid7
Table 5: Modes List and Description7
Table 6: Approved Algorithms8
Table 7: Security Function Implementations10
Table 8: Ports and Interfaces10
Table 9: Roles11
Table 10: Approved Services12
Table 11: Storage Areas14
Table 12: SSP Input-Output Methods14
Table 13: SSP Zeroization Methods15
Table 14: SSP Table 115
Table 15: SSP Table 215
Table 16: Pre-Operational Self-Tests15
Table 17: Conditional Self-Tests16
Table 18: Pre-Operational Periodic Information16
Table 19: Conditional Periodic Information16
Table 20: Error States17
Figure 1: Block Diagram6
Page 5
1 General
1.1 Overview

This document defines the Security Policy for the Hitachi Storage Hybrid Firmware Encryption Module, hereafter denoted as the module. The module meets FIPS 140-3 overall Level 1 requirements.

1.2 Security Levels

Section Title Security Level

1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1

8 Non-invasive security N/A

9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1

12 Mitigation of other attacks N/A

Overall Level 1 Table 1: Security Levels

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The module provides data at rest encryption for Hitachi storage system, Hitachi Virtual Storage Platform One Block. In other words, the module encrypts data onto drives and decrypts data read from drives using XTS-AES. The XTS-AES mode was approved by CMVP for protecting the confidentiality of data on storage devices. Module Type: Firmware-hybrid Module Embodiment: MultiChipEmbed Module Characteristics: Cryptographic Boundary: The cryptographic boundary for the module consists of disjoint firmware and hardware components within a same tested operational environment’s physical perimeter (TOEPP). The firmware component is defined as binary CRYPTLOAD, and the hardware component is a CPU. The hardware component implements AES-NI (PAA) and SHA Extensions (PAA). The firmware component of the module is designed to utilize AES-NI and SHA Extensions provided by the CPU. Red dashed lines in Figure 1 show the cryptographic boundary. © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 6

Tested Operational Environment’s Physical Perimeter (TOEPP): The operational environment hardware for the module is dedicated hardware for Hitachi storage system, Storage Controller Board (hereafter denoted as the board). The enclosure of the board is TOEPP. The hardware component of the module, CPU, is implemented in the board. Operating system for Hitachi storage system works on the CPU. The module works on the operating system. Figure 1: Block Diagram

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 7

Model and/or Part Hardware Version Firmware Processors Features Number Version Intel® Xeon® Silver 4410Y Intel® Xeon® Silver 4410Y N/A Intel® Xeon® Silver 4410Y Intel® Xeon® Gold 6421N Intel® Xeon® Gold 6421N N/A Intel® Xeon® Gold 6421N Table 3: Tested Module Identification

2.3 Excluded Components

The module has no excluded components.

2.4 Modes of Operation

Modes List and Description: Mode Description Type Status Indicator Name Approved All services are available in this mode of Approved A status code indicating the completion of operation. service Table 5: Modes List and Description The module implements only the approved mode of operation. No special API calls or settings are required to place the module in the approved mode of operation.

2.5 Algorithms

Approved Algorithms: Algorithm CAVP Cert Properties Reference AES-ECB A5023 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5025 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5026 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5027 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5028 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5029 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 8

Algorithm CAVP Cert Properties Reference AES-ECB A5030 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5031 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5032 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5033 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5034 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5035 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5036 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5037 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5038 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5039 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5040 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5041 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5042 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5043 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-ECB A5044 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-KW A5023 Direction - Decrypt, Encrypt SP 800-38F Key Length - 256 AES-XTS Testing Revision A5046 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5047 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5048 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5049 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5050 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5051 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5052 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

AES-XTS Testing Revision A5053 Direction - Decrypt, Encrypt SP 800-38E

2.0 Key Length - 256

SHA2-256 A5024 Message Length - Message Length: 8-65536 FIPS 180-4 Increment 8 Table 6: Approved Algorithms Vendor-Affirmed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms: © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 9

N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations

Name Type Description Properties Algorithms Secure Hash SHA Used to generate SHA2-256: (A5024) hash value from inputted data. AES-ECB Core BC-UnAuth Used to AES-ECB: (A5023) encrypt/decrypt inputted data. The underlying block cipher of AES-KW. AES-KW Core KTS-Wrap Used to wrap/unwrap AES-KW: (A5023) an inputted key. AES-ECB: (A5023) AES-ECB Core 4 BC-UnAuth Used to AES-ECB: (A5025, encrypt/decrypt A5026, A5027, inputted data. The A5028) underlying block cipher of AES-XTS. AES-ECB Core 16 BC-UnAuth Used to AES-ECB: (A5029, encrypt/decrypt A5030, A5031, inputted data. The A5032, A5033, underlying block A5034, A5035, cipher of AES-XTS. A5036, A5037, A5038, A5039, A5040, A5041, A5042, A5043, A5044) AES-XTS Core 512 BC-UnAuth Used to AES-XTS Testing encrypt/decrypt Revision 2.0: (A5046, inputted data in units A5047, A5048, of 512 byte. A5049) AES-ECB: (A5025, A5026, A5027, A5028, A5029, A5030, A5031, A5032, A5033, A5034, A5035, A5036, A5037, A5038, A5039, A5040, A5041, A5042, A5043, A5044) AES-XTS Core 520 BC-UnAuth Used to AES-XTS Testing encrypt/decrypt Revision 2.0: (A5050, inputted data in units A5051, A5052, of 520 byte. A5053) AES-ECB: (A5025, A5026, A5027, A5028, A5029, © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 10

Name Type Description Properties Algorithms A5030, A5031, A5032, A5033, A5034, A5035, A5036, A5037, A5038, A5039, A5040, A5041, A5042, A5043, A5044) Table 7: Security Function Implementations

2.7 Algorithm Specific Information

The module has a function that checks if two keys for AES XTS mode are different from each other.

2.8 RBG and Entropy

N/A for this module. N/A for this module.

2.9 Key Generation
2.10 Key Establishment
2.11 Industry Protocols
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Physical Logical Data That Passes Port Interface(s) N/A Data Input Data to be read from the memory area specified in the API parameters N/A Data Output Data to be written to the memory area specified in the API parameters N/A Control Input API function calls N/A Status Output Responses of the invoked API function Table 8: Ports and Interfaces The module utilizes APIs as its interfaces and has no physical ports. Additionally, the module does not implement any control output interfaces. © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 11
4 Roles, Services, and Authentication
4.1 Authentication Methods

N/A for this module. The module does not support authentication for roles.

4.2 Roles

Name Type Operator Type Authentication Methods Cryptographic Officer Role CO None Table 9: Roles Cryptographic Officer role is implicitly and always assumed.

4.3 Approved Services

Name Description Indicator Inputs Outputs Security SSP Access Functions Expand Expand AES key to round API return DEK Round Key AES-ECB Cryptographic AES Key keys. value: 0 Core 4 Officer (Success) AES-ECB - DEK: W,E Core 16 - Round Key: AES-XTS G,R Core 512 AES-XTS Core 520 Encrypt Encrypt data using XTS-AES API return Data to Encrypted data AES-XTS Cryptographic (512B) in units of 512 byte. value: 0 encrypt, Core 512 Officer (Success) Round Key - Round Key: W,E Decrypt Decrypt data using XTS-AES API return Data to Decrypted data AES-XTS Cryptographic (512B) in units of 512 byte. value: 0 decrypt, Core 512 Officer (Success) Round Key - Round Key: W,E Encrypt Encrypt data using XTS-AES API return Data to Encrypted data AES-XTS Cryptographic (520B) in units of 520 byte. value: 0 encrypt, Core 520 Officer (Success) Round Key - Round Key: W,E Decrypt Decrypt data using XTS-AES API return Data to Decrypted data AES-XTS Cryptographic (520B) in units of 520 byte. value: 0 decrypt, Core 520 Officer (Success) Round Key - Round Key: W,E Encrypt Encrypt 16 byte data using API return Data to Encrypted data AES-ECB Cryptographic (ECB 16B) AES-ECB. value: 0 encrypt, Core Officer (Success) KEK - KEK: W,E Decrypt Decrypt 16 byte data using API return Data to Decrypted data AES-ECB Cryptographic (ECB 16B) AES-ECB. value: 0 decrypt, Core Officer (Success) KEK - KEK: W,E Encrypt Encrypt 64 byte data using API return Data to Encrypted data AES-ECB Cryptographic (ECB 64B) AES-ECB. value: 0 encrypt, Core 4 Officer (Success) DEK - DEK: W,E Decrypt Decrypt 64 byte data using API return Data to Decrypted data AES-ECB Cryptographic (ECB 64B) AES-ECB. value: 0 decrypt, Core 4 Officer (Success) DEK - DEK: W,E © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 12

Name Description Indicator Inputs Outputs Security SSP Access Functions Encrypt Encrypt 256 byte data using API return Data to Encrypted data AES-ECB Cryptographic (ECB AES-ECB. value: 0 encrypt, Core 16 Officer 256B) (Success) DEK - DEK: W,E Decrypt Decrypt 256 byte data using API return Data to Decrypted data AES-ECB Cryptographic (ECB AES-ECB. value: 0 decrypt, Core 16 Officer 256B) (Success) DEK - DEK: W,E Wrap Key Wrap a key using a KEK. API return Key, KEK Wrapped key AES-KW Cryptographic value: 0 Core Officer (Success) - KEK: W,E Unwrap Unwrap a key using a KEK. API return Wrapped Unwrapped AES-KW Cryptographic Key value: 0 key, KEK key Core Officer (Success) - KEK: W,E Generate Generate hash value from API return Data to Hash Value Secure Cryptographic Hash inputted data. value: 0 hash Hash Officer (Success) Initialize Startup the module. None None None None Cryptographic Officer Show Show module ID, version, None None Module ID, None Cryptographic Status and status. module Officer version, module status Enable Enable CSPs output in None None None None Cryptographic CSP plaintext. Officer Output Disable Disable CSPs output in None None None None Cryptographic CSP plaintext. Officer Output Forcibly Change the module state to None None None None Cryptographic Stop Error state. Officer Reset Reset the module. None None None None Cryptographic Officer Zeroise Cycle the power of the None None None None Cryptographic operational environment. Officer - DEK: Z - Round Key: Z - KEK: Z On- Initiate the integrity test on None None None None Cryptographic demand demand by power cycle of Officer integrity the operational environment. test On Initiate the self-tests on None None None None Cryptographic demand demand by power cycle of Officer self test the operational environment or performing the Reset service, and performing the Initialize service. Table 10: Approved Services The module provides only approved services. Accordingly, API return codes that confirm the successful completion of these services serve as the indicators. All approved services implemented by the module are listed in above. Each service description also describes all usage of SSPs by the service. The access rights to keys and/or SSPs modes shown in the table are defined as:

Page 13
4.4 Non-Approved Services
4.5 External Software/Firmware Loaded

External firmware can be loaded through a complete image replacement of SVOS10. The new firmware image is executed after the module transitions through a power-on reset. All SSPs are zeroised prior to execution of the new image. A complete image replacement constitutes an entirely new module. Administrators of the module can obtain ID and version of the module as described in Chapter 11.2 to verify that the new module is validated version of the module.

5 Software/Firmware Security
5.1 Integrity Techniques

The integrity of CRYPTLOAD (the firmware component of the module) is tested by comparing a SHA2-256 digest value calculated at startup with the SHA2-256 digest value stored in the module that was calculated at compile.

5.2 Initiate on Demand

Integrity tests are performed as part of the pre-operational self-tests. Thus, the integrity test can be initiated on demand by power cycle of the operational environment of the module.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited How Requirements are Satisfied: The module does not store SSPs in persistent storage. SSPs are temporarily stored in process memory when the module is being used. The module has control over its own SSPs. The © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 14

operational environment is a single-process system and provides the time separation of the process memory. When the process memory is used by the module, no other process or component can concurrently access the memory. There are no security rules settings or restriction to the configuration of the operational environment.

7 Physical Security
7.1 Mechanisms and Actions Required

N/A for this module. The module is a multi-chip embedded cryptographic module and conforms to Level 1 requirements for physical security. The cryptographic module consists of production-grade components.

8 Non-Invasive Security

N/A. The module does not implement non-invasive security techniques.

9 Sensitive Security Parameters Management
9.1 Storage Areas

Storage Description Persistence Area Type Name Memory A volatile memory on the operational environment Dynamic Table 11: Storage Areas The module does not store SSPs in persistent storage. SSPs are temporarily stored in process memory when the module is being used.

9.2 SSP Input-Output Methods

Name From To Format Distribution Entry SFI or Type Type Type Algorithm API Memory area specified in Memory area for the Plaintext Manual Electronic Input the API parameters module API Memory area for the Memory area specified in Plaintext Manual Electronic Output module the API parameters Table 12: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Zeroization Description Rationale Operator Method Initiation Power Power cycle of the All SSPs of the module are zeroised by Power cycle Yes cycle operational environment because all SSPs are on a volatile memory. © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 15

Table 13: SSP Zeroization Methods Administrators of the module can zeroise all SSPs of the module by power cycle of Hitachi storage system. Power cycle can be done in Maintenance Utility, which is Management tool of Hitachi storage system. In details, see System Administrator Guide.

9.4 SSPs

Name Description Size - Strength Type - Category Generated Established Used By By By KEK Key encryption 256 bits - 256 Symmetric Key - AES-ECB Core key bits CSP AES-KW Core DEK Data encryption 256 bits - 256 Symmetric Key - AES-ECB Core key bits CSP 4 AES-ECB Core AES-XTS Core AES-XTS Core Round AES round key 1920 bits - 256 Round Key - CSP AES-ECB Core Key bits 4 AES-ECB Core AES-XTS Core AES-XTS Core Table 14: SSP Table 1 Name Input - Storage Storage Duration Zeroization Related SSPs Output KEK API Memory:Plaintext While the module is executing Encrypt (ECB Power Input 16B), Decrypt (ECB 16B), Wrap Key or Unwrap cycle Key. DEK API Memory:Plaintext While the module is executing Expand AES Power Input Key, Encrypt (ECB 64B), Decrypt (ECB 64B), cycle Encrypt (ECB 256B) or Decrypt (ECB 256B). Round API Memory:Plaintext While the module is executing Expand AES Power DEK:Derived Key Input Key, Encrypt (512B), Decrypt (512B), Encrypt cycle From API (520B), Decrypt (520B). Output Table 15: SSP Table 2

10 Self-Tests
10.1 Pre-Operational Self-Tests

Algorithm or Test Test Test Test Type Indicator Details Properties Method SHA2-256 (A5024) SHA2-256 KAT SW/FW Integrity None Hash Table 16: Pre-Operational Self-Tests © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 16

Once the “Initialize” service is called and all Cryptographic Algorithm Self-tests (CAST) are completed, the module automatically performs firmware integrity test using SHA2-256 over the CRYPTLOAD. If the firmware integrity test fails, the module enters the error state.

10.2 Conditional Self-Tests

Algorithm or Test Properties Test Test Indicator Details Conditions Test Method Type AES-XTS (512B) Key sizes: 256 KAT CAST None Encrypt From the module startup to integrity bits testing AES-XTS (512B) Key sizes: 256 KAT CAST None Decrypt From the module startup to integrity bits testing AES-XTS (520B) Key sizes: 256 KAT CAST None Encrypt From the module startup to integrity bits testing AES-XTS (520B) Key sizes: 256 KAT CAST None Decrypt From the module startup to integrity bits testing AES-KW (A5023) Key sizes: 256 KAT CAST None Wrap From the module startup to integrity bits testing AES-KW (A5023) Key sizes: 256 KAT CAST None Unwrap From the module startup to integrity bits testing SHA2-256 SHA2-256 KAT CAST None Hash From the module startup to integrity (A5024) testing Table 17: Conditional Self-Tests When the “Initialize” service is called, the module starts to perform cryptographic algorithm selftests for XTS-AES mode, AES Key Wrap, AES Key Unwrap and SHA2-256. If one of the selftests fails, the module enters the error state.

10.3 Periodic Self-Test Information

Algorithm or Test Test Method Test Type Period Periodic Method SHA2-256 (A5024) KAT SW/FW Integrity On Demand Manually Table 18: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-XTS (512B) KAT CAST On Demand Manually AES-XTS (512B) KAT CAST On Demand Manually AES-XTS (520B) KAT CAST On Demand Manually AES-XTS (520B) KAT CAST On Demand Manually AES-KW (A5023) KAT CAST On Demand Manually AES-KW (A5023) KAT CAST On Demand Manually SHA2-256 (A5024) KAT CAST On Demand Manually Table 19: Conditional Periodic Information Pre-operational self-tests, and cryptographic algorithm self-tests for XTS-AES mode, AES Key Wrap, AES Key Unwrap and SHA2-256 are available on demand by performing the following a) and b); a) Cycle power of the operational environment or execute “Reset” service. b) Execute “Initialize” service.

10.4 Error States

© Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).

Page 17

Name Description Conditions Recovery Method Indicator Error A state when the module has Failed the Pre- Power cycling of the Error response to encountered an error operational self-tests. operational environment. Show Status condition. Failed the Cryptographic service. algorithm self-tests. Table 20: Error States

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module is integrated into SVOS10. When SVOS10 is installed by the vendor of Hitachi storage system, the module is also installed. To initialize the module, enable the encryption feature of Hitachi storage system (See Encryption License Key Users Guide Chapter 3). No other special procedure is required to securely install and initialize the module.

11.2 Administrator Guidance

Administrators can verify that an ID and a version of the module is identical to the ID (Storage_Encryption_Module_20) and the version (A0-01-00-00). See REST API Reference guide Chapter 17.5 to show an ID and a version of the module. Administrators can identify the processor by checking the model of storage system. In the case where the model is VSP One B28, the processor is Intel® Xeon® Gold 6421N. For the models VSP One B23, VSP One B24 or VSP One B26, the processor is Intel® Xeon® Silver 4410Y. See REST API Reference guide to show the model of storage system. All the functions, physical ports, and logical interfaces of the module are available to the Crypto Officer. The module provides only an approved mode of operation. Therefore, no special API calls or settings are required to place the module in an approved mode of operation.

11.3 Non-Administrator Guidance

There are no requirements for non-administrator.

11.4 Design and Rules

The module design corresponds to the module security rules. This subsection documents the security rules enforced by the module to implement the security requirements of this FIPS 140-3 Level 1 module.

  1. The module shall provide a Cryptographic Officer role.
  2. The operator shall be capable of commanding the module to perform the pre-operational selftests and the cryptographic algorithm self-tests by cycling power of the operational environment.
  3. Pre-operational self-tests do not require any operator action.
  4. Data output shall be inhibited during self-tests, zeroization, and error states.
  5. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).
Page 18
  1. The module does not support degraded operation.
  2. The module does not support concurrent operators.
  3. The module does not support a maintenance interface or role.
  4. The module does not support manual key entry.
  5. The module does not have any external input/output devices used for entry/output of data.
  6. Two independent internal actions shall be required in order to output any plaintext CSP.
12 Mitigation of Other Attacks

N/A. The module does not provide mitigation of other attacks. © Hitachi Vantara, Ltd. 2024 This document may be reproduced and distributed only in its original entirety (without revision).