All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Qualcomm® Inline Crypto Engine (UFS)

Certificate#5033StandardFIPS 140-3Level1TypeHardwareEmbodimentSingle ChipStatusActiveVendorQualcomm Technologies, Inc.
Medium review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date6/25/2030
CaveatWhen operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs
VendorQualcomm Technologies, Inc.

Approved Algorithms (2)

AlgorithmACVP Cert
AES-ECBA2116
AES-XTS Testing Revision 2.0A2116

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive Security8
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Qualcomm® Inline Crypto Engine (UFS)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>AES ECB<br/>AES XTS<br/>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5 clue;
  class I2,I3,I5 infer;
  class R2,R3,R5 risk;
  class E2,E3,E5 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Qualcomm® Inline Crypto Engine (UFS)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>AES ECB<br/>AES XTS<br/>Show Status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Qualcomm Technologies, Inc. Qualcomm® Inline Crypto Engine (UFS) Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com

Page 2

Qualcomm® Inline Crypto Engine (UFS) Table of Contents

Page 3

Qualcomm® Inline Crypto Engine (UFS)

Page 4

Qualcomm® Inline Crypto Engine (UFS) List of Tables List of Figures

Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware securityN/A
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
Overall LevelOverall Level1

Qualcomm® Inline Crypto Engine (UFS)

1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for versions 3.2.1 and 4.0.1 of the Qualcomm® 1 Inline Crypto Engine (UFS) Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module.

1.2 Security Levels
1.3 Additional Information

In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.

1 Snapdragon and Qualcomm branded products are products of Qualcomm Technologies,

Inc. and/or its subsidiaries.

Page 6

Qualcomm® Inline Crypto Engine (UFS)

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Qualcomm® Inline Crypto Engine (UFS) Cryptographic Module is classified as a sub-chip hardware module in a single chip embodiment for the purpose of FIPS 140-3 validation. It provides AES-XTS encryption and decryption of block storage devices as defined in SP 80038E. The underlying AES for AES-XTS is compliant to FIPS 197. The module includes separate AES Engines for encryption and decryption for both ECB and XTS mode. Module Type: Hardware Module Embodiment: SingleChip Module Characteristics: SubChip Cryptographic Boundary: The cryptographic boundary of the Qualcomm Inline Crypto Engine (UFS) is the sub chip component shown with blue box. The module has been tested on the platforms which form the physical perimeter for the module. Consequently, the embodiment of the Qualcomm Inline Crypto Engine (UFS) is a single-chip cryptographic module. Below is an illustrative diagram. Figure 1: Block Diagram

Page 7

Qualcomm® Inline Crypto Engine (UFS) Figure 2: Snapdragon® XR2 Gen 2 Platform Figure 3: Snapdragon X Elite Compute Platform Figure 4: Snapdragon X1 Plus Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the entire system-on-chip.

2.2 Tested and Vendor Affirmed Module Version and Identification
Page 8
Module configuration
NameModelHardware VersionFirmware VersionProcessorFeatures
Snapdragon® XR2 Gen 2 PlatformSnapdragon® XR2 Gen 2 Platform3.2.1N/ASnapdragon® XR2 Gen 2 PlatformN/A
Snapdragon® X Elite Compute PlatformSnapdragon® X Elite Compute Platform4.0.1N/ASnapdragon® X Elite Compute PlatformN/A
Snapdragon® X1 PlusSnapdragon® X1 Plus4.0.1N/ASnapdragon® X1 PlusN/A
Service
NameDescriptionType
Non- approvedAutomatically entered whenever a non-approved service is requestedNon- Approved

Qualcomm® Inline Crypto Engine (UFS) Tested Module Identification

2.3 Excluded Components

There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.

2.4 Modes of Operation

Modes List and Description: Nonapproved Table 3: Modes List and Description When the Qualcomm Inline Crypto Engine (UFS) starts up successfully, after passing all the pre-operational self-tests, the module is operating in the approved mode of operation by default and can only be transitioned into the non-Approved mode by calling one of the nonApproved services. Section 4 provides details on the service indicator implemented by the The Qualcomm Inline Crypto Engine (UFS) can be configured to operate in one of the following two settings where the settings can be changed prior to each service request:

Page 9
Approved algorithm
NameCAVP CertPropertiesReference
AES-ECBA2116Direction - Encrypt Key Length - 128, 256SP 800-38A
AES-ECBA2117Direction - Decrypt Key Length - 128, 256SP 800-38A
AES-ECBA2886Direction - Encrypt Key Length - 128, 256SP 800-38A
AES-ECBA2887Direction - Decrypt Key Length - 128, 256SP 800-38A
AES-XTS Testing Revision 2.0A2116Direction - Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A2117Direction - Decrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A2886Direction - Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A2887Direction - Decrypt Key Length - 128, 256SP 800-38E
Service
NameApproved Functions
AES bitlockerencryption and decryption

Qualcomm® Inline Crypto Engine (UFS) selected context key is referenced and will be used for the operation by the Qualcomm Inline Crypto Engine (UFS).

2.5 Algorithms

Approved Algorithms: Table 4: Approved Algorithms Vendor-Affirmed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: Table 5: Non-Approved, Not Allowed Algorithms

2.6 Security Function Implementations
Page 10
Service
NameDescriptionApproved FunctionsTypeProperties
AES ECBAES ECB encryption/decryptionAES-ECB: (A2117, A2116, A2887, A2886)BC-UnAuthKey size/strength:128 and 256 bits
AES XTSAES XTS encryption/decryptionAES-XTS Testing Revision 2.0: (A2117, A2116, A2887, A2886)BC-UnAuthKey size/strength:128 and 256 bits

Qualcomm® Inline Crypto Engine (UFS) Table 6: Security Function Implementations

2.7 Algorithm Specific Information

The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check to ensure that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.

2.8 RBG and Entropy
2.9 Key Generation

Not Applicable. The key generation is not implemented.

2.10 Key Establishment

Not Applicable. The key establishment is not implemented.

2.11 Industry Protocols

Not Applicable. There is no industry protocol implemented.

Page 11
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Data In FIFO/DMAData In FIFO/DMAData InputAll input data
Data Out FIFO/DMAData Out FIFO/DMAData OutputPlaintext data that has been decrypted by the cryptographic module and ciphertext data that has been encrypted by the cryptographic module
Registers, InterruptsRegisters, InterruptsControl InputCommands input logically
Registers, InterruptsRegisters, InterruptsStatus OutputStatus information
Physical power connectorPhysical power connectorPowerPower from SoC power port

Qualcomm® Inline Crypto Engine (UFS)

3.1 Ports and Interfaces

Table 7: Ports and Interfaces

Page 12
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto Officer (CO)Crypto OfficerRoleNone
AES Encrypti onEncrypti onCrypto Officer (CO) - AES Key: W,EAES ECB AES XTS"UFS_MEM_ICE_PAR AMETERS_4" register bits 0 and 1 indicating value 00AES Key, plain textcipher text
AES Decrypti onDecrypti onCrypto Officer (CO) - AES Key: W,EAES ECB AES XTS"UFS_MEM_ICE_PAR AMETERS_4" register bits 0 and 1 indicating value 00AES key, ciphe r textplaintext
Self- TestSelf- Test is execute d automat ically when device is booted or restarte dCrypto Officer (CO)NoneNoneN/APass/Fail
Show VersionShow the version and name ofUnauthen ticatedNoneNoneNoneversion of module via the UFS_MEM_ICE_VE RSION register
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputSecur ity Funct ions
Crypto Officer (CO)Crypto OfficerRoleNone
AES Encrypti onEncrypti onCrypto Officer (CO) - AES Key: W,EAES ECB AES XTS"UFS_MEM_ICE_PAR AMETERS_4" register bits 0 and 1 indicating value 00AES Key, plain textcipher text
AES Decrypti onDecrypti onCrypto Officer (CO) - AES Key: W,EAES ECB AES XTS"UFS_MEM_ICE_PAR AMETERS_4" register bits 0 and 1 indicating value 00AES key, ciphe r textplaintext
Self- TestSelf- Test is execute d automat ically when device is booted or restarte dCrypto Officer (CO)NoneNoneN/APass/Fail
Show VersionShow the version and name ofUnauthen ticatedNoneNoneNoneversion of module via the UFS_MEM_ICE_VE RSION register
Zeroizat ionZeroizes all SSpsCrypto Officer (CO) - AES Key: ZNoneNoneregis ter locati on of keysNone
Configur ation of paramet ers for keyConfigur es the register s to hold paramet ers such as index of the keyCrypto Officer (CO)NoneNoneIndex value s for keysNone
Show StatusPerform the CASTsCrypto Officer (CO)NoneNoneNonestatus via the UFS_MEM_ICE_BI ST_STATUS register
Setting encrypti on and decrypti on keysConfigur ing the keys to be used by the moduleCrypto Officer (CO) - AES Key: WNoneNoneAES KeyNone
Bitlocker EncryptionPerform data encryptionAES bitlockerCO
Bitlocker DecryptionPerform data decryptionAES bitlockerCO

Qualcomm® Inline Crypto Engine (UFS)

4 Roles, Services, and Authentication
4.2 Roles
4.3 Approved Services
Page 13

Qualcomm® Inline Crypto Engine (UFS) Z W Table 9: Approved Services

4.4 Non-Approved Services

Table 10: Non-Approved Services

4.5 External Software/Firmware Loaded

Not Applicable. No external software or firmware is loaded.

Page 14

Qualcomm® Inline Crypto Engine (UFS)

5 Software/Firmware Security
5.1 Integrity Techniques

The Qualcomm Inline Crypto Engine (UFS) does not support any software or firmware component. Therefore, this section is not applicable.

Page 15

Qualcomm® Inline Crypto Engine (UFS)

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Non-Modifiable

Page 16
MechanismInspectionInspection
FrequencyGuidance
Opaque enclosureN/AN/A

Qualcomm® Inline Crypto Engine (UFS)

7 Physical Security
7.1 Mechanisms and Actions Required

N/A Table 11: Mechanisms and Actions Required The Qualcomm Inline Crypto Engine (UFS) is a sub-chip enclosed in the platform listed in Table 2 that is made up of production grade components and conform to the Level 2 requirements for physical security. At the time of manufacturing, the die is embedded within a printed circuit board (PCB), which prevents visibility into the internal circuity of the Qualcomm Inline Crypto Engine (UFS). The layering process which is used to embed the die into the PCB also prevents tampering of the physical components without leaving tamper evidence. The Qualcomm Inline Crypto Engine (UFS) is further protected by being enclosed in commercial off the shelf mobile device utilizing production grade commercially available components and that the mobile device enclosure that completely surrounds the Qualcomm Inline Crypto Engine (UFS). There are no steps required to ensure that physical security is maintained.

Page 17

Qualcomm® Inline Crypto Engine (UFS)

8 Non-Invasive Security
8.1 Mitigation Techniques

The Qualcomm Inline Crypto Engine (UFS) does not support any non-invasive security techniques. Therefore, this section is not applicable.

Page 18
Sensitive security parameter
NameTypeDescriptionStrengthEstablishment
Hardware registersDynamicKey registers to hold keys
AES KeyCSP - CSPAES ECB or XTS key128 and 256 bits - 128 and 256 bitsAES ECB AES XTS
Sensitive security parameter
NameTypeDescriptionStrengthEstablishment
Hardware registersDynamicKey registers to hold keys
AES KeyCSP - CSPAES ECB or XTS key128 and 256 bits - 128 and 256 bitsAES ECB AES XTS
ZeroizationDescriptionRationaleOperator
MethodInitiation
Module resetall SSPs are zeroized upon module resetN/AN/A

Qualcomm® Inline Crypto Engine (UFS)

9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 12: Storage Areas The module does not provide persistent storage of SSPs. The SSP i.e., the AES keys are provided by the caller are set up by the CO and are temporarily stored in hardware registers. Once the keys are written to the registers, they are not readable from outside the Qualcomm Inline Crypto Engine (UFS).

9.2 SSP Input-Output Methods

Table 13: SSP Input-Output Methods N/A The caller provides the AES keys for encryption and/or decryption. These keys are input to the module in plaintext form by the entity residing within the same physical perimeter of the SoC on which the Qualcomm Inline Crypto Engine (UFS) runs. The module does not output any SSPs.

9.3 SSP Zeroization Methods

Table 14: SSP Zeroization Methods N/A When the Qualcomm Inline Crypto Engine (UFS) performs a module reset, it will zeroize all SSPs contained within itself. The registers for the SSPs will implicitly be set to zero upon the reset, indicating the zeroization was successful. Table 15: SSP Table 1

Page 19
Sensitive security parameter
NameStorageZeroizationInputStorage Duration
AES KeyHardware registers:PlaintextModule resetImportUntil explicitly zeroized by reset

Qualcomm® Inline Crypto Engine (UFS) Table 16: SSP Table 2

Page 20
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
AES-ECB (A2117)AES-ECB (A2117)decryptionCASTDecrypt KAT for ECB256 bit keyModule becomes operational and services are available for useModule initialization
AES-ECB (A2116)AES-ECB (A2116)encryptionCASTEncrypt KAT for ECB256 bit keyModule becomes operational and services are available for useModule initialization
AES-ECB (A2886)AES-ECB (A2886)encryptionCASTEncrypt KAT for ECB256 bit keyModule becomes operational and services are available for useModule initialization
AES-ECB (A2887)AES-ECB (A2887)decryptionCASTDecrypt KAT for ECB256 bit keyModule becomes operational and services are available for useModule initialization

Qualcomm® Inline Crypto Engine (UFS)

10 Self-Tests
10.1 Pre-Operational Self-Tests

Conditional tests are performed automatically without any operator intervention during power-up of the Qualcomm Inline Crypto Engine (UFS); these tests ensure that the cryptographic algorithms work as expected. While the conditional tests are executing, services are not available, and input and output are inhibited.

10.2 Conditional Self-Tests

Table 17: Conditional Self-Tests Self-Tests are performed automatically without any operator intervention during power-up of the Qualcomm Inline Crypto Engine (UFS); these tests ensure that the cryptographic algorithms work as expected. While the pre-operational tests are executing, services are not available, and input and output are inhibited.

10.3 Periodic Self-Test Information
Page 21
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
AES-ECB (A2117)AES-ECB (A2117)decryptionCASTOn demandManually
AES-ECB (A2116)AES-ECB (A2116)encryptionCASTOn demandManually
AES-ECB (A2886)AES-ECB (A2886)encryptionCASTOn demandManually
AES-ECB (A2887)AES-ECB (A2887)decryptionCASTOn demandManually
Service
NameDescriptionRole AccessIndicator
ErrorThis error state is entered if a cryptographic algorithm self- test failsKnown Answer test failureBIST_FAILURE indicator is setModule reset

Qualcomm® Inline Crypto Engine (UFS) Table 18: Conditional Periodic Information Periodic self-tests can be invoked by powering-off and reloading the module or when a reset event is received. These tests perform the same pre-operational tests that are performed during power-up. During the execution of the periodic self-tests, cryptographic services are not available, and no data output or input is possible.

10.4 Error States

Table 19: Error States If any of the conditional self-tests or periodic test fails, the Qualcomm Inline Crypto Engine (UFS) will enter the error state. Data output is prohibited, and no further cryptographic operation is allowed in the error state. This is performed by the control logic that and prevents external usage when an error is detected. To recover from the error state, re-initialization is possible by successful execution of the power up tests, which can be triggered by either a power-off/power-on cycle or the receipt of a reset event. Once the module is in Error state, the Qualcomm Inline Crypto Engine (UFS) will only respond to a reset which will cause it to re-execute the power up tests. If the error persists, the Qualcomm Inline Crypto Engine (UFS) will remain unavailable.

Page 22

Qualcomm® Inline Crypto Engine (UFS)

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The Qualcomm Inline Crypto Engine (UFS) is a sub-chip module that runs on the SoCs defined in Table 2. The vendor uses a trusted delivery courier to transport the SoC to their customers. On the reception of the SoC, the operator shall first check all sides of the box to verify that it has not been tampered with during the shipment. Then, after opening the box the operator shall verify that the moisture barrier bag is still sealed and does not present any trace of tampering. Finally, after retrieving the SoC, the operator shall perform a visual inspection of the external package of the module. If one of these verifications fail, the operator shall contact their Qualcomm Technologies’ representative who released the delivery before operating the module. Once the product is received by the customer and powered up, the tests defined in section

10 will be executed.
11.2 Administrator Guidance

There is no specific Administrator guidance required for the module.

11.3 Non-Administrator Guidance

There is no specific non-Administrator guidance required for the module.

11.4 Design and Rules

N/A Therefore no specific design or rules to be followed.

11.5 Maintenance Requirements

N/A There are no maintenance requirements.

11.6 End of Life

As stated in section 9, the module does not possess persistent storage of SSPs. SSP values only exists in volatile memory and these values are zeroized when the module is reset. The procedure for secure sanitization of the module at the end of life is simply to power it off, which is the action of zeroization of the SSPs. As a result of this sanitization via power-off, the SSPs are removed from the module, so that the module may either be distributed to other operators or disposed.

11.7 Additional Information

ClearCase, a version control system from IBM/Rational, is used to manage the revision control of the hardware code (Verilog code) and hardware documentation. The ClearCase version control system provides version control, workspace management, parallel development support and build auditing. The Verilog code is maintained within the ClearCase database used by Qualcomm Technologies Inc.

Page 23

Qualcomm® Inline Crypto Engine (UFS)

12 Mitigation of Other Attacks
12.1 Attack List

The Qualcomm Inline Crypto Engine (UFS) does not implement security mechanisms to mitigate other attacks.

Page 24

Qualcomm® Inline Crypto Engine (UFS) Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard CAVP Cryptographic Algorithm Validation Program CMVP Cryptographic Module Validation Program CSP Critical Security Parameter FIPS Federal Information Processing Standards Publication FSM Finite State Model KAT Known Answer Test NIST National Institute of Science and Technology SoC System on a Chip XTS XEX-based Tweaked-codebook mode with cipher text Stealing

Page 25

Qualcomm® Inline Crypto Engine (UFS) Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS1403_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program April 2025 https://csrc.nist.gov/Projects/cryptographic-module-validationprogram/fips-140-3-ig-announcements FIPS197 Advanced Encryption Standard November 2001 https://doi.org/10.6028/NIST.FIPS.197-upd1 SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://doi.org/10.6028/NIST.SP.800-38A SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://doi.org/10.6028/NIST.SP.800-38E SP800-140B NIST Special Publication 800-140Br1 - CMVP Security Policy Requirements November 2023 https://doi.org/10.6028/NIST.SP.800-140Br1

Referenced URLs