All modules
CMVP Validated Module · FIPS 140-3 Security Policy

TrustMe © W77Q64/W77Q128 Sub-Chip

Certificate#5039StandardFIPS 140-3Level1TypeHardwareEmbodimentSingle ChipStatusActiveVendorWinbond Electronics Corporation
Medium review priority  ·  exposes HSM/SE firmware trust anchor  ·  last validated 12 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date7/8/2030
CaveatNone
VendorWinbond Electronics Corporation
Hardware versions1.0

Approved Algorithms (1)

AlgorithmACVP Cert
SHA2-256A2317

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware SecurityN/A
Operational Environment1
Physical Security1
Non-Invasive SecurityN/A
Sensitive Security Parameter ManagementN/A
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for TrustMe © W77Q64/W77Q128 Sub-Chip
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-test<br/>self-test on</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C3 --> I3 --> R3 --> E3
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C3,C6 clue;
  class I3,I6 infer;
  class R3,R6 risk;
  class E3,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for TrustMe © W77Q64/W77Q128 Sub-Chip
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-test<br/>self-test on</i><br/>src: securityPolicy.services"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C3 clueHigh;
  class C6 clueLow;

Security Policy, page by page

Page 1

W77Q64/W77Q128 Sub-Chip TrustME © W77Q64/W77Q128 Sub-Chip Cryptographic Module FIPS 140-3 The Security Policy is non-proprietary and may be freely reproduced and distributed in its entirety. Rev. A4 Publication date: 06-10-2025

Page 2

W77Q64/W77Q128 Sub-Chip Table of Contents 1. 2. 3. 4. 5. 6. 7. 8. 9. Rev. A4 Publication date: 06-10-2025

Page 3

W77Q64/W77Q128 Sub-Chip 10. 11. 11.1. 11.2. 11.3. 12. Rev. A4 Publication date: 06-10-2025

Page 4

W77Q64/W77Q128 Sub-Chip List of Tables List of Figures Rev. A4 Publication date: 06-10-2025

Page 5
Security level
NameISO SectionRequirementLevel
Section 6.Section 6.
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware SecurityN/A
66Operational Environment1
77Physical Security1
88Non-Invasive SecurityN/A
99Sensitive Security Parameter ManagementN/A
1010Self-Tests1
1111Life-Cycle Assurance1
1212Mitigation of Other AttacksN/A

W77Q64/W77Q128 Sub-Chip 1.1. Overview This document is the non-proprietary FIPS 140-3 Security Policy for the module TrustMe © W77Q64/W77Q128 Sub-Chip (Version 1.0) flash device by Winbond which will also be referred to as “the cryptographic module” , “SHA block” or “the module” throughout this document. This Security Policy specifies the security rules under which the module should operate to meet FIPS 140-3 Level 1 requirements. This cryptographic module is a hardware cryptographic module implemented as a sub-chip running on the singlechip standalone W77Q64/W77Q128 flash device. The cryptographic service provided by the module is the message digest calculation based on the SHA2-256 cryptographic algorithm. The FIPS 140-3 security levels for the module are as follows: [Number Below] N/A N/A N/A N/A Table 1

Page 6
Module configuration
NameHardware VersionFirmware VersionFeatures
W77Q64/W77Q128W77Q64/W77Q128N/Aresponsible for providing SHA2-256 message
Version: 1.0Version: 1.0digest capabilities

The module type is hardware and has a single-chip embodiment (as stated in FIPS 140-3 IG 2.3.B) which provides the W77Q64/W77Q128 device with SHA2-256 message digest functionality. The module is validated at overall security level is 1. Please refer to Table 1 for security levels of individual sections. N/A Table 2 - Cryptographic Module Tested Configuration The physical perimeter encompasses the entire W77Q64/W77Q128 flash device (monolithic die). The cryptographic boundary is defined as only the SHA2-256 sub-chip that is the only part of the device with cryptographic operation capabilities to provide the SHA2-256 cryptographic algorithm. The SHA2-256 sub-chip also has all the logic related to the self-test implementation, zeroization, error handling, etc. Figure 1 - W77Q64/W77Q128 flash devices The following list shows the main components of the W77Q64/W77Q128 device:

Page 7
Approved algorithm
NameCAVP CertKey SizeUse Function
SHA2-256A2317Message Length: 0-Message digest
[FIPS 180-4]768generation

W77Q64/W77Q128 Sub-Chip Moreover, the SHA function is also used by the keys block. In this case, the CRTL module loads the SHA function with the required parameters from the Keys block through the Data Input Interface and launches the SHA calculation. Then the SHA block outputs the message digest to the keys block through the Data Output Interface. The SHA block notifies the W77Q64/W77Q128 device when it is performing self-tests, operating, or if an error occurs through the Status Output Interface connected to the CTRL block. Considering that the module is not connected to any other cryptographic modules, Control Output Interface is not required. Therefore, the only block related to the cryptographic operation of the device is the SHA block that corresponds to the cryptographic boundary as detailed below: Figure 2 - Block diagram of the physical perimeter of the Module 2.2. Modes of Operation and Security Functions The module only operates in Approved mode providing a SHA2-256 message digest as a n approved cryptographic functionality. Approved mode of operation is entered upon powering on the module and successful completion of preoperational self-test. Table 3 - Approved Algorithms The module only supports Approved algorithms so below tables are not included:

Page 8
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Matrix-In-DataMatrix-In-DataData input (32b)
Matrix-In-AddrMatrix-In-AddrAddress of the input data word to write to (4b). It selects
Data input interfaceData input interface
which 32b data-in word is accessed (out of 64B)which 32b data-in word is accessed (out of 64B)
Keys-Data-InKeys-Data-InDirect Data-input (128b) from KEYS function
Matrix-Out-AddrMatrix-Out-AddrAddress of the output data to read from (3b). It selects which
32b data-out word is accessed (out of 32B)32b data-out word is accessed (out of 32B)
Matrix-Out-DataMatrix-Out-DataData outputData output (32b) from the SHA result
Keys-Data-OutKeys-Data-OutDirect Data-output (128b) to KEYS function (from Hash result)
ResetResetControl inputReset/Initialize the SHA module and internal states
SHA-StartSHA-StartinterfaceStart execution of SHA Iteration
SHA-VERSHA-VERIndicates the module version
CMVP-DONECMVP-DONEIf set, indicates the self-tests execution is complete
CMVP-PASSCMVP-PASSStatus outputIf set, indicates the self-tests are passed with success
CMVP-FAILCMVP-FAILIf set, indicates the self-tests have failed
SHA-BUSYSHA-BUSYIf set, indicates that the SHA operation is being performed.
Otherwise, the calculation is complete, and module is idleOtherwise, the calculation is complete, and module is idle
Power InterfacePower InterfacePower interfaceThe entire device has a single power supply that provides the
sub-chip cryptographic module with the expected power 1.8Vsub-chip cryptographic module with the expected power 1.8V
relative to GND and a maximal current of 20mArelative to GND and a maximal current of 20mA

W77Q64/W77Q128 Sub-Chip The table below summarizes the associations between the logical interfaces required by FIPS 140-3 and the Table 4 - Ports and Interfaces When the module is performing self-tests, or is in error state, all data output from data output interfaces (except Module does not support the maintenance role, therefore it does not require to implement a maintenance REV. A4 Publication date: 06-10-2025

Page 9
Service
NameRolesInputOutput
Module InitializationCON/AN/A
Message DigestUserPlaintext dataMessage digest of data
CMVP_BISTCMVP_BISTCMVP_PASS = 0/1
Self-testUser
command or resetcommand or resetsignal
Show-statusUserRequest SSR_STATE
Show module versioningGET_VERSION
UserUserModule version
informationcommand

W77Q64/W77Q128 Sub-Chip 4. Roles, Services, and Authentication 4.1. Roles and Authentication The module does not implement any authentication mechanism. The module supports implicit User and Crypto Officer roles based on the services detailed in the table below. The module does not provide a maintenance role, bypass capability or concurrent operators. N/A N/A N/A Table 5 - Roles, Service Commands, Input and Output The states returned by SSR_STATE are described below: WORK = Self-test passed, ready to execute message digest. REV. A4 Publication date: 06-10-2025

Page 10
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Moduleinitialization
Initializationof theCON/AN/AN/ACMVP_DONE
MessageSHA2-256 hashSHA2-256SHA_BUSY = 1 while
DigestcalculationUserN/A[FIPS 180-4]N/Aexecuting,
A2317A2317SHA_BUSY = 0 after
residual dataresidual dataUserN/AN/AN/AN/A
Run pre-Run pre-SHA2-256
Self-testoperationalUserN/A[FIPSN/ACMVP_PASS = 0 or 1
self-test onself-test on180-4]after completion
demanddemandA2317
N/AUserN/AN/AN/ACurrent state from
Show-statuscurrent state ofSSR_STATE (LOCK,
the modulethe moduleRESET, WORK)
Show moduleUserN/AN/AN/AVersion in hex
versioningthe moduleformat (0x1) parsed
informationfrom version of

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 4.2. Services The table below lists the services that can be invoked by Crypto Officer and User. The module does not support bypass capability, self-initiated cryptographic capability or firmware loading. N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Run preoperational N/A N/A N/A N/A N/A N/A Table 6 - Approved Services The module does not implement any non-approved services. According to the FIPS 140-3 standard and the FIPS 140-3 IG 2.4.C, the module must indicate when an approved cryptographic algorithm is being used either executing an approved security function or during the self-tests. Please refer to Table 6 for indicator of services provided by the module. According to FIPS 140-3 IG 2.4.C, the execution of self-test service does not require the approved services indicator because it is invoked by resetting/rebooting the module, however in this case the REV. A4 Publication date: 06-10-2025

Page 11

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL indicator is provided. The show version service consists of a physical signal that is constantly output from the module. The show status service to obtain the current status of the module is not an independent service itself, since the status of the module can be mapped to the value of the Busy bit (SHA_BUSY) and the CMVP_DONE and CMVP_PASS signals detailed in Table 4: Module ports and interfaces. REV. A4 Publication date: 06-10-2025

Page 12

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 5. Software/Firmware Security This section is not applicable because it is a hardware sub-chip cryptographic module defined into the W77Q64/W77Q128 secure flash memory. REV. A4 Publication date: 06-10-2025

Page 13

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 6. Operational Environment The module is a hardware sub-chip cryptographic module, and its operational environment can be classified as non-modifiable operational environment. There are no security rules, settings or restrictions to the configuration of the operational environment. REV. A4 Publication date: 06-10-2025

Page 14

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 7. Physical Security The module is a Security Level 1 sub-chip module and has a single-chip embodiment. The module is composed of production-grade components with a hard, opaque enclosure that is the physical boundary defined by the entire W77Q64/W77Q128 secure flash memory. REV. A4 Publication date: 06-10-2025

Page 15

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 8. Non-Invasive Security This section is not applicable to the module. REV. A4 Publication date: 06-10-2025

Page 16

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 9. Sensitive Security Parameter Management The only cryptographic operation supported by the module is the message digest calculation based on SHA2-256 cryptographic algorithm. Hence, SSPs are not employed, and this section is not applicable for the module. 9.1. Random Bit Generators The module does not implement RBG because it does not perform SSP generation nor SSP establishment. 9.2. Sensitive Security Parameter Generation The module does not implement any method to perform SSPs generation. 9.3. Sensitive Security Parameter Establishment The module does not implement SSPs establishment methods. 9.4. Sensitive Security Parameter Entry and Output The module does not implement SSPs entry and output methods. 9.5. Sensitive Security Parameter Storage The module does not store any SSPs inside its boundary. 9.6. Sensitive Security Parameter Zeroization The module does not employ any SSPs that can be zeroized. The module uses FLUSH command to remove any information residues related to the message digest calculation. REV. A4 Publication date: 06-10-2025

Page 17

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 10.Self-Tests This section specifies the pre-operational and conditional self-tests performed by the module to ensure its correct functionality. The module has one error state, called the error state. If an error occurs during a self-test, the module enters the error state and indicates it to the user via the status output interface by the CMVP_PASS = 0 signal. In addition, while the module is in error state, all data output interfaces except the status output interfaces are inhibited.

Page 18

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 11.Life-Cycle Assurance 11.1. Configuration Management The configuration management list is composed of the Configuration Items version control, change control, flaw remediation tracking and module design revision which are managed by Winbond in a private Gitlab repository with write access restricted to the authorized Winbond personnel. 11.2. Configuration Items Identification Method The internal versioning of the module is performed automatically, and the assigned version and revision are used internally to control the code development. The W77Q64/W77Q128 device hardware version is shown in its internal HW_VER register that can be retrieved from the device by the SHOW VERSION service using the GET_VERSION command through its SPI interface: Bit Position 31-24 23-20 19-16 15-12 Name Type Value Reserved FLASH_VER Reserved SEC_VER HC HC HC HC 00h 1h 0h 2h 11-8 SEC_REV HC 4h 7-4 HASH_VER HC 1h 3-0 Reserved HC 0h Description Reserved Flash Version Reserved Security Protocol Version: <2> W77Q

Page 19

CONFIDENTIAL W77Q64/W77Q128 Sub-Chip - W77Q

Page 20

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL Note: When a major revision is released, it does not contain the minor revision number associated. The configuration item list can be consulted in the WCIL document. 11.3. Crypto Officer and User Guidance 11.3.1. Installation and Initialization Instructions Regarding the installation and initialization guidance, once the W77Q64/W77Q128 single-chip device is powered, the module will be also powered and initiated automatically in an approved mode of operation after executing the pre-operational self-tests with success. As detailed in the section 3 “Cryptographic Module Interfaces”, when the self-tests are passed, the CMVP_DONE and CMVP_PASS signals will be set. There is no specific administrator or non-administrator guidance applicable to this module. 11.3.2. Secure Operation When the module is initiated as described in the previous section, the module will be in the approved mode and will allow the user to use the authorized services detailed in section “4.2 Services”. 11.3.3. Operation Rules When the module is installed and securely initialized, it is in Approved Mode which is the only mode of operation complying with the following rules:

  1. The module is initialized in Approved mode of operation automatically after the self-test is completed successfully.
  2. Once the module is powered up, the pre-operational self-tests are executed automatically without requiring any operator additional action to be executed.
  3. All data output interfaces except status output interfaces will be inhibited during self-tests, zeroization and error states.
  4. The module does not store nor manage any Sensitive Security Parameter; therefore, it does not support random number generation, SSPs generation, SSPs establishment, SSPs entry and output or SSPs storage.
  5. The module does not implement critical security functions.
  6. The module does not support a maintenance interface or maintenance role.
  7. There are no maintenance requirements applicable to this module.
  8. The Module does not provide bypass capability.
  9. The module does not implement an authentication mechanism because it is a Security Level 1 module.
  10. Considering the module is a purely hardware module without containing firmware or software, during the pre-operational self-tests it executes the SHA2-256 KAT instead of firmware/software verification integrity test.
  11. The module does not implement conditional self-tests because the only supported cryptographic algorithm is tested during the preoperational self-tests.
  12. The module complies with the periodic self-tests requirements by allowing the user and CO to execute the self-tests on demand either by resetting the module or by sending the CMVP_BIST command.
  13. If the module is in an error state, the cryptographic operativity of the module will be disabled.
  14. The normal operation of the Module can be resumed from an Error state by resetting (power cycling) the module.
  15. The module does not implement mitigation of other attacks. REV. A4 Publication date: 06-10-2025
Page 21

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 11.3.4. End of Life The module does not require sanitization because it does not store any SSP as detailed in the section “9.5 Sensitive Security Parameter Storage”. All the residues related to the message digest calculations are erased once the calculation is finished as detailed in the section “9.6 Sensitive Security Parameter Zeroization”. REV. A4 Publication date: 06-10-2025

Page 22

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL 12.Mitigation of Other Attacks The module is not designed to mitigate other attacks which are outside of the scope of FIPS 140-3. REV. A4 Publication date: 06-10-2025

Page 23

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL Glossary and Abbreviations CO CSP FIPS IUT KAT Module NIST PSP RBG SHA SSP REV. A4 Crypto Officer Critical Security Parameter Federal Information Processing Standard Implementation Under Test Known Answer Test TrustME © W77Q64/W77Q128 Sub-Chip Cryptographic Module V1.0 National Institute of Standards and Technology Public Security Parameter Random Bit Generator Secure Hash Algorithm Sensitive Security Parameter Publication date: 06-10-2025

Page 24

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL Reference Document FIPS 140-3 IG WSP WCIL WFSM WFS FIPS 180-4 SP 800-140F REV. A4 Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program W77QSP0200_RevA1.pdf W77QCIL0200_RevA1.pdf W77QFSM0200_RevA1.pdf W77QFS0200_RevA1.pdf Secure Hash Standard (SHS) CMVP Approved Non-Invasive Attack Mitigation Test Metrics Publication date: 06-10-2025

Page 25

W77Q64/W77Q128 Sub-Chip CONFIDENTIAL Preliminary Designation The “Preliminary” designation on a Winbond datasheet indicates that the product is not fully characterized. The specifications are subject to change and are not guaranteed. Winbond or an authorized sales representative should be consulted for current information before using this product. Trademarks Winbond and TrustME are trademarks of Winbond Electronics Corporation. All other marks are the property of their respective owner. Important Notice Winbond products are not designed, intended, authorized or warranted for use as components in systems or equipment intended for surgical implantation, atomic energy control instruments, airplane or spaceship instruments, transportation instruments, traffic signal instruments, combustion control instruments, or for other applications intended to support or sustain life. Furthermore, Winbond products are not intended for applications wherein failure of Winbond products could result or lead to a situation wherein personal injury, death or severe property or environmental damage could occur. Winbond customers using or selling these products for use in such applications do so at their own risk and agree to fully indemnify Winbond for any damages resulting from such improper use or sales. Information in this document is provided solely in connection with Winbond products. Winbond reserves the right to make changes, corrections, modifications or improvements to this document and the products and services described herein at any time, without notice. REV. A4 Publication date: 06-10-2025