| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 7/24/2030 |
| Caveat | When operated in approved mode |
| Vendor | Samsung Electronics Co., Ltd. |
| Algorithm | ACVP Cert |
|---|---|
| AES-ECB | A4352 |
| AES-GCM | A4353 |
| Counter DRBG | A4352 |
| ECDSA KeyGen (FIPS186-4) | A4351 |
| ECDSA SigVer (FIPS186-4) | A4351 |
| HMAC-SHA2-256 | A4351 |
| KAS-ECC-SSC Sp800-56Ar3 | A4351 |
| KDF SP800-108 | A4351 |
| SHA2-256 | A4351 |
| SHA2-384 | A4351 |
flowchart LR
%% Deterministic review-risk graph for Samsung TCG Opal SSC Cryptographic Sub-Chip Deneb
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Show status<br/>self-test</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>bootloader<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for Samsung TCG Opal SSC Cryptographic Sub-Chip Deneb
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Show status<br/>self-test</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>bootloader<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;Samsung TCG Opal SSC Cryptographic Sub-Chip Deneb Document Date: July 18, 2025 Document Version: 1.0
Revision History Version Change
| # | Section | Page |
|---|
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 2
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
Table
2.2. Version information Tested Configuration Hardware Version Firmware Version S4LY011A01 S02 SS0200 Table
1 The “S4LY011A01” version number is NOT the cryptographic boundary of the module, it references the SoC on which it operates on.
# Name Type Description SF Properties Algorithms
1 Key KTS SP 800-38D and SP 800-38F. 256-bit keys providing 256 AES GCM Cert. #A4353
Transport KTS (key wrapping and bits of encryption strength unwrapping) per IG D.G.
2 Key KAS SP 800-56Arev3. KASECC per Key establishment KAS-ECC-SSC / SP 800-
Agreement IG D.F Scenario 2 path (2). methodology provides 192 bits 56Ar3 Cert. #A4351 of encryption strength KDA / SP 800-56C Rev2 Cert. #A4351 Cert. SHS / FIPS 180-4 #A4351 Table
2.4. Approved mode of operation The cryptographic module supports an approved and non-approved mode of operation. The module defaults to the approved mode of operation as long as the guidance outlined in Section 11 is followed, and operator can verify that the module enters the default approved mode by confirming that the version is consistent with the version information described in this Security Policy. The module will transition between the approved and non-approved modes depending on the services requested by the operator. The operator can check whether the module is in the approved mode or the nonapproved mode via status response from each service. The module zeroises SSPs when completing a service as described in Table 10, however it is recommended for the Crypto Officer (CO) via procedural guidance set forth in this Security Policy to also perform a power reset to zeroise all SSPs of the module when switching between modes of operation.
4.2. Service 4.2.1. Approved Services The following table shows all approved services which is implemented by the cryptographic module. E: EXECUTE; W: WRITE; G: GENERATE; Z: ZEROISE Access rights Approved to Keys Keys and/or Service Description Security Roles and/or SSPs3 Indicator SSPs Functions E W G Z Show status of the module and show Show Status - - module’s versioning information Perform all preoperational and Perform self-tests conditional self-tests - - by power-cycling the module DRBG Provide a random Get Random CTR_ DRBG Internal number generated by - O O O Number (AES-256) State, DRBG the CM Seed Load the KPK for CTR_DRBG, AES- DRBG authority and decrypt GCM, KAS-ECC- Internal Authentication4 - O O O related encryption SSC, KBKDF, SHA, State, DRBG keys HMAC Seed Zeroise the KPK for Unauthentication authority and zeroise
5 - KPK - O Return value
related encryption keys MESSAGE_RESPONSE. Hash Operation Hash operation SHA - - bApprovedMode: 1 // 1: Approved Mode, FW Verify firmware 0: Non-Approved VerifyFW ECDSA Verification FL O signature Mode Key PIN O O DRBG Internal O O O State, DRBG Seed NVMe Command, CTR_DRBG, AES- KEK, KPK, Erase user data in all RevertWithPSID GCM, KBKDF, MEK, CPK, Range by changing O O O O SHA, HMAC KDK_CPK, the data KDK_KPK CO ECDH SK, O O O ECDH PK REK, SMK, O KMK PIN O O Abort all TCG KDK_CPK, KBKDF O O O TPER Reset Communications and KDK_KPK Reset TCG protocol CPK O O O AES-GCM, HMAC KPK, KEK, O O O
3 It means that “Write” and “Zeroise” perform in each storage of SSPs that is described in table10.
4 This does not mean to use to comply with Section 7.4.4 of ISO/IEC 19790, but is a service used to support the part of TCG authenticate
5 This does not mean to use to comply with Section 7.4.4 of ISO/IEC 19790, but is a service used to support the part of TCG deauthenticate
Access rights Approved to Keys Keys and/or Service Description Security Roles and/or SSPs3 Indicator SSPs Functions E W G Z MEK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O DRBG Allocate key to the Internal CreateNamespace O O O specified Namespace AES-GCM, KAS- State, DRBG ECC-SSC, Seed CTR_DRBG, SHA, ECDH CK, HMAC ECDH PK, O O O O ECDH SK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O Delete key for the DRBG DeleteNamespace specified Namespace Internal AES-GCM, O O O State, DRBG CTR_DRBG, Seed HMAC MEK O O O O REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O Remove key from TCG KDK_KPK WriteProtection boundary on the CPK O O O specified Namespace KPK, KEK O O O AES-GCM, HMAC REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O Cryptographically DRBG Sanitize erase user data Internal (Delete key) AES-GCM, O O O State, DRBG CTR_DRBG, Seed HMAC MEK O O O O REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK Cryptographically CPK O O O CryptoErase erase user data KEK, KPK O O O (Delete key) AES-GCM, DRBG CTR_DRBG, Internal O O O HMAC State, DRBG
Access rights Approved to Keys Keys and/or Service Description Security Roles and/or SSPs3 Indicator SSPs Functions E W G Z Seed MEK O O O O REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O Delete the Key DRBG FormatNVM corresponding to the Internal specified Namespace AES-GCM, O O O State, DRBG CTR_DRBG, Seed HMAC MEK O O O O REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O PIN, KEK O O O DRBG Internal O O O Ready to TCG Locking State, DRBG Activate operation CTR_DRBG, AES- Seed GCM, KAS-ECC- KPK, MEK, SSC, KBKDF, SHA, CPK, O O O O HMAC KDK_KPK ECDH SK, O O O ECDH PK REK, SMK, O KMK KDK_CPK, O O O KDK_KPK KBKDF CPK O O O PIN O O DRBG Internal O O O Reset CPINs of all State, DRBG Revert authorities and range Seed information CTR_DRBG, AES- KEK, KPK, GCM, KBKDF, MEK, CPK, O O O O SHA, HMAC KDK_KPK ECDH SK, O O O ECDH PK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O Revoke Root Revoke and zeroise REK, SMK, CO Encryption Key REK O O O KMK CTR_DRBG, DRBG KBKDF Internal O O O State, DRBG
Access rights Approved to Keys Keys and/or Service Description Security Roles and/or SSPs3 Indicator SSPs Functions E W G Z Seed Root Key O O PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK O O O DRBG Internal O O O State, DRBG Reactivate Revert and Activate CTR_DRBG, AES- Seed GCM, KAS-ECC- KPK, MEK, SSC, KBKDF, SHA, CPK, O O O O HMAC KDK_KPK ECDH SK, O O O ECDH PK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK O O O DRBG Internal O O O Set TCG authority’s State, DRBG Set CPIN password CTR_DRBG, AES- Seed GCM, KAS-ECC- KPK, MEK, SSC, KBKDF, SHA, CPK, O O O O HMAC KDK_KPK ECDH SK, CO, O O O ECDH PK USER REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O DRBG Assign locking object Internal Assign to the specified O O O AES-GCM, State, DRBG Namespace CTR_DRBG, KAS- Seed ECC-SSC, SHA, MEK, ECDH HMAC CK, ECDH O O O O PK, ECDH SK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK Deassign locking CPK O O O Deassign object to the specified AES-GCM, KEK, KPK O O O Namespace CTR_DRBG, KAS- DRBG ECC-SSC, SHA, Internal O O O HMAC State, DRBG
Access rights Approved to Keys Keys and/or Service Description Security Roles and/or SSPs3 Indicator SSPs Functions E W G Z Seed MEK, ECDH CK, ECDH O O O O PK, ECDH SK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O DRBG Internal Grant Key to the O O O Grant State, DRBG specified Authority AES-GCM, KASSeed ECC-SSC, ECDH CK, CTR_DRBG, SHA, ECDH PK, HMAC, KDA O O O O ECDH SK, GRK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O KEK, KPK O O O Generate key DRBG GenKey materials Internal AES-GCM, O O O State, DRBG CTR_DRBG, Seed HMAC MEK O O O O REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK CPK O O O PIN O O DRBG Internal Cryptographically O O O State, DRBG Erase erase user data within CTR_DRBG, AES- Seed a specific LBA Range GCM. KAS-ECC- KEK, KPK O O O SSC, KBKDF, SHA, MEK, CPK, HMAC KDK_KPK, O O O O ECDH PK, ECDH SK REK, SMK, O KMK PIN O O KDK_CPK, KBKDF O O O KDK_KPK Lock or Unlock the SetRange CPK O O O specified Range KPK, KEK, O O O AES-GCM, HMAC MEK REK, SMK, O
Access rights Approved to Keys Keys and/or Service Description Security Roles and/or SSPs3 Indicator SSPs Functions E W G Z KMK Table
Probability of 1/2192 in a single random attempt. FL ECDSA signature verification Probability of 1250/2192 in multiple random attempts in a one-minute. Table 12. Roles and Authentication Table 9 shows each authentication method and strength for a single and multiple attempts. The CO role requires password-based authentication, where each byte can be any of 0x00 to 0xFF. Each password authentication failure holds the cryptographic module for 750ms. This restricts the maximum attempts for a one-minute to less than 80 attempts (60,000ms/750ms). The User role requires password-based authentication, where each byte can be any of 0x00 to 0xFF. Each password authentication failure holds the cryptographic module for 750ms. This restricts the maximum attempts for a one-minute to less than 80 attempts (60,000ms/750ms). The FL role is limited to authenticate functions that verifies 2 steps of ECDSA P-384 with SHA-384 digital signature of firmware to complete a login. The firmware signed6 by Samsung is authenticated by verifying the ECDSA signature which has 192 security strength in every power-on. Each signature verification attempt takes at least 48ms. This can be enforced with up to 1,250 attempts in a minute.
6 The signing key is securely stored in HSM which is under Samsung internal development management.
5. Software/Firmware security - The module applies digital signature verification using ECDSA-384 with SHA-384 for firmware integrity test. - The firmware integrity test is performed every power on reset.
6. Operational environment - The cryptographic module operates in limited operational environment that consists of the module’s firmware. This operational environment does not require any specific security rules, settings/configurations or restrictions to be set. - The cryptographic module does not provide any general-purpose operating system to the operator. - Firmware loading is allowed only for CMVP validated firmware versions. Unauthorized modification of the firmware is prevented by the pre-operational firmware integrity test and conditional firmware load test.
8. Non-invasive security - Non-invasive security is not applicable for this cryptographic module
256 bits / 90Arev1 WriteProtection
Internal CTR_DRBG N/A Sanitize
State9 (AES-256) CryptoErase (AES-256) FormatNVM MEK, KEK, Activate ECDH SK, HW Revert KDK_CPK, internal10 Revoke Root Encryption Key KDK_KPK, Entropy Reactivate Root Key Set CPIN input: A4352 Assign
DRBG Seed CTR_DRBG ENT (P) N/A Deassign Nonce: Grant (AES-256)
256 bits GenKey
/ 256 bits Erase SetRange RevertWithPSID TPER Reset CreateNamespace DeleteNamespace WriteProtection Sanitize CryptoErase FormatNVM 8-44 A4351 Electronic CPK PIN11 N/A SRAM Activate bytes SHA-256 input Revert KPK Revoke Root Encryption Key Reactivate Set CPIN Assign Deassign Grant GenKey
7 Because there is no non-volatile storage in this module without OTP, basically, automatic zeroisation runs instantly either when temporary SSP
as well as SSPs are no longer needed after key generation/use, or every power-on-reset depending on characteristics of volatile memory.
10 Approved DRBG SSPs reside only inside the hardware DRBG IP and there is no way for operator to access and handle.
11 The PIN is also known as a Password in the context of this document. The terms are interchangeable.
Key/SSP Security Use & Size / Generation or Import Name/ Function and Storage7 Zeroisation8 related Strength Establishment /Export Type Cert. Number keys Erase SetRange Import / RevertWithPSID SP 800- TPER Reset
CPK 108rev1 SRAM CreateNamespace Password
KBKDF DeleteNamespace ed) WriteProtection Sanitize CryptoErase FormatNVM Activate Revert SP 800- Import / Revoke Root Encryption Key
256 bits / A4351 90Arev1 Export Reactivate
KDK_CPK SRAM CPK
256 bits KBKDF CTR_DRBG (Encrypt Set CPIN
(AES-256) ed) Assign Deassign Grant GenKey Erase SetRange Unauthentication RevertWithPSID TPER Reset CreateNamespace DeleteNamespace WriteProtection Sanitize CryptoErase SP 800- FormatNVM
KPK 108rev1 N/A SRAM Activate KEK
KBKDF Revert Reactivate Set CPIN Assign Deassign Grant GenKey Erase SetRange RevertWithPSID TPER Reset CreateNamespace DeleteNamespace WriteProtection SP 800- Import / Sanitize
256 bits / A4351 90Arev1 Export CryptoErase
KDK_KPK SRAM KPK
256 bits KBKDF CTR_DRBG (Encrypt FormatNVM
(AES-256) ed) Activate Revert Revoke Root Encryption Key Reactivate Set CPIN Assign
Key/SSP Security Use & Size / Generation or Import Name/ Function and Storage7 Zeroisation8 related Strength Establishment /Export Type Cert. Number keys Deassign Grant GenKey Erase SetRange SP 800- Import / RevertWithPSID P-384 / A4351 KAS- 90Arev1 Export CreateNamespace ECDH SK SRAM Activate GRK 192-bit ECC-SSC CTR_DRBG (Encrypt Revert (AES-256) ed) Reactivate Import / Set CPIN P-384 / A4351 KAS- SP 800-56Ar3 Export Assign ECDH PK SRAM Deassign GRK 192-bit ECC-SSC KAS-ECC-SSC (Encrypt Grant ed) Erase CreateNamespace P-384 / A4351 SP 800-56Ar3 Assign ECDH CK N/A SRAM GRK 192-bit KAS-ECC-SSC KAS-ECC-SSC Deassign Grant 256-bit / A4353 SP 800-56Cr2 GRK N/A SRAM Grant ECDH CK 256-bit AES-GCM KDA RevertWithPSID TPER Reset CreateNamespace DeleteNamespace WriteProtection Sanitize CryptoErase SP 800- Import / FormatNVM
256 bits / A4353 90Arev1 Export Activate
256 bits AES-GCM CTR_DRBG (Encrypt Revert
(AES-256) ed) Reactivate Set CPIN Assign Deassign Grant GenKey Erase SetRange Import RevertWithPSID (Encrypt TPER Reset SP 800- ed)/ DeleteNamespace Sanitize
MEK12 N/A SRAM CryptoErase KEK
256 bits CTR_DRBG (Plaintext FormatNVM
(AES-256) & Activate Encrypte Revert d) Reactivate
12 Please note this is a SSP generated by the module to be used by the consuming application (outside of the boundary)
13 FIPS 140-3 IG 2.3.B states Transferring SSPs between a sub-chip cryptographic subsystem and an intervening functional subsystem for
Security Level 2 on the same single chip is considered as not having Sensitive Security Parameter Establishment crossing the HMI of the sub-chip module per IG 9.5.A.
Key/SSP Security Use & Size / Generation or Import Name/ Function and Storage7 Zeroisation8 related Strength Establishment /Export Type Cert. Number keys Set CPIN Assign Deassign GenKey Erase SetRange SP 800- RevertWithPSID
256 bits / A4351 TPER Reset
SMK 108rev1 N/A SRAM Root Key
256 bits HMAC CreateNamespace
256 bits / A4351 WriteProtection
KMK 108rev1 N/A SRAM Root Key
256 bits HMAC Sanitize
KBKDF CryptoErase FormatNVM Activate Revert Revoke Root Encryption Key SP 800- Reactivate
256 bits / A4353 Set CPIN
REK 108rev1 N/A SRAM Root Key
256 bits AES-GCM Assign
KBKDF Deassign Grant GenKey Erase SetRange SP 800-
256 bits / A4351 90Arev1 Revoke Root Encryption
Root Key N/A OTP REK
256 bits KBKDF CTR_DRBG Key
(AES-256) Firmware P-384 / A4351 Physically protected PSP Verificatio Manufacturing N/A ROM N/A 192-bit ECDSA stored in the ROM n Key14 Table
15 Estimated amount of entropy per the source’s output bit is 0.767252 and Samsung conservatively claims to be set at 0.5 per bit.
ECDSA signature verification is performed Firmware load ECDSA if new FW is downloaded or at every Firmware load test test power-on-reset Cryptographic KATs: SP 800-90Arev1 Health testing on DRBG algorithm self- Instantiate, Generate and Reseed Module initialization test functions Cryptographic Start up and Conditional SP800-90B ENT (P) algorithm self- Heath tests: Repetition count test, Module initialization and Continuously test Adaptive proportion test Table 17. List of Conditional self-tests
11. Life-cycle assurance The followings describe the security rules for secure initialization and operation which the cryptographic module and Crypto Officer shall be enforced under FIPS 140-3 security level 2 compliant manner: 11.1. Secure Initialization [Step 1] Execute the firmware loading into the module [Step 2] Execute Init and Open method [Step 3] Replace the default password via Set_CPIN service if first-time authentication. - Identify the status indicator via Show Status service in the Table 7. - Identify that response information matches the versioning information in Table 3. 11.2. Operational description of module