| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 9/14/2030 |
| Caveat | When operated in approved mode; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs |
| Vendor | Nuvoton Technology Corporation |
| Algorithm | ACVP Cert |
|---|---|
| AES-CFB128 | A4792 |
| AES-CTR | A4792 |
| AES-OFB | A4792 |
| Counter DRBG | A4792 |
| ECDSA KeyGen (FIPS186-4) | A4792 |
| ECDSA KeyVer (FIPS186-4) | A4792 |
| ECDSA SigGen (FIPS186-4) | A4792 |
| ECDSA SigVer (FIPS186-4) | A4792 |
| HMAC-SHA-1 | A4792 |
| HMAC-SHA2-256 | A4792 |
| HMAC-SHA2-384 | A4792 |
| KAS-ECC Sp800-56Ar3 | A4792 |
| KAS-ECC-SSC Sp800-56Ar3 | A4792 |
| KDA OneStep Sp800-56Cr1 | A4792 |
| KDF SP800-108 | A4792 |
| KTS-IFC | A4792 |
| RSA KeyGen (FIPS186-4) | A4792 |
| RSA SigGen (FIPS186-4) | A4792 |
| RSA Signature Primitive (CVL) | A4792 |
| RSA SigVer (FIPS186-4) | A4792 |
| SHA-1 | A4792 |
| SHA2-256 | A4792 |
| SHA2-384 | A4792 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>TPM2_SequenceUpdate<br/>TPM2_PCR_Read<br/>TPM2_DictionaryAttackP arameters</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>ECDSA SigVer Component<br/>AES-CFB128<br/>AES-CTR</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>SPI Bus<br/>I2C Bus</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C4,C5,C6 clue;
class I2,I3,I4,I5,I6 infer;
class R2,R3,R4,R5,R6 risk;
class E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>TPM2_SequenceUpdate<br/>TPM2_PCR_Read<br/>TPM2_DictionaryAttackP arameters</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>ECDSA SigVer Component<br/>AES-CFB128<br/>AES-CTR</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>SPI Bus<br/>I2C Bus</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C4 clueHigh;
class C5,C6 clueLow;Nuvoton Technology Corporation Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine Hardware Version 0x00FC Firmware Version 7.2.4.1 Document Version: 1.4 Last update: 2025-07-29 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Table of Contents © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module List of Tables List of Figures © 2025 Nuvoton / atsec information security.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | N/A |
| 7 | 7 | Physical security | 3 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 1 |
Nuvoton Trusted Platform Module Cryptographic Module
This document is the non-proprietary FIPS 140-3 Security Policy for the Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine (hereafter referred to as “the module”). It has a one-to-one mapping to the [SP 800-140Br1] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document.
The module meets the requirements of FIPS Pub 140-3 overall Security Level 1 with Physical Security N/A N/A N/A Table 1: Security Levels © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
Purpose and Use: The Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine is a hardware cryptographic module (hereafter simply referred to as “the module”) that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation. The module is a contained within a single-chip embodiment that provides cryptographic services utilized by external applications. The module meets commercial-grade specifications for power, temperature, reliability, shock, and vibrations, and includes chip packaging to meet the physical security requirements at security level 3. Module Type: Hardware Module Embodiment: SingleChip Cryptographic Boundary: The block diagram below shows the cryptographic boundary of the module, and its interfaces with the operational environment. The components within TOEPP include an RNG block to provide entropy input for the module’s DRBG, Cryptographic Accelerators (SHA, AES, and PKA), ROM containing non-modifiable runtime execution code (CrypLib and Booter), Flash containing modifiable runtime execution code (Bootloader and TPM Library), CPU and RAM for runtime processing. Lastly the GPIO, Power Management and Host Interfaces provide the interfaces to/from the module. Figure 1: Block Diagram Tested Operational Environment’s Physical Perimeter (TOEPP) The TOEPP and cryptographic boundary are one and the same, encompassing the entire physical chip (outlined in red).
Tested Module Identification
| Name | Model | Hardware Version | Firmware Version | Processor | Features |
|---|---|---|---|---|---|
| NPCT7xx embedded in UQFN16 package | NPCT7xx embedded in UQFN16 package | 0x00FC | 7.2.4.1 | NPCT7xx CPU | N/A |
| NPCT7xx embedded in QFN32 package | NPCT7xx embedded in QFN32 package | 0x00FC | 7.2.4.1 | NPCT7xx CPU | N/A |
| NPCT7xx embedded in TSSOP28 package | NPCT7xx embedded in TSSOP28 package | 0x00FC | 7.2.4.1 | NPCT7xx CPU | N/A |
| Name | Description | Indicator | Type |
|---|---|---|---|
| Transient mode | Default mode entered when the TPM powers up and has completed self tests for SHS (SHA-1, SHA2-256, SHA2-384), HMAC, AES, DRBG, KBKDF and KDF algorithms which are used for basic TPM commands. | Same as section 4.3 | Approved |
| Full approved mode of operation | This mode can be entered by either forcing to run the self tests for all algorithms using 'TPM2_SelfTest' command or by explicitly calling service that will require use of algorithms not tested in transient mode. This corresponds to all commands except the ones listed in section 6.5.1.6, of platform TPM profile specification and the command 'TPM2_IncrementalSelfTest'. | Same as section 4.3 | Approved |
| Non- Approved mode of operation | Automatically entered whenever a non-approved service is invoked. | Same as section 4.3 | Non- Approved |
Nuvoton Trusted Platform Module Cryptographic Module This module is available in three hardware configurations. 7.2.4.1 N/A 7.2.4.1 N/A 7.2.4.1 N/A Table 2: Tested Module Identification
There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements. Modes List and Description: For some TPM host platforms, it might take too much time to execute all self-tests during power up. Therefore, the TPM supports the following two Approved modes. © 2025 Nuvoton / atsec information security.
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CFB128 | A4792 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38A |
| AES-CTR | A4792 | Direction - Encrypt Key Length - 128, 256 | SP 800-38A |
| AES-OFB | A4792 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38A |
| Conditioning Component Block Cipher Derivation Function SP800-90B | A4792 | Key Length - 256 | SP 800-90B |
| Counter DRBG | A4792 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A4792 | Curve - P-256, P-384 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A4792 | Curve - P-256, P-384 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A4792 | Component - No, Yes Curve - P-256, P-384 Hash Algorithm - SHA2-256, SHA2-384 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A4792 | Component - No Curve - P-256, P-384 | FIPS 186-4 |
| HMAC-SHA-1 | A4792 | Key Length - Key Length: 160-240 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4792 | Key Length - Key Length: 160-1024 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4792 | Key Length - Key Length: 160-2048 Increment 8 | FIPS 198-1 |
| KAS-ECC Sp800-56Ar3 | A4792 | Domain Parameter Generation Methods - P-256, P-384 Function - Key Pair Generation, Partial Validation Scheme - fullUnified - KAS Role - Initiator, Responder Key Length - 1024 | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A4792 | Domain Parameter Generation Methods - P-256, P-384 Scheme - fullUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDA OneStep Sp800-56Cr1 | A4792 | Derived Key Length - 1024 Shared Secret Length - Shared Secret Length: 384-768 Increment 8 | SP 800-56C Rev. 2 |
| KDF SP800-108 | A4792 | KDF Mode - Counter | SP 800-108 Rev. 1 |
| KTS-IFC | A4792 | Modulo - 2048, 3072, 4096 Key Generation Methods - rsakpg1-crt Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Length - 384 | SP 800-56B Rev. 2 |
| RSA KeyGen (FIPS186-4) | A4792 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Chinese Remainder Theorem | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A4792 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA Signature Primitive (CVL) | A4792 | Private Key Format - crt | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A4792 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A4792 | FIPS 180-4 | |
| SHA2-256 | A4792 | FIPS 180-4 | |
| SHA2-384 | A4792 | FIPS 180-4 |
Nuvoton Trusted Platform Module Cryptographic Module NonApproved NonApproved Table 3: Modes List and Description
Approved Algorithms: The table below lists all approved algorithms used by the module, including specific key strengths employed for approved services, and implemented modes of operation. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Table 4: Approved Algorithms Vendor-Affirmed Algorithms: The following table lists all vendor affirmed approved algorithms implemented by the module. © 2025 Nuvoton / atsec information security.
| Name | Description | Approved Functions | Type | Properties | Implementation | ||
|---|---|---|---|---|---|---|---|
| CKG | Key Type:Symmetric and Asymmetric | N/A | SP800-133, Rev2 Section 4, example 1 | ||||
| ECDSA SigVer Component | Non-Security Related Input Verification (No authentication claimed) | Allowed as per IG 2.4.A | |||||
| RSA signature generation using SHA-1 | Digital signature generation | ||||||
| ECDSA signature generation using SHA-1 | Digital signature generation | ||||||
| RSA Key Transport | RSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL | ||||||
| CKG | HMAC key generation with Key Size < 112 bits | ||||||
| HMAC | Message Authentication Code using HMAC with Key Size < 112 bits | ||||||
| KAS-ECC-SSC | ECC Shared Secret Calculation with Derived Asymmetric ECC Key | ||||||
| AES-CFB128 | AES encryption/decryption | AES-CFB128: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits | |||
| AES-CTR | AES encryption/decryption | AES-CTR: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits |
| Name | Description | Approved Functions | Type | Properties | Implementation | ||
|---|---|---|---|---|---|---|---|
| CKG | Key Type:Symmetric and Asymmetric | N/A | SP800-133, Rev2 Section 4, example 1 | ||||
| ECDSA SigVer Component | Non-Security Related Input Verification (No authentication claimed) | Allowed as per IG 2.4.A | |||||
| RSA signature generation using SHA-1 | Digital signature generation | ||||||
| ECDSA signature generation using SHA-1 | Digital signature generation | ||||||
| RSA Key Transport | RSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL | ||||||
| CKG | HMAC key generation with Key Size < 112 bits | ||||||
| HMAC | Message Authentication Code using HMAC with Key Size < 112 bits | ||||||
| KAS-ECC-SSC | ECC Shared Secret Calculation with Derived Asymmetric ECC Key | ||||||
| AES-CFB128 | AES encryption/decryption | AES-CFB128: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits | |||
| AES-CTR | AES encryption/decryption | AES-CTR: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits |
| Name | Description | Approved Functions | Type | Properties | Implementation | ||
|---|---|---|---|---|---|---|---|
| CKG | Key Type:Symmetric and Asymmetric | N/A | SP800-133, Rev2 Section 4, example 1 | ||||
| ECDSA SigVer Component | Non-Security Related Input Verification (No authentication claimed) | Allowed as per IG 2.4.A | |||||
| RSA signature generation using SHA-1 | Digital signature generation | ||||||
| ECDSA signature generation using SHA-1 | Digital signature generation | ||||||
| RSA Key Transport | RSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL | ||||||
| CKG | HMAC key generation with Key Size < 112 bits | ||||||
| HMAC | Message Authentication Code using HMAC with Key Size < 112 bits | ||||||
| KAS-ECC-SSC | ECC Shared Secret Calculation with Derived Asymmetric ECC Key | ||||||
| AES-CFB128 | AES encryption/decryption | AES-CFB128: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits | |||
| AES-CTR | AES encryption/decryption | AES-CTR: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits |
| Name | Description | Approved Functions | Type | Properties | Implementation | ||
|---|---|---|---|---|---|---|---|
| CKG | Key Type:Symmetric and Asymmetric | N/A | SP800-133, Rev2 Section 4, example 1 | ||||
| ECDSA SigVer Component | Non-Security Related Input Verification (No authentication claimed) | Allowed as per IG 2.4.A | |||||
| RSA signature generation using SHA-1 | Digital signature generation | ||||||
| ECDSA signature generation using SHA-1 | Digital signature generation | ||||||
| RSA Key Transport | RSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL | ||||||
| CKG | HMAC key generation with Key Size < 112 bits | ||||||
| HMAC | Message Authentication Code using HMAC with Key Size < 112 bits | ||||||
| KAS-ECC-SSC | ECC Shared Secret Calculation with Derived Asymmetric ECC Key | ||||||
| AES-CFB128 | AES encryption/decryption | AES-CFB128: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits | |||
| AES-CTR | AES encryption/decryption | AES-CTR: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits |
Nuvoton Trusted Platform Module Cryptographic Module N/A Table 5: Vendor-Affirmed Algorithms N/A for this module. 2.4.A The following table list all non-approved algorithms not allowed in the approved mode of operation. © 2025 Nuvoton / atsec information security.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| AES-OFB | AES encryption/decryption | AES-OFB: (A4792) | BC-UnAuth | Key Size:128, 256 bits Key Strength:128, 256 bits |
| CTR_DRBG | Deterministic random bit generation | Counter DRBG: (A4792) | DRBG | Mode:AES-256 Key Size:256 bits Key Strength:256 bits Prediction Resistance:No Supports Reseed:Yes Derivation Function Enabled:No |
| ECDSA KeyGen | ECC key generation | ECDSA KeyGen (FIPS186-4): (A4792) | AsymKeyPair- KeyGen CKG | Curves and Key Strength:P-256, P- 384 with 128 and 192 bits of key strength |
| ECDSA KeyVer | ECC public key validation | ECDSA KeyVer (FIPS186-4): (A4792) | AsymKeyPair-KeyVer | Curves:P-256, P-384 Key Strength:128 and 192 bits |
| ECDSA SigGen | ECC signature generation | ECDSA SigGen (FIPS186-4): (A4792) | DigSig-SigGen | Curves:P-256, P-384 Hash Algorithm:SHA2-256, SHA2-384 |
| ECDSA SigVer | ECC signature verification | ECDSA SigVer (FIPS186-4): (A4792) | DigSig-SigVer | Curves:P-256, P-384 Hash Algorithm:SHA- 1, SHA2-256, SHA2- 384 |
| ECDSA SigGen Component | ECC signature generation component | ECDSA SigGen (FIPS186-4): (A4792) | DigSig-SigGen | Curves:P-256, P-384 |
| HMAC | Message Authentication Code using HMAC | HMAC-SHA-1: (A4792) HMAC-SHA2-256: (A4792) HMAC-SHA2-384: (A4792) | MAC | HMAC-SHA-1:Key Sizes 160 to 240 with 128 bits of security strength HMAC-SHA-256:Key Sizes 160 to 1024 with 256 bits of security strength HMAC-SHA-384:Key Sizes 160 to 2048 with 256 bits of security strength |
| KAS-ECC | ECC key agreement | KAS-ECC Sp800- 56Ar3: (A4792) | KAS-Full | Key Agreement Schemes:Full Unified, One Pass DH KDF Methods:onestepkdf (SHA2-256/SHA2- |
Nuvoton Trusted Platform Module Cryptographic Module AsymKeyPairKeyGen © 2025 Nuvoton / atsec information security.
| Name | Description | Role Access | Approved Functions | Type |
|---|---|---|---|---|
| KAS-ECC-SSC | ECC shared secret calculation | Key Agreement Schemes:Full Unified, One Pass DH Caveat:Key establishment methodology provides 128 or 192 bits of security strength | KAS-ECC-SSC Sp800-56Ar3: (A4792) | KAS-SSC |
| KDA | Symmetric key derivation (KDA) | Auxiliary Function Methods:SHA2-256, SHA2-384 derived key size and strength:1024 bits with 256 bits of key strength | KDA OneStep Sp800- 56Cr1: (A4792) | KAS-56CKDF |
| KBKDF | Symmetric key derivation (KBKDF) | KDF Mode:Counter HMAC-SHA-1 Key Size and Strength:160 and 384 bit key with 128 bits of security strength HMAC-SHA-256 Key Size and Strength Key Strength:160 and 384 bit key with 256 bits of security strength HMAC-SHA-384 Key Size and strength:160 and 384 bit key with 256 bits of security strength | KDF SP800-108: (A4792) | KBKDF |
| KTS RSA | RSA key transport | Scheme:KTS-OAEP- basic Key Transport Method:SHA2-256, SHA2-384 Key Generation Methods:rsakpg1-crt Caveat:Key establishment methodology provides between 112 and 150 bits of security strength Compliance:IG D.G | KTS-IFC: (A4792) | KTS-Wrap |
| RSA KeyGen | RSA key generation | Key Generation Mode:B.3.3 Key Size and Strength :2048-, 3072- or 4096-bit modulus with 112, 128, 150 bits of key strength | RSA KeyGen (FIPS186-4): (A4792) | AsymKeyPair- KeyGen |
| RSA SigGen | RSA signature generation | Signature Type:PKCS 1.5, PKCSPSS Hash Pair:SHA2-256, SHA2-384 Key Size:2048, 3072, 4096 bits | RSA SigGen (FIPS186-4): (A4792) | DigSig-SigGen |
| RSA SigGen Primitive | RSA signature generation primitive | Key Size:2048, 3072, 4096 bits | RSA Signature Primitive: (A4792) | DigSig-SigGen |
| RSA SigVer | RSA signature verification | Signature Type:PKCS 1.5, PKCSPSS Hash Pair:SHA2-256, SHA2-384 Key Size:2048, 3072, 4096 bits | RSA SigVer (FIPS186-4): (A4792) | DigSig-SigVer |
| SHA | Message digest | SHA-1: (A4792) SHA2-256: (A4792) SHA2-384: (A4792) | SHA | |
| AES key generation | AES key generation | Key Size and Strength:128, 256 bits with 128 or 256 bits of key strength | Counter DRBG: (A4792) | CKG |
| HMAC key generation | HMAC key generation | Key Size and Strength:160, 256, 384 bits with 128 or 256 bits of key strength | Counter DRBG: (A4792) | CKG |
| KTS (AES + HMAC) key wrapping | Symmetric key wrapping | Caveat:Key establishment methodology provides 128 or 256 bits of security strength | AES-CFB128: (A4792) HMAC-SHA-1: (A4792) HMAC-SHA2-256: (A4792) HMAC-SHA2-384: (A4792) | KTS-Wrap |
| KTS (AES + HMAC) key unwrapping | Symmetric key unwrapping | Caveat:Key establishment methodology provides 128 or 256 bits of security strength | AES-CFB128: (A4792) HMAC-SHA-1: (A4792) HMAC-SHA2-256: (A4792) | KTS-Wrap |
| Entropy Source | Physical entropy source | Conditioning Component:Block Cipher DF Sample Size:384 bits Entropy Per Sample:384 bits | Conditioning Component Block Cipher Derivation Function SP800-90B: (A4792) | ENT-ESV |
Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module AsymKeyPairKeyGen © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Table 8: Security Function Implementations
Compliance to SP 800-56ARev3 assurances For KAS-ECC, the module satisfies IG D.F Scenario 2 path (2) (i.e., tested compliance with Full Unified and One Pass DH key agreement schemes followed by the derivation of the key as shown in Section 5.8 of SP 800-56Arev3). The key derivation function complies to SP 800-56C rev2 (i.e, OneStep KDF). Furthermore, the module obtained the appropriate assurances, as required in Sections
The key generation implemented by the module is CAVP validated. The entity using the module, must use the module's key generation service to generate the ECDH keys. The module will perform a pairwise consistency check upon generating ECDH keys.
5.6.2.2 Assurances Required by a Public Key Recipient Assurance of public-key validity: The module
makes used of approved EC curves listed in SP 800-140D and performs a successful public-key validation of the received public key.
5.6.2.2.3 Recipient’s assurance of owner’s possession of private key can be met via the use of a
Trusted Third party that requires the key confirmation procedure. Both of which are handled by the entity outside of the module that requested the ECDH Key Agreement service from the module. That is, such checks are out of the module's scope.
5.6.2.3 Public Key Validation Routines: The module performs the required public key validation before
initiating the handshake. Compliance to SP 800-56BRev3 assurances For KTS RSA, the tester verified the implementation satisfies IG D.G by employing an approved RSAbased key transport scheme as specified in SP 800-56Brev2. The following summary of assurances, as defined in Sections 5 and 6 of SP 800-56Brev2: Section 5.1
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine | Physical | 384 bits | Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine on Nuvoton NPCT7xx (firmware version 7.2.4.1) | 384 bits | Vetted Conditioning Component: Block Cipher Derivation Function Cert# A4792 |
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E18 | Nuvoton |
Nuvoton Trusted Platform Module Cryptographic Module Section 5.4 and Section 5.5 – N/A, The module does not implement a key agreement scheme (i.e., KAS1). For additional assurances found in its Section 6 (specifically SP 800-56Brev2 Section 6.4 Required Assurances):
Table 9: Entropy Certificates Table 10: Entropy Sources Entropy Information: The SP 800-90B entropy source consists of a noise source which feeds 1024bit samples to a block cipher vetted conditioning component. The final output from the conditioning component provides 384-bits of full entropy. DRBG Information: The module implements an approved SP 800-90Ar1 Deterministic Random Bit Generator in the form of CTR_DRBG. The CTR_DRBG is provided with 384-bits of entropy input from the SP 800-90B compliant entropy source. The DRBG is used internally by the module to generate symmetric keys, seeds for asymmetric key pairs and random numbers for security functions. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
This module implements vendor affirmed Cryptographic Key Generation (CKG) for AES, HMAC, RSA, ECDSA and EC Diffie-Hellman keys, compliant to SP 800-133rev2 and IG D.H. When generating RSA and ECDSA and EC Diffie-Hellman asymmetric key pairs, the seed used for asymmetric key generation is obtained directly from the module's approved SP 800-90rev1 DRBG (CTR_DRBG) specified in SP 800-133 Rev2 Section 4, example 1. This is followed by an asymmetric key generation method compliant with FIPS 186-4 (and SP 800-56A Rev 3 for ECDH key pairs). Symmetric keys (AES and HMAC) are also generated directly from the module's approved CTR_DRBG as following Section 4, example 1 of SP 800-133rev2.
The module provides an approved [SP800-56Arev3] EC Diffie-Hellman Key Agreement Scheme. The key agreement scheme is compliant with IG D.F scenario 2 path (2). The CAVP testing was performed end-to-end, using the Full Unified and One Pass DH Models with approved domain parameters (i.e., P-256 and P-384). Per FIPS 140-3 IG D.B, the curves provide 128 or 192 bits of security strength. The module provides key derivation services using SP 800-108 KBKDF and SP 800-56C One-Step KDF with key sizes 160, 256, 384 bits. Per FIPS 140-3 IG D.B, the key sizes provide 160-256 bits of security strength. The module provides SP 800-56B rev2 Key Transport using KTS-OAEP-basic. The implementation supports 2048-, 3072-, or 4096-bits modulus size, with both key encapsulation and un-encapsulation supported. The module does not implement key confirmation. Per FIPS 140-3 IG D.B, the key sizes provide 112, 128, or 150 bits of security strength. The module also implements AES-CFB128 combined with HMAC as approved key wrapping method compliant SP 800-38F. Per FIPS 140-3 IG D.B, the key sizes provide 128 or 256 bits of security strength.
The cryptographic module does not implement any relevant industry protocols. © 2025 Nuvoton / atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| SPI Bus | SPI Bus | Data Input Data Output Control Input Status Output | Data provided to the chip as part of the data processing commands; Data output by the chip a part of the data processing commands; Control Input commands issued to the chip; Status data output by the chip |
| I2C Bus | I2C Bus | Data Input Data Output Control Input Control Output | Data provided to the chip as part of the data processing commands; Data output by the chip a part of the data processing commands; Control Input commands issued to the chip; Status data output by the chip |
| PP pin | PP pin | Data Input Control Input | Data provided to the chip as part of the data processing commands; Control Input commands issued to the chip |
| Power | Power | Power | Power interface of the chip |
Nuvoton Trusted Platform Module Cryptographic Module
Table 11: Ports and Interfaces The module does not implement any control output interface. The logical interfaces are the API through which applications request services. The ports and interfaces are shown in the following table. All data output via data output interface is inhibited when the module is performing pre-operational test or zeroization or when the module enters error state. © 2025 Nuvoton / atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Object Administrator | Crypto Officer | Role | None | ||||||
| Object User | User | Role | None | ||||||
| Duplicate | Crypto Officer | Role | None | ||||||
| TPM2_Startup | Used to initiate a startup process, where the TPM state is either reset or loaded from a saved state. | Unauthentica ted - nullSeed: Z - nullProof: Z - platformAuth: Z - platformPolic | Entropy Source | '00' | Startup Type | N/A |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Object Administrator | Crypto Officer | Role | None | ||||||
| Object User | User | Role | None | ||||||
| Duplicate | Crypto Officer | Role | None | ||||||
| TPM2_Startup | Used to initiate a startup process, where the TPM state is either reset or loaded from a saved state. | Unauthentica ted - nullSeed: Z - nullProof: Z - platformAuth: Z - platformPolic | Entropy Source | '00' | Startup Type | N/A |
Nuvoton Trusted Platform Module Cryptographic Module
N/A for this module. The module does not support role authentication.
The table below lists the approved services. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or SSPs involved, and their access type(s). The following convention is used to specify access rights for SSPs: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroizes the SSP. N/A: The calling application does not access any SSP or key during its operation. Details on the approved cryptographic algorithms, can be found in the SFI table. The module implements a FIPS 140-3 service indicator function that outputs its value. This value corresponds to the three categories defined in IG 2.4.C. Non-security relevant services are set to '00', approved services are set to '01' and non-approved services are set to '10'. y N/A Z © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y y: Z Z :Z Z Z Z Z Z Z Z © 2025 Nuvoton / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| TPM2_Shutdown | Used to prepare the TPM for a power cycle. | Unauthentica ted | None | '00' | Shutdown Type | N/A |
| TPM2_IncrementalSelfTe st | Perform Self-Test of selected algorithms. | Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive | AES- CFB128 AES- CTR AES- OFB CTR_D RBG ECDSA KeyGen ECDSA KeyVer ECDSA | '01' | List of algorithms to be tested | To do list of the selected algorithms All algorithms mentioned in Table 22 |
| SigGen ECDSA SigVer HMAC KAS- ECC KAS- ECC- SSC KDA KBKDF KTS RSA RSA KeyGen RSA SigGen RSA SigGen Primitiv e RSA SigVer SHA | data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption Keys (authPolicy): E - Asymmetric Encryption Keys (public data): E - Symmetric Encryption Keys (authValue): E - Symmetric Encryption Keys (seedValue): E - Symmetric Encryption Keys (sensitive data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): | SigGen ECDSA SigVer HMAC KAS- ECC KAS- ECC- SSC KDA KBKDF KTS RSA RSA KeyGen RSA SigGen RSA SigGen Primitiv e RSA SigVer SHA | ||||
| TPM2_SelfTest | Perform Self-Test of all functions or only those that have not previously been tested. | Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption Keys (authPolicy): E - Asymmetric Encryption Keys (public data): E - Symmetric Encryption Keys | AES- CFB128 AES- CTR AES- OFB CTR_D RBG ECDSA KeyGen ECDSA KeyVer ECDSA SigGen ECDSA SigVer HMAC KAS- ECC KAS- ECC- SSC KDA KBKDF KTS RSA RSA KeyGen RSA SigGen RSA SigGen Primitiv e RSA SigVer SHA | '01' | Choose whether to perform the test everything (fullTest = YES) or only the untested functions (fullTest = NO) | N/A |
| TPM2_GetTestResult | Returns manufacturer- specific information regarding the results of a self-test and an indication of the test status. | Unauthentica ted | None | '00' | N/A | test result data (manufacturer- specific information), test result |
| TPM2_StartAuthSession | Start authorization session. | Unauthentica ted - platformAuth: E - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption | CTR_D RBG KAS- ECC KBKDF KTS RSA | '01' | Session Parameters: session Type, encryption algorithm, key size, hash algorithm | tpmKey, authValue, nonce size, encrypted salt, session Type, encryption algorithm, key size, hash algorithm |
| TPM2_PolicyRestart | Allows a policy authorization session to be returned to its initial state. | Unauthentica ted - Session (sessionKey): E - Session (symKey): E Object User - Session (sessionKey): E - Session (symKey): E | None | '00' | session handle | N/A |
| TPM2_Create | Creation of an ordinary object. | Object User - Asymmetric Signing Keys (authValue): G - Asymmetric Signing Keys (seed value): G - Asymmetric Signing Keys (sensitive data): G - Asymmetric Signing Keys (authPolicy): G - Asymmetric Signing Keys (public data): G | CTR_D RBG Entropy Source ECDSA KeyGen HMAC RSA KeyGen SHA KBKDF AES key generati on HMAC key generati on KTS (AES + | '01' | Parent handle, sensitive data, public template, outside info, creationPCR | private portion, public portion, creation data, hash value, creation ticket (see TPM2_CertifyC reation) |
| HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g | - Asymmetric Encryption Keys (authValue): G - Asymmetric Encryption Keys (seedValue): G - Asymmetric Encryption Keys (sensitive data): G - Asymmetric Encryption Keys (authPolicy): G - Asymmetric Encryption Keys (public data): G - Symmetric Encryption Keys (authValue): G - Symmetric Encryption Keys (seedValue): G - Symmetric Encryption Keys (sensitive data): G - Symmetric Signing Keys (authValue): G - Symmetric Signing Keys (seedValue): G - Symmetric Signing Keys (sensitive data): G | HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g | ||||
| TPM2_Load | Loading an protected object. | Object User - Asymmetric Signing Keys (authValue): W - Asymmetric Signing Keys (seed value): W - Asymmetric Signing Keys (sensitive data): W - Asymmetric Signing Keys (authPolicy): W - Asymmetric Signing Keys (public data): W - Asymmetric Encryption Keys (authValue): W - Asymmetric Encryption Keys (seedValue): W - Asymmetric Encryption Keys (sensitive data): W - Asymmetric Encryption Keys (authPolicy): W - Asymmetric Encryption Keys (public data): W - Symmetric Encryption Keys (authValue): W - Symmetric Encryption Keys (seedValue): | HMAC KAS- ECC- SSC KBKDF SHA KTS (AES + HMAC) key unwrap ping | '01' | Parent handle, private portion, public portion | Object handle, name of the loaded object |
| TPM2_LoadExternal | Loading an external object. | Unauthentica ted - Asymmetric Signing Keys (authValue): W - Asymmetric Signing Keys (seed value): W - Asymmetric Signing Keys (sensitive data): W - Asymmetric Signing Keys (authPolicy): W - Asymmetric Signing Keys (public data): W - Asymmetric Encryption Keys (authValue): W - Asymmetric | HMAC KAS- ECC- SSC SHA | '01' | Private portion, public portion, associated hierarchy | Object handle, name of the loaded object |
| TPM2_ReadPublic | Allows access to the public area of a loaded object. | Unauthentica ted - Asymmetric Signing Keys (authValue): R - Asymmetric Signing Keys (seed value): | SHA | '00' | object handle | public area of object, name of object, qualified name of object |
Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z Z N/A AESCFB128 AESCTR AESOFB E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y KASECC KASECCSSC e E E E E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E N/A AESCFB128 AESCTR AESOFB KASECC KASECCSSC e E E E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E manufacturerspecific information N/A (manufacturerspecific KASECC E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E G,E G,E N/A E E G G G G © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y g G G G G G G G © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y KASECCSSC W W W W W W W W © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y W W W KASECCSSC W W W W W © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y W W W W W W R © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y R R R R R R R R © 2025 Nuvoton / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| TPM2_ActivateCredential | Decrypts an object credential. | Object Administrator - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Credential Ephemeral Keys (symKey): R,E - Credential Ephemeral Keys (hmacKey): R,E - Ephemeral Key Agreement Keys: E Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E | KTS RSA KAS- ECC KBKDF KTS (AES + HMAC) key unwrap ping | '01' | active handle, key handle, credential blob, secret | decrypted certificate information |
| TPM2_MakeCredential | Encrypts object credential. | Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Credential Ephemeral Keys (symKey): R,E - Credential | CTR_D RBG KTS RSA ECDSA KeyGen KAS- ECC KTS (AES + HMAC) key wrappin g KBKDF | '01' | Object handle, credential, object name | encrypted secret, credentialBlob |
| TPM2_Unseal | Returns the data in a loaded Sealed Data Object. | Object User | None | '00' | item handle | unsealed data |
| TPM2_ObjectChangeAut h | Change the authorization secret of an object. | Object Administrator - Object Ephemeral Keys (symKey): R,W,E - Object Ephemeral Keys (hmacKey): R,W,E - Asymmetric Signing Keys (authValue): R,W - Asymmetric Signing Keys (seed value): R,W - Asymmetric Signing Keys (sensitive data): R,W - Asymmetric Signing Keys (authPolicy): R,W - Asymmetric Signing Keys (public data): R,W - Asymmetric Encryption Keys (authValue): R,W - Asymmetric Encryption Keys (seedValue): R,W | CTR_D RBG KBKDF SHA KTS (AES + HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g | '01' | Object handle, parent handle, new authValue | private area containing new authValue |
| TPM2_CreateLoaded | Creation and loading of an ordinary or a derived object. | Object User - ppSeed: E - epSeed: E - spSeed: E - nullSeed: E - platformAuth: E - endorsement Auth: E - ownerAuth: E | CTR_D RBG Entropy Source ECDSA KeyGen HMAC KBKDF RSA KeyGen SHA AES key | '01' | Parent handle, private portion, public key portion | Object handle, private portion, public portion, Name of the loaded object |
| generati on HMAC key generati on KTS (AES + HMAC) key wrappin g | - Object Ephemeral Keys (symKey): G,W,E - Object Ephemeral Keys (hmacKey): G,W,E - Asymmetric Signing Keys (authValue): G,W - Asymmetric Signing Keys (seed value): G,W - Asymmetric Signing Keys (sensitive data): G,W - Asymmetric Signing Keys (authPolicy): G,W - Asymmetric Signing Keys (public data): G,W - Asymmetric Encryption Keys (authValue): G,W - Asymmetric Encryption Keys (seedValue): G,W - Asymmetric Encryption Keys (sensitive data): G,W - Asymmetric Encryption Keys (authPolicy): G,W - Asymmetric Encryption Keys (public data): G,W - Symmetric | generati on HMAC key generati on KTS (AES + HMAC) key wrappin g | ||||
| TPM2_Duplicate | Duplicates a loaded object to a new parent object. | Duplicate - Asymmetric Encryption Keys (authValue): R,E - Asymmetric Encryption Keys (seedValue): R,E - Asymmetric Encryption Keys (sensitive data): R,E - Asymmetric Encryption Keys (authPolicy): R,E - Asymmetric Encryption Keys (public data): R,E - Duplication Ephemeral Keys | CTR_D RBG ECDSA KeyGen KAS- ECC KBKDF KTS RSA SHA KTS (AES + HMAC) key wrappin g | '01' | Object handle, new parent handle, encryption key, symmetric algorithm for key wrapping | Encrypted key, duplicate object, seed value (asymetrically encrypted) |
Nuvoton Trusted Platform Module Cryptographic Module y R R KASECC E E E E R,E R,E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E R,E R,E KASECC g E E E E R,E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y R,E h g R,W,E R,W,E R,W R,W R,W R,W R,W R,W © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y R,W R,W R,W R,W R,W E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y g G,W,E G,W,E G,W G,W G,W G,W G,W G,W G,W © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y G,W G,W G,W G,W KASECC g R,E R,E R,E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y R R R R R R R R © 2025 Nuvoton / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| TPM2_Rewrap | Rewraps a duplicated object with a new parent key. | Object User - Duplication Ephemeral Keys (symKey): E - Duplication Ephemeral Keys (hmacKey): E - Ephemeral Key Agreement Keys: E - Asymmetric Signing Keys (authValue): R - Asymmetric Signing Keys (seed value): R - Asymmetric Signing Keys (sensitive data): R - Asymmetric Signing Keys (authPolicy): R - Asymmetric Signing Keys (public data): R - Asymmetric Encryption Keys (authValue): R - Asymmetric Encryption Keys (seedValue): R - Asymmetric Encryption Keys (sensitive data): R - Asymmetric Encryption Keys (authPolicy): | CTR_D RBG ECDSA KeyGen KAS- ECC KBKDF KTS RSA KTS (AES + HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g | '01' | Old parent, new parent, duplicate object, name of object to be wrapped, seed value for the symmetric key and HMAC key | New duplicate object, seed for new object (encrypted with new parent's asymmetric key) |
| TPM2_Import | Import a duplicated object to be next loaded inside the TPM. | Object User - Asymmetric Encryption Keys (authValue): R,E - Asymmetric Encryption Keys (seedValue): R,E - Asymmetric Encryption Keys (sensitive data): R,E - Asymmetric Encryption Keys (authPolicy): R,E - Asymmetric | CTR_D RBG HMAC KAS- ECC KBKDF KTS RSA SHA KTS (AES + HMAC) key unwrap ping | '01' | Parent handle, encryption key, public area of object to be imported, encrypted duplicate object, duplicate object seed, algorithm for key wrapping | Private portion encrypted with the symmetric key of parent handle |
Nuvoton Trusted Platform Module Cryptographic Module y KASECC g R R R R R R © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y R R R R R KASECC R,E R,E R,E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y y): E R R R R R R R © 2025 Nuvoton / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| TPM2_RSA_Encrypt | RSA Encryption. | Unauthentica ted - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption Keys (authPolicy): E - Asymmetric Encryption Keys (public data): E | KTS RSA | '01' | Key handle, message, padding scheme, label | Cipher text |
| TPM2_RSA_Decrypt | RSA Decryption. | Unauthentica ted - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption | KTS RSA | '01' | Key handle, cipher text, scheme, label | Plaintext |
| TPM2_ECDH_KeyGen | Ephemeral key pair generation and Shared Secret Calculation. | Unauthentica ted - Ephemeral User ECC Keys: G | ECDSA KeyGen KAS- ECC- SSC | '01' | Key handle | zPoint, public point |
| TPM2_ECDH_Zgen | Shared Secret Calculation. | Object User - Ephemeral User ECC Keys: G | KAS- ECC- SSC | '01' | Key handle, public point | Output point |
| TPM2_ECC_Parameters | Returns the parameters of an ECC curve identified by its TCG-assigned curveID. | Unauthentica ted | None | '00' | Curve id | ECC parameters for selected curve |
| TPM2_EncryptDecrypt | Symmetric encryption or decryption of user data. | Object User - Symmetric Encryption Keys (authValue): E - Symmetric Encryption Keys (seedValue): E - Symmetric Encryption Keys (sensitive data): E | AES- CFB128 AES- CTR AES- OFB | '01' | Key handle, encrypt/decr ypt, mode, IV, ciphertext/pla intext | Plaintext/cipher text, IV |
| TPM2_EncryptDecrypt2 | Symmetric encryption or decryption of user data. | Object User - Symmetric Encryption Keys (authValue): E - Symmetric Encryption Keys (seedValue): E - Symmetric | AES- CFB128 AES- CTR AES- OFB | '01' | Key handle, encrypt/decr ypt, mode, IV, ciphertext/pla intext | Plaintext/cipher text, IV |
| TPM2_Hash | Performs a hash operation on user data. | Unauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | HMAC SHA | '01' | Data, hash algorithm, hierarchy | Digest, validation ticket |
| TPM2_HMAC | Performs a HMAC operation on user data. | Object User - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | HMAC | '01' | Key handle, HMAC data, hash algorithm | Returned HMAC |
| TPM2_GetRandom | Random number generation. | Unauthentica ted - DRBG state: G,E - DRBG Entropy Input: E - Transient DRBG state: G,E | CTR_D RBG | '01' | Number of bytes requested | Random bytes |
| TPM2_StirRandom | Reseed random number generator. | Unauthentica ted - DRBG Entropy Input: G | CTR_D RBG Entropy Source | '01' | Key handle, auth value, hash algorithm | Sequence handle |
| TPM2_HMAC_Start | HMAC session start | Object User - Symmetric Signing Keys | HMAC | '01' | Key handle, auth value, | Sequence handle |
| algorithms to be used | (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | algorithms to be used | ||||
| TPM2_HashSequenceSta rt | Hash session start | Unauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | SHA | '01' | Auth value, hash algorithm | Sequence handle |
| TPM2_SequenceUpdate | Sequence update | Unauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | HMAC SHA | '01' | Sequence handle, data to add to hash | N/A |
| TPM2_SequenceComplet e | Sequence complete | Unauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys | HMAC SHA | '01' | Sequence handle, data, hierarchy | Returned HMAC or message digest, ticket |
| TPM2_EventSequenceCo mplete | Event sequence complete | Object User - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | HMAC SHA | '01' | Data | List of digests |
| TPM2_CertifyCreation | Proves the association between an object and its creation data | Object Administrator - shProof: E - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E Object User - shProof: E - Asymmetric | ECDSA SigGen HMAC KBKDF RSA SigGen SHA | '01' | Sign handle, object handle, qualifying data, creation hash, scheme, creation ticket | Certify info, signature |
| TPM2_Quote | Quotes PCR values | Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys | ECDSA SigGen HMAC KBKDF RSA SigGen SHA | '01' | sign handle, qualifying data, scheme, PCR selection | quoted information, signature |
| TPM2_GetSessionAuditDi gest | Returns a digital signature of the audit session digest | Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E - Session (sessionKey): E - Session (symKey): E | ECDSA SigGen HMAC KBKDF RSA SigGen SHA | '01' | Privacy administrator handle, sign handle, session handle, qualifying data, scheme | Audit info, signature |
| TPM2_GetCommandAudi tDigest | Returns the current value of the command audit digest | Object User - Asymmetric Signing Keys (authValue): E | ECDSA SigGen HMAC KBKDF RSA | '01' | Privacy administrator handle, sign handle, qualifying | Audit info, signature |
| data, scheme | - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | SigGen SHA | data, scheme | |||
| TPM2_GetTime | Returns the current values of Time and Clock | Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric | ECDSA SigGen HMAC KBKDF RSA SigGen SHA | '01' | Privacy administrator handle, sign handle, qualifying data, scheme | Time info, signature |
| TPM2_VerifySignature | Uses loaded keys to validate a signature on a message with the message digest passed to the TPM. | Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E | HMAC RSA SigVer | '01' | Key handle, digest, signature | Validation |
| TPM2_Sign | Causes the TPM to sign an externally provided hash with the specified symmetric or asymmetric signing key. | Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): | HMAC RSA SigGen Primitiv e ECDSA SigGen | '01' | Key handle, digest, scheme, validation | Signature |
Nuvoton Trusted Platform Module Cryptographic Module y R E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E KASECCSSC KASECCSSC AESCFB128 AESCTR AESOFB E E AESCFB128 AESCTR AESOFB E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E G,E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E N/A E E e E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E e E © 2025 Nuvoton / atsec information security.
| Name | Description | Role Access | Csps Accessed | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| TPM2_SetCommandCod eAuditStatus | Used by the Privacy Administrator or platform to change the audit status of a command or to set the hash algorithm used for the audit digest, but not both at the same time. | None | Object User | '00' | Auth handle, hash algorithm, list of commands to be audited, list of commands to no longer be audited | N/A |
| TPM2_PCR_Extend | Updates the indicated PCR | SHA | Object User | '01' | PCR handle, digests | N/A |
| TPM2_PCR_Event | Updates the indicated PCR and reports a list of digests | SHA | Object User | '01' | PCR handle, event data | Digests |
| TPM2_PCR_Read | Returns the values of all PCR specified in pcrSelectionIn. | None | Unauthentica ted | '00' | PCT section to read | PCR update counter, returned PCR section, PCR values |
| TPM2_PCR_Allocate | Used to set the desired PCR | None | Object User - | '00' | Auth handle, PCR | Allocation success, max |
| allocation of PCR and algorithms. Requires Platform Authorization. | allocation of PCR and algorithms. Requires Platform Authorization. | platformAuth: E | allocation selection | number of PCR, size needed, size available | ||
| TPM2_PCR_SetAuthPolic y | Used to associate a policy with a PCR or group of PCRs. The policy determines the conditions under which a PCR may be extended or reset. | None | Object User - platformAuth: E | '00' | Auth handle, auth policy, hash algorithm | N/A |
| TPM2_PCR_SetAuthValu e | Changes the authValue of a PCR or group of PCRs. | None | Object User | '00' | PCR handle, auth value | N/A |
| TPM2_PCR_Reset | Used to set the PCR in all banks to zero. | None | Object User | '00' | PCR handle | N/A |
| TPM2_PolicySigned | Policy based on signing key | ECDSA SigVer HMAC RSA SigVer SHA | Unauthentica ted - phProof: E - ehProof: E - shProof: E - nullProof: E - Session (sessionKey): E | '01' | Signing key handle, policy session handle, TPM nonce, command parameter digest, policy reference, expiration, signed authorization | Timeout, policy ticket |
| TPM2_PolicySecret | Policy based on an entity's authValue | HMAC SHA | Object User - phProof: E - ehProof: E - shProof: E - nullProof: E | '01' | Auth handle, policy session handle, TPM nonce, command parameter digest, policy reference, expiration, signed authorization | Timeout, policy ticket |
| TPM2_PolicyTicket | Policy based on ticket (produced by PolicySigned or PolicySecret) | HMAC SHA | Unauthentica ted - phProof: E - ehProof: E - shProof: E - nullProof: E - Session | '01' | Policy session handle, TPM nonce, command parameter digest, policy | N/A |
| reference, auth name, ticket | (sessionKey): E | reference, auth name, ticket | ||||
| TPM2_PolicyOR | Policy enabling multiple authentication options | SHA | Unauthentica ted | '01' | Policy session handle, list of hash values | N/A |
| TPM2_PolicyPCR | Policy based on PCR | SHA | Unauthentica ted | '01' | Policy session handle, PCR digest, PCRs to include the digest | N/A |
| TPM2_PolicyLocality | Policy based on Locality | SHA | Unauthentica ted | '01' | Policy session handle, allowed localities for the policy | N/A |
| TPM2_PolicyNV | Policy based on contents of an NV Index | SHA | Object User | '01' | Auth handle, nv index, policy session handle, operand B, offset of NV index for the start of operand A, operation | N/A |
| TPM2_PolicyCounterTim er | Policy based on time | SHA | Unauthentica ted | '01' | Policy session handle, operand B, offset of TPMS_TIME _INFO for operand A, operation | N/A |
| TPM2_PolicyCommandC ode | Policy based on command code | SHA | Unauthentica ted | '01' | Policy session handle, command code | N/A |
| TPM2_PolicyPhysicalPre sence | Policy based on Physical Presence | SHA | Unauthentica ted | '01' | Policy session handle | N/A |
| TPM2_PolicyCpHash | Policy bound to specific command with specific parameters and specific objects | SHA | Unauthentica ted | '01' | Policy session handle, cpHash | N/A |
| TPM2_PolicyNameHash | Policy bound to specific objects | SHA | Unauthentica ted | '01' | Policy session handle, digest to be added to the policy | N/A |
| TPM2_PolicyDuplicationS elect | Policy limiting duplication to only a selected parent | SHA | Unauthentica ted | '01' | Policy session handle, object name, new parent name, included object name | N/A |
| TPM2_PolicyAuthorize | Policy enabling policy to change | HMAC SHA | Unauthentica ted - Session (sessionKey): E | '01' | Policy Session, digest of policy being approved, signing key, ticket | N/A |
| TPM2_PolicyAuthValue | Policy bound to authValue of authorized entity (requiring HMAC session) | SHA | Unauthentica ted | '01' | Policy session handle | N/A |
| TPM2_PolicyPassword | Policy bound to authValue of authorized entity (requiring password session) | SHA | Unauthentica ted | '01' | Policy session handle | N/A |
| TPM2_PolicyGetDigest | Returns the current policyDigest of the session. | None | Unauthentica ted | '00' | Policy session handle | Policy digest |
| TPM2_PolicyNvWritten | Policy based on WRITTEN attribute of NV Index | SHA | Unauthentica ted | '01' | Policy session handle | Policy digest |
| TPM2_PolicyTemplate | Policy bound to specific creation template | SHA | Unauthentica ted | '01' | Policy session handle, indication whether NV index is required to be written | N/A |
| TPM2_PolicyAuthorizeNV | Policy bound to policy stored in an NV Index | SHA | Object User | '01' | Auth handle, nv index, policy session handle | N/A |
| TPM2_CreatePrimary | Creates a Primary Object | CTR_D RBG Entropy Source ECDSA KeyGen HMAC RSA KeyGen SHA AES key generati on HMAC key generati on | Object User - ppSeed: E - epSeed: E - spSeed: E - nullSeed: E - platformAuth: E - endorsement Auth: E - ownerAuth: E - Object Ephemeral Keys (symKey): G,W,E - Object Ephemeral Keys (hmacKey): G,W,E - Endorsement Keys (private values): R - Asymmetric Signing Keys (authValue): G,W - Asymmetric Signing Keys (seed value): G,W | '01' | Primary handle, sensitive data, data to provide verifiable linkage between object and owner data, creation PCR | Object handle, public portion, creation data, creation hash, creation ticket, name |
Nuvoton Trusted Platform Module Cryptographic Module y E E E E E N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E y N/A E e N/A N/A E N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E N/A N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y N/A N/A N/A N/A N/A E N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y N/A N/A E E G,W,E G,W,E G,W G,W © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y G,W G,W G,W G,W G,W G,W G,W G,W © 2025 Nuvoton / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| TPM2_HierarchyControl | Returns the current policyDigest of the session. | Object User - platformAuth: E - endorsement Auth: E - ownerAuth: E - Asymmetric Signing Keys (authValue): Z - Asymmetric Signing Keys (seed value): Z - Asymmetric Signing Keys (sensitive data): Z - Asymmetric Signing Keys (authPolicy): Z - Asymmetric Signing Keys (public data): Z - Asymmetric Encryption Keys (authValue): Z - Asymmetric Encryption Keys (seedValue): Z - Asymmetric Encryption Keys (sensitive data): Z - Asymmetric Encryption | None | '00' | Auth handle, the enable being modified, state | N/A |
| TPM2_SetPrimaryPolicy | Allows setting of the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement hierarchy (endorsementPolicy) . | Object User - platformAuth: E - endorsement Auth: E - ownerAuth: E - lockoutAuth: E - platformPolic y: G | None | '00' | Auth handle, auth policy, hash algorithm | N/A |
| TPM2_ChangePPS | Changes the current platform primary seed (PPS) | Object User - platformPolic y: E | CTR_D RBG | '01' | Auth handle | N/A |
Nuvoton Trusted Platform Module Cryptographic Module y G,W N/A E E Z Z Z Z Z Z © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z . N/A E E E y: G N/A y: E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z Z Z Z © 2025 Nuvoton / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output | Securit y Functio ns |
|---|---|---|---|---|---|---|---|
| TPM2_ChangeEPS | Changes the current endorsement primary seed (EPS) | Object User - platformPolic y: E - epSeed: Z - ehProof: Z - endorsement Auth: Z - Asymmetric Signing Keys (authValue): Z - Asymmetric Signing Keys (seed value): Z - Asymmetric Signing Keys (sensitive data): Z - Asymmetric Signing Keys (authPolicy): Z - Asymmetric Signing Keys (public data): Z - Asymmetric Encryption Keys (authValue): Z - Asymmetric Encryption | CTR_D RBG | '01' | Auth handle | N/A | |
| TPM2_Clear | Zeroizes all TPM context associated with a specific Owner. | Object User - platformAuth: E - lockoutAuth: E,Z - epSeed: Z - spSeed: Z - shProof: Z | CTR_D RBG | '01' | Auth handle | N/A | |
| TPM2_ClearControl | Disables and enables the execution of TPM2_Clear(). | Object User - platformAuth: E - lockoutAuth: E | None | '00' | Auth handle, disable flag | N/A | |
| TPM2_HierarchyChange Auth | Allows the authorization secret for a hierarchy or lockout to be changed using the current authorization value as the command authorization. | Object User - platformAuth: E - endorsement Auth: E - ownerAuth: E - lockoutAuth: E | None | '00' | Auth handle, new auth value | N/A | |
| TPM2_DictionaryAttackLo ckReset | Cancels the effect of a TPM lockout due to a number of successive authorization failures. | Object User - lockoutAuth: E | None | '00' | Lock handle | N/A | |
| TPM2_DictionaryAttackP arameters | Changes the lockout parameters. | Object User - lockoutAuth: E | None | '00' | Lock handle, max tries, recovery time before failure count | N/A | |
| TPM2_PP_Commands | Used to determine which commands require assertion of Physical Presence (PP) in addition to platformAuth/platfor mPolicy. | Object User | None | '00' | Auth handle, list of commands to be asserted, list of commands to no longer be asserted | N/A | |
| TPM2_ContextSave | Save a (object, object sequence or session) context | Unauthentica ted - phProof: E - Context Ephemeral Keys (symKey): E - Context Ephemeral Keys (hmacKey): E - Session (salt): R | KBKDF KTS (AES + HMAC) key unwrap ping | '01' | Save handle | Context | |
| TPM2_ContextLoad | Reload a context | Unauthentica ted - phProof: E - Context Ephemeral Keys (symKey): E - Context Ephemeral Keys (hmacKey): E - Session (salt): R | KBKDF KTS (AES + HMAC) key wrappin g | '01' | Context | Loaded handle | |
| TPM2_FlushContext | Causes all context associated with a loaded object, sequence object, or session to be removed from TPM memory. | Unauthentica ted - Session (sessionKey): Z - Asymmetric Signing Keys (authValue): Z | None | '00' | Item to flush | N/A | |
| TPM2_EvictControl | Allows certain Transient Objects to be made persistent or a persistent object to be evicted. | Object User - platformAuth: E - ownerAuth: E - Asymmetric Signing Keys (authValue): W - Asymmetric Signing Keys (seed value): W - Asymmetric Signing Keys (sensitive data): W - Asymmetric Signing Keys (authPolicy): W - Asymmetric Signing Keys (public data): W - Asymmetric Encryption Keys (authValue): W - Asymmetric Encryption Keys (seedValue): W - Asymmetric Encryption Keys (sensitive data): W - Asymmetric Encryption Keys (authPolicy): W - Asymmetric Encryption Keys (public data): W - Symmetric Encryption Keys (authValue): | None | '00' | Auth handle, object handle, persistent handle | N/A | |
| TPM2_ReadClock | Reads the current TPMS_TIME_INFO structure that contains the current setting of Time, Clock, resetCount, and restartCount. | Unauthentica ted | None | '00' | N/A | Current time | |
| TPM2_ClockSet | Used to advance the value of the TPM's Clock. | Object User - platformAuth: E - ownerAuth: E | None | '00' | Auth handle, New time to set | N/A | |
| TPM2_ClockRateAdjust | Adjusts the rate of advance of Clock and Time to provide a better approximation to real time. | Object User - platformAuth: E - ownerAuth: E | None | '00' | Auth handle, rate adjustment | N/A | |
| TPM2_GetCapability (Show status/version) | Shows various information regarding the TPM and its current state. This can also be used to return module's name and | Unauthentica ted | None | '00' | Property to be read | Returned information. | |
| TPM2_TestParms | Used to check to see if specific combinations of algorithm parameters are supported. | Unauthentica ted | None | '00' | Parameters | Success or error | |
| TPM2_NV_DefineSpace | Defines the attributes of an NV Index and causes the TPM to reserve space to hold the data associated with the NV Index. | Object User - platformAuth: E - ownerAuth: E - NV Index (authValue): G - NV Index (authPolicy): G - Endorsement Keys (public values): E | None | '00' | Auth handle, auth value, public parameters of the NV areaauth handle, auth value, public parameters of the NV area | N/A | |
| TPM2_NV_UndefineSpac e | Removes an Index from the TPM. | Object User - platformAuth: E - ownerAuth: E - NV Index (authValue): Z - NV Index (authPolicy): Z | None | '00' | Auth handle, NV index | N/A | |
| TPM2_NV_UndefineSpac eSpecial | Allows removal of a platform-created NV Index that has TPMA_NV_POLICY _DELETE SET . | Object Administrator - platformAuth: E - ownerAuth: E - NV Index (authValue): Z - NV Index (authPolicy): Z Object User | None | '00' | NV index, platform | N/A | |
| TPM2_NV_ReadPublic | Read public area and name of an NV Index | Unauthentica ted | SHA | '01' | NV index | NV public area, NV name | |
| TPM2_NV_Write | Writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSp ace(). | Object User | None | '00' | Auth handle, nv index, data to write, offset | N/A | |
| TPM2_NV_Increment | Used to increment the value in an NV Index that has the TPM_NT_COUNTE R attribute. The data value of the NV Index is incremented by one. | Object User | None | '00' | auth handle, NV index | N/A | |
| TPM2_NV_Extend | Extend data to an NV Index | Object User | SHA | '01' | auth handle, nv index, data | N/A | |
| TPM2_NV_SetBits | Used to SET bits in an NV Index that was created as a bit field. | Object User | None | '00' | auth handle, NV index, bits | N/A | |
| TPM2_NV_WriteLock | If the TPMA_NV_WRITED EFINE or TPMA_NV_WRITE_ STCLEAR attributes of an NV location are SET, then this service may be used to inhibit further writes of the NV Index. | Object User | None | '00' | Auth handle, nv index | N/A | |
| TPM2_NV_GlobalWriteLo ck | Will SET TPMA_NV_WRITEL OCKED for all indexes that have their TPMA_NV_GLOBAL LOCK attribute SET. | Object User - platformAuth: E - ownerAuth: E | None | '00' | Auth handle | N/A | |
| TPM2_NV_Read | Reads a value from an area in NV memory previously defined by TPM2_NV_DefineSp ace(). | Object User | None | '00' | Auth handle, nv index, number of octets to read, offset | Data | |
| TPM2_NV_ReadLock | If TPMA_NV_READ_S TCLEAR is SET in an Index, then this service may be used to prevent further reads of the NV Index until the next TPM2_Startup (TPM_SU_CLEAR). | Object User | None | '00' | Auth handle, nv index | N/A | |
| TPM2_NV_ChangeAuth | Allows the authorization secret for an NV Index to be changed. | Object Administrator - NV Index (authValue): W - NV Index (authPolicy): W | None | '00' | NV index, new auth value | N/A | |
| TPM2_NV_Certify | Certify contents of an NV Index. | Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys | ECDSA SigGen HMAC RSA SigGen SHA | '01' | Qualifying data, scheme, size, offset | Certify info, signature | |
| TPM2_ACT_SetTimeout | Used to set the time remaining before an Authenticated Countdown Timer (ACT) expires. | Object User | None | '00' | Act handle, start timeout value | N/A | |
| NTC_FIELD_UPGRADE | Used to verify arguments and protect the input firmware payload | Object Administrator - Firmware Update Keys (ECC): E - Firmware Update Keys (AES): E | AES- CTR ECDSA SigVer | '01' | Firmware payload | N/A | |
| TPM2_Create | Creation of an ordinary object | CKG | Object User | ||||
| TPM2_Load | Loading an protected object | KAS-ECC-SSC | Object User | ||||
| TPM2_LoadExternal | Loading an external object | KAS-ECC-SSC | None | ||||
| TPM2_CreateLoaded | Creation and loading of an ordinary or a derived object | CKG | Object User | ||||
| TPM2_RSA_Encrypt | RSA Encryption | RSA Key Transport | None | ||||
| TPM2_RSA_Decrypt | RSA Decryption | RSA Key Transport | Object User | ||||
| TPM2_ECDH_ZGen | Shared Secret Calculation with TPM static key and provided public key (1e,1s) | KAS-ECC-SSC | Object User | ||||
| TPM2_ZGen_2Phase | Ephemeral key pair derivation and Shared Secret Calculation with TPM ephemeral and static key and provided ephemeral and static key (2e,2s) | KAS-ECC-SSC | Object User | ||||
| TPM2_HMAC | Performs a HMAC operation on user data | HMAC | Object User | ||||
| TPM2_HMAC_Start | HMAC session start | HMAC | Object User | ||||
| TPM2_SequenceUpdate | Sequence update | HMAC | Object User | ||||
| TPM2_SequenceComplete | Sequence complete | HMAC | Object User | ||||
| TPM2_EventSequenceComplete | Event sequence complete | HMAC | Object User | ||||
| TPM2_Certify | Proves that an object with a specific Name is loaded in the TPM | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMAC | Object Administrator, Object User | ||||
| TPM2_CertifyCreation | Proves the association between an object and its creation data | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMAC | Object Administrator, Object User | ||||
| TPM2_Quote | Quotes PCR values | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMAC | Object User | ||||
| TPM2_GetSessionAuditDigest | Returns a digital signature of the audit session digest | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMAC | Object User | ||||
| TPM2_GetCommandAuditDigest | Returns the current value of the command audit digest | RSA signature generation using SHA-1 ECDSA signature generation using | Object User | ||||
| TPM2_GetTime | Returns the current values of Time and Clock | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMAC | Object User | ||||
| TPM2_EC_Ephemeral | Ephemeral key pair derivation | KAS-ECC-SSC | None | ||||
| TPM2_VerifySignature | Uses loaded keys to validate a signature on a message with the message digest passed to the TPM. | HMAC | None | ||||
| TPM2_Sign | Causes the TPM to sign an externally provided hash with the specified symmetric or asymmetric signing key. | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 | Object User | ||||
| TPM2_PolicySigned | Policy based on signing key | HMAC | None | ||||
| TPM2_PolicySecret | Policy based on an entity's authValue | HMAC | Object User | ||||
| TPM2_PolicyTicket | Policy based on ticket (produced by PolicySigned or PolicySecret) | HMAC | None | ||||
| TPM2_PolicyAuthorize | Policy enabling policy to change | HMAC | None | ||||
| TPM2_CreatePrimary | Creates a Primary Object | CKG | Object User | ||||
| TPM2_NV_Certify | Certify contents of an NV Index | RSA signature generation using SHA-1 ECDSA signature generation using SHA-1 | Object User |
Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z N/A y: E Z Z Z Z Z © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z Z N/A E E,Z © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y Z Z :Z Z Z N/A E E N/A E E E N/A E N/A E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y N/A g N/A Z Z © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y N/A E E W W W W W W W © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y W W W W N/A N/A E E N/A E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y N/A E E G G e N/A E E Z Z N/A E E Z Z © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E Z Z N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y N/A E E N/A N/A W W E E E © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module y E E E N/A N/A AESCTR Table 13: Approved Services
© 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Table 14: Non-Approved Services
The software/firmware load test is performed prior to loading external software or firmware on the security module. The firmware image is verified using an ECDSA signature verification algorithm, utilizing a 384-bit Firmware Update key. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
The integrity of the module is verified by comparing an HMAC-SHA-256 value calculated at run time. The integrity test uses a fixed key size of 160 bits.
On demand integrity test may be performed by power cycling. The operator can call TPM2_Startup service from the Approved Services Table to perform on-demand integrity test. This service resets the module, resulting in the pre-operational self-tests to be re-performed. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
The module operates in a non-modifiable operational environment per FIPS 140-3 security level 1 specifications. The operator cannot modify the firmware components of the module. Type of Operational Environment: Non-Modifiable © 2025 Nuvoton / atsec information security.
| Mechanism | Inspection Frequency | Inspection Guidance | |||
|---|---|---|---|---|---|
| Hard tamper-evident coating | Determined by the operator | Observe the coating surrounding the chip for any signs of damage |
| Temp/Voltage Type | Temperature or Voltage | EFP | Result | |
|---|---|---|---|---|
| or | ||||
| EFT | ||||
| LowTemperature | -197.9°C | EFT | The module remained operational without producing errors | |
| HighTemperature | 200.4°C | EFT | The module remained operational without producing errors | |
| LowVoltage | 1.7V | EFT | Module shuts down | |
| HighVoltage | 3.47V | EFT | Module shuts down |
| Temperature | Temperature | |
|---|---|---|
| Type | ||
| LowTemperature | -40°C | |
| HighTemperature | 105°C |
Nuvoton Trusted Platform Module Cryptographic Module
The TPM is implemented as a single integrated circuit (IC) device that attaches to standard system PCBs. It is manufactured using de-facto standard integrated circuit manufacturing technologies, producing a device that meets all commercial-grade power, temperature, reliability, shock and vibration specifications. The TPM IC physical package provides hardness, opacity and tamperevidence protection conforming to FIPS 140-3 Physical Security Level
Table 15: Mechanisms and Actions Required Table 16: EFP/EFT Information
Table 17: Hardness Testing Temperatures © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
This module does not implement any non-invasive security mechanism defined in SP 800-140F, therefore this section is not applicable. © 2025 Nuvoton / atsec information security.
| Name | Type | Description |
|---|---|---|
| Flash | Static | Storage location for firmware components and persistent SSPs. |
| RAM | Dynamic | Storage location for runtime operations and transient SSPs. |
| Stack | Dynamic | Storage location for ephemeral keys. |
| Name | Approved Functions | Type | From | To | ||
|---|---|---|---|---|---|---|
| TPM2_Load | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_EvictControl | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_Import | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_Create (Import) | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_Create (Export) | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_CreatePrimary (Import) | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_CreatePrimary (Export) | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_CreateLoaded | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_ContextLoad | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_ContextSave | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_ReadPublic | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_ObjectChangeAuth (Import) | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_ObjectChangeAuth (Export) | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_NV_ChangeAuth (Import) | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_NV_ChangeAuth (Export) | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_Rewrap (Import) | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_Rewrap (Export) | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_HierarchyChangeAuth | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_SetPrimaryPolicy | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_Duplicate (Import, Plain) | Plaintext | RAM | Entity using the module | Manual | Electronic | |
| TPM2_Duplicate (Import, Encrypted) | KTS (AES + HMAC) key unwrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_Duplicate (Export, Plain) | Plaintext | RAM | Entity using the module | Manual | Electronic | |
| TPM2_Duplicate (Export, Encrypted) | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
| TPM2_LoadExternal | Plaintext | Entity using the module | RAM | Automated | Electronic | |
| TPM2_MakeCredential | KTS (AES + HMAC) key unwrapping | Encrypted | Entity using the module | RAM | Automated | Electronic |
| TPM2_ActivateCredential | KTS (AES + HMAC) key wrapping | Encrypted | RAM | Entity using the module | Automated | Electronic |
Nuvoton Trusted Platform Module Cryptographic Module
© 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Table 19: SSP Input-Output Methods The module requires two independent internal actions to output SSP in plaintext. The TPM2_Duplicate command performs the following actions:
The table below identifies every zeroization method that is available within the module. Please refer to the “Zeroization” column in SSP Table 2 for the zeroization method used for each specific SSP. © 2025 Nuvoton / atsec information security.
| Zeroization Method | Description | Rationale | Operator Initiation | ||||
|---|---|---|---|---|---|---|---|
| zeroized. Flushes any resident objects. | |||||||
| TPM2_ChangePPS | Changes the current platform primary seed (PPS) | ppSeed is overwritten by random values from the DRBG. platformPolicy is zeroized. Flushes any resident objects. | By invoking the TPM2_ChangePPS service | ||||
| TPM2_Startup | Can be used to reset the module and have all variables go to the default initialization state | All variables are overwritten back the the default values (zeroed). | By invoking the TPM2_Startup service | ||||
| TPM2_FlushContext | Causes all context associated with a loaded object, sequence object, or session to be removed from TPM memory. | Clears objects from memory. | By invoking the TPM2_FlushContext service | ||||
| TPM2_NV_UndefineSpace | Removes an Index from the TPM. | Index is removed from the TPM. | By invoking the TPM2_NV_UndefineSpace service | ||||
| TPM2_HierarchyControl | This command enables and disables use of a hierarchy and its associated NV storage. The command allows phEnable, phEnableNV, shEnable, and ehEnable to be changed when the proper authorization is provided. | Zeroizes non-volatile stored values related to the disabled hierarchy | By invoking the TPM2_HierarchyControl service | ||||
| Clear TPM | Persistent memory is zeroized using a proprietary method | Removes all module contents | For further information and instructions on clearing the flash, contact the platform manufacturer or Nuvoton support |
Table 20: SSP Zeroization Methods
The table below summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. © 2025 Nuvoton / atsec information security.
| Name | Type | Description | Strength | Generation | Establishment | Use |
|---|---|---|---|---|---|---|
| ppSeed | Seed Value - CSP | KBKDF derivation keys to derive primary object's seedValue and sensitive data | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| epSeed | Seed Value - CSP | KBKDF derivation keys to derive primary object's seedValue and sensitive data | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| spSeed | Seed Value - CSP | KBKDF derivation keys to derive primary object's seedValue and sensitive data | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| nullSeed | Seed Value - CSP | KBKDF derivation keys to derive primary object's seedValue and sensitive data | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| phProof | Proof Values - CSP | Used as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove that an externally stored computation (context blob or a ticket) was created or checked by the TPM. | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| ehProof | Proof Values - CSP | Used as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove that an externally stored computation (context blob or a ticket) was created or checked by the TPM. | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| shProof | Proof Values - CSP | Used as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| nullProof | Proof Values - CSP | Used as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove that an externally stored computation (context blob or a ticket) was created or checked by the TPM. | 512 bits - 256 bits | CTR_DRB G | KBKDF | |
| platformAuth | Authorization Values - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessions. | Same as digest - Same as digest | |||
| endorsementAuth | Authorization Values - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessions | Same as digest - Same as digest | |||
| ownerAuth | Authorization Values - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessions | Same as digest - Same as digest | |||
| lockoutAuth | Authorization Values - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessions | Same as digest - Same as digest | |||
| platformPolicy | Policies - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessions | Same as digest - Same as digest | |||
| endorsementPolic y | Policies - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessions | Same as digest - Same as digest | |||
| ownerPolicy | Policies - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessions | Same as digest - Same as digest | |||
| lockoutPolicy | Policies - CSP | Authorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessions | Same as digest - Same as digest | |||
| Asymmetric Signing Keys (authValue) | Object Keys - CSP | Authorization data known to the Object owner, required when using or changing the Asymmetric Signing Key Object. | Same as digest - Same as digest | |||
| Asymmetric Signing Keys (seed value) | Object Keys - CSP | Unused (set to 0). | Same as digest - Same as digest | KBKDF | KBKDF | |
| Asymmetric Signing Keys (sensitive data) | Object Keys - CSP | ECDSA/RSA Private Data for Signature Generation and Verification | ECDSA: P-256, P-384; RSA: 2048, 3072, 4096 - ECDSA: | ECDSA KeyGen RSA KeyGen | ECDSA SigGen RSA SigGen RSA SigGen Primitive ECDSA | |
| 128 or 192 bits; RSA: 112, 128 or 150 bits | 128 or 192 bits; RSA: 112, 128 or 150 bits | SigGen Component | ||||
| Asymmetric Signing Keys (authPolicy) | Object Keys - CSP | Command authentication data | Same as digest - Same as digest | |||
| Asymmetric Signing Keys (public data) | Object Keys - PSP | ECDSA/RSA Public Data | ECDSA: P-256, P-384; RSA: 2048, 3072, 4096 - ECDSA: 128 or 192 bits; RSA: 112, 128 or 150 bits | ECDSA KeyGen RSA KeyGen | ECDSA KeyVer ECDSA SigVer RSA SigVer | |
| Asymmetric Encryption Keys (authValue) | Object Keys - CSP | Authorization data known to the Object owner, required when using or changing the Object. | Same as digest - Same as digest | |||
| Asymmetric Encryption Keys (seedValue) | Object Keys - CSP | Authorization data known to the Object owner, required when using or changing the Object. | Same as digest - Same as digest | KBKDF | KBKDF | |
| Asymmetric Encryption Keys (sensitive data) | Object Keys - CSP | ECC/RSA Private Data | ECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 | CTR_DRB G KBKDF | KAS-ECC KAS-ECC- SSC KTS RSA | |
| Asymmetric Encryption Keys (authPolicy) | Object Keys - CSP | Command authentication data | 512 bits - 256 bits | |||
| Asymmetric Encryption Keys (public data) | Object Keys - PSP | ECC/RSA Public Data | ECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 or 150 bits | KAS-ECC KAS-ECC- SSC KTS RSA | ||
| Symmetric Encryption Keys (authValue) | Object Keys - CSP | Authorization data known to the Object owner, required when using or changing the Symmetric Encryption Key Object | Same as digest - Same as digest | |||
| Symmetric Encryption Keys (seedValue) | Object Keys - CSP | Used to compute the unique field (If restricted decrypt key - by using HMAC, if not a restricted decrypt key - by hashing with the sensitive field) | Same as digest - Same as digest | |||
| Symmetric Encryption Keys (sensitive data) | Object Keys - CSP | Symmetric encryption using AES | 128 or 256 bits - 128 or 256 bits | AES- CFB128 AES-CTR AES-OFB | ||
| Symmetric Signing Keys (authValue) | Object Keys - CSP | Authorization data known to the Object owner, required when using or changing the Symmetric Signing Key Object | Same as digest - Same as digest | |||
| Symmetric Signing Keys (seedValue) | Object Keys - CSP | Additionally used to compute the unique field (If restricted decrypt key - by | Same as digest - Same | |||
| using HMAC, if not a restricted decrypt key - by hashing with the sensitive field) | using HMAC, if not a restricted decrypt key - by hashing with the sensitive field) | as digest | ||||
| Symmetric Signing Keys (sensitive data) | Object Keys - CSP | Message Authentication Code using HMAC | 160, 256, 384 bits - 128 or 256 bits | HMAC | ||
| Object Ephemeral Keys (symKey) | Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSP | Symmetric encryption key (AES) protecting (encryption) the object sensitive data | 128 or 256 bits - 128 or 256 bits | KBKDF | AES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Object Ephemeral Keys (hmacKey) | Ephemeral Key Wrapping Keys (MAC) - CSP | Symmetric signing key (HMAC) protecting (integrity) the encrypted data | 160, 256, 384 bits - 128 or 256 bits | KBKDF | HMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Duplication Ephemeral Keys (symKey) | Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSP | Symmetric encryption key (AES) protecting (encryption) the object sensitive data | 128 or 256 bits - 128 or 256 bits | KAS-ECC KTS RSA | AES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Duplication Ephemeral Keys (hmacKey) | Ephemeral Key Wrapping Keys (MAC) - CSP | Symmetric signing key (HMAC) protecting (integrity) the encrypted data | 160, 256, 384 bits - 128 or 256 bits | KAS-ECC KTS RSA | HMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Duplication Ephemeral Keys (innerSymKey) | Ephemeral Key Wrapping Keys Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSP | Symmetric encryption key (AES) for double protecting (encryption) the object sensitive data | 128 or 256 bits - 128 or 256 bits | CTR_DRB G | AES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Context Ephemeral Keys (symKey) | Ephemeral Key Wrapping Keys Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSP | Symmetric encryption key (AES) protecting (encryption) the the externally stored objects, sequence objects, and sessions | 128 or 256 bits - 128 or 256 bits | KBKDF | AES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Context Ephemeral Keys (hmacKey) | Ephemeral Key Wrapping Keys (MAC) - CSP | Symmetric signing key (HMAC) protecting (integrity) the encrypted data | 160, 256, 384 bits - 128 or 256 bits | KBKDF | HMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Credential Ephemeral Keys (symKey) | Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSP | Symmetric encryption key (AES) protecting (encryption) the the externally stored objects, sequence objects, and sessions | 128 or 256 bits - 128 or 256 bits | KAS-ECC KTS RSA | AES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Credential Ephemeral Keys (hmacKey) | Ephemeral Key Wrapping Keys (MAC) - CSP | Symmetric signing key (HMAC) protecting (integrity) the encrypted data | 160, 256, 384 bits - 128 or 256 bits | KAS-ECC KTS RSA | HMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping | |
| Ephemeral Key Agreement Keys | Asymmetric Ephemeral Keys - CSP | ECC ephemeral keys used in Diffie- Hellman key exchange. | P-256, P-384 - 128 or 192 bits | CTR_DRB G KBKDF | KAS-ECC | |
| Ephemeral User ECC Keys | Asymmetric Ephemeral Keys - CSP | ECC private key used for user cryptography support | P-256, P-384 - 128 or 192 bits | CTR_DRB G KBKDF | KAS-ECC- SSC | |
| Endorsement Keys (private values) | Endorsement Keys (Asymmetric) - CSP | Private key values for Digital Signature Generation/Verificatio n | ECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 or 150 bits | ECDSA SigGen ECDSA SigVer | ||
| Endorsement Keys (public values) | Endorsement Keys (Asymmetric) - PSP | Certificates containing the public RSA\ECC keys | ECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 or 150 bits | ECDSA SigGen ECDSA SigVer | ||
| Firmware Update Keys (ECC) | Firmware Update Keys - PSP | ECC Public Key Used to verify arguments of FU_Start & FU_Complete commands using ECDSA | P-256, P-384 - 128 or 192 bits | ECDSA SigVer | ||
| Firmware Update Keys (AES) | Firmware Update Keys - CSP | Used to decrypt input payload of FU_Load command | 128 or 256 bits - 128 or 256 bits | AES-CTR | ||
| NV Index (authValue) | NV Index - CSP | Authorization data used in authorization session, and extended into policyDigest on TPM2_PolicySecret command | Same as digest - Same as digest | |||
| NV Index (authPolicy) | NV Index - CSP | Authorization data used in policy session | Same as digest - Same as digest | |||
| Session (salt) | Session Keys - CSP | KBKDF derivation key to derive sessionKey | 384 bits - 256 bits | KBKDF | ||
| Session (sessionKey) | Session Keys - CSP | HMAC key to compute session HMAC | 160, 256, 384 bits - 128 or 256 bits | KBKDF | HMAC KBKDF | |
| Session (symKey) | Session Keys - CSP | Ephemeral symmetric encryption key for message parameter encrypt/decrypt (of the first sized buffer parameter, if a session-based encryption is used) | 128 or 256 bits - 128 or 256 bits | KBKDF | AES- CFB128 AES-CTR AES-OFB | |
| DRBG state | DRBG Keys - CSP | The CTR DRBG working state. Contains the current V and Key | 384 bits - 256 bits | CTR_DRB G | ||
| DRBG Entropy Input | DRBG Keys - CSP | Bit stream produced from the entropy source, used as entropy input for the DRBG's seed | 384 bits - 256 bits | Entropy Source | CTR_DRB G | |
| Transient DRBG state | DRBG Keys - CSP | Local DRBG state used for pseud- random during CreatePrimary command | 384 bits - 256 bits | CTR_DRB G |
Nuvoton Trusted Platform Module Cryptographic Module h G G G G G G G © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h G © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h y © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h ECC: P256, P384; G KAS-ECCSSC © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h ECC: P256, P384; KAS-ECCSSC AESCFB128 © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h AESCFB128 AESCFB128 © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h G AESCFB128 AESCFB128 AESCFB128 © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h G G KAS-ECCSSC n ECC: P256, P384; ECC: P256, P384; © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module h AESCFB128 G G G Table 21: SSP Table 1 © 2025 Nuvoton / atsec information security.
| Name | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|
| ppSeed | Flash:Obfuscat ed | TPM2_ChangePPS | N/A | ||
| epSeed | Flash:Obfuscat ed | TPM2_ChangeEPS | N/A | ||
| spSeed | Flash:Obfuscat ed | TPM2_Clear | N/A | ||
| nullSeed | RAM:Plaintext | TPM2_Startup | Until reset | ||
| phProof | Flash:Obfuscat ed | TPM2_ChangePPS | N/A | ||
| ehProof | Flash:Obfuscat ed | TPM2_Clear TPM2_ChangeEPS | N/A | ||
| shProof | Flash:Obfuscat ed | TPM2_Clear | N/A | ||
| nullProof | RAM:Plaintext | TPM2_Startup | N/A | ||
| platformAuth | RAM:Plaintext | TPM2_Startup | TPM2_HierarchyChange Auth | Until reset | |
| endorsementAut h | Flash:Obfuscat ed | TPM2_Clear TPM2_ChangeEPS | TPM2_HierarchyChange Auth | N/A | |
| ownerAuth | Flash:Obfuscat ed | TPM2_Clear | TPM2_HierarchyChange Auth | N/A | |
| lockoutAuth | Flash:Obfuscat ed | TPM2_Clear | TPM2_HierarchyChange Auth | N/A | |
| platformPolicy | RAM:Plaintext | TPM2_Startup | TPM2_SetPrimaryPolicy | N/A | |
| endorsementPol icy | Flash:Obfuscat ed | TPM2_Clear TPM2_ChangeEPS TPM2_Startup | TPM2_SetPrimaryPolicy | N/A | |
| ownerPolicy | Flash:Obfuscat ed | TPM2_Clear TPM2_Startup | TPM2_SetPrimaryPolicy | N/A | |
| lockoutPolicy | Flash:Obfuscat ed | TPM2_Clear TPM2_Startup | TPM2_SetPrimaryPolicy | N/A | |
| Asymmetric Signing Keys (authValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A | Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (authPolicy):Used With Asymmetric Signing Keys (public data):Used With |
| Asymmetric Signing Keys (seed value) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A | Asymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (authPolicy):Used With Asymmetric Signing Keys (public data):Used With ppSeed:Derived From |
| Asymmetric Signing Keys (sensitive data) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded | N/A | Asymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys |
Nuvoton Trusted Platform Module Cryptographic Module The following table continues to summarize the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. e n N/A N/A N/A N/A N/A N/A N/A h N/A N/A N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.
| Name | Storage | Zeroization | Use | Input | |
|---|---|---|---|---|---|
| Asymmetric Signing Keys (authPolicy) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (public data):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A |
| Asymmetric Signing Keys (public data) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (authPolicy):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) | N/A |
| Asymmetric Encryption Keys (authValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Encryption Keys (seedValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (authPolicy):Used With Asymmetric Encryption Keys (public data):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A |
| Asymmetric Encryption Keys (seedValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (authPolicy):Used With Asymmetric Encryption Keys (public data):Used With ppSeed:Derived From | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A |
| Asymmetric Encryption Keys (sensitive data) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (seedValue):Used | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) | N/A |
| TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | With Asymmetric Encryption Keys (authPolicy):Used With Asymmetric Encryption Keys (public data):Used With ppSeed:Derived From | TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | |||
| Asymmetric Encryption Keys (authPolicy) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (seedValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (public data):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A |
| Asymmetric Encryption Keys (public data) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Asymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (seedValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (authPolicy):Used With Symmetric Encryption Keys | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, | N/A |
| Plain) TPM2_Duplicate (Export, Encrypted) | (authValue):Used With | Plain) TPM2_Duplicate (Export, Encrypted) | |||
| Symmetric Encryption Keys (authValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Symmetric Encryption Keys (seedValue):Used With Symmetric Encryption Keys (sensitive data):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A |
| Symmetric Encryption Keys (seedValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Symmetric Encryption Keys (authValue):Used With Symmetric Encryption Keys (sensitive data):Used With ppSeed:Derived From | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | N/A |
| Symmetric Encryption Keys (sensitive data) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr | Symmetric Encryption Keys (authValue):Used With Symmetric Encryption Keys | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary | N/A |
| (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | ol Clear TPM | (seedValue):Used With ppSeed:Derived From | (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted) | ||
| Symmetric Signing Keys (authValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Symmetric Signing Keys (seedValue):Used With Symmetric Signing Keys (sensitive data):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) | N/A |
| Symmetric Signing Keys (seedValue) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPM | Symmetric Signing Keys (authValue):Used With Symmetric Signing Keys (sensitive data):Used With ppSeed:Derived From | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) | N/A |
| Symmetric Signing Keys (sensitive data) | RAM:Plaintext Flash:Obfuscat ed | TPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext | Symmetric Signing Keys (authValue):Used With | TPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) | N/A |
| TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) | TPM2_HierarchyContr ol Clear TPM | Symmetric Signing Keys (seedValue):Used With ppSeed:Derived From | TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) | ||
| Object Ephemeral Keys (symKey) | Stack:Plaintext | Stack Cleaning | Object Ephemeral Keys (hmacKey):Used With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric Encryption Keys (sensitive data):Encrypts Asymmetric Encryption Keys (authPolicy):Encry pts Asymmetric Encryption Keys | TPM2_Load TPM2_Create (Import) TPM2_Create (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) | Until no longer needed , or power reset. |
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
| Name | Storage | Zeroization | Input | Related SSPs (sensitive data):Decrypts Asymmetric Encryption Keys (auth Policy):Decry pts Asymmetric Encryption Keys (public data):Decrypts Symmetric Encryption Keys (auth Value):Decry pts Symmetric Encryption Keys (seed Value):Decry pts Symmetric Encryption Keys (sensitive data):Decrypts Symmetric Signing Keys (auth Value):Decry pts Symmetric Signing Keys (seed Value):Decry pts Symmetric Signing Keys (sensitive data):Decrypts Asymmetric Signing Keys (seed value):Derived From Asymmetric Encryption Keys (seed Value):Deriv ed From Symmetric Encryption Keys (seed Value):Deriv ed From Symmetric Signing Keys (seed Value):Deriv ed From | |
|---|---|---|---|---|---|
| Object Ephemeral Keys (hmacKey) | Stack:Plaintext | Stack Cleaning | TPM2_Load TPM2_LoadExternal TPM2_Create (Import) TPM2_Create (Export) | Until no longer needed , or | Object Ephemeral Keys (symKey):Used With |
| TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) | TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) | power reset. | Asymmetric Signing Keys (seed value):Derived From Asymmetric Encryption Keys (seedValue):Deriv ed From Symmetric Encryption Keys (seedValue):Deriv ed From Symmetric Signing Keys (seedValue):Deriv ed From | ||
| Duplication Ephemeral Keys (symKey) | Stack:Plaintext | Stack Cleaning | TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Import TPM2_Duplicate (Import, Plain) TPM2_Duplicate (Import, Encrypted) | Until no longer needed , or power reset. | Duplication Ephemeral Keys (hmacKey):Used With Duplication Ephemeral Keys (innerSymKey):Us ed With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric |
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
| Name | Establishment | Storage | Zeroization | Input | |
|---|---|---|---|---|---|
| Duplication Ephemeral Keys (hmacKey) | Duplication Ephemeral Keys (symKey):Used With Duplication | Stack:Plaintext | Stack Cleaning | TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Import TPM2_Duplicate (Import, Plain) | Until no longer needed , or |
| TPM2_Duplicate (Import, Encrypted) | Ephemeral Keys (innerSymKey):Us ed With Ephemeral Key Agreement Keys:Derived From DRBG state:Derived From | TPM2_Duplicate (Import, Encrypted) | power reset. | ||
| Duplication Ephemeral Keys (innerSymKey) | Duplication Ephemeral Keys (symKey):Used With Duplication Ephemeral Keys (hmacKey):Used With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric Encryption Keys (sensitive data):Encrypts Asymmetric Encryption Keys (authPolicy):Encry pts | Stack:Plaintext | Stack Cleaning | TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Import TPM2_Duplicate (Import, Plain) TPM2_Duplicate (Import, Encrypted) | Until no longer needed , or power reset. |
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
| Name | Storage | Zeroization | Input | Related SSPs Asymmetric Encryption Keys (sensitive data):Decrypts Asymmetric Encryption Keys (auth Policy):Decry pts Asymmetric Encryption Keys (public data):Decrypts Symmetric Encryption Keys (auth Value):Decry pts Symmetric Encryption Keys (seed Value):Decry pts Symmetric Encryption Keys (sensitive data):Decrypts Symmetric Signing Keys (auth Value):Decry pts Symmetric Signing Keys (seed Value):Decry pts Symmetric Signing Keys (sensitive data):Decrypts | |
|---|---|---|---|---|---|
| Context Ephemeral Keys (symKey) | Stack:Plaintext | Stack Cleaning | TPM2_ContextLoad TPM2_ContextSave | Until no longer needed , or power reset. | Context Ephemeral Keys (hmacKey):Used With Session (salt):Encrypts Session (salt):Decrypts phProof:Derived From |
| Context Ephemeral Keys (hmacKey) | Stack:Plaintext | Stack Cleaning | TPM2_ContextLoad TPM2_ContextSave | Until no longer needed , or power reset. | Context Ephemeral Keys (symKey):Used With phProof:Derived From |
| Credential Ephemeral Keys (symKey) | Stack:Plaintext | Stack Cleaning | TPM2_MakeCredential TPM2_ActivateCredential | Until no longer needed , or power reset. | Credential Ephemeral Keys (hmacKey):Used With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric Encryption Keys (sensitive data):Encrypts Asymmetric Encryption Keys (authPolicy):Encry pts Asymmetric Encryption Keys (public data):Encrypts Symmetric Encryption Keys (authValue):Encry pts Symmetric Encryption Keys (seedValue):Encry pts Symmetric Encryption Keys |
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
| Name | Establishment | Storage | Zeroization | Input | |
|---|---|---|---|---|---|
| Credential Ephemeral Keys (hmacKey) | Credential Ephemeral Keys (symKey):Used With Ephemeral Key Agreement Keys:Derived From DRBG state:Derived From | Stack:Plaintext | Stack Cleaning | TPM2_MakeCredential TPM2_ActivateCredential | Until no longer needed , or power reset. |
| Ephemeral Key Agreement Keys | Stack:Plaintext | Stack Cleaning | Until no longer needed , or power reset. | ||
| Ephemeral User ECC Keys | Stack:Plaintext | Stack Cleaning | TPM2_Load TPM2_LoadExternal | Until no longer needed , or power reset. | |
| Endorsement Keys (private values) | Endorsement Keys (public values):Paired With epSeed:Used With | Flash:Obfuscat ed | TPM2_ChangeEPS Clear TPM | TPM2_CreatePrimary (Import) | N/A |
| Endorsement Keys (public values) | Endorsement Keys (private values):Paired With epSeed:Used With | Flash:Obfuscat ed | TPM2_ChangeEPS Clear TPM | N/A | |
| Firmware Update Keys (ECC) | Firmware Update Keys (AES):Used With | Flash:Obfuscat ed | Clear TPM | N/A | |
| Firmware Update Keys (AES) | Firmware Update Keys (ECC):Used With | Flash:Obfuscat ed | Clear TPM | N/A | |
| NV Index (authValue) | NV Index (authPolicy):Used With | Flash:Obfuscat ed | TPM2_Clear TPM2_ChangeEPS TPM2_ChangePPS TPM2_NV_UndefineSp ace Clear TPM | TPM2_NV_ChangeAuth (Import) TPM2_NV_ChangeAuth (Export) | N/A |
| NV Index (authPolicy) | NV Index (authValue):Used With | Flash:Obfuscat ed | TPM2_Clear TPM2_ChangeEPS TPM2_ChangePPS TPM2_NV_UndefineSp ace Clear TPM | TPM2_NV_ChangeAuth (Import) TPM2_NV_ChangeAuth (Export) | N/A |
| Session (salt) | Stack:Plaintext | Stack Cleaning | TPM2_ContextLoad TPM2_ContextSave | N/A | |
| Session (sessionKey) | phProof:Used With ehProof:Used With shProof:Used With nullProof:Used With Session (salt):Derived From | RAM:Plaintext | TPM2_Startup TPM2_FlushContext | N/A | |
| Session (symKey) | Session (sessionKey):Deri ved From | Stack:Plaintext | Stack Cleaning | N/A | |
| DRBG state | DRBG Entropy Input:Derived From | RAM:Plaintext Flash:Obfuscat ed | TPM2_Startup Clear TPM | N/A | |
| DRBG Entropy Input | DRBG state:Paired With | RAM:Plaintext Flash:Obfuscat ed | TPM2_Startup Clear TPM | N/A | |
| Transient DRBG state | DRBG Entropy Input:Derived From | RAM:Plaintext Flash:Obfuscat ed | TPM2_Startup Clear TPM | N/A |
Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A Table 22: SSP Table 2 © 2025 Nuvoton / atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | ||
|---|---|---|---|---|---|---|---|---|
| HMAC-SHA2-256 (A4792) | HMAC-SHA2-256 (A4792) | Message Authentication Code (MAC) | SW/FW Integrity | Performed on system startup | HMAC-SHA2- 256 | Successful boot | ||
| Counter DRBG (A4792) | Counter DRBG (A4792) | KAT | CAST | Random Number Generation | Successful boot | 256-bit key | Upon first invocation of service that uses the algorithm. | |
| HMAC- SHA2-384 (A4792) | HMAC- SHA2-384 (A4792) | KAT | CAST | Verify | Successful boot | 384 bit keys | Upon first invocation of service that uses the algorithm. | |
| KDF SP800- 108 (A4792) | KDF SP800- 108 (A4792) | KAT | CAST | Key Derivation | Successful boot | SHA2-256 | Upon first invocation of service that uses the algorithm. | |
| KDA OneStep Sp800-56Cr1 (A4792) | KDA OneStep Sp800-56Cr1 (A4792) | KAT | CAST | Key Derivation | Successful boot | SHA2-256 | Upon first invocation of service that uses the algorithm. | |
| SHA-1 (A4792) | SHA-1 (A4792) | KAT | CAST | Message Digest | Successful boot | SHA-1 | Upon first invocation of service that uses the algorithm. | |
| SHA2-256 (A4792) | SHA2-256 (A4792) | KAT | CAST | Message Digest | Successful boot | SHA2-256 | Upon first invocation of service that |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | ||
|---|---|---|---|---|---|---|---|---|---|---|
| HMAC-SHA2-256 (A4792) | HMAC-SHA2-256 (A4792) | Message Authentication Code (MAC) | SW/FW Integrity | Performed on system startup | HMAC-SHA2- 256 | Successful boot | ||||
| Counter DRBG (A4792) | Counter DRBG (A4792) | KAT | CAST | Random Number Generation | Successful boot | 256-bit key | Upon first invocation of service that uses the algorithm. | |||
| HMAC- SHA2-384 (A4792) | HMAC- SHA2-384 (A4792) | KAT | CAST | Verify | Successful boot | 384 bit keys | Upon first invocation of service that uses the algorithm. | |||
| KDF SP800- 108 (A4792) | KDF SP800- 108 (A4792) | KAT | CAST | Key Derivation | Successful boot | SHA2-256 | Upon first invocation of service that uses the algorithm. | |||
| KDA OneStep Sp800-56Cr1 (A4792) | KDA OneStep Sp800-56Cr1 (A4792) | KAT | CAST | Key Derivation | Successful boot | SHA2-256 | Upon first invocation of service that uses the algorithm. | |||
| SHA-1 (A4792) | SHA-1 (A4792) | KAT | CAST | Message Digest | Successful boot | SHA-1 | Upon first invocation of service that uses the algorithm. | |||
| SHA2-256 (A4792) | SHA2-256 (A4792) | KAT | CAST | Message Digest | Successful boot | SHA2-256 | Upon first invocation of service that | |||
| SHA2-384 (A4792) | SHA2-384 (A4792) | KAT | CAST | Message Digest | Successful boot | SHA2-384 | Upon first invocation of service that uses the algorithm. | |||
| AES-CFB128 (A4792) | AES-CFB128 (A4792) | KAT | CAST | Encryption / Decryption | Successful boot | 128, 256 bit keys | Upon first invocation of service that uses the algorithm. | |||
| AES-CTR (A4792) | AES-CTR (A4792) | KAT | CAST | Encryption / Decryption | Successful boot | 128, 256 bit keys | Upon first invocation of service that uses the algorithm. | |||
| AES-OFB (A4792) | AES-OFB (A4792) | KAT | CAST | Encryption / Decryption | Successful boot | 128, 256 bit keys | Upon first invocation of service that uses the algorithm. | |||
| RSA SigGen (FIPS186-4) (A4792) | RSA SigGen (FIPS186-4) (A4792) | KAT | CAST | Signature Generation | Successful boot | 2048-bit modulus; Hash: SHA2- 256 | Upon first invocation of service that uses the algorithm. | |||
| RSA SigVer (FIPS186-4) (A4792) | RSA SigVer (FIPS186-4) (A4792) | KAT | CAST | Signature Verification | Successful boot | 2048-bit modulus; Hash: SHA2- 256 | Upon first invocation of service that uses the algorithm. | |||
| ECDSA SigGen (FIPS186-4) (A4792) | ECDSA SigGen (FIPS186-4) (A4792) | KAT | CAST | Signature Generation | Successful boot | Curve: P- 256; Hash: SHA2-256 | Upon first invocation of service that uses the algorithm. | |||
| ECDSA SigVer (FIPS186-4) (A4792) | ECDSA SigVer (FIPS186-4) (A4792) | KAT | CAST | Signature Verification | Successful boot | Curve: P- 256; Hash: SHA2-256 | Upon first invocation of service that uses the algorithm. | |||
| KAS-ECC Sp800-56Ar3 (A4792) | KAS-ECC Sp800-56Ar3 (A4792) | KAT | CAST | Shared Secret Computation | Successful boot | Curve: P-256 | Upon first invocation of service that | |||
| KTS-IFC (A4792) | KTS-IFC (A4792) | KAT | CAST | RSA Key Transport | Successful boot | 2048-bit modulus | Upon first invocation of service that uses the algorithm. | |||
| ECDSA KeyGen (FIPS186-4) (A4792) | ECDSA KeyGen (FIPS186-4) (A4792) | PCT | PCT | Signature Generation / Signature Verification | Key pair returned to caller | P-256, P-384 curves | Performed every time ECC key pair is generated | |||
| RSA KeyGen (FIPS186-4) (A4792) | RSA KeyGen (FIPS186-4) (A4792) | PCT | PCT | Encryption / Decryption tested for RSA key pairs generated for approved key transport and Signature Generation / Signature Verification tested for RSA key pairs generated for digital signatures | Key pair returned to caller | 2048, 3072, 4096 bit keys | Performed every time RSA key pair is generated | |||
| ECDSA SigVer (SW/FW Load Test) | ECDSA SigVer (SW/FW Load Test) | SW/FW Load Test | SW/FW Load | Firmware update test during the firmware update. The digital signature is verified on the firmware image using an ECDSA signature verification algorithm, utilizing a 384-bit | Successful Firmware load | P-384 Curves | Firmware Update | |||
| HMAC-SHA2-256 (A4792) | HMAC-SHA2-256 (A4792) | Message Authentication Code (MAC) | SW/FW Integrity | On demand | Manually | |||||
| Counter DRBG (A4792) | Counter DRBG (A4792) | KAT | CAST | On demand | Manually | |||||
| HMAC-SHA2-384 (A4792) | HMAC-SHA2-384 (A4792) | KAT | CAST | On demand | Manually | |||||
| KDF SP800-108 (A4792) | KDF SP800-108 (A4792) | KAT | CAST | On demand | Manually |
Nuvoton Trusted Platform Module Cryptographic Module
The Module implements the following tests during power-on: HMAC-SHA2256 Table 23: Pre-Operational Self-Tests The module does not provide any cryptographic services prior to this test.
The Module implements the following conditional tests: HMACSHA2-384 © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Hash: SHA2256 Hash: SHA2256 © 2025 Nuvoton / atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| KTS-IFC (A4792) | KTS-IFC (A4792) | KAT | CAST | RSA Key Transport | 2048-bit modulus | Successful boot | Upon first invocation of service that uses the algorithm. | ||
| ECDSA KeyGen (FIPS186-4) (A4792) | ECDSA KeyGen (FIPS186-4) (A4792) | PCT | PCT | Signature Generation / Signature Verification | P-256, P-384 curves | Key pair returned to caller | Performed every time ECC key pair is generated | ||
| RSA KeyGen (FIPS186-4) (A4792) | RSA KeyGen (FIPS186-4) (A4792) | PCT | PCT | Encryption / Decryption tested for RSA key pairs generated for approved key transport and Signature Generation / Signature Verification tested for RSA key pairs generated for digital signatures | 2048, 3072, 4096 bit keys | Key pair returned to caller | Performed every time RSA key pair is generated | ||
| ECDSA SigVer (SW/FW Load Test) | ECDSA SigVer (SW/FW Load Test) | SW/FW Load Test | SW/FW Load | Firmware update test during the firmware update. The digital signature is verified on the firmware image using an ECDSA signature verification algorithm, utilizing a 384-bit | P-384 Curves | Successful Firmware load | Firmware Update | ||
| HMAC-SHA2-256 (A4792) | HMAC-SHA2-256 (A4792) | Message Authentication Code (MAC) | SW/FW Integrity | On demand | Manually | ||||
| Counter DRBG (A4792) | Counter DRBG (A4792) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A4792) | HMAC-SHA2-384 (A4792) | KAT | CAST | On demand | Manually | ||||
| KDF SP800-108 (A4792) | KDF SP800-108 (A4792) | KAT | CAST | On demand | Manually | ||||
| KDA OneStep Sp800- 56Cr1 (A4792) | KDA OneStep Sp800- 56Cr1 (A4792) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A4792) | SHA-1 (A4792) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A4792) | SHA2-256 (A4792) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A4792) | SHA2-384 (A4792) | KAT | CAST | On demand | Manually | ||||
| AES-CFB128 (A4792) | AES-CFB128 (A4792) | KAT | CAST | On demand | Manually | ||||
| AES-CTR (A4792) | AES-CTR (A4792) | KAT | CAST | On demand | Manually | ||||
| AES-OFB (A4792) | AES-OFB (A4792) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A4792) | RSA SigGen (FIPS186-4) (A4792) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A4792) | RSA SigVer (FIPS186-4) (A4792) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A4792) | ECDSA SigGen (FIPS186-4) (A4792) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A4792) | ECDSA SigVer (FIPS186-4) (A4792) | KAT | CAST | On demand | Manually | ||||
| KAS-ECC Sp800- 56Ar3 (A4792) | KAS-ECC Sp800- 56Ar3 (A4792) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A4792) | KTS-IFC (A4792) | KAT | CAST | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A4792) | ECDSA KeyGen (FIPS186-4) (A4792) | PCT | PCT | N/A | N/A | ||||
| RSA KeyGen (FIPS186-4) (A4792) | RSA KeyGen (FIPS186-4) (A4792) | PCT | PCT | N/A | N/A | ||||
| ECDSA SigVer (SW/FW Load Test) | ECDSA SigVer (SW/FW Load Test) | SW/FW Load Test | SW/FW Load | N/A | N/A |
Nuvoton Trusted Platform Module Cryptographic Module Table 24: Conditional Self-Tests No services are available, and input and output are inhibited while performing the self-test.
Table 25: Pre-Operational Periodic Information © 2025 Nuvoton / atsec information security.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| General Failure | General Failure | Endorsement Key creation failure, Internal NV inconsistency Fingerprint value in TPM2_ContextLoad doesn't | returns TPM_RC_FAILURE | Platform Reset or power cycle |
| Self-Test Failure | Failure in conditional CAST, Conditional PCT or FW Integrity Test failure | Internal integrity error - indicative of fault injection attack or internal functional fault | returns SELF_TEST_FAILURE | Power cycle |
Nuvoton Trusted Platform Module Cryptographic Module N/A N/A N/A N/A N/A N/A Table 26: Conditional Periodic Information
© 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module Table 27: Error States If a conditional or power-on self-test fails, the Module enters an error state where both data output and cryptographic services are disabled. The Module can recover from this error state once all self-tests pass after a platform reset or power cycle.
The module allows operators to initiate the pre-operational or conditional cryptographic algorithm selftests on demand for periodic testing, by power-cycling the module. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
The module is not considered to be initialized until the following are completed:
The administrator guidance can be found within the TCG TPM v2.0 Provisioning Guidance.
The module may be operated as described in TCG TPM2.0 Revision 1.59. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module
The module does not claim any mitigation of other attacks. © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module References FIPS140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 29, 2024 https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validationprogram/documents/fips 140-3/FIPS 140-3 IG.pdf TCG TPM v2.0 Provisioning Guidance Version 1.0 Revision 1.0 TCG TPM v2.0 Provisioning Guidance Version 1.0 Revision 1.0 March 15, 2017 https://trustedcomputinggroup.org/tcg-tpm-v2-0-provisioning-guidance TPM Library Specification TPM Library specification, Family “2.0”, Revision 1.59 November 2019 https://trustedcomputinggroup.org/resource/tpm-library-specification/ Platform TPM Profile Specification TCG PC Client Platform TPM Profile Specification for TPM 2.0 September 4, 2020 https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profilefor-TPM-2p0-v1p05p_r14_pub.pdf TCG TPM2.0 Revision 1.59 TCG TPM2.0 Revision 1.59, version 1.4 January 9, 2023 https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-Library-Spec-v1.59-Erratav1.4_pub.pdf FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module SP 800-38Arev1 NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/detail/sp/800-38b/final SP 800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP 800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP 800-56Arev3 NIST Special Publication 800-56A Revision 2 - Recommendation for Pair Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP 800-57rev5 NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management Part 1: General May 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf SP 800-90Arev1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP 800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP 800-131Arev2 NIST Special Publication 800-131A Revision 2 - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP 800-133rev2 NIST Special Publication 800-133 Revision 2 - Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP 800-135rev1 NIST Special Publication 800-135 Revision 1 - Recommendation for Existing ApplicationSpecific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf © 2025 Nuvoton / atsec information security.
Nuvoton Trusted Platform Module Cryptographic Module SP 800-140Br1 NIST Special Publication 800-140Br1 - CMVP Security Policy Requirements November 2023 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Br1.pdf © 2025 Nuvoton / atsec information security.