All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine

Certificate#5057StandardFIPS 140-3Level1TypeHardwareEmbodimentSingle ChipStatusActiveVendorNuvoton Technology Corporation
Medium review priority  ·  exposes debug/recovery interface, HSM/SE firmware trust anchor  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date9/14/2030
CaveatWhen operated in approved mode; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs
VendorNuvoton Technology Corporation

Approved Algorithms (23)

AlgorithmACVP Cert
AES-CFB128A4792
AES-CTRA4792
AES-OFBA4792
Counter DRBGA4792
ECDSA KeyGen (FIPS186-4)A4792
ECDSA KeyVer (FIPS186-4)A4792
ECDSA SigGen (FIPS186-4)A4792
ECDSA SigVer (FIPS186-4)A4792
HMAC-SHA-1A4792
HMAC-SHA2-256A4792
HMAC-SHA2-384A4792
KAS-ECC Sp800-56Ar3A4792
KAS-ECC-SSC Sp800-56Ar3A4792
KDA OneStep Sp800-56Cr1A4792
KDF SP800-108A4792
KTS-IFCA4792
RSA KeyGen (FIPS186-4)A4792
RSA SigGen (FIPS186-4)A4792
RSA Signature Primitive (CVL)A4792
RSA SigVer (FIPS186-4)A4792
SHA-1A4792
SHA2-256A4792
SHA2-384A4792

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>TPM2_SequenceUpdate<br/>TPM2_PCR_Read<br/>TPM2_DictionaryAttackP arameters</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>ECDSA SigVer Component<br/>AES-CFB128<br/>AES-CTR</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>SPI Bus<br/>I2C Bus</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C4,C5,C6 clue;
  class I2,I3,I4,I5,I6 infer;
  class R2,R3,R4,R5,R6 risk;
  class E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>TPM2_SequenceUpdate<br/>TPM2_PCR_Read<br/>TPM2_DictionaryAttackP arameters</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>ECDSA SigVer Component<br/>AES-CFB128<br/>AES-CTR</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>SPI Bus<br/>I2C Bus</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Nuvoton Technology Corporation Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine Hardware Version 0x00FC Firmware Version 7.2.4.1 Document Version: 1.4 Last update: 2025-07-29 Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com © 2025 Nuvoton / atsec information security.

Page 2

Nuvoton Trusted Platform Module Cryptographic Module Table of Contents © 2025 Nuvoton / atsec information security.

2 of 117
Page 3

Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.

3 of 117
Page 4

Nuvoton Trusted Platform Module Cryptographic Module List of Tables List of Figures © 2025 Nuvoton / atsec information security.

4 of 117
Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environmentN/A
77Physical security3
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A
Overall LevelOverall Level1

Nuvoton Trusted Platform Module Cryptographic Module

1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for the Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine (hereafter referred to as “the module”). It has a one-to-one mapping to the [SP 800-140Br1] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document.

1.2 Security Levels

The module meets the requirements of FIPS Pub 140-3 overall Security Level 1 with Physical Security N/A N/A N/A Table 1: Security Levels © 2025 Nuvoton / atsec information security.

5 of 117
Page 6

Nuvoton Trusted Platform Module Cryptographic Module

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine is a hardware cryptographic module (hereafter simply referred to as “the module”) that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation. The module is a contained within a single-chip embodiment that provides cryptographic services utilized by external applications. The module meets commercial-grade specifications for power, temperature, reliability, shock, and vibrations, and includes chip packaging to meet the physical security requirements at security level 3. Module Type: Hardware Module Embodiment: SingleChip Cryptographic Boundary: The block diagram below shows the cryptographic boundary of the module, and its interfaces with the operational environment. The components within TOEPP include an RNG block to provide entropy input for the module’s DRBG, Cryptographic Accelerators (SHA, AES, and PKA), ROM containing non-modifiable runtime execution code (CrypLib and Booter), Flash containing modifiable runtime execution code (Bootloader and TPM Library), CPU and RAM for runtime processing. Lastly the GPIO, Power Management and Host Interfaces provide the interfaces to/from the module. Figure 1: Block Diagram Tested Operational Environment’s Physical Perimeter (TOEPP) The TOEPP and cryptographic boundary are one and the same, encompassing the entire physical chip (outlined in red).

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

6 of 117
Page 7
Module configuration
NameModelHardware VersionFirmware VersionProcessorFeatures
NPCT7xx embedded in UQFN16 packageNPCT7xx embedded in UQFN16 package0x00FC7.2.4.1NPCT7xx CPUN/A
NPCT7xx embedded in QFN32 packageNPCT7xx embedded in QFN32 package0x00FC7.2.4.1NPCT7xx CPUN/A
NPCT7xx embedded in TSSOP28 packageNPCT7xx embedded in TSSOP28 package0x00FC7.2.4.1NPCT7xx CPUN/A
Service
NameDescriptionIndicatorType
Transient modeDefault mode entered when the TPM powers up and has completed self tests for SHS (SHA-1, SHA2-256, SHA2-384), HMAC, AES, DRBG, KBKDF and KDF algorithms which are used for basic TPM commands.Same as section 4.3Approved
Full approved mode of operationThis mode can be entered by either forcing to run the self tests for all algorithms using 'TPM2_SelfTest' command or by explicitly calling service that will require use of algorithms not tested in transient mode. This corresponds to all commands except the ones listed in section 6.5.1.6, of platform TPM profile specification and the command 'TPM2_IncrementalSelfTest'.Same as section 4.3Approved
Non- Approved mode of operationAutomatically entered whenever a non-approved service is invoked.Same as section 4.3Non- Approved

Nuvoton Trusted Platform Module Cryptographic Module This module is available in three hardware configurations. 7.2.4.1 N/A 7.2.4.1 N/A 7.2.4.1 N/A Table 2: Tested Module Identification

2.3 Excluded Components

There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements. Modes List and Description: For some TPM host platforms, it might take too much time to execute all self-tests during power up. Therefore, the TPM supports the following two Approved modes. © 2025 Nuvoton / atsec information security.

7 of 117
Page 8
Approved algorithm
NameCAVP CertPropertiesReference
AES-CFB128A4792Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38A
AES-CTRA4792Direction - Encrypt Key Length - 128, 256SP 800-38A
AES-OFBA4792Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38A
Conditioning Component Block Cipher Derivation Function SP800-90BA4792Key Length - 256SP 800-90B
Counter DRBGA4792Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - NoSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4792Curve - P-256, P-384FIPS 186-4
ECDSA KeyVer (FIPS186-4)A4792Curve - P-256, P-384FIPS 186-4
ECDSA SigGen (FIPS186-4)A4792Component - No, Yes Curve - P-256, P-384 Hash Algorithm - SHA2-256, SHA2-384FIPS 186-4
ECDSA SigVer (FIPS186-4)A4792Component - No Curve - P-256, P-384FIPS 186-4
HMAC-SHA-1A4792Key Length - Key Length: 160-240 Increment 8FIPS 198-1
HMAC-SHA2-256A4792Key Length - Key Length: 160-1024 Increment 8FIPS 198-1
HMAC-SHA2-384A4792Key Length - Key Length: 160-2048 Increment 8FIPS 198-1
KAS-ECC Sp800-56Ar3A4792Domain Parameter Generation Methods - P-256, P-384 Function - Key Pair Generation, Partial Validation Scheme - fullUnified - KAS Role - Initiator, Responder Key Length - 1024SP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A4792Domain Parameter Generation Methods - P-256, P-384 Scheme - fullUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KDA OneStep Sp800-56Cr1A4792Derived Key Length - 1024 Shared Secret Length - Shared Secret Length: 384-768 Increment 8SP 800-56C Rev. 2
KDF SP800-108A4792KDF Mode - CounterSP 800-108 Rev. 1
KTS-IFCA4792Modulo - 2048, 3072, 4096 Key Generation Methods - rsakpg1-crt Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Length - 384SP 800-56B Rev. 2
RSA KeyGen (FIPS186-4)A4792Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Chinese Remainder TheoremFIPS 186-4
RSA SigGen (FIPS186-4)A4792Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
RSA Signature Primitive (CVL)A4792Private Key Format - crtFIPS 186-4
RSA SigVer (FIPS186-4)A4792Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A4792FIPS 180-4
SHA2-256A4792FIPS 180-4
SHA2-384A4792FIPS 180-4

Nuvoton Trusted Platform Module Cryptographic Module NonApproved NonApproved Table 3: Modes List and Description

2.5 Algorithms

Approved Algorithms: The table below lists all approved algorithms used by the module, including specific key strengths employed for approved services, and implemented modes of operation. © 2025 Nuvoton / atsec information security.

8 of 117
Page 9

Nuvoton Trusted Platform Module Cryptographic Module Table 4: Approved Algorithms Vendor-Affirmed Algorithms: The following table lists all vendor affirmed approved algorithms implemented by the module. © 2025 Nuvoton / atsec information security.

9 of 117
Page 10
Service
NameDescriptionApproved FunctionsTypePropertiesImplementation
CKGKey Type:Symmetric and AsymmetricN/ASP800-133, Rev2 Section 4, example 1
ECDSA SigVer ComponentNon-Security Related Input Verification (No authentication claimed)Allowed as per IG 2.4.A
RSA signature generation using SHA-1Digital signature generation
ECDSA signature generation using SHA-1Digital signature generation
RSA Key TransportRSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL
CKGHMAC key generation with Key Size < 112 bits
HMACMessage Authentication Code using HMAC with Key Size < 112 bits
KAS-ECC-SSCECC Shared Secret Calculation with Derived Asymmetric ECC Key
AES-CFB128AES encryption/decryptionAES-CFB128: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
AES-CTRAES encryption/decryptionAES-CTR: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
Service
NameDescriptionApproved FunctionsTypePropertiesImplementation
CKGKey Type:Symmetric and AsymmetricN/ASP800-133, Rev2 Section 4, example 1
ECDSA SigVer ComponentNon-Security Related Input Verification (No authentication claimed)Allowed as per IG 2.4.A
RSA signature generation using SHA-1Digital signature generation
ECDSA signature generation using SHA-1Digital signature generation
RSA Key TransportRSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL
CKGHMAC key generation with Key Size < 112 bits
HMACMessage Authentication Code using HMAC with Key Size < 112 bits
KAS-ECC-SSCECC Shared Secret Calculation with Derived Asymmetric ECC Key
AES-CFB128AES encryption/decryptionAES-CFB128: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
AES-CTRAES encryption/decryptionAES-CTR: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
Service
NameDescriptionApproved FunctionsTypePropertiesImplementation
CKGKey Type:Symmetric and AsymmetricN/ASP800-133, Rev2 Section 4, example 1
ECDSA SigVer ComponentNon-Security Related Input Verification (No authentication claimed)Allowed as per IG 2.4.A
RSA signature generation using SHA-1Digital signature generation
ECDSA signature generation using SHA-1Digital signature generation
RSA Key TransportRSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL
CKGHMAC key generation with Key Size < 112 bits
HMACMessage Authentication Code using HMAC with Key Size < 112 bits
KAS-ECC-SSCECC Shared Secret Calculation with Derived Asymmetric ECC Key
AES-CFB128AES encryption/decryptionAES-CFB128: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
AES-CTRAES encryption/decryptionAES-CTR: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
Service
NameDescriptionApproved FunctionsTypePropertiesImplementation
CKGKey Type:Symmetric and AsymmetricN/ASP800-133, Rev2 Section 4, example 1
ECDSA SigVer ComponentNon-Security Related Input Verification (No authentication claimed)Allowed as per IG 2.4.A
RSA signature generation using SHA-1Digital signature generation
ECDSA signature generation using SHA-1Digital signature generation
RSA Key TransportRSA Key Transport with Non-Approved Padding schemes RSAES-PKCS- v1.5/NULL
CKGHMAC key generation with Key Size < 112 bits
HMACMessage Authentication Code using HMAC with Key Size < 112 bits
KAS-ECC-SSCECC Shared Secret Calculation with Derived Asymmetric ECC Key
AES-CFB128AES encryption/decryptionAES-CFB128: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
AES-CTRAES encryption/decryptionAES-CTR: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits

Nuvoton Trusted Platform Module Cryptographic Module N/A Table 5: Vendor-Affirmed Algorithms N/A for this module. 2.4.A The following table list all non-approved algorithms not allowed in the approved mode of operation. © 2025 Nuvoton / atsec information security.

10 of 117
Page 11
Service
NameDescriptionApproved FunctionsTypeProperties
AES-OFBAES encryption/decryptionAES-OFB: (A4792)BC-UnAuthKey Size:128, 256 bits Key Strength:128, 256 bits
CTR_DRBGDeterministic random bit generationCounter DRBG: (A4792)DRBGMode:AES-256 Key Size:256 bits Key Strength:256 bits Prediction Resistance:No Supports Reseed:Yes Derivation Function Enabled:No
ECDSA KeyGenECC key generationECDSA KeyGen (FIPS186-4): (A4792)AsymKeyPair- KeyGen CKGCurves and Key Strength:P-256, P- 384 with 128 and 192 bits of key strength
ECDSA KeyVerECC public key validationECDSA KeyVer (FIPS186-4): (A4792)AsymKeyPair-KeyVerCurves:P-256, P-384 Key Strength:128 and 192 bits
ECDSA SigGenECC signature generationECDSA SigGen (FIPS186-4): (A4792)DigSig-SigGenCurves:P-256, P-384 Hash Algorithm:SHA2-256, SHA2-384
ECDSA SigVerECC signature verificationECDSA SigVer (FIPS186-4): (A4792)DigSig-SigVerCurves:P-256, P-384 Hash Algorithm:SHA- 1, SHA2-256, SHA2- 384
ECDSA SigGen ComponentECC signature generation componentECDSA SigGen (FIPS186-4): (A4792)DigSig-SigGenCurves:P-256, P-384
HMACMessage Authentication Code using HMACHMAC-SHA-1: (A4792) HMAC-SHA2-256: (A4792) HMAC-SHA2-384: (A4792)MACHMAC-SHA-1:Key Sizes 160 to 240 with 128 bits of security strength HMAC-SHA-256:Key Sizes 160 to 1024 with 256 bits of security strength HMAC-SHA-384:Key Sizes 160 to 2048 with 256 bits of security strength
KAS-ECCECC key agreementKAS-ECC Sp800- 56Ar3: (A4792)KAS-FullKey Agreement Schemes:Full Unified, One Pass DH KDF Methods:onestepkdf (SHA2-256/SHA2-

Nuvoton Trusted Platform Module Cryptographic Module AsymKeyPairKeyGen © 2025 Nuvoton / atsec information security.

11 of 117
Page 12
Service
NameDescriptionRole AccessApproved FunctionsType
KAS-ECC-SSCECC shared secret calculationKey Agreement Schemes:Full Unified, One Pass DH Caveat:Key establishment methodology provides 128 or 192 bits of security strengthKAS-ECC-SSC Sp800-56Ar3: (A4792)KAS-SSC
KDASymmetric key derivation (KDA)Auxiliary Function Methods:SHA2-256, SHA2-384 derived key size and strength:1024 bits with 256 bits of key strengthKDA OneStep Sp800- 56Cr1: (A4792)KAS-56CKDF
KBKDFSymmetric key derivation (KBKDF)KDF Mode:Counter HMAC-SHA-1 Key Size and Strength:160 and 384 bit key with 128 bits of security strength HMAC-SHA-256 Key Size and Strength Key Strength:160 and 384 bit key with 256 bits of security strength HMAC-SHA-384 Key Size and strength:160 and 384 bit key with 256 bits of security strengthKDF SP800-108: (A4792)KBKDF
KTS RSARSA key transportScheme:KTS-OAEP- basic Key Transport Method:SHA2-256, SHA2-384 Key Generation Methods:rsakpg1-crt Caveat:Key establishment methodology provides between 112 and 150 bits of security strength Compliance:IG D.GKTS-IFC: (A4792)KTS-Wrap
RSA KeyGenRSA key generationKey Generation Mode:B.3.3 Key Size and Strength :2048-, 3072- or 4096-bit modulus with 112, 128, 150 bits of key strengthRSA KeyGen (FIPS186-4): (A4792)AsymKeyPair- KeyGen
RSA SigGenRSA signature generationSignature Type:PKCS 1.5, PKCSPSS Hash Pair:SHA2-256, SHA2-384 Key Size:2048, 3072, 4096 bitsRSA SigGen (FIPS186-4): (A4792)DigSig-SigGen
RSA SigGen PrimitiveRSA signature generation primitiveKey Size:2048, 3072, 4096 bitsRSA Signature Primitive: (A4792)DigSig-SigGen
RSA SigVerRSA signature verificationSignature Type:PKCS 1.5, PKCSPSS Hash Pair:SHA2-256, SHA2-384 Key Size:2048, 3072, 4096 bitsRSA SigVer (FIPS186-4): (A4792)DigSig-SigVer
SHAMessage digestSHA-1: (A4792) SHA2-256: (A4792) SHA2-384: (A4792)SHA
AES key generationAES key generationKey Size and Strength:128, 256 bits with 128 or 256 bits of key strengthCounter DRBG: (A4792)CKG
HMAC key generationHMAC key generationKey Size and Strength:160, 256, 384 bits with 128 or 256 bits of key strengthCounter DRBG: (A4792)CKG
KTS (AES + HMAC) key wrappingSymmetric key wrappingCaveat:Key establishment methodology provides 128 or 256 bits of security strengthAES-CFB128: (A4792) HMAC-SHA-1: (A4792) HMAC-SHA2-256: (A4792) HMAC-SHA2-384: (A4792)KTS-Wrap
KTS (AES + HMAC) key unwrappingSymmetric key unwrappingCaveat:Key establishment methodology provides 128 or 256 bits of security strengthAES-CFB128: (A4792) HMAC-SHA-1: (A4792) HMAC-SHA2-256: (A4792)KTS-Wrap
Entropy SourcePhysical entropy sourceConditioning Component:Block Cipher DF Sample Size:384 bits Entropy Per Sample:384 bitsConditioning Component Block Cipher Derivation Function SP800-90B: (A4792)ENT-ESV

Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.

12 of 117
Page 13

Nuvoton Trusted Platform Module Cryptographic Module AsymKeyPairKeyGen © 2025 Nuvoton / atsec information security.

13 of 117
Page 14

Nuvoton Trusted Platform Module Cryptographic Module Table 8: Security Function Implementations

2.7 Algorithm Specific Information

Compliance to SP 800-56ARev3 assurances For KAS-ECC, the module satisfies IG D.F Scenario 2 path (2) (i.e., tested compliance with Full Unified and One Pass DH key agreement schemes followed by the derivation of the key as shown in Section 5.8 of SP 800-56Arev3). The key derivation function complies to SP 800-56C rev2 (i.e, OneStep KDF). Furthermore, the module obtained the appropriate assurances, as required in Sections

5.6.2 of SP 800-56A rev3.
5.6.2.1 Assurances Required by a Key Pair Owner:

The key generation implemented by the module is CAVP validated. The entity using the module, must use the module's key generation service to generate the ECDH keys. The module will perform a pairwise consistency check upon generating ECDH keys.

5.6.2.2 Assurances Required by a Public Key Recipient Assurance of public-key validity: The module

makes used of approved EC curves listed in SP 800-140D and performs a successful public-key validation of the received public key.

5.6.2.2.3 Recipient’s assurance of owner’s possession of private key can be met via the use of a

Trusted Third party that requires the key confirmation procedure. Both of which are handled by the entity outside of the module that requested the ECDH Key Agreement service from the module. That is, such checks are out of the module's scope.

5.6.2.3 Public Key Validation Routines: The module performs the required public key validation before

initiating the handshake. Compliance to SP 800-56BRev3 assurances For KTS RSA, the tester verified the implementation satisfies IG D.G by employing an approved RSAbased key transport scheme as specified in SP 800-56Brev2. The following summary of assurances, as defined in Sections 5 and 6 of SP 800-56Brev2: Section 5.1

14 of 117
Page 15
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Nuvoton NPCT7xx TPM 2.0 Cryptographic EnginePhysical384 bitsNuvoton NPCT7xx TPM 2.0 Cryptographic Engine on Nuvoton NPCT7xx (firmware version 7.2.4.1)384 bitsVetted Conditioning Component: Block Cipher Derivation Function Cert# A4792
CertVendor
NumberName
E18Nuvoton

Nuvoton Trusted Platform Module Cryptographic Module Section 5.4 and Section 5.5 – N/A, The module does not implement a key agreement scheme (i.e., KAS1). For additional assurances found in its Section 6 (specifically SP 800-56Brev2 Section 6.4 Required Assurances):

  1. The entity requesting the RSA key unwrapping (decapsulation) service from the module, shall only use an RSA private key that was generated by an active FIPS validated module that implements FIPS 186-4 compliant RSA key generation service and performs the key pair validity and the pairwise consistency as stated in section 6.4.1.1 of the SP 800-56Brev2. Additionally, the entity shall renew these assurances over time by using any method described in section 6.4.1.5 of the SP 800-56Brev2.
  2. For use of an RSA key wrapping (encapsulation) service in the context of key transport per IG D.G, a) the entity using the module, shall verify the validity of the peer's public key using the public key validation service of the module. b) the entity using the module, shall confirm the peer's possession of private key by using any method specified in section 6.4.2.3 of the SP 800-56Brev2. Only after the above assurances are successfully met, shall the entity use the peer's public key to perform the RSA key wrapping (encapsulation) service of the module."
2.8 RBG and Entropy

Table 9: Entropy Certificates Table 10: Entropy Sources Entropy Information: The SP 800-90B entropy source consists of a noise source which feeds 1024bit samples to a block cipher vetted conditioning component. The final output from the conditioning component provides 384-bits of full entropy. DRBG Information: The module implements an approved SP 800-90Ar1 Deterministic Random Bit Generator in the form of CTR_DRBG. The CTR_DRBG is provided with 384-bits of entropy input from the SP 800-90B compliant entropy source. The DRBG is used internally by the module to generate symmetric keys, seeds for asymmetric key pairs and random numbers for security functions. © 2025 Nuvoton / atsec information security.

15 of 117
Page 16

Nuvoton Trusted Platform Module Cryptographic Module

2.9 Key Generation

This module implements vendor affirmed Cryptographic Key Generation (CKG) for AES, HMAC, RSA, ECDSA and EC Diffie-Hellman keys, compliant to SP 800-133rev2 and IG D.H. When generating RSA and ECDSA and EC Diffie-Hellman asymmetric key pairs, the seed used for asymmetric key generation is obtained directly from the module's approved SP 800-90rev1 DRBG (CTR_DRBG) specified in SP 800-133 Rev2 Section 4, example 1. This is followed by an asymmetric key generation method compliant with FIPS 186-4 (and SP 800-56A Rev 3 for ECDH key pairs). Symmetric keys (AES and HMAC) are also generated directly from the module's approved CTR_DRBG as following Section 4, example 1 of SP 800-133rev2.

2.10 Key Establishment

The module provides an approved [SP800-56Arev3] EC Diffie-Hellman Key Agreement Scheme. The key agreement scheme is compliant with IG D.F scenario 2 path (2). The CAVP testing was performed end-to-end, using the Full Unified and One Pass DH Models with approved domain parameters (i.e., P-256 and P-384). Per FIPS 140-3 IG D.B, the curves provide 128 or 192 bits of security strength. The module provides key derivation services using SP 800-108 KBKDF and SP 800-56C One-Step KDF with key sizes 160, 256, 384 bits. Per FIPS 140-3 IG D.B, the key sizes provide 160-256 bits of security strength. The module provides SP 800-56B rev2 Key Transport using KTS-OAEP-basic. The implementation supports 2048-, 3072-, or 4096-bits modulus size, with both key encapsulation and un-encapsulation supported. The module does not implement key confirmation. Per FIPS 140-3 IG D.B, the key sizes provide 112, 128, or 150 bits of security strength. The module also implements AES-CFB128 combined with HMAC as approved key wrapping method compliant SP 800-38F. Per FIPS 140-3 IG D.B, the key sizes provide 128 or 256 bits of security strength.

2.11 Industry Protocols

The cryptographic module does not implement any relevant industry protocols. © 2025 Nuvoton / atsec information security.

16 of 117
Page 17
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
SPI BusSPI BusData Input Data Output Control Input Status OutputData provided to the chip as part of the data processing commands; Data output by the chip a part of the data processing commands; Control Input commands issued to the chip; Status data output by the chip
I2C BusI2C BusData Input Data Output Control Input Control OutputData provided to the chip as part of the data processing commands; Data output by the chip a part of the data processing commands; Control Input commands issued to the chip; Status data output by the chip
PP pinPP pinData Input Control InputData provided to the chip as part of the data processing commands; Control Input commands issued to the chip
PowerPowerPowerPower interface of the chip

Nuvoton Trusted Platform Module Cryptographic Module

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Table 11: Ports and Interfaces The module does not implement any control output interface. The logical interfaces are the API through which applications request services. The ports and interfaces are shown in the following table. All data output via data output interface is inhibited when the module is performing pre-operational test or zeroization or when the module enters error state. © 2025 Nuvoton / atsec information security.

17 of 117
Page 18
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Object AdministratorCrypto OfficerRoleNone
Object UserUserRoleNone
DuplicateCrypto OfficerRoleNone
TPM2_StartupUsed to initiate a startup process, where the TPM state is either reset or loaded from a saved state.Unauthentica ted - nullSeed: Z - nullProof: Z - platformAuth: Z - platformPolicEntropy Source'00'Startup TypeN/A
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Object AdministratorCrypto OfficerRoleNone
Object UserUserRoleNone
DuplicateCrypto OfficerRoleNone
TPM2_StartupUsed to initiate a startup process, where the TPM state is either reset or loaded from a saved state.Unauthentica ted - nullSeed: Z - nullProof: Z - platformAuth: Z - platformPolicEntropy Source'00'Startup TypeN/A

Nuvoton Trusted Platform Module Cryptographic Module

4 Roles, Services, and Authentication

N/A for this module. The module does not support role authentication.

4.2 Roles
4.3 Approved Services

The table below lists the approved services. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or SSPs involved, and their access type(s). The following convention is used to specify access rights for SSPs: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroizes the SSP. N/A: The calling application does not access any SSP or key during its operation. Details on the approved cryptographic algorithms, can be found in the SFI table. The module implements a FIPS 140-3 service indicator function that outputs its value. This value corresponds to the three categories defined in IG 2.4.C. Non-security relevant services are set to '00', approved services are set to '01' and non-approved services are set to '10'. y N/A Z © 2025 Nuvoton / atsec information security.

18 of 117
Page 19

Nuvoton Trusted Platform Module Cryptographic Module y y: Z Z :Z Z Z Z Z Z Z Z © 2025 Nuvoton / atsec information security.

19 of 117
Page 20
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
TPM2_ShutdownUsed to prepare the TPM for a power cycle.Unauthentica tedNone'00'Shutdown TypeN/A
TPM2_IncrementalSelfTe stPerform Self-Test of selected algorithms.Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitiveAES- CFB128 AES- CTR AES- OFB CTR_D RBG ECDSA KeyGen ECDSA KeyVer ECDSA'01'List of algorithms to be testedTo do list of the selected algorithms All algorithms mentioned in Table 22
SigGen ECDSA SigVer HMAC KAS- ECC KAS- ECC- SSC KDA KBKDF KTS RSA RSA KeyGen RSA SigGen RSA SigGen Primitiv e RSA SigVer SHAdata): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption Keys (authPolicy): E - Asymmetric Encryption Keys (public data): E - Symmetric Encryption Keys (authValue): E - Symmetric Encryption Keys (seedValue): E - Symmetric Encryption Keys (sensitive data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue):SigGen ECDSA SigVer HMAC KAS- ECC KAS- ECC- SSC KDA KBKDF KTS RSA RSA KeyGen RSA SigGen RSA SigGen Primitiv e RSA SigVer SHA
TPM2_SelfTestPerform Self-Test of all functions or only those that have not previously been tested.Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption Keys (authPolicy): E - Asymmetric Encryption Keys (public data): E - Symmetric Encryption KeysAES- CFB128 AES- CTR AES- OFB CTR_D RBG ECDSA KeyGen ECDSA KeyVer ECDSA SigGen ECDSA SigVer HMAC KAS- ECC KAS- ECC- SSC KDA KBKDF KTS RSA RSA KeyGen RSA SigGen RSA SigGen Primitiv e RSA SigVer SHA'01'Choose whether to perform the test everything (fullTest = YES) or only the untested functions (fullTest = NO)N/A
TPM2_GetTestResultReturns manufacturer- specific information regarding the results of a self-test and an indication of the test status.Unauthentica tedNone'00'N/Atest result data (manufacturer- specific information), test result
TPM2_StartAuthSessionStart authorization session.Unauthentica ted - platformAuth: E - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric EncryptionCTR_D RBG KAS- ECC KBKDF KTS RSA'01'Session Parameters: session Type, encryption algorithm, key size, hash algorithmtpmKey, authValue, nonce size, encrypted salt, session Type, encryption algorithm, key size, hash algorithm
TPM2_PolicyRestartAllows a policy authorization session to be returned to its initial state.Unauthentica ted - Session (sessionKey): E - Session (symKey): E Object User - Session (sessionKey): E - Session (symKey): ENone'00'session handleN/A
TPM2_CreateCreation of an ordinary object.Object User - Asymmetric Signing Keys (authValue): G - Asymmetric Signing Keys (seed value): G - Asymmetric Signing Keys (sensitive data): G - Asymmetric Signing Keys (authPolicy): G - Asymmetric Signing Keys (public data): GCTR_D RBG Entropy Source ECDSA KeyGen HMAC RSA KeyGen SHA KBKDF AES key generati on HMAC key generati on KTS (AES +'01'Parent handle, sensitive data, public template, outside info, creationPCRprivate portion, public portion, creation data, hash value, creation ticket (see TPM2_CertifyC reation)
HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g- Asymmetric Encryption Keys (authValue): G - Asymmetric Encryption Keys (seedValue): G - Asymmetric Encryption Keys (sensitive data): G - Asymmetric Encryption Keys (authPolicy): G - Asymmetric Encryption Keys (public data): G - Symmetric Encryption Keys (authValue): G - Symmetric Encryption Keys (seedValue): G - Symmetric Encryption Keys (sensitive data): G - Symmetric Signing Keys (authValue): G - Symmetric Signing Keys (seedValue): G - Symmetric Signing Keys (sensitive data): GHMAC) key unwrap ping KTS (AES + HMAC) key wrappin g
TPM2_LoadLoading an protected object.Object User - Asymmetric Signing Keys (authValue): W - Asymmetric Signing Keys (seed value): W - Asymmetric Signing Keys (sensitive data): W - Asymmetric Signing Keys (authPolicy): W - Asymmetric Signing Keys (public data): W - Asymmetric Encryption Keys (authValue): W - Asymmetric Encryption Keys (seedValue): W - Asymmetric Encryption Keys (sensitive data): W - Asymmetric Encryption Keys (authPolicy): W - Asymmetric Encryption Keys (public data): W - Symmetric Encryption Keys (authValue): W - Symmetric Encryption Keys (seedValue):HMAC KAS- ECC- SSC KBKDF SHA KTS (AES + HMAC) key unwrap ping'01'Parent handle, private portion, public portionObject handle, name of the loaded object
TPM2_LoadExternalLoading an external object.Unauthentica ted - Asymmetric Signing Keys (authValue): W - Asymmetric Signing Keys (seed value): W - Asymmetric Signing Keys (sensitive data): W - Asymmetric Signing Keys (authPolicy): W - Asymmetric Signing Keys (public data): W - Asymmetric Encryption Keys (authValue): W - AsymmetricHMAC KAS- ECC- SSC SHA'01'Private portion, public portion, associated hierarchyObject handle, name of the loaded object
TPM2_ReadPublicAllows access to the public area of a loaded object.Unauthentica ted - Asymmetric Signing Keys (authValue): R - Asymmetric Signing Keys (seed value):SHA'00'object handlepublic area of object, name of object, qualified name of object

Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z Z N/A AESCFB128 AESCTR AESOFB E E © 2025 Nuvoton / atsec information security.

20 of 117
Page 21

Nuvoton Trusted Platform Module Cryptographic Module y KASECC KASECCSSC e E E E E E E E E © 2025 Nuvoton / atsec information security.

21 of 117
Page 22

Nuvoton Trusted Platform Module Cryptographic Module y E N/A AESCFB128 AESCTR AESOFB KASECC KASECCSSC e E E E E E E E © 2025 Nuvoton / atsec information security.

22 of 117
Page 23

Nuvoton Trusted Platform Module Cryptographic Module y E E E E manufacturerspecific information N/A (manufacturerspecific KASECC E E E © 2025 Nuvoton / atsec information security.

23 of 117
Page 24

Nuvoton Trusted Platform Module Cryptographic Module y E G,E G,E N/A E E G G G G © 2025 Nuvoton / atsec information security.

24 of 117
Page 25

Nuvoton Trusted Platform Module Cryptographic Module y g G G G G G G G © 2025 Nuvoton / atsec information security.

25 of 117
Page 26

Nuvoton Trusted Platform Module Cryptographic Module y KASECCSSC W W W W W W W W © 2025 Nuvoton / atsec information security.

26 of 117
Page 27

Nuvoton Trusted Platform Module Cryptographic Module y W W W KASECCSSC W W W W W © 2025 Nuvoton / atsec information security.

27 of 117
Page 28

Nuvoton Trusted Platform Module Cryptographic Module y W W W W W W R © 2025 Nuvoton / atsec information security.

28 of 117
Page 29

Nuvoton Trusted Platform Module Cryptographic Module y R R R R R R R R © 2025 Nuvoton / atsec information security.

29 of 117
Page 30
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
TPM2_ActivateCredentialDecrypts an object credential.Object Administrator - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Credential Ephemeral Keys (symKey): R,E - Credential Ephemeral Keys (hmacKey): R,E - Ephemeral Key Agreement Keys: E Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): EKTS RSA KAS- ECC KBKDF KTS (AES + HMAC) key unwrap ping'01'active handle, key handle, credential blob, secretdecrypted certificate information
TPM2_MakeCredentialEncrypts object credential.Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Credential Ephemeral Keys (symKey): R,E - CredentialCTR_D RBG KTS RSA ECDSA KeyGen KAS- ECC KTS (AES + HMAC) key wrappin g KBKDF'01'Object handle, credential, object nameencrypted secret, credentialBlob
TPM2_UnsealReturns the data in a loaded Sealed Data Object.Object UserNone'00'item handleunsealed data
TPM2_ObjectChangeAut hChange the authorization secret of an object.Object Administrator - Object Ephemeral Keys (symKey): R,W,E - Object Ephemeral Keys (hmacKey): R,W,E - Asymmetric Signing Keys (authValue): R,W - Asymmetric Signing Keys (seed value): R,W - Asymmetric Signing Keys (sensitive data): R,W - Asymmetric Signing Keys (authPolicy): R,W - Asymmetric Signing Keys (public data): R,W - Asymmetric Encryption Keys (authValue): R,W - Asymmetric Encryption Keys (seedValue): R,WCTR_D RBG KBKDF SHA KTS (AES + HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g'01'Object handle, parent handle, new authValueprivate area containing new authValue
TPM2_CreateLoadedCreation and loading of an ordinary or a derived object.Object User - ppSeed: E - epSeed: E - spSeed: E - nullSeed: E - platformAuth: E - endorsement Auth: E - ownerAuth: ECTR_D RBG Entropy Source ECDSA KeyGen HMAC KBKDF RSA KeyGen SHA AES key'01'Parent handle, private portion, public key portionObject handle, private portion, public portion, Name of the loaded object
generati on HMAC key generati on KTS (AES + HMAC) key wrappin g- Object Ephemeral Keys (symKey): G,W,E - Object Ephemeral Keys (hmacKey): G,W,E - Asymmetric Signing Keys (authValue): G,W - Asymmetric Signing Keys (seed value): G,W - Asymmetric Signing Keys (sensitive data): G,W - Asymmetric Signing Keys (authPolicy): G,W - Asymmetric Signing Keys (public data): G,W - Asymmetric Encryption Keys (authValue): G,W - Asymmetric Encryption Keys (seedValue): G,W - Asymmetric Encryption Keys (sensitive data): G,W - Asymmetric Encryption Keys (authPolicy): G,W - Asymmetric Encryption Keys (public data): G,W - Symmetricgenerati on HMAC key generati on KTS (AES + HMAC) key wrappin g
TPM2_DuplicateDuplicates a loaded object to a new parent object.Duplicate - Asymmetric Encryption Keys (authValue): R,E - Asymmetric Encryption Keys (seedValue): R,E - Asymmetric Encryption Keys (sensitive data): R,E - Asymmetric Encryption Keys (authPolicy): R,E - Asymmetric Encryption Keys (public data): R,E - Duplication Ephemeral KeysCTR_D RBG ECDSA KeyGen KAS- ECC KBKDF KTS RSA SHA KTS (AES + HMAC) key wrappin g'01'Object handle, new parent handle, encryption key, symmetric algorithm for key wrappingEncrypted key, duplicate object, seed value (asymetrically encrypted)

Nuvoton Trusted Platform Module Cryptographic Module y R R KASECC E E E E R,E R,E E E © 2025 Nuvoton / atsec information security.

30 of 117
Page 31

Nuvoton Trusted Platform Module Cryptographic Module y E E R,E R,E KASECC g E E E E R,E © 2025 Nuvoton / atsec information security.

31 of 117
Page 32

Nuvoton Trusted Platform Module Cryptographic Module y R,E h g R,W,E R,W,E R,W R,W R,W R,W R,W R,W © 2025 Nuvoton / atsec information security.

32 of 117
Page 33

Nuvoton Trusted Platform Module Cryptographic Module y R,W R,W R,W R,W R,W E E © 2025 Nuvoton / atsec information security.

33 of 117
Page 34

Nuvoton Trusted Platform Module Cryptographic Module y g G,W,E G,W,E G,W G,W G,W G,W G,W G,W G,W © 2025 Nuvoton / atsec information security.

34 of 117
Page 35

Nuvoton Trusted Platform Module Cryptographic Module y G,W G,W G,W G,W KASECC g R,E R,E R,E © 2025 Nuvoton / atsec information security.

35 of 117
Page 36

Nuvoton Trusted Platform Module Cryptographic Module y R R R R R R R R © 2025 Nuvoton / atsec information security.

36 of 117
Page 37
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
TPM2_RewrapRewraps a duplicated object with a new parent key.Object User - Duplication Ephemeral Keys (symKey): E - Duplication Ephemeral Keys (hmacKey): E - Ephemeral Key Agreement Keys: E - Asymmetric Signing Keys (authValue): R - Asymmetric Signing Keys (seed value): R - Asymmetric Signing Keys (sensitive data): R - Asymmetric Signing Keys (authPolicy): R - Asymmetric Signing Keys (public data): R - Asymmetric Encryption Keys (authValue): R - Asymmetric Encryption Keys (seedValue): R - Asymmetric Encryption Keys (sensitive data): R - Asymmetric Encryption Keys (authPolicy):CTR_D RBG ECDSA KeyGen KAS- ECC KBKDF KTS RSA KTS (AES + HMAC) key unwrap ping KTS (AES + HMAC) key wrappin g'01'Old parent, new parent, duplicate object, name of object to be wrapped, seed value for the symmetric key and HMAC keyNew duplicate object, seed for new object (encrypted with new parent's asymmetric key)
TPM2_ImportImport a duplicated object to be next loaded inside the TPM.Object User - Asymmetric Encryption Keys (authValue): R,E - Asymmetric Encryption Keys (seedValue): R,E - Asymmetric Encryption Keys (sensitive data): R,E - Asymmetric Encryption Keys (authPolicy): R,E - AsymmetricCTR_D RBG HMAC KAS- ECC KBKDF KTS RSA SHA KTS (AES + HMAC) key unwrap ping'01'Parent handle, encryption key, public area of object to be imported, encrypted duplicate object, duplicate object seed, algorithm for key wrappingPrivate portion encrypted with the symmetric key of parent handle

Nuvoton Trusted Platform Module Cryptographic Module y KASECC g R R R R R R © 2025 Nuvoton / atsec information security.

37 of 117
Page 38

Nuvoton Trusted Platform Module Cryptographic Module y R R R R R KASECC R,E R,E R,E © 2025 Nuvoton / atsec information security.

38 of 117
Page 39

Nuvoton Trusted Platform Module Cryptographic Module y y): E R R R R R R R © 2025 Nuvoton / atsec information security.

39 of 117
Page 40
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
TPM2_RSA_EncryptRSA Encryption.Unauthentica ted - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric Encryption Keys (authPolicy): E - Asymmetric Encryption Keys (public data): EKTS RSA'01'Key handle, message, padding scheme, labelCipher text
TPM2_RSA_DecryptRSA Decryption.Unauthentica ted - Asymmetric Encryption Keys (authValue): E - Asymmetric Encryption Keys (seedValue): E - Asymmetric Encryption Keys (sensitive data): E - Asymmetric EncryptionKTS RSA'01'Key handle, cipher text, scheme, labelPlaintext
TPM2_ECDH_KeyGenEphemeral key pair generation and Shared Secret Calculation.Unauthentica ted - Ephemeral User ECC Keys: GECDSA KeyGen KAS- ECC- SSC'01'Key handlezPoint, public point
TPM2_ECDH_ZgenShared Secret Calculation.Object User - Ephemeral User ECC Keys: GKAS- ECC- SSC'01'Key handle, public pointOutput point
TPM2_ECC_ParametersReturns the parameters of an ECC curve identified by its TCG-assigned curveID.Unauthentica tedNone'00'Curve idECC parameters for selected curve
TPM2_EncryptDecryptSymmetric encryption or decryption of user data.Object User - Symmetric Encryption Keys (authValue): E - Symmetric Encryption Keys (seedValue): E - Symmetric Encryption Keys (sensitive data): EAES- CFB128 AES- CTR AES- OFB'01'Key handle, encrypt/decr ypt, mode, IV, ciphertext/pla intextPlaintext/cipher text, IV
TPM2_EncryptDecrypt2Symmetric encryption or decryption of user data.Object User - Symmetric Encryption Keys (authValue): E - Symmetric Encryption Keys (seedValue): E - SymmetricAES- CFB128 AES- CTR AES- OFB'01'Key handle, encrypt/decr ypt, mode, IV, ciphertext/pla intextPlaintext/cipher text, IV
TPM2_HashPerforms a hash operation on user data.Unauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): EHMAC SHA'01'Data, hash algorithm, hierarchyDigest, validation ticket
TPM2_HMACPerforms a HMAC operation on user data.Object User - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): EHMAC'01'Key handle, HMAC data, hash algorithmReturned HMAC
TPM2_GetRandomRandom number generation.Unauthentica ted - DRBG state: G,E - DRBG Entropy Input: E - Transient DRBG state: G,ECTR_D RBG'01'Number of bytes requestedRandom bytes
TPM2_StirRandomReseed random number generator.Unauthentica ted - DRBG Entropy Input: GCTR_D RBG Entropy Source'01'Key handle, auth value, hash algorithmSequence handle
TPM2_HMAC_StartHMAC session startObject User - Symmetric Signing KeysHMAC'01'Key handle, auth value,Sequence handle
algorithms to be used(authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): Ealgorithms to be used
TPM2_HashSequenceSta rtHash session startUnauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): ESHA'01'Auth value, hash algorithmSequence handle
TPM2_SequenceUpdateSequence updateUnauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): EHMAC SHA'01'Sequence handle, data to add to hashN/A
TPM2_SequenceComplet eSequence completeUnauthentica ted - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing KeysHMAC SHA'01'Sequence handle, data, hierarchyReturned HMAC or message digest, ticket
TPM2_EventSequenceCo mpleteEvent sequence completeObject User - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): EHMAC SHA'01'DataList of digests
TPM2_CertifyCreationProves the association between an object and its creation dataObject Administrator - shProof: E - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E Object User - shProof: E - AsymmetricECDSA SigGen HMAC KBKDF RSA SigGen SHA'01'Sign handle, object handle, qualifying data, creation hash, scheme, creation ticketCertify info, signature
TPM2_QuoteQuotes PCR valuesObject User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing KeysECDSA SigGen HMAC KBKDF RSA SigGen SHA'01'sign handle, qualifying data, scheme, PCR selectionquoted information, signature
TPM2_GetSessionAuditDi gestReturns a digital signature of the audit session digestObject User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): E - Session (sessionKey): E - Session (symKey): EECDSA SigGen HMAC KBKDF RSA SigGen SHA'01'Privacy administrator handle, sign handle, session handle, qualifying data, schemeAudit info, signature
TPM2_GetCommandAudi tDigestReturns the current value of the command audit digestObject User - Asymmetric Signing Keys (authValue): EECDSA SigGen HMAC KBKDF RSA'01'Privacy administrator handle, sign handle, qualifyingAudit info, signature
data, scheme- Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): ESigGen SHAdata, scheme
TPM2_GetTimeReturns the current values of Time and ClockObject User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - SymmetricECDSA SigGen HMAC KBKDF RSA SigGen SHA'01'Privacy administrator handle, sign handle, qualifying data, schemeTime info, signature
TPM2_VerifySignatureUses loaded keys to validate a signature on a message with the message digest passed to the TPM.Unauthentica ted - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing Keys (public data): E - Symmetric Signing Keys (authValue): E - Symmetric Signing Keys (seedValue): E - Symmetric Signing Keys (sensitive data): EHMAC RSA SigVer'01'Key handle, digest, signatureValidation
TPM2_SignCauses the TPM to sign an externally provided hash with the specified symmetric or asymmetric signing key.Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value):HMAC RSA SigGen Primitiv e ECDSA SigGen'01'Key handle, digest, scheme, validationSignature

Nuvoton Trusted Platform Module Cryptographic Module y R E E E E E © 2025 Nuvoton / atsec information security.

40 of 117
Page 41

Nuvoton Trusted Platform Module Cryptographic Module y E KASECCSSC KASECCSSC AESCFB128 AESCTR AESOFB E E AESCFB128 AESCTR AESOFB E E © 2025 Nuvoton / atsec information security.

41 of 117
Page 42

Nuvoton Trusted Platform Module Cryptographic Module y E E E E G,E © 2025 Nuvoton / atsec information security.

42 of 117
Page 43

Nuvoton Trusted Platform Module Cryptographic Module y E E E E N/A E E e E E © 2025 Nuvoton / atsec information security.

43 of 117
Page 44

Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E © 2025 Nuvoton / atsec information security.

44 of 117
Page 45

Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E E E © 2025 Nuvoton / atsec information security.

45 of 117
Page 46

Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E E E © 2025 Nuvoton / atsec information security.

46 of 117
Page 47

Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E E E E © 2025 Nuvoton / atsec information security.

47 of 117
Page 48

Nuvoton Trusted Platform Module Cryptographic Module y E E E E E E E e E © 2025 Nuvoton / atsec information security.

48 of 117
Page 49
Service
NameDescriptionRole AccessCsps AccessedIndicatorInputOutput
TPM2_SetCommandCod eAuditStatusUsed by the Privacy Administrator or platform to change the audit status of a command or to set the hash algorithm used for the audit digest, but not both at the same time.NoneObject User'00'Auth handle, hash algorithm, list of commands to be audited, list of commands to no longer be auditedN/A
TPM2_PCR_ExtendUpdates the indicated PCRSHAObject User'01'PCR handle, digestsN/A
TPM2_PCR_EventUpdates the indicated PCR and reports a list of digestsSHAObject User'01'PCR handle, event dataDigests
TPM2_PCR_ReadReturns the values of all PCR specified in pcrSelectionIn.NoneUnauthentica ted'00'PCT section to readPCR update counter, returned PCR section, PCR values
TPM2_PCR_AllocateUsed to set the desired PCRNoneObject User -'00'Auth handle, PCRAllocation success, max
allocation of PCR and algorithms. Requires Platform Authorization.allocation of PCR and algorithms. Requires Platform Authorization.platformAuth: Eallocation selectionnumber of PCR, size needed, size available
TPM2_PCR_SetAuthPolic yUsed to associate a policy with a PCR or group of PCRs. The policy determines the conditions under which a PCR may be extended or reset.NoneObject User - platformAuth: E'00'Auth handle, auth policy, hash algorithmN/A
TPM2_PCR_SetAuthValu eChanges the authValue of a PCR or group of PCRs.NoneObject User'00'PCR handle, auth valueN/A
TPM2_PCR_ResetUsed to set the PCR in all banks to zero.NoneObject User'00'PCR handleN/A
TPM2_PolicySignedPolicy based on signing keyECDSA SigVer HMAC RSA SigVer SHAUnauthentica ted - phProof: E - ehProof: E - shProof: E - nullProof: E - Session (sessionKey): E'01'Signing key handle, policy session handle, TPM nonce, command parameter digest, policy reference, expiration, signed authorizationTimeout, policy ticket
TPM2_PolicySecretPolicy based on an entity's authValueHMAC SHAObject User - phProof: E - ehProof: E - shProof: E - nullProof: E'01'Auth handle, policy session handle, TPM nonce, command parameter digest, policy reference, expiration, signed authorizationTimeout, policy ticket
TPM2_PolicyTicketPolicy based on ticket (produced by PolicySigned or PolicySecret)HMAC SHAUnauthentica ted - phProof: E - ehProof: E - shProof: E - nullProof: E - Session'01'Policy session handle, TPM nonce, command parameter digest, policyN/A
reference, auth name, ticket(sessionKey): Ereference, auth name, ticket
TPM2_PolicyORPolicy enabling multiple authentication optionsSHAUnauthentica ted'01'Policy session handle, list of hash valuesN/A
TPM2_PolicyPCRPolicy based on PCRSHAUnauthentica ted'01'Policy session handle, PCR digest, PCRs to include the digestN/A
TPM2_PolicyLocalityPolicy based on LocalitySHAUnauthentica ted'01'Policy session handle, allowed localities for the policyN/A
TPM2_PolicyNVPolicy based on contents of an NV IndexSHAObject User'01'Auth handle, nv index, policy session handle, operand B, offset of NV index for the start of operand A, operationN/A
TPM2_PolicyCounterTim erPolicy based on timeSHAUnauthentica ted'01'Policy session handle, operand B, offset of TPMS_TIME _INFO for operand A, operationN/A
TPM2_PolicyCommandC odePolicy based on command codeSHAUnauthentica ted'01'Policy session handle, command codeN/A
TPM2_PolicyPhysicalPre sencePolicy based on Physical PresenceSHAUnauthentica ted'01'Policy session handleN/A
TPM2_PolicyCpHashPolicy bound to specific command with specific parameters and specific objectsSHAUnauthentica ted'01'Policy session handle, cpHashN/A
TPM2_PolicyNameHashPolicy bound to specific objectsSHAUnauthentica ted'01'Policy session handle, digest to be added to the policyN/A
TPM2_PolicyDuplicationS electPolicy limiting duplication to only a selected parentSHAUnauthentica ted'01'Policy session handle, object name, new parent name, included object nameN/A
TPM2_PolicyAuthorizePolicy enabling policy to changeHMAC SHAUnauthentica ted - Session (sessionKey): E'01'Policy Session, digest of policy being approved, signing key, ticketN/A
TPM2_PolicyAuthValuePolicy bound to authValue of authorized entity (requiring HMAC session)SHAUnauthentica ted'01'Policy session handleN/A
TPM2_PolicyPasswordPolicy bound to authValue of authorized entity (requiring password session)SHAUnauthentica ted'01'Policy session handleN/A
TPM2_PolicyGetDigestReturns the current policyDigest of the session.NoneUnauthentica ted'00'Policy session handlePolicy digest
TPM2_PolicyNvWrittenPolicy based on WRITTEN attribute of NV IndexSHAUnauthentica ted'01'Policy session handlePolicy digest
TPM2_PolicyTemplatePolicy bound to specific creation templateSHAUnauthentica ted'01'Policy session handle, indication whether NV index is required to be writtenN/A
TPM2_PolicyAuthorizeNVPolicy bound to policy stored in an NV IndexSHAObject User'01'Auth handle, nv index, policy session handleN/A
TPM2_CreatePrimaryCreates a Primary ObjectCTR_D RBG Entropy Source ECDSA KeyGen HMAC RSA KeyGen SHA AES key generati on HMAC key generati onObject User - ppSeed: E - epSeed: E - spSeed: E - nullSeed: E - platformAuth: E - endorsement Auth: E - ownerAuth: E - Object Ephemeral Keys (symKey): G,W,E - Object Ephemeral Keys (hmacKey): G,W,E - Endorsement Keys (private values): R - Asymmetric Signing Keys (authValue): G,W - Asymmetric Signing Keys (seed value): G,W'01'Primary handle, sensitive data, data to provide verifiable linkage between object and owner data, creation PCRObject handle, public portion, creation data, creation hash, creation ticket, name

Nuvoton Trusted Platform Module Cryptographic Module y E E E E E N/A N/A © 2025 Nuvoton / atsec information security.

49 of 117
Page 50

Nuvoton Trusted Platform Module Cryptographic Module y E y N/A E e N/A N/A E N/A © 2025 Nuvoton / atsec information security.

50 of 117
Page 51

Nuvoton Trusted Platform Module Cryptographic Module y E N/A N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.

51 of 117
Page 52

Nuvoton Trusted Platform Module Cryptographic Module y N/A N/A N/A N/A N/A E N/A N/A © 2025 Nuvoton / atsec information security.

52 of 117
Page 53

Nuvoton Trusted Platform Module Cryptographic Module y N/A N/A E E G,W,E G,W,E G,W G,W © 2025 Nuvoton / atsec information security.

53 of 117
Page 54

Nuvoton Trusted Platform Module Cryptographic Module y G,W G,W G,W G,W G,W G,W G,W G,W © 2025 Nuvoton / atsec information security.

54 of 117
Page 55
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
TPM2_HierarchyControlReturns the current policyDigest of the session.Object User - platformAuth: E - endorsement Auth: E - ownerAuth: E - Asymmetric Signing Keys (authValue): Z - Asymmetric Signing Keys (seed value): Z - Asymmetric Signing Keys (sensitive data): Z - Asymmetric Signing Keys (authPolicy): Z - Asymmetric Signing Keys (public data): Z - Asymmetric Encryption Keys (authValue): Z - Asymmetric Encryption Keys (seedValue): Z - Asymmetric Encryption Keys (sensitive data): Z - Asymmetric EncryptionNone'00'Auth handle, the enable being modified, stateN/A
TPM2_SetPrimaryPolicyAllows setting of the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement hierarchy (endorsementPolicy) .Object User - platformAuth: E - endorsement Auth: E - ownerAuth: E - lockoutAuth: E - platformPolic y: GNone'00'Auth handle, auth policy, hash algorithmN/A
TPM2_ChangePPSChanges the current platform primary seed (PPS)Object User - platformPolic y: ECTR_D RBG'01'Auth handleN/A

Nuvoton Trusted Platform Module Cryptographic Module y G,W N/A E E Z Z Z Z Z Z © 2025 Nuvoton / atsec information security.

55 of 117
Page 56

Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z . N/A E E E y: G N/A y: E © 2025 Nuvoton / atsec information security.

56 of 117
Page 57

Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z Z Z Z © 2025 Nuvoton / atsec information security.

57 of 117
Page 58
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutputSecurit y Functio ns
TPM2_ChangeEPSChanges the current endorsement primary seed (EPS)Object User - platformPolic y: E - epSeed: Z - ehProof: Z - endorsement Auth: Z - Asymmetric Signing Keys (authValue): Z - Asymmetric Signing Keys (seed value): Z - Asymmetric Signing Keys (sensitive data): Z - Asymmetric Signing Keys (authPolicy): Z - Asymmetric Signing Keys (public data): Z - Asymmetric Encryption Keys (authValue): Z - Asymmetric EncryptionCTR_D RBG'01'Auth handleN/A
TPM2_ClearZeroizes all TPM context associated with a specific Owner.Object User - platformAuth: E - lockoutAuth: E,Z - epSeed: Z - spSeed: Z - shProof: ZCTR_D RBG'01'Auth handleN/A
TPM2_ClearControlDisables and enables the execution of TPM2_Clear().Object User - platformAuth: E - lockoutAuth: ENone'00'Auth handle, disable flagN/A
TPM2_HierarchyChange AuthAllows the authorization secret for a hierarchy or lockout to be changed using the current authorization value as the command authorization.Object User - platformAuth: E - endorsement Auth: E - ownerAuth: E - lockoutAuth: ENone'00'Auth handle, new auth valueN/A
TPM2_DictionaryAttackLo ckResetCancels the effect of a TPM lockout due to a number of successive authorization failures.Object User - lockoutAuth: ENone'00'Lock handleN/A
TPM2_DictionaryAttackP arametersChanges the lockout parameters.Object User - lockoutAuth: ENone'00'Lock handle, max tries, recovery time before failure countN/A
TPM2_PP_CommandsUsed to determine which commands require assertion of Physical Presence (PP) in addition to platformAuth/platfor mPolicy.Object UserNone'00'Auth handle, list of commands to be asserted, list of commands to no longer be assertedN/A
TPM2_ContextSaveSave a (object, object sequence or session) contextUnauthentica ted - phProof: E - Context Ephemeral Keys (symKey): E - Context Ephemeral Keys (hmacKey): E - Session (salt): RKBKDF KTS (AES + HMAC) key unwrap ping'01'Save handleContext
TPM2_ContextLoadReload a contextUnauthentica ted - phProof: E - Context Ephemeral Keys (symKey): E - Context Ephemeral Keys (hmacKey): E - Session (salt): RKBKDF KTS (AES + HMAC) key wrappin g'01'ContextLoaded handle
TPM2_FlushContextCauses all context associated with a loaded object, sequence object, or session to be removed from TPM memory.Unauthentica ted - Session (sessionKey): Z - Asymmetric Signing Keys (authValue): ZNone'00'Item to flushN/A
TPM2_EvictControlAllows certain Transient Objects to be made persistent or a persistent object to be evicted.Object User - platformAuth: E - ownerAuth: E - Asymmetric Signing Keys (authValue): W - Asymmetric Signing Keys (seed value): W - Asymmetric Signing Keys (sensitive data): W - Asymmetric Signing Keys (authPolicy): W - Asymmetric Signing Keys (public data): W - Asymmetric Encryption Keys (authValue): W - Asymmetric Encryption Keys (seedValue): W - Asymmetric Encryption Keys (sensitive data): W - Asymmetric Encryption Keys (authPolicy): W - Asymmetric Encryption Keys (public data): W - Symmetric Encryption Keys (authValue):None'00'Auth handle, object handle, persistent handleN/A
TPM2_ReadClockReads the current TPMS_TIME_INFO structure that contains the current setting of Time, Clock, resetCount, and restartCount.Unauthentica tedNone'00'N/ACurrent time
TPM2_ClockSetUsed to advance the value of the TPM's Clock.Object User - platformAuth: E - ownerAuth: ENone'00'Auth handle, New time to setN/A
TPM2_ClockRateAdjustAdjusts the rate of advance of Clock and Time to provide a better approximation to real time.Object User - platformAuth: E - ownerAuth: ENone'00'Auth handle, rate adjustmentN/A
TPM2_GetCapability (Show status/version)Shows various information regarding the TPM and its current state. This can also be used to return module's name andUnauthentica tedNone'00'Property to be readReturned information.
TPM2_TestParmsUsed to check to see if specific combinations of algorithm parameters are supported.Unauthentica tedNone'00'ParametersSuccess or error
TPM2_NV_DefineSpaceDefines the attributes of an NV Index and causes the TPM to reserve space to hold the data associated with the NV Index.Object User - platformAuth: E - ownerAuth: E - NV Index (authValue): G - NV Index (authPolicy): G - Endorsement Keys (public values): ENone'00'Auth handle, auth value, public parameters of the NV areaauth handle, auth value, public parameters of the NV areaN/A
TPM2_NV_UndefineSpac eRemoves an Index from the TPM.Object User - platformAuth: E - ownerAuth: E - NV Index (authValue): Z - NV Index (authPolicy): ZNone'00'Auth handle, NV indexN/A
TPM2_NV_UndefineSpac eSpecialAllows removal of a platform-created NV Index that has TPMA_NV_POLICY _DELETE SET .Object Administrator - platformAuth: E - ownerAuth: E - NV Index (authValue): Z - NV Index (authPolicy): Z Object UserNone'00'NV index, platformN/A
TPM2_NV_ReadPublicRead public area and name of an NV IndexUnauthentica tedSHA'01'NV indexNV public area, NV name
TPM2_NV_WriteWrites a value to an area in NV memory that was previously defined by TPM2_NV_DefineSp ace().Object UserNone'00'Auth handle, nv index, data to write, offsetN/A
TPM2_NV_IncrementUsed to increment the value in an NV Index that has the TPM_NT_COUNTE R attribute. The data value of the NV Index is incremented by one.Object UserNone'00'auth handle, NV indexN/A
TPM2_NV_ExtendExtend data to an NV IndexObject UserSHA'01'auth handle, nv index, dataN/A
TPM2_NV_SetBitsUsed to SET bits in an NV Index that was created as a bit field.Object UserNone'00'auth handle, NV index, bitsN/A
TPM2_NV_WriteLockIf the TPMA_NV_WRITED EFINE or TPMA_NV_WRITE_ STCLEAR attributes of an NV location are SET, then this service may be used to inhibit further writes of the NV Index.Object UserNone'00'Auth handle, nv indexN/A
TPM2_NV_GlobalWriteLo ckWill SET TPMA_NV_WRITEL OCKED for all indexes that have their TPMA_NV_GLOBAL LOCK attribute SET.Object User - platformAuth: E - ownerAuth: ENone'00'Auth handleN/A
TPM2_NV_ReadReads a value from an area in NV memory previously defined by TPM2_NV_DefineSp ace().Object UserNone'00'Auth handle, nv index, number of octets to read, offsetData
TPM2_NV_ReadLockIf TPMA_NV_READ_S TCLEAR is SET in an Index, then this service may be used to prevent further reads of the NV Index until the next TPM2_Startup (TPM_SU_CLEAR).Object UserNone'00'Auth handle, nv indexN/A
TPM2_NV_ChangeAuthAllows the authorization secret for an NV Index to be changed.Object Administrator - NV Index (authValue): W - NV Index (authPolicy): WNone'00'NV index, new auth valueN/A
TPM2_NV_CertifyCertify contents of an NV Index.Object User - Asymmetric Signing Keys (authValue): E - Asymmetric Signing Keys (seed value): E - Asymmetric Signing Keys (sensitive data): E - Asymmetric Signing Keys (authPolicy): E - Asymmetric Signing KeysECDSA SigGen HMAC RSA SigGen SHA'01'Qualifying data, scheme, size, offsetCertify info, signature
TPM2_ACT_SetTimeoutUsed to set the time remaining before an Authenticated Countdown Timer (ACT) expires.Object UserNone'00'Act handle, start timeout valueN/A
NTC_FIELD_UPGRADEUsed to verify arguments and protect the input firmware payloadObject Administrator - Firmware Update Keys (ECC): E - Firmware Update Keys (AES): EAES- CTR ECDSA SigVer'01'Firmware payloadN/A
TPM2_CreateCreation of an ordinary objectCKGObject User
TPM2_LoadLoading an protected objectKAS-ECC-SSCObject User
TPM2_LoadExternalLoading an external objectKAS-ECC-SSCNone
TPM2_CreateLoadedCreation and loading of an ordinary or a derived objectCKGObject User
TPM2_RSA_EncryptRSA EncryptionRSA Key TransportNone
TPM2_RSA_DecryptRSA DecryptionRSA Key TransportObject User
TPM2_ECDH_ZGenShared Secret Calculation with TPM static key and provided public key (1e,1s)KAS-ECC-SSCObject User
TPM2_ZGen_2PhaseEphemeral key pair derivation and Shared Secret Calculation with TPM ephemeral and static key and provided ephemeral and static key (2e,2s)KAS-ECC-SSCObject User
TPM2_HMACPerforms a HMAC operation on user dataHMACObject User
TPM2_HMAC_StartHMAC session startHMACObject User
TPM2_SequenceUpdateSequence updateHMACObject User
TPM2_SequenceCompleteSequence completeHMACObject User
TPM2_EventSequenceCompleteEvent sequence completeHMACObject User
TPM2_CertifyProves that an object with a specific Name is loaded in the TPMRSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMACObject Administrator, Object User
TPM2_CertifyCreationProves the association between an object and its creation dataRSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMACObject Administrator, Object User
TPM2_QuoteQuotes PCR valuesRSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMACObject User
TPM2_GetSessionAuditDigestReturns a digital signature of the audit session digestRSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMACObject User
TPM2_GetCommandAuditDigestReturns the current value of the command audit digestRSA signature generation using SHA-1 ECDSA signature generation usingObject User
TPM2_GetTimeReturns the current values of Time and ClockRSA signature generation using SHA-1 ECDSA signature generation using SHA-1 HMACObject User
TPM2_EC_EphemeralEphemeral key pair derivationKAS-ECC-SSCNone
TPM2_VerifySignatureUses loaded keys to validate a signature on a message with the message digest passed to the TPM.HMACNone
TPM2_SignCauses the TPM to sign an externally provided hash with the specified symmetric or asymmetric signing key.RSA signature generation using SHA-1 ECDSA signature generation using SHA-1Object User
TPM2_PolicySignedPolicy based on signing keyHMACNone
TPM2_PolicySecretPolicy based on an entity's authValueHMACObject User
TPM2_PolicyTicketPolicy based on ticket (produced by PolicySigned or PolicySecret)HMACNone
TPM2_PolicyAuthorizePolicy enabling policy to changeHMACNone
TPM2_CreatePrimaryCreates a Primary ObjectCKGObject User
TPM2_NV_CertifyCertify contents of an NV IndexRSA signature generation using SHA-1 ECDSA signature generation using SHA-1Object User

Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z N/A y: E Z Z Z Z Z © 2025 Nuvoton / atsec information security.

58 of 117
Page 59

Nuvoton Trusted Platform Module Cryptographic Module y Z Z Z Z Z Z N/A E E,Z © 2025 Nuvoton / atsec information security.

59 of 117
Page 60

Nuvoton Trusted Platform Module Cryptographic Module y Z Z :Z Z Z N/A E E N/A E E E N/A E N/A E © 2025 Nuvoton / atsec information security.

60 of 117
Page 61

Nuvoton Trusted Platform Module Cryptographic Module y N/A g N/A Z Z © 2025 Nuvoton / atsec information security.

61 of 117
Page 62

Nuvoton Trusted Platform Module Cryptographic Module y N/A E E W W W W W W W © 2025 Nuvoton / atsec information security.

62 of 117
Page 63

Nuvoton Trusted Platform Module Cryptographic Module y W W W W N/A N/A E E N/A E E © 2025 Nuvoton / atsec information security.

63 of 117
Page 64

Nuvoton Trusted Platform Module Cryptographic Module y N/A E E G G e N/A E E Z Z N/A E E Z Z © 2025 Nuvoton / atsec information security.

64 of 117
Page 65

Nuvoton Trusted Platform Module Cryptographic Module y E E Z Z N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.

65 of 117
Page 66

Nuvoton Trusted Platform Module Cryptographic Module y N/A E E N/A N/A W W E E E © 2025 Nuvoton / atsec information security.

66 of 117
Page 67

Nuvoton Trusted Platform Module Cryptographic Module y E E E N/A N/A AESCTR Table 13: Approved Services

4.4 Non-Approved Services

© 2025 Nuvoton / atsec information security.

67 of 117
Page 68

Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.

68 of 117
Page 69

Nuvoton Trusted Platform Module Cryptographic Module Table 14: Non-Approved Services

4.5 External Software/Firmware Loaded

The software/firmware load test is performed prior to loading external software or firmware on the security module. The firmware image is verified using an ECDSA signature verification algorithm, utilizing a 384-bit Firmware Update key. © 2025 Nuvoton / atsec information security.

69 of 117
Page 70

Nuvoton Trusted Platform Module Cryptographic Module

5 Software/Firmware Security
5.1 Integrity Techniques

The integrity of the module is verified by comparing an HMAC-SHA-256 value calculated at run time. The integrity test uses a fixed key size of 160 bits.

5.2 Initiate on Demand

On demand integrity test may be performed by power cycling. The operator can call TPM2_Startup service from the Approved Services Table to perform on-demand integrity test. This service resets the module, resulting in the pre-operational self-tests to be re-performed. © 2025 Nuvoton / atsec information security.

70 of 117
Page 71

Nuvoton Trusted Platform Module Cryptographic Module

6 Operational Environment
6.1 Operational Environment Type and Requirements

The module operates in a non-modifiable operational environment per FIPS 140-3 security level 1 specifications. The operator cannot modify the firmware components of the module. Type of Operational Environment: Non-Modifiable © 2025 Nuvoton / atsec information security.

71 of 117
Page 72
MechanismInspection FrequencyInspection Guidance
Hard tamper-evident coatingDetermined by the operatorObserve the coating surrounding the chip for any signs of damage
Temp/Voltage TypeTemperature or VoltageEFPResult
or
EFT
LowTemperature-197.9°CEFTThe module remained operational without producing errors
HighTemperature200.4°CEFTThe module remained operational without producing errors
LowVoltage1.7VEFTModule shuts down
HighVoltage3.47VEFTModule shuts down
TemperatureTemperature
Type
LowTemperature-40°C
HighTemperature105°C

Nuvoton Trusted Platform Module Cryptographic Module

7 Physical Security

The TPM is implemented as a single integrated circuit (IC) device that attaches to standard system PCBs. It is manufactured using de-facto standard integrated circuit manufacturing technologies, producing a device that meets all commercial-grade power, temperature, reliability, shock and vibration specifications. The TPM IC physical package provides hardness, opacity and tamperevidence protection conforming to FIPS 140-3 Physical Security Level

  1. The TPM achieves this level of protection by implementing an enclosure that is both hard and opaque, as shown in the figures in Section
  2. This type of IC package ensures that any physical tampering will always result in scratches, chipping, or other visible damage on the enclosure. Before the TPM is integrated into a target application system, it must be checked visually for tampering. After it is integrated, typically through soldering onto a PCB, it can be inspected for tampering by opening the application system enclosure and examining the TPM.
7.1 Mechanisms and Actions Required

Table 15: Mechanisms and Actions Required Table 16: EFP/EFT Information

7.3 Hardness Testing Temperature Ranges

Table 17: Hardness Testing Temperatures © 2025 Nuvoton / atsec information security.

72 of 117
Page 73

Nuvoton Trusted Platform Module Cryptographic Module

8 Non-Invasive Security

This module does not implement any non-invasive security mechanism defined in SP 800-140F, therefore this section is not applicable. © 2025 Nuvoton / atsec information security.

73 of 117
Page 74
Sensitive security parameter
NameTypeDescription
FlashStaticStorage location for firmware components and persistent SSPs.
RAMDynamicStorage location for runtime operations and transient SSPs.
StackDynamicStorage location for ephemeral keys.
Service
NameApproved FunctionsTypeFromTo
TPM2_LoadKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_EvictControlKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_ImportKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_Create (Import)KTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_Create (Export)KTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_CreatePrimary (Import)KTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_CreatePrimary (Export)KTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_CreateLoadedKTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_ContextLoadKTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_ContextSaveKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_ReadPublicKTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_ObjectChangeAuth (Import)KTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_ObjectChangeAuth (Export)KTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_NV_ChangeAuth (Import)KTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_NV_ChangeAuth (Export)KTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_Rewrap (Import)KTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_Rewrap (Export)KTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_HierarchyChangeAuthKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_SetPrimaryPolicyKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_Duplicate (Import, Plain)PlaintextRAMEntity using the moduleManualElectronic
TPM2_Duplicate (Import, Encrypted)KTS (AES + HMAC) key unwrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_Duplicate (Export, Plain)PlaintextRAMEntity using the moduleManualElectronic
TPM2_Duplicate (Export, Encrypted)KTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic
TPM2_LoadExternalPlaintextEntity using the moduleRAMAutomatedElectronic
TPM2_MakeCredentialKTS (AES + HMAC) key unwrappingEncryptedEntity using the moduleRAMAutomatedElectronic
TPM2_ActivateCredentialKTS (AES + HMAC) key wrappingEncryptedRAMEntity using the moduleAutomatedElectronic

Nuvoton Trusted Platform Module Cryptographic Module

9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods

© 2025 Nuvoton / atsec information security.

74 of 117
Page 75

Nuvoton Trusted Platform Module Cryptographic Module © 2025 Nuvoton / atsec information security.

75 of 117
Page 76

Nuvoton Trusted Platform Module Cryptographic Module Table 19: SSP Input-Output Methods The module requires two independent internal actions to output SSP in plaintext. The TPM2_Duplicate command performs the following actions:

  1. Verification of the encryptedDuplication attribute of the key to be duplicated: encryptedDuplication attribute needs to be set to 0
  2. Verification of the handle of the new parent of the key to be duplicated: new handle needs to be set to the NULL handle
9.3 SSP Zeroization Methods

The table below identifies every zeroization method that is available within the module. Please refer to the “Zeroization” column in SSP Table 2 for the zeroization method used for each specific SSP. © 2025 Nuvoton / atsec information security.

76 of 117
Page 77
Zeroization MethodDescriptionRationaleOperator Initiation
zeroized. Flushes any resident objects.
TPM2_ChangePPSChanges the current platform primary seed (PPS)ppSeed is overwritten by random values from the DRBG. platformPolicy is zeroized. Flushes any resident objects.By invoking the TPM2_ChangePPS service
TPM2_StartupCan be used to reset the module and have all variables go to the default initialization stateAll variables are overwritten back the the default values (zeroed).By invoking the TPM2_Startup service
TPM2_FlushContextCauses all context associated with a loaded object, sequence object, or session to be removed from TPM memory.Clears objects from memory.By invoking the TPM2_FlushContext service
TPM2_NV_UndefineSpaceRemoves an Index from the TPM.Index is removed from the TPM.By invoking the TPM2_NV_UndefineSpace service
TPM2_HierarchyControlThis command enables and disables use of a hierarchy and its associated NV storage. The command allows phEnable, phEnableNV, shEnable, and ehEnable to be changed when the proper authorization is provided.Zeroizes non-volatile stored values related to the disabled hierarchyBy invoking the TPM2_HierarchyControl service
Clear TPMPersistent memory is zeroized using a proprietary methodRemoves all module contentsFor further information and instructions on clearing the flash, contact the platform manufacturer or Nuvoton support

Table 20: SSP Zeroization Methods

9.4 SSPs

The table below summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. © 2025 Nuvoton / atsec information security.

77 of 117
Page 78
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishmentUse
ppSeedSeed Value - CSPKBKDF derivation keys to derive primary object's seedValue and sensitive data512 bits - 256 bitsCTR_DRB GKBKDF
epSeedSeed Value - CSPKBKDF derivation keys to derive primary object's seedValue and sensitive data512 bits - 256 bitsCTR_DRB GKBKDF
spSeedSeed Value - CSPKBKDF derivation keys to derive primary object's seedValue and sensitive data512 bits - 256 bitsCTR_DRB GKBKDF
nullSeedSeed Value - CSPKBKDF derivation keys to derive primary object's seedValue and sensitive data512 bits - 256 bitsCTR_DRB GKBKDF
phProofProof Values - CSPUsed as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove that an externally stored computation (context blob or a ticket) was created or checked by the TPM.512 bits - 256 bitsCTR_DRB GKBKDF
ehProofProof Values - CSPUsed as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove that an externally stored computation (context blob or a ticket) was created or checked by the TPM.512 bits - 256 bitsCTR_DRB GKBKDF
shProofProof Values - CSPUsed as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove512 bits - 256 bitsCTR_DRB GKBKDF
nullProofProof Values - CSPUsed as KBKDF derivation key to derive context encryption key. It's also used as a HMAC key to prove that an externally stored computation (context blob or a ticket) was created or checked by the TPM.512 bits - 256 bitsCTR_DRB GKBKDF
platformAuthAuthorization Values - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessions.Same as digest - Same as digest
endorsementAuthAuthorization Values - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessionsSame as digest - Same as digest
ownerAuthAuthorization Values - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessionsSame as digest - Same as digest
lockoutAuthAuthorization Values - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Password or HMAC sessionsSame as digest - Same as digest
platformPolicyPolicies - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessionsSame as digest - Same as digest
endorsementPolic yPolicies - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessionsSame as digest - Same as digest
ownerPolicyPolicies - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessionsSame as digest - Same as digest
lockoutPolicyPolicies - CSPAuthorization data known to the hierarchy owner, required when using or changing the Hierarchy in Policy sessionsSame as digest - Same as digest
Asymmetric Signing Keys (authValue)Object Keys - CSPAuthorization data known to the Object owner, required when using or changing the Asymmetric Signing Key Object.Same as digest - Same as digest
Asymmetric Signing Keys (seed value)Object Keys - CSPUnused (set to 0).Same as digest - Same as digestKBKDFKBKDF
Asymmetric Signing Keys (sensitive data)Object Keys - CSPECDSA/RSA Private Data for Signature Generation and VerificationECDSA: P-256, P-384; RSA: 2048, 3072, 4096 - ECDSA:ECDSA KeyGen RSA KeyGenECDSA SigGen RSA SigGen RSA SigGen Primitive ECDSA
128 or 192 bits; RSA: 112, 128 or 150 bits128 or 192 bits; RSA: 112, 128 or 150 bitsSigGen Component
Asymmetric Signing Keys (authPolicy)Object Keys - CSPCommand authentication dataSame as digest - Same as digest
Asymmetric Signing Keys (public data)Object Keys - PSPECDSA/RSA Public DataECDSA: P-256, P-384; RSA: 2048, 3072, 4096 - ECDSA: 128 or 192 bits; RSA: 112, 128 or 150 bitsECDSA KeyGen RSA KeyGenECDSA KeyVer ECDSA SigVer RSA SigVer
Asymmetric Encryption Keys (authValue)Object Keys - CSPAuthorization data known to the Object owner, required when using or changing the Object.Same as digest - Same as digest
Asymmetric Encryption Keys (seedValue)Object Keys - CSPAuthorization data known to the Object owner, required when using or changing the Object.Same as digest - Same as digestKBKDFKBKDF
Asymmetric Encryption Keys (sensitive data)Object Keys - CSPECC/RSA Private DataECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128CTR_DRB G KBKDFKAS-ECC KAS-ECC- SSC KTS RSA
Asymmetric Encryption Keys (authPolicy)Object Keys - CSPCommand authentication data512 bits - 256 bits
Asymmetric Encryption Keys (public data)Object Keys - PSPECC/RSA Public DataECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 or 150 bitsKAS-ECC KAS-ECC- SSC KTS RSA
Symmetric Encryption Keys (authValue)Object Keys - CSPAuthorization data known to the Object owner, required when using or changing the Symmetric Encryption Key ObjectSame as digest - Same as digest
Symmetric Encryption Keys (seedValue)Object Keys - CSPUsed to compute the unique field (If restricted decrypt key - by using HMAC, if not a restricted decrypt key - by hashing with the sensitive field)Same as digest - Same as digest
Symmetric Encryption Keys (sensitive data)Object Keys - CSPSymmetric encryption using AES128 or 256 bits - 128 or 256 bitsAES- CFB128 AES-CTR AES-OFB
Symmetric Signing Keys (authValue)Object Keys - CSPAuthorization data known to the Object owner, required when using or changing the Symmetric Signing Key ObjectSame as digest - Same as digest
Symmetric Signing Keys (seedValue)Object Keys - CSPAdditionally used to compute the unique field (If restricted decrypt key - bySame as digest - Same
using HMAC, if not a restricted decrypt key - by hashing with the sensitive field)using HMAC, if not a restricted decrypt key - by hashing with the sensitive field)as digest
Symmetric Signing Keys (sensitive data)Object Keys - CSPMessage Authentication Code using HMAC160, 256, 384 bits - 128 or 256 bitsHMAC
Object Ephemeral Keys (symKey)Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSPSymmetric encryption key (AES) protecting (encryption) the object sensitive data128 or 256 bits - 128 or 256 bitsKBKDFAES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Object Ephemeral Keys (hmacKey)Ephemeral Key Wrapping Keys (MAC) - CSPSymmetric signing key (HMAC) protecting (integrity) the encrypted data160, 256, 384 bits - 128 or 256 bitsKBKDFHMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Duplication Ephemeral Keys (symKey)Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSPSymmetric encryption key (AES) protecting (encryption) the object sensitive data128 or 256 bits - 128 or 256 bitsKAS-ECC KTS RSAAES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Duplication Ephemeral Keys (hmacKey)Ephemeral Key Wrapping Keys (MAC) - CSPSymmetric signing key (HMAC) protecting (integrity) the encrypted data160, 256, 384 bits - 128 or 256 bitsKAS-ECC KTS RSAHMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Duplication Ephemeral Keys (innerSymKey)Ephemeral Key Wrapping Keys Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSPSymmetric encryption key (AES) for double protecting (encryption) the object sensitive data128 or 256 bits - 128 or 256 bitsCTR_DRB GAES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Context Ephemeral Keys (symKey)Ephemeral Key Wrapping Keys Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSPSymmetric encryption key (AES) protecting (encryption) the the externally stored objects, sequence objects, and sessions128 or 256 bits - 128 or 256 bitsKBKDFAES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Context Ephemeral Keys (hmacKey)Ephemeral Key Wrapping Keys (MAC) - CSPSymmetric signing key (HMAC) protecting (integrity) the encrypted data160, 256, 384 bits - 128 or 256 bitsKBKDFHMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Credential Ephemeral Keys (symKey)Ephemeral Key Wrapping Keys (Symmetric Encryption/Decryptio n) - CSPSymmetric encryption key (AES) protecting (encryption) the the externally stored objects, sequence objects, and sessions128 or 256 bits - 128 or 256 bitsKAS-ECC KTS RSAAES- CFB128 KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Credential Ephemeral Keys (hmacKey)Ephemeral Key Wrapping Keys (MAC) - CSPSymmetric signing key (HMAC) protecting (integrity) the encrypted data160, 256, 384 bits - 128 or 256 bitsKAS-ECC KTS RSAHMAC KTS (AES + HMAC) key wrapping KTS (AES + HMAC) key unwrapping
Ephemeral Key Agreement KeysAsymmetric Ephemeral Keys - CSPECC ephemeral keys used in Diffie- Hellman key exchange.P-256, P-384 - 128 or 192 bitsCTR_DRB G KBKDFKAS-ECC
Ephemeral User ECC KeysAsymmetric Ephemeral Keys - CSPECC private key used for user cryptography supportP-256, P-384 - 128 or 192 bitsCTR_DRB G KBKDFKAS-ECC- SSC
Endorsement Keys (private values)Endorsement Keys (Asymmetric) - CSPPrivate key values for Digital Signature Generation/Verificatio nECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 or 150 bitsECDSA SigGen ECDSA SigVer
Endorsement Keys (public values)Endorsement Keys (Asymmetric) - PSPCertificates containing the public RSA\ECC keysECC: P- 256, P- 384; RSA: 2048, 3072, 4096 - ECC: 128 or 192 bits; RSA: 112, 128 or 150 bitsECDSA SigGen ECDSA SigVer
Firmware Update Keys (ECC)Firmware Update Keys - PSPECC Public Key Used to verify arguments of FU_Start & FU_Complete commands using ECDSAP-256, P-384 - 128 or 192 bitsECDSA SigVer
Firmware Update Keys (AES)Firmware Update Keys - CSPUsed to decrypt input payload of FU_Load command128 or 256 bits - 128 or 256 bitsAES-CTR
NV Index (authValue)NV Index - CSPAuthorization data used in authorization session, and extended into policyDigest on TPM2_PolicySecret commandSame as digest - Same as digest
NV Index (authPolicy)NV Index - CSPAuthorization data used in policy sessionSame as digest - Same as digest
Session (salt)Session Keys - CSPKBKDF derivation key to derive sessionKey384 bits - 256 bitsKBKDF
Session (sessionKey)Session Keys - CSPHMAC key to compute session HMAC160, 256, 384 bits - 128 or 256 bitsKBKDFHMAC KBKDF
Session (symKey)Session Keys - CSPEphemeral symmetric encryption key for message parameter encrypt/decrypt (of the first sized buffer parameter, if a session-based encryption is used)128 or 256 bits - 128 or 256 bitsKBKDFAES- CFB128 AES-CTR AES-OFB
DRBG stateDRBG Keys - CSPThe CTR DRBG working state. Contains the current V and Key384 bits - 256 bitsCTR_DRB G
DRBG Entropy InputDRBG Keys - CSPBit stream produced from the entropy source, used as entropy input for the DRBG's seed384 bits - 256 bitsEntropy SourceCTR_DRB G
Transient DRBG stateDRBG Keys - CSPLocal DRBG state used for pseud- random during CreatePrimary command384 bits - 256 bitsCTR_DRB G

Nuvoton Trusted Platform Module Cryptographic Module h G G G G G G G © 2025 Nuvoton / atsec information security.

78 of 117
Page 79

Nuvoton Trusted Platform Module Cryptographic Module h G © 2025 Nuvoton / atsec information security.

79 of 117
Page 80

Nuvoton Trusted Platform Module Cryptographic Module h y © 2025 Nuvoton / atsec information security.

80 of 117
Page 81

Nuvoton Trusted Platform Module Cryptographic Module h ECC: P256, P384; G KAS-ECCSSC © 2025 Nuvoton / atsec information security.

81 of 117
Page 82

Nuvoton Trusted Platform Module Cryptographic Module h ECC: P256, P384; KAS-ECCSSC AESCFB128 © 2025 Nuvoton / atsec information security.

82 of 117
Page 83

Nuvoton Trusted Platform Module Cryptographic Module h AESCFB128 AESCFB128 © 2025 Nuvoton / atsec information security.

83 of 117
Page 84

Nuvoton Trusted Platform Module Cryptographic Module h G AESCFB128 AESCFB128 AESCFB128 © 2025 Nuvoton / atsec information security.

84 of 117
Page 85

Nuvoton Trusted Platform Module Cryptographic Module h G G KAS-ECCSSC n ECC: P256, P384; ECC: P256, P384; © 2025 Nuvoton / atsec information security.

85 of 117
Page 86

Nuvoton Trusted Platform Module Cryptographic Module h AESCFB128 G G G Table 21: SSP Table 1 © 2025 Nuvoton / atsec information security.

86 of 117
Page 87
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
ppSeedFlash:Obfuscat edTPM2_ChangePPSN/A
epSeedFlash:Obfuscat edTPM2_ChangeEPSN/A
spSeedFlash:Obfuscat edTPM2_ClearN/A
nullSeedRAM:PlaintextTPM2_StartupUntil reset
phProofFlash:Obfuscat edTPM2_ChangePPSN/A
ehProofFlash:Obfuscat edTPM2_Clear TPM2_ChangeEPSN/A
shProofFlash:Obfuscat edTPM2_ClearN/A
nullProofRAM:PlaintextTPM2_StartupN/A
platformAuthRAM:PlaintextTPM2_StartupTPM2_HierarchyChange AuthUntil reset
endorsementAut hFlash:Obfuscat edTPM2_Clear TPM2_ChangeEPSTPM2_HierarchyChange AuthN/A
ownerAuthFlash:Obfuscat edTPM2_ClearTPM2_HierarchyChange AuthN/A
lockoutAuthFlash:Obfuscat edTPM2_ClearTPM2_HierarchyChange AuthN/A
platformPolicyRAM:PlaintextTPM2_StartupTPM2_SetPrimaryPolicyN/A
endorsementPol icyFlash:Obfuscat edTPM2_Clear TPM2_ChangeEPS TPM2_StartupTPM2_SetPrimaryPolicyN/A
ownerPolicyFlash:Obfuscat edTPM2_Clear TPM2_StartupTPM2_SetPrimaryPolicyN/A
lockoutPolicyFlash:Obfuscat edTPM2_Clear TPM2_StartupTPM2_SetPrimaryPolicyN/A
Asymmetric Signing Keys (authValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/AAsymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (authPolicy):Used With Asymmetric Signing Keys (public data):Used With
Asymmetric Signing Keys (seed value)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/AAsymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (authPolicy):Used With Asymmetric Signing Keys (public data):Used With ppSeed:Derived From
Asymmetric Signing Keys (sensitive data)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoadedN/AAsymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys

Nuvoton Trusted Platform Module Cryptographic Module The following table continues to summarize the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. e n N/A N/A N/A N/A N/A N/A N/A h N/A N/A N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.

87 of 117
Page 88

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.

88 of 117
Page 89
Sensitive security parameter
NameStorageZeroizationUseInput
Asymmetric Signing Keys (authPolicy)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (public data):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/A
Asymmetric Signing Keys (public data)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Signing Keys (authValue):Used With Asymmetric Signing Keys (seed value):Used With Asymmetric Signing Keys (sensitive data):Used With Asymmetric Signing Keys (authPolicy):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain)N/A
Asymmetric Encryption Keys (authValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Encryption Keys (seedValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (authPolicy):Used With Asymmetric Encryption Keys (public data):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/A
Asymmetric Encryption Keys (seedValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (authPolicy):Used With Asymmetric Encryption Keys (public data):Used With ppSeed:Derived FromTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/A
Asymmetric Encryption Keys (sensitive data)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (seedValue):UsedTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import)N/A
TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)With Asymmetric Encryption Keys (authPolicy):Used With Asymmetric Encryption Keys (public data):Used With ppSeed:Derived FromTPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)
Asymmetric Encryption Keys (authPolicy)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (seedValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (public data):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/A
Asymmetric Encryption Keys (public data)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMAsymmetric Encryption Keys (authValue):Used With Asymmetric Encryption Keys (seedValue):Used With Asymmetric Encryption Keys (sensitive data):Used With Asymmetric Encryption Keys (authPolicy):Used With Symmetric Encryption KeysTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export,N/A
Plain) TPM2_Duplicate (Export, Encrypted)(authValue):Used WithPlain) TPM2_Duplicate (Export, Encrypted)
Symmetric Encryption Keys (authValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMSymmetric Encryption Keys (seedValue):Used With Symmetric Encryption Keys (sensitive data):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/A
Symmetric Encryption Keys (seedValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMSymmetric Encryption Keys (authValue):Used With Symmetric Encryption Keys (sensitive data):Used With ppSeed:Derived FromTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)N/A
Symmetric Encryption Keys (sensitive data)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContrSymmetric Encryption Keys (authValue):Used With Symmetric Encryption KeysTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimaryN/A
(Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)ol Clear TPM(seedValue):Used With ppSeed:Derived From(Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ReadPublic TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Duplicate (Export, Plain) TPM2_Duplicate (Export, Encrypted)
Symmetric Signing Keys (authValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMSymmetric Signing Keys (seedValue):Used With Symmetric Signing Keys (sensitive data):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export)N/A
Symmetric Signing Keys (seedValue)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContext TPM2_HierarchyContr ol Clear TPMSymmetric Signing Keys (authValue):Used With Symmetric Signing Keys (sensitive data):Used With ppSeed:Derived FromTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import) TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export)N/A
Symmetric Signing Keys (sensitive data)RAM:Plaintext Flash:Obfuscat edTPM2_ChangeEPS TPM2_ChangePPS TPM2_Startup TPM2_FlushContextSymmetric Signing Keys (authValue):Used WithTPM2_Load TPM2_LoadExternal TPM2_EvictControl TPM2_Create (Import)N/A
TPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export)TPM2_HierarchyContr ol Clear TPMSymmetric Signing Keys (seedValue):Used With ppSeed:Derived FromTPM2_Create (Export) TPM2_CreatePrimary (Import) TPM2_CreatePrimary (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export) TPM2_Rewrap (Import) TPM2_Rewrap (Export)
Object Ephemeral Keys (symKey)Stack:PlaintextStack CleaningObject Ephemeral Keys (hmacKey):Used With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric Encryption Keys (sensitive data):Encrypts Asymmetric Encryption Keys (authPolicy):Encry pts Asymmetric Encryption KeysTPM2_Load TPM2_Create (Import) TPM2_Create (Export) TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export)Until no longer needed , or power reset.

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A © 2025 Nuvoton / atsec information security.

89 of 117
Page 90

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.

90 of 117
Page 91

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A © 2025 Nuvoton / atsec information security.

91 of 117
Page 92

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.

92 of 117
Page 93

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A © 2025 Nuvoton / atsec information security.

93 of 117
Page 94

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

94 of 117
Page 95

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

95 of 117
Page 96
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs (sensitive data):Decrypts Asymmetric Encryption Keys (auth Policy):Decry pts Asymmetric Encryption Keys (public data):Decrypts Symmetric Encryption Keys (auth Value):Decry pts Symmetric Encryption Keys (seed Value):Decry pts Symmetric Encryption Keys (sensitive data):Decrypts Symmetric Signing Keys (auth Value):Decry pts Symmetric Signing Keys (seed Value):Decry pts Symmetric Signing Keys (sensitive data):Decrypts Asymmetric Signing Keys (seed value):Derived From Asymmetric Encryption Keys (seed Value):Deriv ed From Symmetric Encryption Keys (seed Value):Deriv ed From Symmetric Signing Keys (seed Value):Deriv ed From
Object Ephemeral Keys (hmacKey)Stack:PlaintextStack CleaningTPM2_Load TPM2_LoadExternal TPM2_Create (Import) TPM2_Create (Export)Until no longer needed , orObject Ephemeral Keys (symKey):Used With
TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export)TPM2_CreateLoaded TPM2_ObjectChangeAut h (Import) TPM2_ObjectChangeAut h (Export)power reset.Asymmetric Signing Keys (seed value):Derived From Asymmetric Encryption Keys (seedValue):Deriv ed From Symmetric Encryption Keys (seedValue):Deriv ed From Symmetric Signing Keys (seedValue):Deriv ed From
Duplication Ephemeral Keys (symKey)Stack:PlaintextStack CleaningTPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Import TPM2_Duplicate (Import, Plain) TPM2_Duplicate (Import, Encrypted)Until no longer needed , or power reset.Duplication Ephemeral Keys (hmacKey):Used With Duplication Ephemeral Keys (innerSymKey):Us ed With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

96 of 117
Page 97

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

97 of 117
Page 98

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

98 of 117
Page 99
Sensitive security parameter
NameEstablishmentStorageZeroizationInput
Duplication Ephemeral Keys (hmacKey)Duplication Ephemeral Keys (symKey):Used With DuplicationStack:PlaintextStack CleaningTPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Import TPM2_Duplicate (Import, Plain)Until no longer needed , or
TPM2_Duplicate (Import, Encrypted)Ephemeral Keys (innerSymKey):Us ed With Ephemeral Key Agreement Keys:Derived From DRBG state:Derived FromTPM2_Duplicate (Import, Encrypted)power reset.
Duplication Ephemeral Keys (innerSymKey)Duplication Ephemeral Keys (symKey):Used With Duplication Ephemeral Keys (hmacKey):Used With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric Encryption Keys (sensitive data):Encrypts Asymmetric Encryption Keys (authPolicy):Encry ptsStack:PlaintextStack CleaningTPM2_Rewrap (Import) TPM2_Rewrap (Export) TPM2_Import TPM2_Duplicate (Import, Plain) TPM2_Duplicate (Import, Encrypted)Until no longer needed , or power reset.

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

99 of 117
Page 100

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

100 of 117
Page 101

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

101 of 117
Page 102
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs Asymmetric Encryption Keys (sensitive data):Decrypts Asymmetric Encryption Keys (auth Policy):Decry pts Asymmetric Encryption Keys (public data):Decrypts Symmetric Encryption Keys (auth Value):Decry pts Symmetric Encryption Keys (seed Value):Decry pts Symmetric Encryption Keys (sensitive data):Decrypts Symmetric Signing Keys (auth Value):Decry pts Symmetric Signing Keys (seed Value):Decry pts Symmetric Signing Keys (sensitive data):Decrypts
Context Ephemeral Keys (symKey)Stack:PlaintextStack CleaningTPM2_ContextLoad TPM2_ContextSaveUntil no longer needed , or power reset.Context Ephemeral Keys (hmacKey):Used With Session (salt):Encrypts Session (salt):Decrypts phProof:Derived From
Context Ephemeral Keys (hmacKey)Stack:PlaintextStack CleaningTPM2_ContextLoad TPM2_ContextSaveUntil no longer needed , or power reset.Context Ephemeral Keys (symKey):Used With phProof:Derived From
Credential Ephemeral Keys (symKey)Stack:PlaintextStack CleaningTPM2_MakeCredential TPM2_ActivateCredentialUntil no longer needed , or power reset.Credential Ephemeral Keys (hmacKey):Used With Asymmetric Signing Keys (authValue):Encry pts Asymmetric Signing Keys (seed value):Encrypts Asymmetric Signing Keys (sensitive data):Encrypts Asymmetric Signing Keys (authPolicy):Encry pts Asymmetric Signing Keys (public data):Encrypts Asymmetric Encryption Keys (authValue):Encry pts Asymmetric Encryption Keys (seedValue):Encry pts Asymmetric Encryption Keys (sensitive data):Encrypts Asymmetric Encryption Keys (authPolicy):Encry pts Asymmetric Encryption Keys (public data):Encrypts Symmetric Encryption Keys (authValue):Encry pts Symmetric Encryption Keys (seedValue):Encry pts Symmetric Encryption Keys

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

102 of 117
Page 103

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

103 of 117
Page 104

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

104 of 117
Page 105
Sensitive security parameter
NameEstablishmentStorageZeroizationInput
Credential Ephemeral Keys (hmacKey)Credential Ephemeral Keys (symKey):Used With Ephemeral Key Agreement Keys:Derived From DRBG state:Derived FromStack:PlaintextStack CleaningTPM2_MakeCredential TPM2_ActivateCredentialUntil no longer needed , or power reset.
Ephemeral Key Agreement KeysStack:PlaintextStack CleaningUntil no longer needed , or power reset.
Ephemeral User ECC KeysStack:PlaintextStack CleaningTPM2_Load TPM2_LoadExternalUntil no longer needed , or power reset.
Endorsement Keys (private values)Endorsement Keys (public values):Paired With epSeed:Used WithFlash:Obfuscat edTPM2_ChangeEPS Clear TPMTPM2_CreatePrimary (Import)N/A
Endorsement Keys (public values)Endorsement Keys (private values):Paired With epSeed:Used WithFlash:Obfuscat edTPM2_ChangeEPS Clear TPMN/A
Firmware Update Keys (ECC)Firmware Update Keys (AES):Used WithFlash:Obfuscat edClear TPMN/A
Firmware Update Keys (AES)Firmware Update Keys (ECC):Used WithFlash:Obfuscat edClear TPMN/A
NV Index (authValue)NV Index (authPolicy):Used WithFlash:Obfuscat edTPM2_Clear TPM2_ChangeEPS TPM2_ChangePPS TPM2_NV_UndefineSp ace Clear TPMTPM2_NV_ChangeAuth (Import) TPM2_NV_ChangeAuth (Export)N/A
NV Index (authPolicy)NV Index (authValue):Used WithFlash:Obfuscat edTPM2_Clear TPM2_ChangeEPS TPM2_ChangePPS TPM2_NV_UndefineSp ace Clear TPMTPM2_NV_ChangeAuth (Import) TPM2_NV_ChangeAuth (Export)N/A
Session (salt)Stack:PlaintextStack CleaningTPM2_ContextLoad TPM2_ContextSaveN/A
Session (sessionKey)phProof:Used With ehProof:Used With shProof:Used With nullProof:Used With Session (salt):Derived FromRAM:PlaintextTPM2_Startup TPM2_FlushContextN/A
Session (symKey)Session (sessionKey):Deri ved FromStack:PlaintextStack CleaningN/A
DRBG stateDRBG Entropy Input:Derived FromRAM:Plaintext Flash:Obfuscat edTPM2_Startup Clear TPMN/A
DRBG Entropy InputDRBG state:Paired WithRAM:Plaintext Flash:Obfuscat edTPM2_Startup Clear TPMN/A
Transient DRBG stateDRBG Entropy Input:Derived FromRAM:Plaintext Flash:Obfuscat edTPM2_Startup Clear TPMN/A

Nuvoton Trusted Platform Module Cryptographic Module e n © 2025 Nuvoton / atsec information security.

105 of 117
Page 106

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2025 Nuvoton / atsec information security.

106 of 117
Page 107

Nuvoton Trusted Platform Module Cryptographic Module e n N/A N/A N/A Table 22: SSP Table 2 © 2025 Nuvoton / atsec information security.

107 of 117
Page 108
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC-SHA2-256 (A4792)HMAC-SHA2-256 (A4792)Message Authentication Code (MAC)SW/FW IntegrityPerformed on system startupHMAC-SHA2- 256Successful boot
Counter DRBG (A4792)Counter DRBG (A4792)KATCASTRandom Number GenerationSuccessful boot256-bit keyUpon first invocation of service that uses the algorithm.
HMAC- SHA2-384 (A4792)HMAC- SHA2-384 (A4792)KATCASTVerifySuccessful boot384 bit keysUpon first invocation of service that uses the algorithm.
KDF SP800- 108 (A4792)KDF SP800- 108 (A4792)KATCASTKey DerivationSuccessful bootSHA2-256Upon first invocation of service that uses the algorithm.
KDA OneStep Sp800-56Cr1 (A4792)KDA OneStep Sp800-56Cr1 (A4792)KATCASTKey DerivationSuccessful bootSHA2-256Upon first invocation of service that uses the algorithm.
SHA-1 (A4792)SHA-1 (A4792)KATCASTMessage DigestSuccessful bootSHA-1Upon first invocation of service that uses the algorithm.
SHA2-256 (A4792)SHA2-256 (A4792)KATCASTMessage DigestSuccessful bootSHA2-256Upon first invocation of service that
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
HMAC-SHA2-256 (A4792)HMAC-SHA2-256 (A4792)Message Authentication Code (MAC)SW/FW IntegrityPerformed on system startupHMAC-SHA2- 256Successful boot
Counter DRBG (A4792)Counter DRBG (A4792)KATCASTRandom Number GenerationSuccessful boot256-bit keyUpon first invocation of service that uses the algorithm.
HMAC- SHA2-384 (A4792)HMAC- SHA2-384 (A4792)KATCASTVerifySuccessful boot384 bit keysUpon first invocation of service that uses the algorithm.
KDF SP800- 108 (A4792)KDF SP800- 108 (A4792)KATCASTKey DerivationSuccessful bootSHA2-256Upon first invocation of service that uses the algorithm.
KDA OneStep Sp800-56Cr1 (A4792)KDA OneStep Sp800-56Cr1 (A4792)KATCASTKey DerivationSuccessful bootSHA2-256Upon first invocation of service that uses the algorithm.
SHA-1 (A4792)SHA-1 (A4792)KATCASTMessage DigestSuccessful bootSHA-1Upon first invocation of service that uses the algorithm.
SHA2-256 (A4792)SHA2-256 (A4792)KATCASTMessage DigestSuccessful bootSHA2-256Upon first invocation of service that
SHA2-384 (A4792)SHA2-384 (A4792)KATCASTMessage DigestSuccessful bootSHA2-384Upon first invocation of service that uses the algorithm.
AES-CFB128 (A4792)AES-CFB128 (A4792)KATCASTEncryption / DecryptionSuccessful boot128, 256 bit keysUpon first invocation of service that uses the algorithm.
AES-CTR (A4792)AES-CTR (A4792)KATCASTEncryption / DecryptionSuccessful boot128, 256 bit keysUpon first invocation of service that uses the algorithm.
AES-OFB (A4792)AES-OFB (A4792)KATCASTEncryption / DecryptionSuccessful boot128, 256 bit keysUpon first invocation of service that uses the algorithm.
RSA SigGen (FIPS186-4) (A4792)RSA SigGen (FIPS186-4) (A4792)KATCASTSignature GenerationSuccessful boot2048-bit modulus; Hash: SHA2- 256Upon first invocation of service that uses the algorithm.
RSA SigVer (FIPS186-4) (A4792)RSA SigVer (FIPS186-4) (A4792)KATCASTSignature VerificationSuccessful boot2048-bit modulus; Hash: SHA2- 256Upon first invocation of service that uses the algorithm.
ECDSA SigGen (FIPS186-4) (A4792)ECDSA SigGen (FIPS186-4) (A4792)KATCASTSignature GenerationSuccessful bootCurve: P- 256; Hash: SHA2-256Upon first invocation of service that uses the algorithm.
ECDSA SigVer (FIPS186-4) (A4792)ECDSA SigVer (FIPS186-4) (A4792)KATCASTSignature VerificationSuccessful bootCurve: P- 256; Hash: SHA2-256Upon first invocation of service that uses the algorithm.
KAS-ECC Sp800-56Ar3 (A4792)KAS-ECC Sp800-56Ar3 (A4792)KATCASTShared Secret ComputationSuccessful bootCurve: P-256Upon first invocation of service that
KTS-IFC (A4792)KTS-IFC (A4792)KATCASTRSA Key TransportSuccessful boot2048-bit modulusUpon first invocation of service that uses the algorithm.
ECDSA KeyGen (FIPS186-4) (A4792)ECDSA KeyGen (FIPS186-4) (A4792)PCTPCTSignature Generation / Signature VerificationKey pair returned to callerP-256, P-384 curvesPerformed every time ECC key pair is generated
RSA KeyGen (FIPS186-4) (A4792)RSA KeyGen (FIPS186-4) (A4792)PCTPCTEncryption / Decryption tested for RSA key pairs generated for approved key transport and Signature Generation / Signature Verification tested for RSA key pairs generated for digital signaturesKey pair returned to caller2048, 3072, 4096 bit keysPerformed every time RSA key pair is generated
ECDSA SigVer (SW/FW Load Test)ECDSA SigVer (SW/FW Load Test)SW/FW Load TestSW/FW LoadFirmware update test during the firmware update. The digital signature is verified on the firmware image using an ECDSA signature verification algorithm, utilizing a 384-bitSuccessful Firmware loadP-384 CurvesFirmware Update
HMAC-SHA2-256 (A4792)HMAC-SHA2-256 (A4792)Message Authentication Code (MAC)SW/FW IntegrityOn demandManually
Counter DRBG (A4792)Counter DRBG (A4792)KATCASTOn demandManually
HMAC-SHA2-384 (A4792)HMAC-SHA2-384 (A4792)KATCASTOn demandManually
KDF SP800-108 (A4792)KDF SP800-108 (A4792)KATCASTOn demandManually

Nuvoton Trusted Platform Module Cryptographic Module

10 Self-Tests
10.1 Pre-Operational Self-Tests

The Module implements the following tests during power-on: HMAC-SHA2256 Table 23: Pre-Operational Self-Tests The module does not provide any cryptographic services prior to this test.

10.2 Conditional Self-Tests

The Module implements the following conditional tests: HMACSHA2-384 © 2025 Nuvoton / atsec information security.

Page 109

Nuvoton Trusted Platform Module Cryptographic Module Hash: SHA2256 Hash: SHA2256 © 2025 Nuvoton / atsec information security.

109 of 117
Page 110
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
KTS-IFC (A4792)KTS-IFC (A4792)KATCASTRSA Key Transport2048-bit modulusSuccessful bootUpon first invocation of service that uses the algorithm.
ECDSA KeyGen (FIPS186-4) (A4792)ECDSA KeyGen (FIPS186-4) (A4792)PCTPCTSignature Generation / Signature VerificationP-256, P-384 curvesKey pair returned to callerPerformed every time ECC key pair is generated
RSA KeyGen (FIPS186-4) (A4792)RSA KeyGen (FIPS186-4) (A4792)PCTPCTEncryption / Decryption tested for RSA key pairs generated for approved key transport and Signature Generation / Signature Verification tested for RSA key pairs generated for digital signatures2048, 3072, 4096 bit keysKey pair returned to callerPerformed every time RSA key pair is generated
ECDSA SigVer (SW/FW Load Test)ECDSA SigVer (SW/FW Load Test)SW/FW Load TestSW/FW LoadFirmware update test during the firmware update. The digital signature is verified on the firmware image using an ECDSA signature verification algorithm, utilizing a 384-bitP-384 CurvesSuccessful Firmware loadFirmware Update
HMAC-SHA2-256 (A4792)HMAC-SHA2-256 (A4792)Message Authentication Code (MAC)SW/FW IntegrityOn demandManually
Counter DRBG (A4792)Counter DRBG (A4792)KATCASTOn demandManually
HMAC-SHA2-384 (A4792)HMAC-SHA2-384 (A4792)KATCASTOn demandManually
KDF SP800-108 (A4792)KDF SP800-108 (A4792)KATCASTOn demandManually
KDA OneStep Sp800- 56Cr1 (A4792)KDA OneStep Sp800- 56Cr1 (A4792)KATCASTOn demandManually
SHA-1 (A4792)SHA-1 (A4792)KATCASTOn demandManually
SHA2-256 (A4792)SHA2-256 (A4792)KATCASTOn demandManually
SHA2-384 (A4792)SHA2-384 (A4792)KATCASTOn demandManually
AES-CFB128 (A4792)AES-CFB128 (A4792)KATCASTOn demandManually
AES-CTR (A4792)AES-CTR (A4792)KATCASTOn demandManually
AES-OFB (A4792)AES-OFB (A4792)KATCASTOn demandManually
RSA SigGen (FIPS186-4) (A4792)RSA SigGen (FIPS186-4) (A4792)KATCASTOn demandManually
RSA SigVer (FIPS186-4) (A4792)RSA SigVer (FIPS186-4) (A4792)KATCASTOn demandManually
ECDSA SigGen (FIPS186-4) (A4792)ECDSA SigGen (FIPS186-4) (A4792)KATCASTOn demandManually
ECDSA SigVer (FIPS186-4) (A4792)ECDSA SigVer (FIPS186-4) (A4792)KATCASTOn demandManually
KAS-ECC Sp800- 56Ar3 (A4792)KAS-ECC Sp800- 56Ar3 (A4792)KATCASTOn demandManually
KTS-IFC (A4792)KTS-IFC (A4792)KATCASTOn demandManually
ECDSA KeyGen (FIPS186-4) (A4792)ECDSA KeyGen (FIPS186-4) (A4792)PCTPCTN/AN/A
RSA KeyGen (FIPS186-4) (A4792)RSA KeyGen (FIPS186-4) (A4792)PCTPCTN/AN/A
ECDSA SigVer (SW/FW Load Test)ECDSA SigVer (SW/FW Load Test)SW/FW Load TestSW/FW LoadN/AN/A

Nuvoton Trusted Platform Module Cryptographic Module Table 24: Conditional Self-Tests No services are available, and input and output are inhibited while performing the self-test.

10.3 Periodic Self-Test Information

Table 25: Pre-Operational Periodic Information © 2025 Nuvoton / atsec information security.

110 of 117
Page 111
Service
NameDescriptionRole AccessIndicator
General FailureGeneral FailureEndorsement Key creation failure, Internal NV inconsistency Fingerprint value in TPM2_ContextLoad doesn'treturns TPM_RC_FAILUREPlatform Reset or power cycle
Self-Test FailureFailure in conditional CAST, Conditional PCT or FW Integrity Test failureInternal integrity error - indicative of fault injection attack or internal functional faultreturns SELF_TEST_FAILUREPower cycle

Nuvoton Trusted Platform Module Cryptographic Module N/A N/A N/A N/A N/A N/A Table 26: Conditional Periodic Information

10.4 Error States

© 2025 Nuvoton / atsec information security.

111 of 117
Page 112

Nuvoton Trusted Platform Module Cryptographic Module Table 27: Error States If a conditional or power-on self-test fails, the Module enters an error state where both data output and cryptographic services are disabled. The Module can recover from this error state once all self-tests pass after a platform reset or power cycle.

10.5 Operator Initiation of Self-Tests

The module allows operators to initiate the pre-operational or conditional cryptographic algorithm selftests on demand for periodic testing, by power-cycling the module. © 2025 Nuvoton / atsec information security.

112 of 117
Page 113

Nuvoton Trusted Platform Module Cryptographic Module

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module is not considered to be initialized until the following are completed:

11.2 Administrator Guidance

The administrator guidance can be found within the TCG TPM v2.0 Provisioning Guidance.

11.3 Non-Administrator Guidance

The module may be operated as described in TCG TPM2.0 Revision 1.59. © 2025 Nuvoton / atsec information security.

113 of 117
Page 114

Nuvoton Trusted Platform Module Cryptographic Module

12 Mitigation of Other Attacks

The module does not claim any mitigation of other attacks. © 2025 Nuvoton / atsec information security.

114 of 117
Page 115

Nuvoton Trusted Platform Module Cryptographic Module References FIPS140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 29, 2024 https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validationprogram/documents/fips 140-3/FIPS 140-3 IG.pdf TCG TPM v2.0 Provisioning Guidance Version 1.0 Revision 1.0 TCG TPM v2.0 Provisioning Guidance Version 1.0 Revision 1.0 March 15, 2017 https://trustedcomputinggroup.org/tcg-tpm-v2-0-provisioning-guidance TPM Library Specification TPM Library specification, Family “2.0”, Revision 1.59 November 2019 https://trustedcomputinggroup.org/resource/tpm-library-specification/ Platform TPM Profile Specification TCG PC Client Platform TPM Profile Specification for TPM 2.0 September 4, 2020 https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profilefor-TPM-2p0-v1p05p_r14_pub.pdf TCG TPM2.0 Revision 1.59 TCG TPM2.0 Revision 1.59, version 1.4 January 9, 2023 https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-Library-Spec-v1.59-Erratav1.4_pub.pdf FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt © 2025 Nuvoton / atsec information security.

115 of 117
Page 116

Nuvoton Trusted Platform Module Cryptographic Module SP 800-38Arev1 NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/detail/sp/800-38b/final SP 800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP 800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP 800-56Arev3 NIST Special Publication 800-56A Revision 2 - Recommendation for Pair Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP 800-57rev5 NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management Part 1: General May 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf SP 800-90Arev1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP 800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP 800-131Arev2 NIST Special Publication 800-131A Revision 2 - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP 800-133rev2 NIST Special Publication 800-133 Revision 2 - Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP 800-135rev1 NIST Special Publication 800-135 Revision 1 - Recommendation for Existing ApplicationSpecific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf © 2025 Nuvoton / atsec information security.

116 of 117
Page 117

Nuvoton Trusted Platform Module Cryptographic Module SP 800-140Br1 NIST Special Publication 800-140Br1 - CMVP Security Policy Requirements November 2023 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Br1.pdf © 2025 Nuvoton / atsec information security.

117 of 117

Referenced URLs