

FIPS 140-2 Security Policy Document Revision: 1.0

H/W version: MZILT800HBHQ-00AC9, MZILT960HBHQ-00AC9, MZILT1T6HBJR-00AC9, MZILT1T9HBJR-00AC9, MZILT3T2HBLS-00AC9, MZILT3T8HBLS-00AC9, MZILT7T6HALA-00AC9, MZILT15THALA-00AC9 and MZILT30THALA-00AC9

F/W version: EXA0, EZA0, EXA1, EZA1, EXA2 and EZA2



# **Revision History**

| Author(s)    | Version | Updates         |
|--------------|---------|-----------------|
| Seungjae Lee | 1.0     | Initial Version |



## **Table of Contents**

| 1.  | Introduction                                                         | 4  |
|-----|----------------------------------------------------------------------|----|
|     | 1.1. Hardware and Physical Cryptographic Boundary                    | 5  |
|     | 1.2. Firmware and Logical Cryptographic Boundary                     | 14 |
| 2.  | Acronym                                                              | 15 |
| 3.  | Security Level Specification                                         | 16 |
| 4.  | Cryptographic Functionality                                          | 17 |
|     | 4.1. Approved algorithms                                             | 17 |
|     | 4.2. Non-Approved Algorithm                                          | 18 |
|     | 4.3. Critical Security Parameters                                    | 19 |
|     | 4.4. Public Security Parameters                                      | 20 |
| 5.  | Physical Ports and Logical Interfaces                                | 21 |
| 6.  | Roles, Services and Authentication                                   | 22 |
|     | 6.1. Roles                                                           | 22 |
|     | 6.2. Authentication                                                  | 23 |
|     | 6.3. Services                                                        | 24 |
|     | 6.3.1.Authenticated Services                                         | 24 |
|     | 6.3.2.Unauthenticated Services                                       | 25 |
| 7.  | Physical security policy                                             | 26 |
| 8.  | Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) | 30 |
| 9.  | Mitigation of Other Attacks Policy                                   | 31 |
| 10. | Security rules                                                       | 32 |
|     | 10.1. Secure Installation                                            | 32 |
|     | 10.2. Operational description of Module                              | 33 |
|     | 10.3 Power-on Self-Tests                                             | 34 |



## 1. Introduction

Samsung Electronics Co., Ltd. ("Samsung") SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, herein after referred to as a "cryptographic module" or "module", SSD (Solid State Drive), satisfies all applicable FIPS 140-2 Security Level 2 requirements, supporting TCG Opal SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module's controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED's nature also provides instantaneous sanitization of the user data via cryptographic erase.

| Module Name                                     | Hardware Version   | Firmware Version | Drive<br>Capacity |
|-------------------------------------------------|--------------------|------------------|-------------------|
|                                                 | MZILT960HBHQ-00AC9 |                  | 960GB             |
|                                                 | MZILT1T9HBJR-00AC9 |                  | 1.9TB             |
| Samsung SAS 12G TCG Enterprise                  | MZILT3T8HBLS-00AC9 | FVA0/FVA1/FVA3   | 3.8TB             |
| SSC SEDs PM1643a                                | MZILT7T6HALA-00AC9 | EXA0/EXA1/EXA2   | 7.6TB             |
|                                                 | MZILT15THALA-00AC9 |                  | 15.3TB            |
|                                                 | MZILT30THALA-00AC9 |                  | 30.7TB            |
| Compung CAC 12C TCC Enterprise                  | MZILT800HBHQ-00AC9 |                  | 800GB             |
| Samsung SAS 12G TCG Enterprise SSC SEDs PM1645a | MZILT1T6HBJR-00AC9 | EZA0/EZA1/EZA2   | 1.6TB             |
| 33C 3ED3 PIVI1043d                              | MZILT3T2HBLS-00AC9 |                  | 3.2TB             |

<u>Exhibit 1</u> – Versions of Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series.



#### 1.1. Hardware and Physical Cryptographic Boundary

The following photographs show the cryptographic module's top and bottom views. The multiple-chip standalone cryptographic module consists of hardware and firmware components that are all enclosed in two aluminum alloy cases, which serve as the cryptographic boundary of the module. The top and bottom cases are assembled by screws and the tamper-evident labels are applied for the detection of any opening of the cases. No security relevant component can be seen within the visible spectrum through the opaque enclosure.

New firmware versions within the scope of this validation must be validated through the FIPS 140-2 CMVP. Any other firmware loaded into this module is out of the scope of this validation and requires a separate FIPS 140-2 validation.



<u>Exhibit 2</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT960HBHQ-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





<u>Exhibit 3</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT1T9HBJR-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





<u>Exhibit 4</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT3T8HBLS-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





<u>Exhibit 5</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT7T6HALA-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





<u>Exhibit 6</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT15THALA-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





Exhibit 7 – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT30THALA-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





<u>Exhibit 8</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT800HBHQ-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





Exhibit 9 – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT1T6HBJR-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).





<u>Exhibit 10</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series, MZILT3T2HBLS-00AC9, Cryptographic Boundary (From top to bottom – Left to right: top side, bottom side, front side, back side, left side, and right side).



#### 1.2. Firmware and Logical Cryptographic Boundary

The PM1643a/PM1645a series use a single chip controller with a SAS interface on the system side and Samsung NAND flash internally. The following figure depicts the Module operational environment.



<u>Exhibit 11</u> – Block Diagram for Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series.



## 2. Acronym

| Acronym  | Description                                  |
|----------|----------------------------------------------|
| CTRL     | RFX Controller                               |
|          | (SAMSUNG RFX SAS 12G TLC/MLC SSD Controller) |
| SAS I/F  | Serial Attached SCSI Interface               |
| CPU      | Central Processing Unit (ARM-based)          |
| DRAM I/F | Dynamic Random Access Memory Interface       |
| ECC      | Error Correcting Code                        |
| NAND I/F | NAND Flash Interface                         |
| PMIC     | Power Management Integrated Circuit          |
| ROM      | Read-only Memory                             |
| DRAM     | Dynamic Random Access Memory                 |
| NAND     | NAND Flash Memory                            |
| LBA      | Logical Block Address                        |
| MEK      | Media Encryption Key                         |
| MSID     | Manufactured SID(Security Identifier)        |

Exhibit 12 – Acronym and Descriptions for Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series.



## 3. Security Level Specification

| Security Requirements Area                | Level |
|-------------------------------------------|-------|
| Cryptographic Module Specification        | 2     |
| Cryptographic Module Ports and Interfaces | 2     |
| Roles, Services, and Authentication       | 2     |
| Finite State Model                        | 2     |
| Physical Security                         | 2     |
| Operational Environment                   | N/A   |
| Cryptographic Key Management              | 2     |
| EMI/EMC                                   | 3     |
| Self-tests                                | 2     |
| Design Assurance                          | 2     |
| Mitigation of Other Attacks               | N/A   |

**Exhibit 13** – Security Level Table.



## 4. Cryptographic Functionality

## 4.1. Approved algorithms

The cryptographic module supports the following Approved algorithms for secure data storage:

| CAVP                   | Algorithm | Standard                 | Mode /                  | Key Lengths,     | Use                                                                                                                          |
|------------------------|-----------|--------------------------|-------------------------|------------------|------------------------------------------------------------------------------------------------------------------------------|
| Cert.                  |           |                          | Method                  | Curves or Moduli |                                                                                                                              |
| #5240                  | AES       | FIPS 197                 | XTS                     | 256-bit          | Data Encryption /                                                                                                            |
|                        |           | SP 800-38E               |                         |                  | Decryption                                                                                                                   |
|                        | 01/0      |                          |                         |                  | Note: AES-ECB is the pre-requisite for AES-<br>XTS; AES-ECB alone is NOT supported by the cryptographic module in FIPS Mode. |
| Vendor<br>Affirme<br>d | CKG       | SP800-133                |                         |                  | Cryptographic Key<br>Generation                                                                                              |
| #1948                  | DRBG      | SP 800-90A<br>Revision 1 | Hash_ DRBG<br>(SHA-256) |                  | Deterministic<br>Random Bit<br>Generation                                                                                    |
| #2785                  | RSA       | FIPS 186-4               | SigVer                  | PSS-2048         | Digital Signature<br>Verification                                                                                            |
| #4178,<br>#4179        | SHS       | FIPS 180-4               | SHA-256                 |                  | Message Digest                                                                                                               |

<u>Exhibit 14 -</u> Samsung SAS 12G TCG Enterprise SSC SED PM1643a/PM1645a Series Approved Algorithms.

NOTE 1: This module supports AES-XTS which is only approved for storage applications.



## 4.2. Non-Approved Algorithm

The cryptographic module supports the following non-Approved but allowed algorithms:

| Algorithm                                               | Use                                                  |  |
|---------------------------------------------------------|------------------------------------------------------|--|
| NDRNG Non-deterministic Random Number Generator (only u |                                                      |  |
|                                                         | for generating seed materials for the Approved DRBG) |  |

<u>Exhibit 15 -</u> Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series non-Approved but allowed algorithms.



## 4.3. Critical Security Parameters

The cryptographic module contains the following Keys and CSPs:

| CSPs                      | Generation, Storage and Zeroization Methods                    | Size             |
|---------------------------|----------------------------------------------------------------|------------------|
| DRBG Internal State       | DRBG Internal State Generation: SP 800-90A HASH_DRBG (SHA-256) |                  |
|                           | Storage: Plaintext in DRAM                                     | C: 440-bits      |
| Note: The values of V and | Zeroization: "Initialization", "Erase an LBA Range's           |                  |
| C are the "secret values" | Data" and "Zeroize" service                                    |                  |
| of the internal state.    |                                                                |                  |
| DRBG Seed                 | Generation: via NDRNG                                          | Entropy input    |
|                           | Storage: Plaintext in DRAM                                     | String: 440-bits |
|                           | Zeroization: via "Initialization", "Erase an LBA               | Nonce: 128-bits  |
|                           | Range's Data" and "Zeroize" service                            | Personalization  |
|                           |                                                                | String: 512-bits |
| DRBG Entropy Input        | Generation: via NDRNG                                          | 440-bits         |
| String                    | Storage: Plaintext in DRAM                                     |                  |
|                           | Zeroization: via "Initialization", "Erase an LBA               |                  |
|                           | Range's Data" and "Zeroize" service                            |                  |
| CO Password               | Generation: N/A                                                | 48-256 bits      |
|                           | Storage: Plaintext in Flash Memory and used in SRAM            |                  |
|                           | Zeroization: via "Initialization" and "Zeroize" service        |                  |
| User Password             | Generation: N/A                                                | 48-256 bits      |
|                           | Storage: Plaintext in Flash Memory and used in SRAM            |                  |
|                           | Zeroization: via "Initialization" and "Zeroize" service        |                  |
| MEK                       | Generation: SP 800-90A Hash_DRBG (SHA-256)                     | 256-bits         |
|                           | As per SP 800-133 Section 6.1, key generation is               |                  |
|                           | performed as per the "Direct Generation: of                    |                  |
|                           | Symmetric Keys" which is an Approved key                       |                  |
|                           | generation method                                              |                  |
|                           | Key Type: AES-XTS 256                                          |                  |
|                           | Storage: Plaintext in Flash Memory and used in SRAM            |                  |
|                           | Zeroization: via "Initialization", "Lock an LBA Range",        |                  |
|                           | "Erase an LBA Range's Data" and "Zeroize" service              |                  |

Exhibit 16 – CSPs and details on Generation, Storage and Zeroization Methods.

NOTE 2: In accordance with FIPS 140-2 IG D.12, the cryptographic module performs Cryptographic Key Generation (CKG) as per SP 800-133 (Vendor Affirmed). The resulting generated symmetric key is the unmodified output from SP 800-90A DRBG.





## 4.4. Public Security Parameters

| Public Keys         | Generation, Storage and Zeroization Methods                          |  |
|---------------------|----------------------------------------------------------------------|--|
| FW Verification Key | Generation: N/A                                                      |  |
| (RSA Public Key)    | Key Type: RSA 2048-PSS                                               |  |
|                     | Storage: Plaintext in Flash Memory and used in SRAM Zeroization: N/A |  |

Exhibit 17 - Public Keys and details on Generation, Storage and Zeroization Methods



## 5. Physical Ports and Logical Interfaces

| Physical Port | Logical Interface |
|---------------|-------------------|
| SAS Connector | Data Input/Output |
|               | Control Input     |
|               | Status Output     |
|               | Power Input       |

<u>Exhibit 18</u> – Specification of the Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a/PM1645a Series Cryptographic Module Physical Ports and Logical Interfaces.



## 6. Roles, Services and Authentication

#### **6.1.** Roles

The following table defines the roles, type of authentication, and associated authenticated data types supported by the cryptographic module:

| Role      | Authentication Data |
|-----------|---------------------|
| CO Role   | Password            |
| User Role | Password            |
| FW Loader | RSA                 |

Exhibit 19 - Roles and Required Identification and Authentication (FIPS 140-2 Table C1).



#### 6.2. Authentication

The authentication mechanism allows 6-byte length or longer (32-byte) Password, where each byte can be any of 0x00 to 0xFF, for every Cryptographic Officer and User role supported by the module, which means a single random attempt can succeed with the probability of  $1/2^{48}$  or lower.

Each authentication attempt takes at least 1ms and the number of attempts is limited to TryLimit, which is set to 33 in manufacturing time. Since the module takes at least 2 seconds to be ready after power-on and 33 authentication failures require a power-cycle, it takes 2033ms for every 33rd authentication attempt. Therefore, the probability of multiple random attempts to succeed in one minute is  $990 / 2^{48}$ , which is much less than the FIPS 140-2 requirement 1/100,000. Even if the TryLimit is greater than 33, the probability of random attempts always satisfies the requirement.

The authentication mechanism for FW Loader role is RSA PSS-2048 with SHA256 digital signature verification, which means a single random attempt, can succeed with the probability of  $1/2^{112}$ .

Each RSA Signature Verification authentication attempt takes at least 50ms. So the number of attempts for one minute cannot exceed 1200((60\*1000)/50). Therefore, the probability of multiple random attempts to succeed in one minute is  $1200/2^{112}$ , which is much less than the FIPS 140-2 requirement 1/100,000.

| Authentication Mechanism                              | Strength of Mechanism                                                                                                                                                |
|-------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Password (Min: 6 bytes, Max: 32 bytes) Authentication | <ul> <li>Probability of 1/2<sup>48</sup> in a single random attempt</li> </ul>                                                                                       |
| 32 37 (63) 7 (41) 611 (164)                           | <ul> <li>Probability of 990/2<sup>48</sup> in multiple random attempts in a minute</li> </ul>                                                                        |
| RSA Signature Verification                            | <ul> <li>Probability of 1/2<sup>112</sup> in a single random attempt</li> <li>Probability of 1200/2<sup>112</sup> in multiple random attempts in a minute</li> </ul> |

Exhibit 20 - Strengths of Authentication Mechanisms (FIPS 140-2 Table C2).



#### 6.3. Services

#### 6.3.1. Authenticated Services

The following table lists roles, services, cryptographic keys, CSPs and Public Keys and the types of access that are available to each of the authorized roles via the corresponding services:

|             | Service                       |                                             | Type(s) of Access |       |          |         |
|-------------|-------------------------------|---------------------------------------------|-------------------|-------|----------|---------|
| Role        |                               | Cryptographic Keys,<br>CSPs and Public Keys | R=                | W=    | G=       | Z=      |
|             |                               | CSPS and Public Reys                        | Read              | Write | Generate | Zeroize |
|             | Initialization                | DRBG Internal State                         | 0                 |       | 0        | 0       |
|             |                               | DRBG Seed                                   | 0                 |       | 0        | 0       |
|             |                               | DRBG Entropy Input String                   | 0                 |       | 0        | 0       |
|             |                               | CO Password                                 |                   | 0     |          | 0       |
|             |                               | MEK                                         |                   |       | 0        | 0       |
|             | Drive Extended Status         | N/A                                         |                   |       | N/A      |         |
|             | Admin/User Authority          | N/A                                         | N/A               |       |          |         |
|             | Enable/Disable                | · ·                                         |                   |       | ,<br>,   |         |
|             | Lock an LBA Range             | MEK                                         |                   |       |          | 0       |
|             | Unlock an LBA Range           | MEK                                         | 0                 |       |          |         |
| Cryptograph | ph Configure an LBA Range N/A |                                             | 1                 | N/A   | r        |         |
| ic Officer  | Erase an LBA Range's Data     | DRBG Internal State                         | 0                 |       | 0        | 0       |
|             |                               | DRBG Seed                                   | 0                 |       | 0        | 0       |
|             |                               | DRBG Entropy Input String                   | 0                 |       | 0        | 0       |
|             |                               | MEK                                         |                   |       | 0        | 0       |
|             |                               | User Password                               |                   | 0     |          | 0       |
|             |                               | DRBG Internal State                         |                   |       |          | 0       |
|             |                               | DRBG Seed                                   |                   |       |          | 0       |
|             | Zeroize                       | DRBG Entropy Input String                   |                   |       |          | 0       |
|             | Zeroize                       | CO Password                                 |                   |       |          | 0       |
|             |                               | User Password                               |                   |       |          | 0       |
|             |                               | MEK                                         |                   |       |          | 0       |
| User        | Unlock an LBA Range           | MEK                                         | 0                 |       |          |         |
|             | Set User Password             | User Password                               |                   | 0     |          |         |
| 0361        | Lock an LBA Range             | MEK                                         |                   |       |          | 0       |
|             | Configure an LBA Range        | N/A                                         | N/A               |       |          |         |
| FW Loader   | Update the firmware           | FW Verification Key                         | 0                 |       |          |         |

Exhibit 21 – Services Authorized for Roles, Access Rights within Services (FIPS 140-2 Table C3, Table C4).



#### 6.3.2. Unauthenticated Services

The following table lists the unauthenticated services:

|                                                          | Unauthenticated<br>Service | Cryptographic Keys & CSPs | Type(s) of Access |          |          |         |  |
|----------------------------------------------------------|----------------------------|---------------------------|-------------------|----------|----------|---------|--|
| Role                                                     |                            |                           | R=                | W=       | G=       | Z=      |  |
|                                                          |                            |                           | Read              | Write    | Generate | Zeroize |  |
|                                                          | Zeroize                    | DRBG Internal State       |                   |          |          | 0       |  |
|                                                          |                            | DRBG Seed                 |                   |          |          | 0       |  |
|                                                          |                            | DRBG Entropy Input        |                   |          |          | 0       |  |
| Cryptographic Officer,<br>User and FW Loader             |                            | String                    |                   |          |          | 0       |  |
|                                                          |                            | CO Password               |                   |          |          | 0       |  |
|                                                          |                            | User Password             |                   |          |          | 0       |  |
|                                                          |                            | MEK                       |                   |          |          | 0       |  |
|                                                          | Get Random<br>Number       | DRBG Internal State       | 0                 |          | 0        | 0       |  |
| Cryptographic Officer,                                   |                            | DRBG Seed                 | 0                 |          | 0        | 0       |  |
| User and FW Loader                                       |                            | DRBG Entropy Input        | 0                 |          | 0        | 0       |  |
|                                                          |                            | String                    |                   |          |          | O       |  |
| Cryptographic Officer,                                   | Get MSID                   | N/A                       |                   | '<br>'   | N/A      |         |  |
| User and FW Loader                                       |                            | ,                         |                   |          | 14/71    |         |  |
| Cryptographic Officer,<br>User and FW Loader Show Status |                            | N/A N/A                   |                   |          |          |         |  |
|                                                          |                            | ,                         |                   | <u> </u> | -/       |         |  |
| Cryptographic Officer,<br>User and FW Loader             | Self-test                  | N/A                       |                   | 1        | N/A      |         |  |

Exhibit 22 – Unauthenticated Service, Cryptographic Keys & CSPs and Type(s) of Access.



## 7. Physical security policy

The following physical security mechanisms are implemented in a cryptographic module:

- The Module consists of production-grade components enclosed in an aluminum alloy enclosure, which is opaque within the visible spectrum. The top panel of the enclosure can be removed by unscrewing screws. However, the module is sealed with tamper-evident labels in accordance with FIPS 140-2 Level 2 Physical Security requirements so that tampering is easily detected when the top and bottom cases are detached.
- 2 tamper-evident labels are applied over both top and bottom cases of the module at the factory. The tamper-evident labels are not removed and reapplied without tamper evidence.

The following table summarizes the actions required by the Cryptographic Officer Role to ensure that physical security is maintained:

| Physical Security<br>Mechanisms  | Recommended<br>Frequency of<br>Inspection/Test | Inspection/Test Guidance Details                                                                                                        |
|----------------------------------|------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
| Production grade cases           | As often as feasible                           | Inspect the entire perimeter for cracks, gouges, lack of screw(s) and other signs of tampering. Remove from service if tampering found. |
| Tamper-evident Sealing<br>Labels |                                                | Inspect the sealing labels for scratches, gouges, cuts and other signs of tampering. Remove from service if tampering found.            |

Exhibit 23 - Inspection/Testing of Physical Security Mechanisms (FIPS 140-2 Table C5)





**Exhibit 24** – Examples and Signs of Tamper



NOTE 3: Samsung Electronics Co., Ltd has excluded the following components as per AS01.09:

| Items       | BOM Code    | Applicable to Hardware Version(s) |
|-------------|-------------|-----------------------------------|
| Capacitor   | 2203-009659 | MZILT800HBHQ-00AC9                |
|             |             | MZILT960HBHQ-00AC9                |
|             |             | MZILT1T6HBJR-00AC9                |
|             |             | MZILT1T9HBJR-00AC9                |
|             |             | MZILT3T2HBLS-00AC9                |
|             |             | MZILT3T8HBLS-00AC9                |
|             |             | MZILT7T6HALA-00AC9                |
|             |             | MZILT15THALA-00AC9                |
|             |             | MZILT30THALA-00AC9                |
| Capacitor   | 2203-008953 | MZILT800HBHQ-00AC9                |
|             |             | MZILT960HBHQ-00AC9                |
|             |             | MZILT1T6HBJR-00AC9                |
|             |             | MZILT1T9HBJR-00AC9                |
|             |             | MZILT3T2HBLS-00AC9                |
|             |             | MZILT3T8HBLS-00AC9                |
|             |             | MZILT7T6HALA-00AC9                |
|             |             | MZILT15THALA-00AC9                |
|             |             | MZILT30THALA-00AC9                |
| Capacitor   | 2203-006885 | MZILT15THALA-00AC9                |
|             |             | MZILT30THALA-00AC9                |
| Capacitor   | 2203-007544 | MZILT15THALA-00AC9                |
|             |             | MZILT30THALA-00AC9                |
| IC-Switch   | 1205-005411 | MZILT800HBHQ-00AC9                |
|             |             | MZILT960HBHQ-00AC9                |
|             |             | MZILT1T6HBJR-00AC9                |
|             |             | MZILT1T9HBJR-00AC9                |
|             |             | MZILT3T2HBLS-00AC9                |
|             |             | MZILT3T8HBLS-00AC9                |
|             |             | MZILT7T6HALA-00AC9                |
|             |             | MZILT15THALA-00AC9                |
|             |             | MZILT30THALA-00AC9                |
| FET-Silicon | 0505-002381 | MZILT15THALA-00AC9                |
|             |             | MZILT30THALA-00AC9                |
| Diode       | 0406-001824 | MZILT800HBHQ-00AC9                |
|             |             | MZILT960HBHQ-00AC9                |
|             |             | MZILT1T6HBJR-00AC9                |
|             |             | MZILT1T9HBJR-00AC9                |
|             |             | MZILT3T2HBLS-00AC9                |
|             |             | MZILT3T8HBLS-00AC9                |
|             |             | MZILT7T6HALA-00AC9                |
|             |             | MZILT15THALA-00AC9                |



|            |                 | MZILT30THALA-00AC9 |
|------------|-----------------|--------------------|
| Storage IC | K9DVGB8J1A-1### | MZILT15THALA-00AC9 |
|            |                 | MZILT30THALA-00AC9 |

## **Exhibit 25** – Excluded components

The above power electronics are used for MLCC power and do not process any CSPs, Plaintext data, or other information that if misused could lead to compromise.





## 8. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC)

The cryptographic module conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B.



## 9. Mitigation of Other Attacks Policy

The cryptographic module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-2.

| Other   | Mitigation | Specific    |
|---------|------------|-------------|
| Attacks | Mechanism  | Limitations |
| N/A     | N/A        | N/A         |

Exhibit 26 - Mitigation of Other Attacks (FIPS 140-2 Table C6)



### 10. Security rules

The following specifies the security rules under which the cryptographic module shall operate in accordance with FIPS 140-2:

- The cryptographic module operates always in FIPS Mode once shipped from the vendor's manufacturing site.
- The steps necessary for the secure installation, initialization and start-up of the cryptographic module as per FIPS 140-2 VE10.03.01 are as follows:

#### 10.1. Secure Installation

- Step1. User should examine the tamper evidence
  - Inspect the entire perimeter for cracks, gouges, lack of screw(s) and other signs of tampering including the tamper evident sealing label.
  - If there is any sign of tampering, do not use the product and contact Samsung.
- Step2. Identify the firmware version in the device
  - Confirm that the firmware version is equivalent to the version(s) listed in this document via SCSI Inquiry command.
- Step3. Take the drive's ownership
  - Change SID's PIN by setting a new PIN
  - Change EraseMaster's PIN by setting a new PIN
  - Erase Method on each LBA Range to rekey the encryption key
  - Change BandMaster0~7's PIN by setting new PINs
  - Configure the LBA Range(s) by setting ReadLockEnabled and WriteLockEnabled columns to True
  - Don't change LockOnReset column in Locking Table so that the drive always gets locked after a power cycle
- Step4. Configure FW download and Diagnostic features
  - Disable Makers Class using SID Authority to disable FW download and Diagnostic features
  - Enable Makers Class only when FW download and Diagnostic features are needed
- o Step5. Periodically examine the tamper evidence
  - If there is any sign of tampering, stop using the product to avoid a potential security hazard or information leakage.





#### 10.2. Operational description of Module

- The cryptographic module shall maintain logical separation of data input, data output, control input, status output, and power.
- The cryptographic module shall not output CSPs in any form.
- The cryptographic module shall use the Approved DRBG for generating all cryptographic keys.
- The cryptographic module shall enforce role-based authentication for security relevant services.
- The cryptographic module shall enforce a limited operational environment by the secure firmware load test using RSA PSS-2048 with SHA-256.
- The cryptographic module shall provide a production-grade, opaque, and tamper-evident cryptographic boundary.
- The cryptographic module enters the error state upon failure of Self-tests. All commands from the Host (General Purpose Computer (GPC) outside the cryptographic boundary) are rejected in the error state and the cryptographic module returns a sense key (0x4) via the status output. Cryptographic services and data output are explicitly inhibited when in the error state.
- The cryptographic module satisfies the requirements of FIPS 140-2 IG A.9 (i.e. key 1 ≠ key 2)
- The module generates at a minimum 256 bits of entropy for use in key generation.



#### 10.3. Power-on Self-Tests

| Algorithm         | Test                                                                                   |  |  |
|-------------------|----------------------------------------------------------------------------------------|--|--|
| AES               | Encrypt KAT and Decrypt KAT for AES-256-XTS at power-on                                |  |  |
| SHS (Cert. #4178) | KAT for SHA-256 at power-on                                                            |  |  |
| SHS (Cert. #4179) | KAT for SHA-256 at power-on                                                            |  |  |
| DRBG              | KAT for Hash_DRBG (SHA-256) at power-on                                                |  |  |
| RSA               | Firmware integrity check using RSA PSS-2048 SHA-256 signature verification at power-on |  |  |

Exhibit 27 – Power-on Self-tests.

#### Conditional Self-test

Pairwise consistency: N/A

Bypass Test: N/A

Manual key entry test: N/A

o F/W load test

F/W load test is performed by using RSA algorithm with PSS-2048 and SHA-256

o Continuous random number generator test on Approved DRBG

Continuous random number generator test on NDRNG