NPCT6XX TPM 2.0 NUVOTON TECHNOLOGY CORPORATION FIPS 140-2 SECURITY POLICY 8 HASADNAOT STREET HERZLIA, 46130 ISRAEL DOCUMENT VERSION: 5.1 LAST REVISION: APRIL 18, 2016 ©NUVOTON TECHNOLOGY CORP. – NON-PROPRIETARY SECURITY POLICY – MAY BE RE-DISTRIBUTED FREELY IN ITS COMPLETE, UNEDITED FORM CONTENTS 1. Module Description .................................................................................. 3 2. Cryptographic Functions........................................................................ 8 3. Ports and Interfaces .............................................................................. 10 4. Roles and Services.................................................................................. 12 5. Key Management .................................................................................... 17 6. Power-On Self Tests .............................................................................. 22 7. Conditional Self-Tests........................................................................... 23 8. Crypto-Officer Guidance ...................................................................... 24 9. User Guidance .......................................................................................... 24 10. Acronyms ................................................................................................ 25 LIST OF TABLES AND FIGURES Figure 1: TPM 2.0 ImageS ........................................................................... 4 Figure 2: TPM 2.0 Logical Block Diagram ............................................ 6 Table 1: Security Levels ............................................................................... 7 Table 2: Cryptographic Functions ........................................................... 8 Table 3: Ports and Interfaces ................................................................. 11 Table 4: Roles ................................................................................................ 12 Table 5: Services .......................................................................................... 14 Table 6: Cryptographic Keys .................................................................. 17 Table 7: Self-Tests ....................................................................................... 22 NUVOTON TPM 2.0. SECURITY POLICY PAGE 2 OF 26 1. MODULE DESCRIPTION The Nuvoton Trusted Platform Module (“MODULE”) is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation. The Module is a SINGLE-CHIP MODULE that provides cryptographic services utilized by external applications. The Module meets the requirements of FIPS Pub 140-2. The Module meets commercial-grade specifications for power, temperature, reliability, shock, and vibrations, and includes chip packaging to meet the physical security requirements at Security Level 2. The Module has two silicon revisions: FB5C85D and FB5C85E. The latter includes several issue fixes related to interface, power management and versioning. The changes have no impact on the security of the Module. The FIPS 140-2 conformance testing was performed on the following four configurations for the Nuvoton NPCT6xx TPM 2.0 Firmware Version: 1.3.0.1:  HARDWARE VERSION 1: FB5C85D IN TSSOP28 PACKAGE  HARDWARE VERSION 2: FB5C85D IN QFN32 PACKAGE  HARDWARE VERSION 3: FB5C85E IN TSSOP28 PACKAGE  HARDWARE VERSION 4: FB5C85E IN QFN32 PACKAGE NUVOTON TPM 2.0. SECURITY POLICY PAGE 3 OF 26 Images depicting the Module are shown in Figure 1: FIGURE 1: TPM 2.0 IMAGES FB5C85D IN TSSOP28 PACKAGE FB5C85D IN QFN32 PACKAGE NUVOTON TPM 2.0. SECURITY POLICY PAGE 4 OF 26 FB5C85E IN TSSOP28 PACKAGE FB5C85E IN QFN32 PACKAGE The PHYSICAL CRYPTOGRAPHIC BOUNDARY of the Module is the outer boundary of the chip packaging. NUVOTON TPM 2.0. SECURITY POLICY PAGE 5 OF 26 A LOGICAL DIAGRAM of the Module is shown in Figure 2: FIGURE 2: TPM 2.0 LOGICAL BLOCK DIAGRAM POWER NO N-VO LA TI LE RN G MA NAGE MEN T DA TA C R YPTO H OS T L PC\ I 2 C\ C ODE PROC ESSOR A CCE LE - I N TERFA CE S PI B US RA TOR ( TIS EM U LA TION) VO LA TILE PER IPHE - GPIO DA TA RA LS GPI0 The Module was tested to meet OVERALL SECURITY LEVEL 2 of the FIPS PUB 140-2 standard. The Security Level for each section of FIPS PUB 140-2 is specified in Table 1. NUVOTON TPM 2.0. SECURITY POLICY PAGE 6 OF 26 TABLE 1: SECURITY LEVELS FIPS 140-2 SECTION SECURITY LEVEL CRYPTOGRAPHIC MODULE SPECIFICATION 2 CRYPTOGRAPHIC MODULE PORTS A N D 2 INTERFACES ROLES, SERVICES A N D AUTHENTICATION 2 FINITE STATE MODEL 2 PHYSICAL SECURITY 2 OPERATING ENVIRONMENT N/A CRYPTOGRAPHIC KEY MANAGEMENT 2 EMI/EMC 2 SELF-TESTS 2 DESIGN ASSURANCE 2 MITIGATION O F OTHER ATTACKS N/A NUVOTON TPM 2.0. SECURITY POLICY PAGE 7 OF 26 2. CRYPTOGRAPHIC FUNCTIONS The Module’s cryptographic functions are outlined in Table 2. TABLE 2: CRYPTOGRAPHIC FUNCTI ONS CERT NUMBER FUNCTION KEYSIZE USE APPROVED FUNCTIONS AES MODES: ECB 128 B I T S ENCRYPTION 3541 (ENCRYPT), OFB 3542 AND (ENCRYPT/DECRYPT), DECRYPTION CFB128(ENCRYPT/DECRYP T ), CTR (ENCRYPT) RSA V E R I F Y 1024 & DIGITAL 1819 2048 B I T S SIGNATURE 1820 VERIFICATION ECDSA SIGNATURE 256 B I T S DIGITAL 719 GENERATION A N D SIGNATURES 720 VERIFICATION U S I N G P-256 CURVE HMAC K E Y E D H A S H U S I N G 160 B I T S , KEYED 2262 SHA-1 A N D SHA-256 256 B I T S MESSAGE 2263 DIGEST SHS HASH U S I N G SHA-1 160 B I T S , MESSAGE 2919 A N D SHA-256 256 B I T S 2920 DIGEST NUVOTON TPM 2.0. SECURITY POLICY PAGE 8 OF 26 GENERATION O F RSA KEYS 2048 B I T S KEY PAIR 1819 FIPS 186-4 GENERATION 1820 GENERATION O F ECDSA 256 B I T S KEY PAIR 719 KEYS GENERATION 720 FIPS 186-4 ECC KEY AGREEMENT 256 B I T S KEY 66 AGREEMENT 67 SP 800-90A DRBG N/A RANDOM 898 899 NUMBER GENERATION & SYMMETRIC KEY GENERATION APPROVED SERVICES CVL N/A TPM KEY 594 SP 800-135 R E V 1 DERIVATION 596 CVL N/A TPM KEY 593 SP 800-56A U S I N G P-256 DERIVATION 595 CURVE ALLOWED F O R U S E F U N C T I O N S RSA KEY WRAPPING 2048 B I T S WRAP & N/A UNWRAP SYMMETRIC KEYS NDRNG (ENTROPY N/A GENERATE N/A S O U R C E ). THE SEED INPUT FOR DRBG THE NUVOTON TPM 2.0. SECURITY POLICY PAGE 9 OF 26 In the Approved mode of operation, the Module supports a key size of 2048 bits for RSA key wrapping. This is equivalent to a key strength of 112 bits. Note: Neither the TLS protocol nor the TPM protocol were tested by the CAVP or CMVP. 2.1 Non-Approved, Allowed Function The Module supports key wrapping, using the AES algorithm with 128-bit keys in CFB128 mode to wrap and unwrap 1024- bit and 2048-bit RSA keys and 256-bit ECC keys. This key wrapping methodology is not compliant with SP800-38F. 2.2 Non-Approved, Non-Allowed Function The Module supports signature generation using RSA-SHA-1. This function is Non-Approved and is considered equivalent to plaintext or obfuscation. 3. PORTS AND INTERFACES The physical ports of the Module are  LPC Bus  SPI Bus  I2C Bus  GPIO Bus The logical interfaces and the mapping of the logical interfaces to the physical ports of the Module are described in Table 3. NUVOTON TPM 2.0. SECURITY POLICY PAGE 10 OF 26 TABLE 3: PORTS AND INTERFACES LOGICAL DESCRIPTION PHYSICAL INTERFACE PORTS CONTROL INPUT CONTROL INPUT C O M M A N D S LPC BUS INTERFACE SPI BUS ISSUED TO THE CHIP I2C BUS GPIO BUS STATUS OUTPUT STATUS D A T A O U T P U T B Y T H E LPC BUS INTERFACE SPI BUS CHIP I2C BUS GPIO BUS DATA INPUT DATA P R O V I D E D T O T H E C H I P LPC BUS INTERFACE SPI BUS AS PART OF THE DATA I2C BUS PROCESSING COMMANDS GPIO BUS DATA OUTPUT DATA O U T P U T B Y T H E C H I P A LPC BUS INTERFACE SPI BUS PART OF THE DATA I2C BUS PROCESSING COMMANDS GPIO BUS POWER POWER I N T E R F A C E O F T H E POWER P I N INTERFACE CHIP GROUND PIN The Module does not include a maintenance interface. NUVOTON TPM 2.0. SECURITY POLICY PAGE 11 OF 26 4. ROLES AND SERVICES The OPERATOR ROLES implemented by the Module are summarized in Table 4. TABLE 4: ROLES ROLE HIGH LEVEL DESCRIPTI ON CRYPTO OFFICER INSTALLS A N D C O N F I G U R E S T H E PRODUCT, EXECUTES CRYPTO ALGORITHMS AND GENERATES KEYS USER EXECUTES C R Y P T O A L G O R I T H M S AND GENERATES KEYS The Module provides the set of SERVICES described in Table 5. For each service, the table includes a description of the service and lists the roles for which the service is available. The Module implements authentication to authenticate operator actions using authentication tokens. The authentication token length is 32 bytes. Therefore, the total number of authentication token combinations is 2^256 = 10^77, which meets the authentication strength requirements of FIPS 140-2. The maximum number of authentication attempts before lockout is 10. The recovery time is 7,200 seconds (2 hours), and the lockout recovery time is 86,400 seconds (24 hours). Since only 10 tries are allowed, the probability of a successful random attempt during a one minute period is 10 / 2^256, which is less than one in 100,000. The Module stores all authentication results in volatile memory, which is cleared when the Module is powered off. NUVOTON TPM 2.0. SECURITY POLICY PAGE 12 OF 26 The Module always encrypts cryptographic key on key input and output, which meets the key encryption requirements of FIPS 140-2 and Security Level 2. The Module provides SP 800-90A DRBG random bit generation services without authentication, as permitted by FIPS 140-2 Implementation Guidance. NUVOTON TPM 2.0. SECURITY POLICY PAGE 13 OF 26 TABLE 5: SERVICES SERVICE DESCRIPTION ROLE GET STATUS THE MODULE I M P L E M E N T S A GET CRYPTO STATUS C O M M A N D T H A T R E T U R N S T H E OFFICER S T A T U S O F T H E MODULE, I N C L U D I N G USER S U C C E S S O R F A I L U R E O F S E L F -TESTS. NOTE: T H I S S E R V I C E D O E S N O T REQUIRE AUTHENTICATI ON RUN SELF-TESTS THE MODULE R U N S P O W E R -UP S E L F - CRYPTO OFFICER TESTS AUTOMATICALLY WHEN POWERED ON. USER ONE C A N E X E C U T E S E L F -TESTS O N D E M A N D B Y P O W E R -CYCLING T H E MODULE. ENCRYPT USED T O E N C R Y P T D A T A CRYPTO OFFICER USER DECRYPT USED T O D E C R Y P T D A T A CRYPTO OFFICER USER ZEROIZE USED T O Z E R O I Z E (IRREVERSIBLY CRYPTO D E S T R O Y ) MODULE'S C R Y P T O G R A P H I C OFFICER K E Y S A N D CSPS. USER THE K E Y S A N D CSPS S T O R E D I N T H E N O N -VOLATILE A N D V O L A T I L E M E M O R Y ARE ZEROIZED BY EXEC UTING THE C O R R E S P O N D I N G K E Y /ENTITY ZEROIZATION COMMANDS: 1. TPM2_FLUSHCONTEXT 2. TPM2_CLEAR NUVOTON TPM 2.0. SECURITY POLICY PAGE 14 OF 26 MAC & USED T O C A L C U L A T E A N D V E R I F Y MAC CRYPTO MAC VERIFY OFFICER FOR DATA USER KEY GENERATE USED T O G E N E R A T E K E Y S CRYPTO OFFICER USER RSA VERIFY USED T O V E R I F Y D A T A U S I N G RSA CRYPTO OFFICER USER ECDSA VERIFY USED T O V E R I F Y D A T A U S I N G ECDSA CRYPTO OFFICER USER ECDSA SIGN USED T O S I G N D A T A U S I N G ECDSA CRYPTO OFFICER USER RSA WRAP & USED T O W R A P & U N W R A P CRYPTO UNWRAP RSA OFFICER CRYPTOGRAPHIC KEYS USING USER KEY IMPORT USED T O I M P O R T K E Y S CRYPTO OFFICER USER KEY AGREEMENT USED T O D E R I V E A K E Y CRYPTO OFFICER USER TPM IDENTITY USED T O CRYPTO TPM IDENTITY T O OFFICER AUTHENTICATE USER OTHER PARTIES TPM ENDORSEMENT USED T O P R O V E T O O T H E R P A R T I E S CRYPTO T H A T TPM I S A G E N U I N E TPM OFFICER USER NUVOTON TPM 2.0. SECURITY POLICY PAGE 15 OF 26 TPM GET RANDOM USED T O G E N E R A T E R A N D O M D A T A CRYPTO OFFICER NOTE: T H I S S E R V I C E D O E S N O T USER REQUIRE AUTHENTICATI ON TPM STIR RANDOM USED T O A D D E N T R O P Y T O T H E CRYPTO OFFICER RANDOM BIT GENERATOR USER INSTALL MODULE INSTALLS MODULE CRYPTO OFFICER FIRMWARE UPDATE UPDATES MODULE’S F I R M W A R E CRYPTO OFFICER USER NUVOTON TPM 2.0. SECURITY POLICY PAGE 16 OF 26 5. KEY MANAGEMENT Table 6 specifies each cryptographic key utilized by the Module. For each key, the table provides a description of its use; derivation or import; and storage. NOTE: READ is defined as read access; WRITE is defined as write access. TABLE 6: CRYPTOGRAPHIC KEYS KEY OR CSP USAGE SERVICE & ORIGIN & ACCESS STORAGE AES USED T O E N C R Y P T ENCRYPT GENERATED READ SYMMETRIC AND DECRYPT OR IMPORTED ENCRYPTION DATA BY THE DECRYPT MODULE, KEYS READ STORED IN OTP O R I N KEY GEN N O N -VOLATILE WRITE FLASH I N PLAINTEXT KEY WRAP/UNWRAP WRITE KEY IMPORT WRITE ZEROIZE WRITE NUVOTON TPM 2.0. SECURITY POLICY PAGE 17 OF 26 RSA A N D USED T O V E R I F Y RSA VERIFY GENERATED ECDSA P U B L I C READ SIGNATURES ON OR IMPORTED VERIFICATION DATA BY THE MODULE, KEYS KEY GEN STORED IN WRITE RAM VOLATILE OR IN NON- ZEROIZE VOLATILE WRITE FLASH IN PLAINTEXT KEY WRAP/UNWRAP WRITE KEY IMPORT WRITE RSA P U B L I C USED T O W R A P RSA GENERATED WRAP/UNWRAP STORAGE KEYS SYMMETRIC KEYS OR IMPORTED READ BY THE MODULE, STORED IN KEY IMPORT RAM VOLATILE WRITE OR IN NON- VOLATILE FLASH I N RSA KEY GEN PLAINTEXT WRITE ZEROIZE WRITE NUVOTON TPM 2.0. SECURITY POLICY PAGE 18 OF 26 RSA P R I V A T E USED T O U N W R A P RSA GENERATED WRAP/UNWRAP STORAGE KEYS SYMMETRIC KEYS OR IMPORTED READ BY THE MODULE, RSA KEY GEN STORED IN WRITE RAM VOLATILE OR IN NON- KEY IMPORT VOLATILE WRITE FLASH I N PLAINTEXT ZEROIZE WRITE AUTHENTICATION TPM IDENTITY GENERATED IDENTITY KEYS READ TOKENS USED TO OR IMPORTED TPM PROVE BY THE MODULE, IDENTITY TO RSA KEY GEN OTHER PARTIES STORED IN WRITE RAM VOLATILE OR IN NON- KEY IMPORT VOLATILE WRITE FLASH I N PLAINTEXT ZEROIZE WRITE RSA P R I V A T E USED T O U N B I N D DATA BINDING GENERATED (UNWRAP) A K E Y READ BINDING KEYS OR IMPORTED BOUND BY AN BY THE MODULE, EXTERNAL ENTITY RSA KEY GEN STORED IN WRITE RAM VOLATILE OR IN NON- VOLATILE ZEROIZE FLASH I N WRITE PLAINTEXT NUVOTON TPM 2.0. SECURITY POLICY PAGE 19 OF 26 HMAC K E Y S USED T O MAC/MAC GENERATED VERIFY CALCULATE AND OR IMPORTED MAC READ VERIFY BY THE MODULE, CODES FOR DATA STORED IN KEY GEN RAM VOLATILE READ OR IN NON- VOLATILE FLASH I N KEY IMPORT PLAINTEXT WRITE ZEROIZE WRITE DRBG S E E D S USED T O S E E D T H E KEY GEN GENERATED B Y DRBG READ T H E MODULE USING THE NON- RSA KEY GEN APPROVED READ NON- DETERMINISTIC HARDWARE DRBG ZEROIZE (ENTROPY WRITE SOURCE) STORED IN RAM VOLATILE IN PLAINTEXT ENDORSEMENT AUTHENTICATION TPM GENERATED B Y KEYS ENDORSEMENT T H E MODULE TOKENS USED TO READ PROVE TO THE EXTERNAL PARTIES TPM I S A THAT G E N U I N E TPM NUVOTON TPM 2.0. SECURITY POLICY PAGE 20 OF 26 PLATFORM KEYS U S E D B Y T H E RSA KEY GEN GENERATED B Y KEYS PLATFORM WRITE T H E MODULE FIRMWARE ECDSA KEY GEN WRITE HMAC USED F O R HMAC KEY GENERATE GENERATED B Y AUTHENTICATI WRITE T H E MODULE AUTHENTICATION O N KEY OF DATA MAC/MAC VERIFY READ FIRMWARE USED T O V E R I F Y FIRMWARE INSTALLED A T UPDATE KEY SIGNATURE ON UPDATE THE FACTORY READ FIRMWARE UPDATES NUVOTON TPM 2.0. SECURITY POLICY PAGE 21 OF 26 6. POWER-ON SELF TESTS The Module implements a power-up integrity check using a 256-bit error detection code. The Module implements power-up cryptographic algorithm tests that are described in Table 7. TABLE 7: SELF-TESTS CRYPTO FUNCTION TEST TYPE AES CTR E N C R Y P T (ALL M O D E S ) KNOWN ANSWER TEST A N D D E C R Y P T (ALL M O D E S ) (ENCRYPT A N D D E C R Y P T ) RSA V E R I F Y KNOWN ANSWER TEST (VERIFY) ECDSA SIGN/VERIFY PAIR-WISE CONSISTENCY TEST ECC KEY AGREEMENT PAIR-WISE CONSISTENCY TEST HMAC K E Y E D H A S H KNOWN ANSWER TEST (KEYED H A S H ) SHS HASH KNOWN ANSWER TEST (HASH) DRBG R A N D O M N U M B E R KNOWN ANSWER TEST (GENERATE R A N D O M B L O C K ) GENERATION NUVOTON TPM 2.0. SECURITY POLICY PAGE 22 OF 26 7. CONDITIONAL SELF-TESTS The Module executes the following tests and checks:  Continuous DRBG test on each execution of the SP 800- 90A DRBG (both the entropy source and the approved algorithm are tested).  Conditional pair-wise consistency check for RSA public- private key pairs each time an RSA key pair is generated, using FIPS 186-4 key pair generation algorithm.  Conditional pair-wise consistency check for ECDSA public-private key pairs each time an ECDSA key pair is generated, using FIPS 186-4 key pair generation algorithm.  Firmware update test during the firmware update. The digital signature is verified on the firmware image using an RSA (SHA-256) algorithm, utilizing a 2048-bit firmware update key. If any of the conditional or power-on self-tests fail, the Module enters an error state where both data output and cryptographic services are disabled. In addition, the Module executes DRBG Instantiate, DRBG Generation, DRBG reseed, and DRBG Instantiate tests, as prescribed by SP 800-90A. NUVOTON TPM 2.0. SECURITY POLICY PAGE 23 OF 26 8. CRYPTO-OFFICER GUIDANCE To install the Module in the Approved Mode of operation, the following steps must be followed:  The Module must be physically controlled during the installation.  The Module must be placed on the PCB as described in the Module technical specifications.  The Module arrives from the manufacturer, typically pre- configured with FIPS mode enabled according to the NPCT65x TPM2.0 Programmer’s Guide (CFG_H[0] is zero). If the initialization sequence was not executed by the manufacturer, the Crypto Officer must initialize the Module using the NTC2_PreConfig command (see Section 3.1 in the NPCT65x TPM2.0 Programmer’s Guide). 9. USER GUIDANCE The user shall take security measures to protect the tokens used to authenticate the user to the Module. NUVOTON TPM 2.0. SECURITY POLICY PAGE 24 OF 26 10. ACRONYMS AES Advanced Encryption Algorithm CPU Central Processing Unit ECC Elliptic Curve Cryptography EMC Electro-Magnetic Compatibility EMI Electro-Magnetic Interference FIPS Federal Information Processing Standard GPIO General-Purpose Input Output bus HMAC Hash-based Message Authentication Code I2C Inter-Integrated Circuit bus LPC Low Pin Count bus OTP One-Time Programmable Memory PCB Printed Circuit Board RAM Random Access Memory DRBG Deterministic Random Bit Generator RSA Rivest-Shamir-Adleman SHS Secure Hash Standard SP Special Publication SPI Serial Peripheral Interface bus TCG Trusted Computing Group TIS TPM Interface Specification TPM Trusted Platform Module NUVOTON TPM 2.0. SECURITY POLICY PAGE 25 OF 26 Nuvoton provides comprehensive service and support. For product information and technical assistance, contact the nearest Nuvoton center. Headquarters Nuvoton Technology Corporation America Nuvoton Technology (Shanghai) Ltd. No. 4, Creation Rd. 3 2727 North First Street 27F, 2299 Yan An W. Rd. Science-Based Industrial Park San Jose, CA 95134, U.S.A. Shanghai, 200336 China Hsinchu, Taiwan, R.O.C TEL: 1-408-9436666 TEL: 86-21-62365999 TEL: 886-3-5770066 FAX: 1-408-5441798 FAX: 86-21-62365998 FAX: 886-3-5665577 http://www.nuvoton.com.tw (Ch.) http://www.nuvoton.com (Eng.) Taipei Office Winbond Electronics Corporation Japan Nuvoton Technology (H.K.) Ltd. 1F, No.192, Jingye 1st Rd NO. 2 Ueno-Bldg., 7-18, 3-chome Unit 9-15, 22F, Millennium City 2 Zhongshan District, Taipei, 104 Shinyokohama Kohoku-ku 378 Kwun Tong Rd Taiwan, R.O.C. Yokohama, 222-0033 Kowloon, Hong Kong TEL: 886-2-2658-8066 TEL: 81-45-4781881 TEL: 852-27513100 FAX: 886-2-8751-3579 FAX: 81-45-4781800 FAX: 852-27552064 For Advanced PC Product Line information contact: APC.Support@nuvoton.com © 2016 Nuvoton Technology Corporation. All rights reserved www.nuvoton.com