Micron S650DC® SAS TCG Enterprise SSC Self-Encrypting Drive Non-Proprietary FIPS 140-2 Module Security Policy REV 0.4 Micron S650DC® SAS TCG Enterprise SSC Self- Encrypting Drive Non-Proprietary FIPS 140-2 Module Security Policy Security Level 2 Rev 0.4 – June 27, 2016 Micron Technology, LLC Page 1 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 Table of Contents 1 Introduction................................................................................................................................................................... 3 1.1 Scope..................................................................................................................................................................... 3 1.2 Security Levels ..................................................................................................................................................... 3 1.3 References ............................................................................................................................................................. 3 1.4 Acronyms .............................................................................................................................................................. 4 2 Cryptographic Module Description .............................................................................................................................. 5 2.1 Overview............................................................................................................................................................... 5 2.2 Logical to Physical Port Mapping ......................................................................................................................... 5 2.3 Product Versions ................................................................................................................................................... 5 2.4 FIPS Approved Algorithms .................................................................................................................................. 6 2.5 Self-Tests .............................................................................................................................................................. 7 2.6 FIPS 140-2 Approved Mode of Operation ............................................................................................................ 8 2.6.1 TCG Security Mode ...................................................................................................................................... 8 2.6.2 Entering FIPS Approved Mode of Operation ............................................................................................... 8 2.7 User Data Cryptographic Erase Methods .............................................................................................................. 8 2.8 Revert-SP Method ................................................................................................................................................. 8 2.9 Show Status........................................................................................................................................................... 8 3 Identification and Authentication (I&A) Policy ........................................................................................................... 9 3.1 Operator Roles ...................................................................................................................................................... 9 3.1.1 Crypto Officer Roles ..................................................................................................................................... 9 3.1.2 User Roles ..................................................................................................................................................... 9 3.1.3 Unauthenticated Role .................................................................................................................................... 9 3.2 Authentication ....................................................................................................................................................... 9 3.2.1 Authentication Types .................................................................................................................................... 9 3.2.2 Authentication in TCG Security Mode ......................................................................................................... 9 3.2.3 Authentication Mechanism, Data and Strength........................................................................................... 10 3.2.4 Personalizing Authentication Data .............................................................................................................. 10 4 Access Control Policy ................................................................................................................................................. 11 4.1 Services ............................................................................................................................................................... 11 4.2 Cryptographic Keys and CSPs ............................................................................................................................ 13 5 Physical Security ........................................................................................................................................................ 15 5.1 Mechanisms ........................................................................................................................................................ 15 5.2 Operator Requirements ....................................................................................................................................... 16 6 Operational Environment ............................................................................................................................................ 17 7 Security Rules ............................................................................................................................................................. 17 7.1 Secure Initialization ............................................................................................................................................ 17 7.2 Ongoing Policy Restrictions ............................................................................................................................... 17 8 Mitigation of Other Attacks Policy ............................................................................................................................. 17 Table of Figures Figure 1: Top view of tamper-evidence label on sides of drive .......................................................................................... 15 Figure 2: Left-side view of tamper-evidence label on left side of drive ............................................................................. 15 Figure 3: Right-side view of tamper-evidence label on right side of drive ......................................................................... 15 Page 2 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 1 Introduction 1.1 Scope This security policy applies to the FIPS 140-2 Cryptographic Module (CM) embedded in Micron S650DC® SAS SSD TCG Enterprise SSC Self-Encrypting Drive products. This document meets the requirements of the FIPS 140-2 standard (Appendix C) and Implementation Guidance (section 14.1). It does not provide interface details needed to develop a compliant application. This document is non-proprietary and may be reproduced in its original entirety. 1.2 Security Levels FIPS 140-2 Requirement Area Security Level Cryptographic Module Specification 2 Cryptographic Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 Electromagnetic Interface / Electromagnetic Compatibility (EMI / EMC) 3 Self – tests 2 Design Assurance 2 Mitigation of Other Attacks N/A The overall security level pursued for the cryptographic modules is Security Level 2. 1.3 References 1. FIPS PUB 140-2 2. Derived Test Requirements for FIPS PUB 140-2 3. Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program 4. TCG Storage Security Subsystem Class: Enterprise, Specification Version 1.0, Revision 3.00, January 10, 2011 5. TCG Storage Architecture Core Specification, Specification Version 1.0, Revision 0.9, May 24, 2007 6. TCG Storage Interface Interactions Specification, Specification Version 1.0, 7. SCSI Primary Commands-4 Rev 15 (SPC-4) 8. SCSI Block Commands Rev15 (SBC-3) 9. Serial Attached SCSI-2 Rev 13 (SAS-2) Page 3 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 1.4 Acronyms AES Advanced Encryption Standard (FIPS 197) CBC Cipher Block Chaining, an operational mode of AES CM Cryptographic Module CO Crypto-officer CSP Critical Security Parameter CSPSK Critical Security Parameter Sanitization Key DRBG Deterministic Random Bit Generator MEK Media Encryption Key HDD Hard Disk Drive HMAC Hash Message Authentication Code IV Initialization Vector for encryption operation LBA Logical Block Address LED Light Emitting Device MSID Manufactured SID, public drive-unique value that is used as default PIN, TCG term NDRNG Non-Deterministic Random Number Generator POR Power-on Reset (power cycle) POST Power on Self-Test PSID Physical SID, public drive-unique value RNG Random Number Generator SED Self-Encrypting Drive, Micron SSD products that provide HW data encryption. SID Secure ID, PIN for Drive Owner CO role, TCG term SoC System-on-a-Chip SP Security Provider or Security Partition (TCG), also Security Policy (FIPS 140-2) SSD Solid State Drives XTS The XTS-AES algorithm is a mode of operation of the Advanced Encryption Standard (AES) Page 4 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 2 Cryptographic Module Description 2.1 Overview The Micron S650DC® TCG Enterprise SSC Self-Encrypting Drive, FIPS, 140-2 Module is embodied in Micron S650DC SAS SED model solid state drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download. The services are provided through industry- standard TCG Enterprise SSC, SCSI protocols. The CM, whose cryptographic boundary is the full drive enclosure, has a multiple-chip embedded physical embodiment. The physical interface to the CM is a SAS connector. The logical interfaces are the industry- standard SCSI (refer to Section1.3, items 7 & 8), TCG SWG (refer to Section1.3, item 5), and Enterprise (refer to Section1.3, item 4) protocols, carried on the SAS (refer to Section1.3, item 9) transport interface. The primary function of the module is to provide data encryption, access control and cryptographic erase of the data stored on the flash drive media. The human operator of the drive product interfaces with the CM through a “host” application on a host system. 2.2 Logical to Physical Port Mapping FIPS 140-2 Interface Module Ports Data Input SAS Connector Data Output SAS Connector Control Input SAS Connector Status Output SAS Connector, LED Power Input Power Connector 2.3 Product Versions The following models and hardware versions (PNs) are validated with the following FW versions:  SSD, 2.5-Inch, SAS Interface, 400 GB o 400 GB: MTFDJAK400MBS-BAN16FCYYES / MTFDJAK400MBS-2AN16FCYY o FW Versions: MB13  SSD, 2.5-Inch, SAS Interface, 800 GB o 800 GB: MTFDJAK800MBS-BAN16FCYYES / MTFDJAK800MBS-2AN16FCYY o FW Versions: MB13  SSD, 2.5-Inch, SAS Interface, 1600 GB o 1600 GB: MTFDJAL1T6MBS-BAN16FCYYES / MTFDJAL1T6MBS-2AN16FCYY o FW Versions: MB13  SSD, 2.5-Inch, SAS Interface, 3200 GB o 3200 GB: MTFDJAL3T2MBS-BAN16FCYYES / MTFDJAL3T2MBS-2AN16FCYY o FW Versions: MB13 Page 5 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 2.4 FIPS Approved Algorithms Algorithm Certificate Number Modes/Key Sizes/Etc used Hardware AES # 3441 256-bit XTS and CBC FIPS 186-4 Signature verification Hardware RSA #1762 w/ 2048-bit modulus Hardware SHA #2841 256-bit Hardware HMAC #2190 256-bit Firmware AES #1343 256-bit CBC Firmware AES-GCM #2841 256-bit Firmware SHA #1225 256-bit FIPS 186-2 Signature verification Firmware RSA #1021 w/ 2048-bit modulus Firmware 800-90A DRBG #62 Hash based DRBG Firmware HMAC #1597 256-bit Firmware 800-38F Key Wrap #2947 256-bit Firmware 800-132 PBKDF Vendor Affirmation Option 2a Hardware NDRNG Non approved but allowed SP800-132, Section 5.4 Option 2a is used and password length is a minimum of 4 bytes. The Master Key is 256 bits and decryption algorithm is AES-GCM. The keys derived from passwords are used in storage applications. There are algorithms, modes and keys that have been CAVS tested but not utilized by the module. Only the algorithms, modes and keys shown in this table are utilized by the module. Page 6 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 2.5 Self-Tests Function Tested Self-Test Type Implementation Failure Behavior Hardware AES Power-On Encrypt and Decrypt KAT Enters FIPS Self Test Error performed. State. Firmware AES Power-On Encrypt and Decrypt KAT Enters FIPS Self Test Error performed. State. Firmware AES – Power-On Encrypt and Decrypt KAT Enters FIPS Self Test Error GCM ( 800-38D ) performed. State. Hardware RSA Power-On Verify KAT performed. Enters FIPS Self Test Error State. Hardware SHA-256 Power-On Digest KAT performed. Enters FIPS Self Test Error State. Firmware 800-90A Power-On DRBG KAT performed. Enters FIPS Self Test Error DRBG State. Firmware 800-38F Power-On Encrypt and Decrypt KAT Enters FIPS Self Test Error Key Wrap performed. State. Firmware 800-132 Power-On KAT performed. Enters FIPS Self Test Error PBKDF State. Firmware HMAC Power-On Keyed-Hash Message Authentication Enters FIPS Self Test Error Code constructed from SHA-256. State. Hardware HMAC Power-On Keyed-Hash Message Authentication Enters FIPS Self Test Error Code constructed from SHA-256. State. Firmware Integrity Power-On Signature Verification. Enters FW Integrity Error State. Check Firmware Load Conditional: RSA PKCS#1 signature verification Incoming firmware package is Check When new of new firmware image is done not loaded and is discarded. firmware is before it can be loaded. downloaded Firmware 800-90A Conditional: Newly generated random number is Enters FIPS Self Test Error DRBG When a random compared to the previously generated State. number is random number. Test fails if they are generated equal. Firmware Entropy Conditional: Repetition Count and Adaptive Enters FIPS Self Test Error DRBG 800-90B When a seed for Proportion tests are performed. State. Health Tests DRBG is requested Non-Approved Conditional: Newly generated random number is Enters FIPS Self Test Error NDRNG When a seed for compared to the previously generated State. DRBG is random number. Test fails if they are requested equal. Page 7 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 2.6 FIPS 140-2 Approved Mode of Operation Before the operator performs Secure Initialization steps detailed in Section 7.1, the drive will operate in a non-FIPS compliant mode. There is 1 approved mode of operation, “TCG Security”. The module’s FIPS mode of operation is enforced through configuration and policy. Violating these ongoing policy restrictions (detailed in Section 7.2) would mean that one is no longer using the drive in a FIPS compliant mode of operation. The operator can determine if the CM is operating in a FIPS approved mode by invoking the Show Status service (refer to Section 4.1). TCG Security Mode 2.6.1 This mode has the capability to have multiple Users with independent access control to read/write/crypto erase independent data areas (LBA ranges). Note that by default there is a single “Global Range” that encompasses the whole user data area which is the starting point from which multiple Users request their independent data areas. In addition to the Drive Owner and User(s) roles, this mode implements a CO role (EraseMaster) to administer the above capability. Entering FIPS Approved Mode of Operation 2.6.2 After the module is installed and configured per the Security Rules of this policy in Section 7.1, the drive is always in the Approved mode of operation except when a critical failure has been detected, causing a transition to a “Failed” state. In some of these “Failed” state scenarios (e.g. repeated POST failure), the drive cannot be restored to FIPS approved mode and does not provide any FIPS services. 2.7 User Data Cryptographic Erase Methods Since all user data is encrypted / decrypted by the CM for storage on / retrieval from the drive media, the data can be erased using cryptographic methods. The data is erased by zeroizing the Media Encryption Key (MEK). Other FIPS services can be used to erase all the other private keys and CSPs (see Section 2.8). 2.8 Revert-SP Method The TCG Revert-SP method may be invoked to transition the CM back to the as-manufactured state (uninitialized). This corresponds to exiting the FIPS approved mode of operation and is akin to a “restore to factory defaults” operation. This operation also provides a means to zeroize keys and CSPs. Subsequently, the CM has to be re-initialized before it can return to a FIPS compliant mode of operation. This Revert-SP method is invoked as an unauthenticated service by virtue of the use of a public credential (PSID). 2.9 Show Status Show status service can be used to determine if the drive is operational under the security constraints of FIPS. For this purpose TCG Level 0 Discovery mechanism is utilized. TCG Level 0 Discovery mechanism maybe invoked by the operator to know if drive is in “use” or security “fail” state. If the Drive Security Life Cycle State is 0x80 then drive is in Use State i.e. security is operational. If the Drive Security Life Cycle State is 0xFF the drive is in security Fail State i.e. drive is not operational in terms of FIPS services. The LED indicates the drive is powered on. Drive activity is indicated by blinking of the LED. No other status is indicated through LED. Page 8 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 3 Identification and Authentication (I&A) Policy 3.1 Operator Roles Note: The following identifies the CO and User roles with a general description of the purposes. For further details of the services performed by each role in each FIPS mode, see section 4.1. 3.1.1 Crypto Officer Roles 3.1.1.1 Drive Owner This CO role corresponds to the SID (Secure ID) Authority on the Admin SP as defined in Enterprise SSC [4]. This role is used to download a new FW image. Note: only a FIPS validated firmware version can be loaded to the module. Otherwise, the module is not operating in FIPS mode. 3.1.1.2 EraseMaster (TCG Security Mode) This CO role corresponds to the same named role as defined in Enterprise SSC [refer to Section1.3, item 4]. This role is used to enable/disable User roles, and erase the user data region (LBA band). An operator is authenticated to this role with role-based authentication. 3.1.2 User Roles 3.1.2.1 BandMasters (0-15) (TCG Security Mode) This user role corresponds to the same named role as defined in Enterprise SSC [refer to Section1.3, item 4]. This role is used to lock/unlock and configure a user data band (“LBA band”) for read/write access. A CM can be configured to support up to 16 user data bands, which are controlled by their respective BandMaster credentials. By default 2 user bands are enabled. BandMasters are enabled/disabled using the EraseMaster role. An operator is authenticated to the BandMaster role with identity-based authentication. If a user data band is erased (EraseMaster service) then the BandMaster PIN is reset to MSID. 3.1.3 Unauthenticated Role This role can perform the Show Status service. If the operator has physical access to the drive, this role can also reset the module with a power cycle (which results in POSTs). This role can also use the public PSID value to exit the FIPS approved mode of operation. See section 4.1 for details. 3.2 Authentication Authentication Types 3.2.1 Some operator roles have role-based authentication and others have identity-based authentication. For example, the Drive Owner role uses role-based authentication as there is only one ID and one PIN. In TCG Security Mode, the CM has up to 16 User operators. Each of these operators is assigned a unique ID to which a PIN is associated, thus this provides identity-based authentication. For some services the authentication is performed in a separate associated service; e.g. the Read Unlock service is the authentication for subsequent User Data Read service. If the User Data Read service is attempted without prior authentication then the command will fail. Authentication in TCG Security Mode 3.2.2 Operator authentication is provided within a TCG session. The host application can have only a single session open at a time. Authentication of an operator, using the TCG interface, uses the Authenticate method to authenticate to a role after a session has been started. Authentications will persist until the session is closed. During a session the application can invoke services for which the authenticated operator has access control. Note that a security rule of the CM is that the host must not authenticate to more than one operator (TCG authority) in a session. For the Show Status the host application will authenticate to the “Anybody” authority which does not have a private credential. Therefore this operation is effectively an unauthenticated service. Page 9 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 Authentication Mechanism, Data and Strength 3.2.3 Operator authentication with PINs is implemented by hashing the operator input value and comparing it to the stored hash of the assigned PIN. The PINs have a retry attribute (“TryLimit”) that controls the number of unsuccessful attempts before the authentication is blocked. The “TryLimit” has an unmodifiable value of 1024. The PINs have a maximum length of 32 bytes. Per the policy security rules, the minimum PIN length is 4 bytes (Rule 2 in Section 7.1). This gives a probability of 1/232 of guessing the PIN in a single random attempt. This easily meets the FIPS 140-2 authentication strength requirements of less than 1/1,000,000. In TCG interface, each failed authentication attempt takes a minimum of 15ms to complete. Thus a theoretical maximum of {(60*1000)/15} attempts can be processed in one minute. Thus the probability of multiple random attempts to succeed in one minute is 4000/2 32. This is significantly lower than the FIPS requirement of 1/100,000. In addition, since the “TryLimit” is unmodifiable, only 1024 attempts can be processed in one minute before the authorities are locked out. Personalizing Authentication Data 3.2.4 The initial value for SID and various other PINs is a manufactured value (MSID). This is a device-unique, 32-byte, public value. The Security Rules (Section 7) for the CM requires that the PIN values must be “personalized” to private values using the “Set PIN” service. Page 10 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 4 Access Control Policy 4.1 Services The following tables represent the FIPS 140-2 services for each FIPS Approved Mode in terms of the Approved Security Functions and operator access control. Note the following:  Use of the services described below is only compliant if the module is in the noted Approved mode.  Underlying security functions used by higher level algorithms are not represented (e.g. hashing as part of asymmetric key)  Operator authentication is not represented in this table.  Some security functions listed are used solely to protect / encrypt keys and CSPs.  Service input and output details are defined by the TCG and SCSI standards.  Unauthenticated services (e.g. Show Status) do not provide access to private keys or CSPs.  Some services have indirect access control provided through enable / disable or lock / unlock services used by an authenticated operator; e.g. User data read / write. Page 11 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 Table 1.1 - FIPS 140-2 Authenticated Services (TCG Security Mode) Service Name Description Operator Access Security Function Command(s)/Event(s) Control Set PIN Change operator EraseMaster, Firmware SHA256, TCG Set Method authentication data. BandMasters, Drive Firmware DRBG, Owner Firmware PBKDF, Firmware HMAC, Firmware AES_GCM Firmware Enable / Disable FW Drive Owner** Hardware RSA, TCG Set Method, SCSI Download Download and load Hardware SHA Write Buffer complete firmware image. If the self-test of the code load passes then the device will run with the new code. Enable / Disable Enable / Disable a User EraseMaster None TCG Set Method BandMasters Authority. Set Range Set the location, size, and BandMasters None TCG Set Method Attributes locking attributes of the LBA range. Lock / Unlock Block or allow read BandMasters Firmware AES-GCM, TCG Set Method User Data Range (decrypt) / write (encrypt) of Firmware AES, for Read and/or user data in a range. Firmware Key Wrap Write User Data Read / Encryption / decryption of None* Hardware AES SCSI Read, Write Write user data to/from a LBA Commands range. Access control to this service is provided through Lock / Unlock User Data Range. Cryptographic Erase user data in an LBA EraseMaster, Firmware DRBG, TCG Erase Method Erase range by cryptographic Hardware SHA, means: changing the Media Firmware PBKDF, encryption key (MEK). Firmware HMAC, BandMaster PIN is also Firmware reset. AES_GCM,Hardware HMAC, Firmware Key Wrap *Security has to be Unlocked **FW Download Port has to be Unlocked Page 12 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 Table 1.2 - FIPS 140-2 Unauthenticated Services (TCG Security Mode) Service Name Description Operator Security Command(s)/Event(s) Access Function Control Show Status Reports if the CM is operational in terms None None TCG Level 0 Discovery, TCG of FIPS services and approved mode of Get Method operation value. Drive Security Life Cycle State =0x80(Use State) and, Approved mode of operation value =0x02. Reset Module Runs POSTs and zeroizes key & CSP in None All POR RAM. cryptographic algorithms DRBG Generate Returns an SP 800-90A DRBG Random None Firmware TCG Random() Bytes Number of 256 bytes DRBG, Firmware SHA256 Exit FIPS Transition the CM back to the as- None (using None TCG AdminSP.RevertSP() Approved Mode manufactured state (uninitialized) PSID) of Operation1 FIPS 140 Reports FIPS 140 Revision, Overall None None SCSI SECURITY PROTOCOL IN – Protocol 0 Compliance Security Level, Hardware and Firmware Descriptor revisions and Module name 4.2 Cryptographic Keys and CSPs The following table defines the keys / CSPs and the operators / services which use them. Note the following:  The use of PIN CSPs for authentication is implied by the operator access control.  The Set PIN service is represented in this table even though generally it is only used at module setup.  All non-volatile storage of keys and CSPs is in the system area of the drive media to which there is no logical or physical access from outside of the module.  The module uses SP 800-90A DRBG and adopts Hash DRBG mechanism.  The module generates a minimum 256 bits of entropy for use with key generation.  Read access of private values are internal only to the CM and are thus not represented in this table.  There is no security-relevant audit feature. 1 CM will enter non-compliant state, which is outside the scope of this validation Page 13 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 Table 3 – “Key Management” Type (Pub / Priv, Name Description key / CSP (e.g. Operator Role Services Used In Access **(W, X) PIN)), size SID (Secure ID), aka Private, PIN, 256 Auth. Data Drive Owner Set PIN W Drive Owner PIN bits SetPIN W Private, PIN, 256 EraseMaster EraseMaster Auth Data EraseMaster bits Cryptographic Erase X Set PIN W BandMaster 0-15 Private, PIN, 256 Users Auth. Data BandMasters Passwords bits Lock/Unlock User Data X Private, AES Key, LBA Range MEKs MEK (per LBA band) Users Lock/Unlock User Data X 256 bits *Input to a DRBG mechanism of a Services which use the Entropy Input String Private, 256 bits None X string of bits that contains entropy DRBG (cryptographic erase) Services which use the *String of bits that is used as input Private, Hash seed, Seed None DRBG (cryptographic erase, X to a DRBG mechanism 448 bits SetPIN) Services which uses the *Collection of stored information Private, V and C Internal State None DRBG (cryptographic erase, X about DRBG instantiation 440 bits SetPIN) Drive Owner Firmware Load Test Signature Public, RSA Key, ORG 0-0 - ORG 0-3 (enable FW FW Download X Verify Key 2048 bits download) Private, AES Key, BandMasters, Lock/Unlock User Data, MEKEK This key is used to wrap the MEK W,X 256 bits EraseMaster Cryptographic Erase, Set PIN Drive Owner, This key is used to protect the Private, AES Key, 32 Unlock User Data, Master Key BandMasters, W,X MEKEK bytes Cryptographic Erase, Set PIN EraseMaster Critical Security Parameter Drive Owner, Private, AES Key, Lock/Unlock User Data, CSPSKs Sanitization Keys, used within BandMasters, W, X 256 bits Cryptographic Erase, SetPIN PBKDF EraseMaster * Source: Section 4 Terms and Definitions of NIST Special Publication 800-90A ** W- Write access is allowed, X – Execute access is allowed Page 14 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 5 Physical Security 5.1 Mechanisms The CM has the following physical security:  Production-grade components with standard passivation  Two tamper-evident security labels applied by Micron manufacturing prevent top and bottom cover removal for access or visibility to the media  Exterior of the drive is opaque  The tamper-evident labels cannot be penetrated or removed and reapplied without tamper-evidence  The tamper-evident labels cannot be easily replicated with a low attack time  Security label on sides of drive provide tamper-evidence of top and bottom cover removal Figure 1: Top view of tamper-evidence label on sides of drive Figure 2: Left-side view of tamper-evidence label on left side of drive Figure 3: Right-side view of tamper-evidence label on right side of drive Page 15 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 5.2 Operator Requirements The operator is required to inspect the CM periodically for one or more of the following tamper evidence:  Checkerboard pattern on security label  Security label cutouts do not match original Upon discovery of tamper evidence, the module should be removed from service. 7mm drives Checkerbox Pattern Tamper Evidence 15 mm drives Page 16 MICRON S650DC® SAS TCG ENTERPRISE SSC SELF-ENCRYPTING DRIVE NON-PROPRIETARY FIPS 140-2 MODULE SECURITY POLICY REV 0.4 6 Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the CM operates in a “non-modifiable operational environment”. That is, while the module is in operation the operational environment cannot be modified and no code can be added or deleted. FW can be upgraded (replaced) with a signed FW download operation. If the code download is successfully authenticated then the module will begin operating with the new code image. 7 Security Rules 7.1 Secure Initialization The following are the security rules for initialization and operation of the CM in a FIPS 140-2 compliant manner. Reference the appropriate sections of this document for details. 1. Users: At installation and periodically examine the physical security mechanisms for tamper evidence. 2. COs and Users: At installation, set all operator PINs applicable for the FIPS mode to private values of at least 4 bytes length:  TCG Security: Drive Owner, EraseMaster and BandMasters Drive Owner: At installation, disable the “Makers” authority 1 3. At installation, the value of LockOnReset1 for FW Download must be set to “Power Cycle” and it 4. must not be modified. At installation, the value of PortLocked1 for FW Download must be set to “TRUE”. 5. 7.2 Ongoing Policy Restrictions 1. Prior to assuming a new role, close the current Session and start a new Session, or do a power cycle, so that the previous authentication is cleared. User Data Read/Writes shall be an authenticated service2. Therefore, set ReadLockEnabled1 and 2. WriteLockEnabled1 to “True” (the default value is “False”). If a band is configured with a value of “False” then the band is to be considered excluded from the module boundary. 8 Mitigation of Other Attacks Policy The CM does not make claims to mitigate against other attacks beyond the scope of FIPS 140-2. 1 Refer Section 1.3, Item 5 2 Refer to Section 4.1, Table 1.1 Page 17