NUVOTON NPCT XX TPM . TECHNOLOGY CORPORATION FIPS - SECURITY POLICY ! HASADNAOT STREET HERZLIA, ISRAEL DOCUMENT VERSION: . LAST REVISION: AUGUST THIS DOCUMENT MAY BE REPRODUCED ONLY IN ITS ORIGINAL ENTIRETY CONTENTS 1. Module Description ............................................................................. 4 2. Cryptographic Functions ................................................................... 9 3. Ports and Interfaces ........................................................................... 11 4 Roles and Services ............................................................................... 13 5. Key Management............................................................................... 16 6. Power-On Self Tests ........................................................................ 21 7. Conditional Self-Tests ...................................................................... 23 8. Crypto Officer Guidance .................................................................. 24 9. User Guidance ..................................................................................... 24 10. Acronyms ........................................................................................... 25 NUVOTON TPM . SECURITY POLICY PAGE OF LIST OF TABLES AND FIGURES Figure 1: TPM 1.2 Images ..................................................................... 5 Figure 2: TPM 1.2 Logical Block Diagram ........................................ 7 Table 1: Security Levels........................................................................... 8 Table 2: Cryptographic Functions ........................................................ 9 Table 3: Ports and Interfaces................................................................ 11 Table 4: Roles ........................................................................................... 13 Table 5: Services .................................................................................... 14 Table 6: Cryptographic Keys ............................................................... 16 Table 7: Self-tests .................................................................................... 21 NUVOTON TPM . SECURITY POLICY PAGE OF 1. MODULE DESCRIPTION Nuvoton Trusted Platform Module ("MODULE") is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation. The Module is a SINGLE CHIP MODULE that provides cryptographic services utilized by external applications. The Module meets requirements of FIPS Pub 140-2. The module meets commercial-grade specifications for power, temperature, reliability, shock, and vibrations. The FIPS 140-2 conformance testing was performed on two platforms specified below NUVOTON NPCT6XX TPM 1.2 FIRMWARE VERSION: 5.81.0.0 HARDWARE VERSION 1: FB5C85D IN TSSOP28 PACKAGE HARDWARE VERSION 2: FB5C85D IN QFN32 PACKAGE HARDWARE VERSION 3: FB5C85D IN TSSOP28 PACKAGE HARDWARE VERSION 4: FB5C85E IN QFN32 PACKAGE Images depicting the Module are provided on the next page. NUVOTON TPM . SECURITY POLICY PAGE OF FIGURE : TPM . IMAGES FB5C85D IN TSSOP28 PACKAGE FB5C85D IN QFN32 PACKAGE NUVOTON TPM . SECURITY POLICY PAGE OF FB5C85E IN TSSOP28 PACKAGE FB5C85E IN QFN32 PACKAGE The PHYSICAL CRYPTOGRAPHIC BOUNDARY of the Module is the outer boundary of the chip packaging. NUVOTON TPM . SECURITY POLICY PAGE OF A LOGICAL DIAGRAM of the Module is provided on the next page. FIGURE : TPM . LOGICAL BLOCK DIAGRAM RN G POW E R N ON - VOLATI LE MAN AGE ME N T DATA HO ST CRYP TO LP C\I C \ IN TE R FACE PROC ES SO R ACC E LE - CODE SPI B U S ( TI S RATOR E MU LATI ON ) PE RI PHE - VOLAT ILE GP IO RA LS DATA GP I The Module was tested to meet OVERALL SECURITY LEVEL 1 of the FIPS PUB 140-2 standard. The Security Level as per each section of FIPS PUB 140-2 is specified in the table on the next page. NUVOTON TPM . SECURITY POLICY PAGE OF TABLE : SECURITY LEVELS FIPS - SECTION SECURITY LEVEL C RY P TO G R A P H I C M O D U L E S P EC I F I C AT I O N C RY P TO G R A P H I C M O D U L E P O RT S A N D I N T E R FAC E S R O L ES , S E RV I C ES A N D A U T H E N T I C AT I O N F I N I T E S TAT E M O D E L P H Y S I C A L S EC U R I T Y O P E R AT I N G E N V I RO N M E N T N/A C RY P TO G R A P H I C K E Y M A N A G E M E N T EMI/EMC S E L F -T E ST S D ES I G N A S S U R A N C E M I T I G AT I O N O F O T H E R A T TA C K S N/A NUVOTON TPM . SECURITY POLICY PAGE ! OF 2. CRYPTOGRAPHIC FUNCTI ONS FUNCTIONS The cryptographic functions of the Module are outlined in the table below. TABLE : CRYPTOGRAPHIC FUNCTIONS CERT NUMBER FUNCTION KEYSIZE USE A P P ROV E D F U N C T I O N S AES E N C RY P T ! BITS E N C RY P T I O N * M O D ES : ECB, CTR RSA V E R I F Y & D I G I TA L ! ! BITS S I G N AT U R E V E R I F I C AT I O N HMAC K E Y E D H A S H BITS KEYED * ! HMAC-SHA- M ES S A G E D I G E ST SHS H A S H N/A M ES S A G E D I G E ST G E N E R AT I O N O F RSA K E Y S ! KEY PAIR ! FIPS ! - G E N E R AT I O N FIPS ! - RNG N/A RANDOM NUMBER G E N E R AT I O N NUVOTON TPM . SECURITY POLICY PAGE * OF & SYMMETRIC KEY G E N E R AT I O N A P P ROV E D S E RV I C ES CVL N/A TPM K E Y SP ! - REV D E R I VAT I O N A L LOW E D F O R U S E F U N C T I O N S RSA K E Y W R A P P I N G ! BITS WRAP & N/A UNWRAP SY M M E T R I C KEYS H A R DWA R E - BA S E D N O N - N/A G E N E R AT E N/A A P P ROV E D N O N - SEED & THE D E T E R M I N I ST I C RNG S E E D K E Y FO R ( E N T RO P Y S O U RC E ). THE RNG In the Approved mode of operation the Module supports key size of 2048 bits for RSA key wrapping, which corresponds to the effective key strength of 112 bits. The module supports key wrapping using the AES algorithm. Note: no TPM protocol has been used or tested by the CAVP and CMVP. 2.1 Non-Approved Non-Allowed Functions The Module supports signature generation using RSA-SHA-1 which is used in the TPM IDENTITY service. This function is Non-Approved and is considered equivalent to plaintext or obfuscation. NUVOTON TPM . SECURITY POLICY PAGE OF 3. PORTS AND I NTERFACES The physical ports of the Module are - LPC Bus - SPI Bus - I2C Bus - GPIO Bus The logical interfaces and the mapping of the logical interfaces to the physical ports of the Module are described in the table below. TABLE : PORTS AND INTERFACES LOGICAL DESCRIPTION PHYSICAL INTERFACE PORTS C O N T RO L I N P U T C O N T RO L I N P U T CO M M A N D S LPC B U S I N T E R FAC E I S S U E D TO T H E C H I P SPI B U S I C BUS GPIO B U S S TAT U S O U T P U T S TAT U S D ATA O U T P U T BY T H E LPC B U S I N T E R FAC E CHIP SPI B U S I C BUS GPIO B U S D ATA I N P U T D ATA P ROV I D E D TO T H E C H I P LPC B U S I N T E R FAC E A S PA RT O F T H E D ATA SPI B U S P RO C E S S I N G CO M M A N D S I C BUS GPIO B U S D ATA O U T P U T D ATA O U T P U T BY T H E C H I P A LPC B U S I N T E R FAC E PA RT O F T H E D ATA SPI B U S P RO C E S S I N G CO M M A N D S I C BUS GPIO B U S NUVOTON TPM . SECURITY POLICY PAGE OF P OW E R P OW E R I N T E R FAC E O F T H E P OW E R P I N I N T E R FAC E CHIP G RO U N D P I N The Module does not include a maintenance interface. NUVOTON TPM . SECURITY POLICY PAGE OF 4 ROLES AND SERVICES The OPERATOR ROLES implemented by the module are summarized in the table below. TABLE : ROLES ROLE HIGH LEVEL DESCRIPTION C RY P TO O F F I C E R I N STA L L S A N D CO N F I G U R E S T H E P RO D U C T A N D M A N A G E S U S E R S USER E X EC U T E S C RY P TO A L G O R I T H M S A N D G E N E R AT ES K E Y S The Module provides a set of SERVICES described in the table on the next page. For each service the table includes a description of the service, as well as lists roles in which the service is available. NUVOTON TPM . SECURITY POLICY PAGE OF TABLE : SERVICES SERVICE DESCRIPTION ROLE G E T S TAT U S T H E M O D U L E I M P L E M E N T S A G E T S TAT U S C RY P TO O F F I C E R CO M M A N D T H AT R E T U R N S T H E STAT U S O F T H E M O D U L E , I N C LU D I N G S U C C ES S O R FA I LU R E O F S E L F - T EST S . R U N S E L F -T E ST S T H E M O D U L E R U N S P OW E R - U P S E L F - T E ST S C RY P TO O F F I C E R AU TO M AT I C A L LY W H E N P O W E R E D O N . O N E C A N E X E C U T E S E L F - T E ST S O N D E M A N D BY P OW E R - C YC L I N G T H E M O D U L E . E N C RY P T U S E D TO E N C RY P T D ATA USER Z E RO I Z E U S E D TO Z E RO I Z E ( I R R E V E RS I B LY D E ST ROY ) C RY P TO O F F I C E R M O D U L E ' S C RY P TO G R A P H I C K E Y S A N D CSP S . T H E K E Y S A N D CSP S STO R E D I N T H E N O N - V O L AT I L E A N D V O L AT I L E M E M O RY A R E Z E RO I Z E D BY E X EC U T I N G T H E CO R R E S P O N D I N G K E Y / E N T I T Y Z E RO I Z AT I O N CO M M A N D S : - TPM_F LU S H S P EC I F I C - TPM_O W N E R C L EA R MAC & U S E D TO C A L C U L AT E A N D V E R I F Y M AC FO R D ATA USER MAC V E R I F Y K E Y G E N E R AT E U S E D TO G E N E R AT E K E Y S USER RSA V E R I F Y U S E D TO V E R I F Y D ATA U S I N G RSA USER RSA W R A P & U N W R A P U S E D TO W R A P & U N W R A P C RY P TO G R A P H I C USER K E Y S U S I N G RSA NUVOTON TPM . SECURITY POLICY PAGE OF K E Y I M P O RT U S E D TO I M P O RT K E Y S USER TPM I D E N T I T Y U S E D TO USER AU T H E N T I C AT E TPM I D E N T I T Y TO OT H E R PA RT I E S TPM E N D O R S E M E N T U S E D TO P ROV E TO OT H E R PA RT I E S T H AT TPM I S USER A G E N U I N E TPM UNBINDING U S E D TO U N B I N D SY M M E T R I C K E Y S U S I N G RSA USER P R I VAT E B I N D I N G K E Y TPM G E T R A N D O M U S E D TO G E N E R AT E R A N D O M D ATA USER TPM S T I R R A N D O M U S E D TO A D D E N T RO P Y TO T H E R A N D O M B I T USER G E N E R ATO R I N STA L L M O D U L E I N STA L L S M O D U L E C RY P TO O F F I C E R F I R M WA R E U P DAT E U P DAT ES M O D U L E ' S F I R M WA R E C RY P TO O F F I C E R NUVOTON TPM . SECURITY POLICY PAGE OF 5 . KEY MANAGEMENT The table below specifies each cryptographic key utilized by the Module. For each key the table provides a description of its use; derivation or import; and storage. NOTE: READ is defined as read access; WRITE is defined as write access. TABLE : CRYPTOGRAPHIC KEYS KEY OR CSP USAGE SERVICE & ORIGIN & ACCESS STORAGE AES U S E D TO E N C RY P T E N C RY P T G E N E R AT E D O R SY M M E T R I C DATA READ I M P O RT E D BY T H E E N C RY P T I O N M O D U L E , STO R E D I N KEYS KEY GEN OTP O R I N N O N - WRITE V O L AT I L E F L A S H I N PLAINTEXT KEY W R A P /U N W R A P WRITE K E Y I M P O RT WRITE Z E RO I Z E WRITE NUVOTON TPM . SECURITY POLICY PAGE OF RSA P U B L I C U S E D TO V E R I F Y RSA V E R I F Y G E N E R AT E D O R V E R I F I C AT I O N S I G N AT U R E S O N READ I M P O RT E D BY T H E KEYS DATA M O D U L E , STO R E D I N V O L AT I L E RAM O R I N KEY GEN N O N - V O L AT I L E F L A S H WRITE IN PLAINTEXT Z E RO I Z E WRITE KEY W R A P /U N W R A P WRITE K E Y I M P O RT WRITE RSA P U B L I C U S E D TO W R A P RSA G E N E R AT E D O R STO R A G E K E Y S SY M M E T R I C K E Y S W R A P /U N W R A P I M P O RT E D BY T H E READ M O D U L E , STO R E D I N V O L AT I L E RAM O R I N N O N - V O L AT I L E F L A S H K E Y I M P O RT IN PLAINTEXT WRITE RSA K E Y G E N WRITE Z E RO I Z E WRITE NUVOTON TPM . SECURITY POLICY PAGE OF RSA P R I VAT E U S E D TO U N W R A P RSA G E N E R AT E D O R STO R A G E K E Y S SY M M E T R I C K E Y S W R A P /U N W R A P I M P O RT E D BY T H E READ M O D U L E , STO R E D I N V O L AT I L E RAM O R I N RSA K E Y G E N N O N - V O L AT I L E F L A S H WRITE IN PLAINTEXT K E Y I M P O RT WRITE Z E RO I Z E WRITE IDENTITY KEYS A U T H E N T I C AT I O N TPM I D E N T I T Y G E N E R AT E D O R TO K E N S U S E D TO READ I M P O RT E D BY T H E TPM I D E N T I T Y TO M O D U L E , STO R E D I N OT H E R PA RT I E S V O L AT I L E RAM O R I N RSA K E Y G E N N O N - V O L AT I L E F L A S H WRITE IN PLAINTEXT K E Y I M P O RT WRITE Z E RO I Z E WRITE NUVOTON TPM . SECURITY POLICY PAGE ! OF RSA P R I VAT E U S E D TO U N B I N D D ATA B I N D I N G G E N E R AT E D O R BINDING KEYS (UNWRAP) A KEY READ I M P O RT E D BY T H E B O U N D BY A N M O D U L E , STO R E D I N EXTERNAL ENTITY V O L AT I L E RAM O R I N RSA K E Y G E N N O N - V O L AT I L E F L A S H WRITE IN PLAINTEXT Z E RO I Z E WRITE HMAC K E Y S U S E D TO MAC/MAC G E N E R AT E D O R C A L C U L AT E A N D VERIFY I M P O RT E D BY T H E VERIFY M AC READ M O D U L E , STO R E D I N CO D E S F O R D ATA V O L AT I L E RAM O R I N N O N - V O L AT I L E F L A S H KEY GEN IN PLAINTEXT READ K E Y I M P O RT WRITE Z E RO I Z E WRITE RNG S E E D U S E D TO S E E D T H E KEY GEN G E N E R AT E D BY T H E RNG READ MODULE USING THE N O N -A P P ROV E D N O N - D E T E R M I N I ST I C RSA K E Y G E N H A R DWA R E RNG READ ( E N T RO P Y S O U RC E ) STO R E D I N V O L AT I L E RAM I N P L A I N T E X T Z E RO I Z E WRITE NUVOTON TPM . SECURITY POLICY PAGE * OF RNG S E E D U S E D TO S E E D T H E K E Y G E N E R AT E G E N E R AT E D BY T H E KEY RNG READ MODULE USING THE N O N -A P P ROV E D N O N - RSA K E Y G E N D E T E R M I N I ST I C READ H A R DWA R E RNG ( E N T RO P Y S O U RC E ), STO R E D I N V O L AT I L E Z E RO I Z E RAM I N P L A I N T E X T WRITE ENDORSEMENT A U T H E N T I C AT I O N TPM I N STA L L E D AT T H E KEY TO K E N U S E D TO ENDORSEMENT FAC TO RY P ROV E TO T H E READ E X T E R N A L PA RT I E S T H AT TPM I S A G E N U I N E TPM HMAC U S E D FO R HMAC K E Y G E N E R AT E G E N E R AT E D BY T H E A U T H E N T I C AT I AU T H E N T I C AT I O N WRITE MODULE ON KEY O F D ATA MAC/MAC VERIFY READ F I R M WA R E U S E D TO V E R I F Y F I R M WA R E I N STA L L E D AT T H E U P DAT E K E Y S I G N AT U R E O N U P D AT E FAC TO RY F I R M WA R E READ U P D AT E S NUVOTON TPM . SECURITY POLICY PAGE OF The key zeroization service is executed by running the following two commands in sequence: - TPM_FLUSHSPECIFIC - TPM_OWNERCLEAR All keys and CSPs that are subject to the key zeroization requirements of FIPS 140-2 are zeroized by executing the key zeroization service. The module implements power-up cryptographic algorithm tests that are described in the table below. POWER- 6 . POWER - ON SELF TESTS The Module implements a power-up integrity check using a 128- bit error detection code. The module implements power-up cryptographic algorithm tests that are described in the table below. TABLE : SELF-TESTS CRYPTO FUNCTION TEST TYPE AES CTR E N C RY P T K N OW N A N SW E R T E ST ( E N C RY P T ) RSA V E R I F Y K N OW N A N SW E R T E ST ( V E R I F Y ) HMAC K E Y E D H A S H K N OW N A N SW E R T E ST (KEYED HASH) SHS H A S H K N OW N A N SW E R T E ST ( H A S H ) RNG R A N D O M N U M B E R K N OW N A N SW E R T E ST NUVOTON TPM . SECURITY POLICY PAGE OF G E N E R AT I O N ( G E N E R AT E R A N D O M B LO C K ) NUVOTON TPM . SECURITY POLICY PAGE OF SELF- 7. CONDITIONAL SELF - TESTS The Module executes continuous RNG test on each execution of the FIPS 186-2 RNG. The Module executes continuous RNG test on each execution of the non-Approved hardware non-deterministic RNG (entropy source). The Module executes conditional pair-wise consistency check for RSA public-private key pairs each time an RSA key pair is generated using FIPS 186-4 key pair generation algorithm. The module executes the firmware update test during the firmware update. The digital signature is verified on the firmware image using RSA(SHA-256) algorithm utilizing a 2048-bit firmware update key. If any of the conditional or power-on self-tests fail, the Module enters an error state where both data output and cryptographic services are disabled. NUVOTON TPM . SECURITY POLICY PAGE OF GUIDANCE 8 . CRYPTO OFFICER GU IDANCE To install the Module in the Approved Mode of operation, the following steps must be followed: - The Module must be physically controlled during the installation - The Module must be placed on the PCB as described in the Module technical specifications - The module normally would come from the manufacturer pre-configured with TpmInit script already executed. If the initialization sequence has not been executed by the manufacturer, the Crypto Officer shall initialize the module as described in Nuvoton "NPCT6xx Initialization and Configuration" document. This includes running the the TpmInit script with the -fips flag. 9 . USER GUIDANCE The users shall take security measures to protect tokens used to authenticate the user to the Module. NOTE: authentication is not covered by the FIPS 140-2 Level 1 requirements. NUVOTON TPM . SECURITY POLICY PAGE OF 10. 10 . ACRONYMS AES Advanced Encryption Algorithm CPU Central Processing Unit EMC Electro Magnetic Compatibility EMI Electro Magnetic Interference FIPS Federal Information Processing Standard GPIO General Purpose Input Output bus HMAC Hash-based Message Authentication Code I2C Inter-integrated circuit bus LPC Low Pin Count bus OTP One Time Programmable Memory PCB Printed Circuit Board RAM Random Access Memory RNG Random Number Generator RSA Rivest-Shamir-Adleman SHS Secure Hash Standard SP Special Publication SPI Serial Peripheral Interface bus TCG Trusted Computing Group TIS TPM Interface Specification TPM Trusted Platform Module NUVOTON TPM . SECURITY POLICY PAGE OF