NPCT6XX TPM 1.2 NUVOTON TECHNOLOGY CORPORATION FIPS 140-2 SECURITY POLICY 8 HASADNAOT STREET HERZLIA, 46130 ISRAEL DOCUMENT VERSION: 4.4 LAST REVISION: AUGUST 9, 2016 ©NUVOTON TECHNOLOGY CORP. – NON-PROPRIETARY SECURITY POLICY – MAY BE RE-DISTRIBUTED FREELY IN ITS COMPLETE, UNEDITED FORM CONTENTS 1. Module Description ........................................................................................... 4 2. Cryptographic Functions ................................................................................. 9 3. Ports and Interfaces ......................................................................................... 10 4 Roles and Services ............................................................................................. 12 5. Key Management ............................................................................................. 15 6. Power-On Self Tests ....................................................................................... 18 7. Conditional Self-Tests ..................................................................................... 19 8. Crypto Officer Guidance................................................................................. 20 9. User Guidance................................................................................................... 20 10. Acronyms ......................................................................................................... 21 NUVOTON TPM 1.2 SECURITY POLICY PAGE 2 OF 22 LIST OF TABLES AND FIGURES Figure 1: TPM 1.2 Images ................................................................................... 5 Figure 2: TPM 1.2 Logical Block Diagram ..................................................... 7 Table 1: Security Levels ........................................................................................ 8 Table 2: Cryptographic Functions...................................................................... 9 Table 3: Ports and Interfaces ............................................................................. 11 Table 4: Roles ........................................................................................................ 12 Table 5: Services ................................................................................................... 13 Table 6: Cryptographic Keys ............................................................................. 15 Table 7: Self-tests ................................................................................................. 18 NUVOTON TPM 1.2 SECURITY POLICY PAGE 3 OF 22 1. MODULE DESCRIPTION The Nuvoton Trusted Platform Module (“MODULE”) is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key import and random number generation. The Module is a SINGLE CHIP MODULE that provides cryptographic services utilized by external applications. The Module meets the requirements of FIPS Pub 140-2. The module meets the commercial-grade specifications for power, temperature, reliability, shock, and vibrations. The FIPS 140-2 conformance testing was performed on two platforms specified below NUVOTON NPCT6XX TPM 1.2 FIRMWARE VERSIONS: 5.81.0.0, 5.81.1.0, 5.81.2.1 HARDWARE VERSION 1: FB5C85D IN TSSOP28 PACKAGE HARDWARE VERSION 2: FB5C85D IN QFN32 PACKAGE HARDWARE VERSION 3: FB5C85E IN TSSOP28 PACKAGE HARDWARE VERSION 4: FB5C85E IN QFN32 PACKAGE Images depicting the Module are provided on the next page. NUVOTON TPM 1.2 SECURITY POLICY PAGE 4 OF 22 FIGURE 1: TPM 1.2 IMAGES FB5C85D IN TSSOP28 PACKAGE FB5C85D IN QFN32 PACKAGE NUVOTON TPM 1.2 SECURITY POLICY PAGE 5 OF 22 FB5C85E IN TSSOP28 PACKAGE FB5C85E IN QFN32 PACKAGE The PHYSICAL CRYPTOGRAPHIC BOUNDARY of the Module is the outer boundary of the chip packaging. A LOGICAL DIAGRAM of the Module is provided on the next page. NUVOTON TPM 1.2 SECURITY POLICY PAGE 6 OF 22 FIGURE 2: TPM 1.2 LOGICAL BLOCK DIAGRAM POW E R N ON - VOLATI LE RN G MAN AGE ME N T DATA CRYP TO HO ST 2 LP C/I C / CODE PROC ES SO R ACC E LE - IN TE R FACE SPI B U S RATOR ( TI S E MU LATI ON ) VOLAT ILE PE RI PHE - GP IO DATA RA LS GP I0 The Module was tested to meet OVERALL SECURITY LEVEL 1 of the FIPS PUB 140-2 standard. The Security Level as per each section of FIPS PUB 140-2 is specified in the table on the next page. NUVOTON TPM 1.2 SECURITY POLICY PAGE 7 OF 22 TABLE 1: SECURITY LEVELS FIPS 140-2 SECTION SECURITY LEVEL CRYPTOGRAPHIC MODULE SPECIFICAT I O N 1 CRYPTOGRAPHIC MODULE PORTS A N D 1 INTER FAC E S ROLES, SERVICES A N D AUTHENTICATIO N 1 FINITE STATE MODEL 1 PHYSICAL SECURITY 1 OPERATING ENVIRO N M E N T N/A CRYPTOGRAPHIC KEY M A N A G E M E NT 1 EMI/EMC 1 SELF-TESTS 1 DESIGN ASSUR A N C E 1 MITIGATION O F OTHER AT TA C K S N/A NUVOTON TPM 1.2 SECURITY POLICY PAGE 8 OF 22 2. CRYPTOGRAPHIC FUNCTIONS The cryptographic functions of the Module are outlined in the table below. TABLE 2: CRYPTOGRAPHIC FUNCTI ONS CERT NUMBER FUNCTION KEYSIZE USE APPROVED FUNCTIO N S AES E N C RY P T 128 B I T S ENCRYPTIO N 3093 MODES: ECB, CTR 3468 RSA V E R I F Y 1024 & DIGITAL 1582 2048 B I T S SIGNATURE 1779 VERIFICATIO N HMAC K E Y E D H A S H 160 B I T S KEYED 1938 HMAC-SHA-1 MESSAGE 2213 DIGEST SHS HASH N/A MESSAGE 2554 2863 D I G E ST APPROVED SERVICES CVL N/A TPM KEY 373 SP 80 0-135 R E V 1 DERIVATIO N 535 NUVOTON TPM 1.2 SECURITY POLICY PAGE 9 OF 22 ALLOWED F O R U S E F U N C T I O N S RSA KEY WR A P P I N G 2048 B I T S WRAP & N/A UNWR AP SY M M E T R I C K E YS HAR DWA R E -BASED N O N - N/A GENER AT E N/A APPROVED N O N - SE E D & T H E D E T E R M I N I ST I C RNG SE E D K E Y FO R (ENTROPY S O U RC E ). THE RNG In the Approved mode of operation the Module supports key size of 2048 bits for RSA key wrapping, which corresponds to the effective key strength of 112 bits. The module supports key wrapping using the AES algorithm. Note: no TPM protocol has been used or tested by the CAVP and CMVP. 2.1 Non-Approved Non-Allowed Functions The Module supports signature generation using RSA-SHA-1, which is used in the TPM IDENTITY service. This function is Non-Approved and is considered equivalent to plaintext or obfuscation. The module also supports a disallowed FIPS 186-2 RNG. 3. PORTS AND INTERFACES The physical ports of the Module are LPC Bus - SPI Bus - I2C Bus - GPIO Bus - NUVOTON TPM 1.2 SECURITY POLICY PAGE 10 OF 22 The logical interfaces and the mapping of the logical interfaces to the physical ports of the Module are described in the table below. TABLE 3: PORTS AND INTERFACES LOGICAL DESCRIPTION PHYSICAL INTERFACE PORTS CONTROL INPUT CONTROL INPUT CO M M AN D S LPC BUS INTER FAC E SPI BUS I S S U E D TO T H E C H I P I2C BUS GPIO BUS STAT U S OUTPUT STAT U S D ATA O U T P U T BY T H E LPC BUS INTER FAC E SPI BUS CHIP I2C BUS GPIO BUS DATA INPUT DATA P ROV I D E D TO T H E C H I P LPC BUS INTER FAC E SPI BUS A S PA RT O F T H E D ATA I2C BUS P RO C E S S I N G CO M M A ND S GPIO BUS DATA OUTPUT DATA O U T P U T BY T H E C H I P A LPC BUS INTER FAC E SPI BUS PA RT O F T H E D ATA I2C BUS P RO C E S S I N G CO M M A ND S GPIO BUS POWER POWER I N T E R FAC E O F T H E POWER P I N INTER FAC E CHIP G RO U N D P I N The Module does not include a maintenance interface. NUVOTON TPM 1.2 SECURITY POLICY PAGE 11 OF 22 4 ROLES AND SERVICES The OPERATOR ROLES implemented by the module are summarized in the table below. TABLE 4: ROLES ROLE HIGH LEVEL DESCRIPTI ON CRYPTO OFFICER INSTALL S A ND CO N FI G U R E S T H E P RO D U C T A ND M A N A G E S U SE R S USER EXECUTES C RY P TO ALG O R I T H M S A ND E STAB L I SH E S K E YS The Module provides a set of SERVICES described in the table on the next page. For each service the table includes a description of the service, as well as lists roles in which the service is available. NUVOTON TPM 1.2 SECURITY POLICY PAGE 12 OF 22 TABLE 5: SERVICES SERVICE DESCRIPTION ROLE GET STATUS THE MODULE I M P L E M E NT S A GET STATUS CRYPTO OFFICER CO M M A N D T H AT R E T U R N S T H E STAT U S O F T H E MODULE, I N C LU D I N G S U C C ES S O R FAI LU R E O F S E L F -TEST S . RUN SEL F -TESTS THE MODULE R U N S P OW E R -UP SE L F -TESTS CRYPTO OFFICER AU TO M AT I C A L LY W H E N P O W E R E D O N . ONE C A N E X E C U T E SE L F -TESTS O N D E M A ND BY P OW E R -CYCLING T H E MODULE. ENCRYPT USED TO E N C RY P T D ATA USER ZEROIZE USED TO Z E RO I Z E (IRREVE RSI B LY D E ST ROY ) CRYPTO OFFICER MODULE'S C RY P TO G R AP H I C K E Y S A ND CSP S . THE K E Y S A N D CSPS STO R E D I N T H E NO N - VO L AT I L E A N D VO L AT I L E M E M O RY AR E Z E RO I Z E D BY E X EC U T I N G T H E CO R R E SP O ND I N G K E Y /E NT I T Y Z E RO I Z AT I O N CO M M A N D S : - TPM_FLUSH SPECIFIC - TPM_OWNERCLEAR MAC & USED TO C A LC U L AT E A ND V E R I FY M AC FO R D ATA USER MAC VER I F Y RSA VERIFY USED TO V E R I F Y D ATA U S I NG RSA USER RSA WR A P & UNWRAP USED TO W R A P & U NW R A P C RY P TO G R AP H I C USER K E YS U S I N G RSA KEY IMPORT USED TO I M P O RT K E YS USER NUVOTON TPM 1.2 SECURITY POLICY PAGE 13 OF 22 TPM IDENTITY USED TO USER TPM IDENTITY TO OT H E R PAR T I E S AU T H E N T I C AT E TPM ENDORSEME N T USED TO P ROV E TO OT H E R PART I E S T H AT TPM I S USER A G E N U I N E TPM UNBINDING USED TO U N B I N D SY M M E T R I C K E Y S U SI NG RSA USER PRIVATE BINDING KEY TPM GET RANDO M USED TO G E N E R AT E R A ND O M D ATA USER TPM STIR RANDOM USED TO A D D E NT RO P Y TO T H E R A N D O M B I T USER G E N E R ATO R INSTALL MODULE INSTALL S M O D U L E CRYPTO OFFICER FIRMWARE UPDATE UPDAT ES M O D U L E ’S FI R M WAR E CRYPTO OFFICER NUVOTON TPM 1.2 SECURITY POLICY PAGE 14 OF 22 5. KEY MANAGEMENT The table below specifies each cryptographic key utilized by the Module. For each key the table provides a description of its use, derivation or import, and storage. NOTE: READ is defined as read access; WRITE is defined as write access. TABLE 6: CRYPTOGRAPHIC KEYS KEY OR CSP USAGE SERVICE & ORIGIN & ACCESS STORAGE AES USED TO E N C RY P T ENCRYPT IMPORTE D BY T H E READ MODULE, STO R E D I N SY M M E T R I C DATA OTP O R I N NO N - E N C RY P T I O N KEY VO L AT I L E FL A SH I N K E YS WRAP/UNWRAP P L AI NT E X T WRITE KEY IMPORT WRITE ZEROIZE WRITE RSA P U B L I C USED TO V E R I F Y RSA VERIFY IMPORTE D BY T H E READ MODULE, STO R E D I N V E R I F I C AT I O N S I G N AT U R E S O N VO L AT I L E RAM O R I N K E YS DATA ZEROIZE NO N -VOLATILE F L A SH WRITE I N P L AI NT E X T KEY WRAP/UNWRAP WRITE KEY IMPORT WRITE NUVOTON TPM 1.2 SECURITY POLICY PAGE 15 OF 22 RSA P U B L I C USED TO W R A P RSA IMPORTE D BY T H E WRAP/UNWRAP MODULE, STO R E D I N STO R A G E K E Y S SY M M E T R I C K E Y S READ VO L AT I L E RAM O R I N NO N -VOLATILE FL A SH KEY IMPORT I N P L AI NT E X T WRITE ZEROIZE WRITE RSA P R I VAT E USED TO U N W R A P RSA IMPORTE D BY T H E WRAP/UNWRAP MODULE, STO R E D I N STO R A G E K E Y S SY M M E T R I C K E Y S READ VO L AT I L E RAM O R I N NO N -VOLATILE FL A SH KEY IMPORT I N P L AI NT E X T WRITE ZEROIZE WRITE AUTHENT I C AT I O N TPM IDENTITY IMPORTE D BY T H E IDENTITY KEYS READ MODULE, STO R E D I N TO K E N S U S E D TO TPM I D E N T I T Y TO VO L AT I L E RAM O R I N KEY IMPORT NO N -VOLATILE FL A SH OT H E R PA RT I E S WRITE I N P L AI NT E X T ZEROIZE WRITE RSA P R I VAT E USED TO U N B I N D DATA BINDING IMPORTE D BY T H E (UNWR A P ) A K E Y READ MODULE, STO R E D I N BINDING KEYS VO L AT I L E RAM O R I N B O U N D BY A N ZEROIZE NO N -VOLATILE FL A SH EXTERNAL ENTITY WRITE I N P L AI NT E X T NUVOTON TPM 1.2 SECURITY POLICY PAGE 16 OF 22 HMAC KEYS USED TO MAC/MAC I M P O RT E D BY T H E VERIFY MODULE, STO R E D I N C A LC U L AT E A N D M AC READ VO L AT I L E RAM O R I N VERIFY NO N -VOLATILE FL A SH CO D E S F O R D ATA KEY GEN I N P L AI NT E X T READ KEY IMPORT WRITE ZEROIZE WRITE ENDORSE M E N T AUTHENT I C AT I O N TPM INSTALLED AT T H E KEY ENDORSE M E NT TO K E N U S E D TO FAC TO RY READ P ROV E TO T H E E X T E R N A L PA RT I E S TPM I S A T H AT G E N U I N E TPM FIRMWARE USED TO V E R I F Y FIRMWARE INSTALLED AT T H E UPDATE KEY S I G N AT U R E O N U P D AT E FAC TO RY READ F I R M WA R E U P D AT E S The key zeroization service is executed by running the following two commands in sequence:  TPM_FlushSpecific  TPM_OwnerClear All keys and CSPs that are subject to the key zeroization requirements of FIPS 140-2 are zeroized by executing the key zeroization service. The module implements power-up cryptographic algorithm tests that are described in the table below. NUVOTON TPM 1.2 SECURITY POLICY PAGE 17 OF 22 6. POWER-ON SELF TESTS The Module implements a power-up integrity check using a 128-bit error detection code. The module implements power-up cryptographic algorithm tests that are described in the table below. TABLE 7: SELF-TESTS CRYPTO FUNCTION TEST TYPE AES CTR E N C RY P T KNOWN ANSWER TEST (ENCRYPT) RSA V E R I F Y KNOWN ANSWER TEST (VERIFY) HMAC K E Y E D H A S H KNOWN ANSWER TEST (KEYED H A SH ) SHS HASH KNOWN ANSWER TEST (H A SH ) RNG R A N D O M N U M B E R G E N E R AT I O N KNOWN ANSWER TEST (GENER AT E R A ND O M B LO C K ) NUVOTON TPM 1.2 SECURITY POLICY PAGE 18 OF 22 7. CONDITIONAL SELF-TESTS The Module executes continuous RNG test on each execution of the FIPS 186-2 RNG. The Module executes continuous RNG test on each execution of the non-Approved hardware non-deterministic RNG (entropy source). The Module executes conditional pair-wise consistency check for RSA public-private key pairs each time an RSA key pair is generated using FIPS 186-4 key pair generation algorithm. The module executes the firmware update test during the firmware update. The digital signature is verified on the firmware image using an RSA (SHA-256) algorithm utilizing a 2048-bit firmware update key. If any of the conditional or power-on self-tests fail, the Module enters an error state where both data output and cryptographic services are disabled. NUVOTON TPM 1.2 SECURITY POLICY PAGE 19 OF 22 8. CRYPTO OFFICER GUIDANCE To install the Module in the Approved Mode of operation, the following steps must be followed: The Module must be physically controlled during the installation - The Module must be placed on the PCB as described in the Module - technical specifications The module normally would come from the manufacturer pre- - configured with TpmInit script already executed. If the initialization sequence has not been executed by the manufacturer, the Crypto Officer shall initialize the module as described in Nuvoton “NPCT6xx Initialization and Configuration” document. This includes running the TpmInit script with the -fips flag. 9. USER GUIDANCE The user shall not generate keys using the disallowed RNG but shall instead use the Key Import service. The user shall take security measures to protect tokens used to authenticate the user to the Module. NOTE: Authentication is not covered by the FIPS 140-2 Level 1 requirements. NUVOTON TPM 1.2 SECURITY POLICY PAGE 20 OF 22 10. ACRONYMS AES Advanced Encryption Algorithm CPU Central Processing Unit EMC Electro Magnetic Compatibility EMI Electro Magnetic Interference FIPS Federal Information Processing Standard GPIO General Purpose Input Output bus HMAC Hash-based Message Authentication Code I2C Inter-integrated circuit bus LPC Low Pin Count bus OTP One Time Programmable Memory PCB Printed Circuit Board RAM Random Access Memory RNG Random Number Generator RSA Rivest-Shamir-Adleman SHS Secure Hash Standard SP Special Publication SPI Serial Peripheral Interface bus TCG Trusted Computing Group TIS TPM Interface Specification TPM Trusted Platform Module NUVOTON TPM 1.2 SECURITY POLICY PAGE 21 OF 22 Nuvoton provides comprehensive service and support. For product information and technical assistance, contact the nearest Nuvoton center. Nuvoton Technology Corporation America Nuvoton Technology (Shanghai) Ltd. Headquarters 27F, 2299 Yan An W. Rd. No. 4, Creation Rd. 3 2727 North First Street Science-Based Industrial Park Shanghai, 200336 China San Jose, CA 95134, U.S.A. Hsinchu, Taiwan, R.O.C TEL: 1-408-544-1718 TEL: 86-21-62365999 TEL: 886-3-5770066 FAX: 1-408-544-1787 FAX: 86-21-62365998 FAX: 886-3-5665577 http://www.nuvoton.com.tw (Chinese) http://www.nuvoton.com English) Taipei Office Winbond Electronics Corporation Japan Nuvoton Technology (H.K.) Ltd. 1F, No.192, Jingye 1st Rd. NO. 2 Ueno-Bldg., 7-18, 3-chome Unit 9-15, 22F, Millennium City 2, Zhongshan District Shinyokohama Kohoku-ku 378 Kwun Tong Rd. Taiwan City 104, Taiwan, R.O.C. Yokohama, 222-0033 Kowloon, Hong Kong TEL: 886-2-2658-8066 TEL: 81-45-4781881 TEL: 852-27513100 FAX: 886-2-8751-3579 FAX: 81-45-4781800 FAX: 852-27552064 For Advanced PC Product Line information contact: APC.Support@nuvoton.com © 2016 Nuvoton Israel Ltd.. All rights reserved www.nuvoton.com