Transcription
NPCT7xx TPM 2.0FIPS 140-2 Security PolicyRevision 1.1.0 NUVOTON TECHNOLOGY CORP. – NON-PROPRIETARY SECURITY POLICY – MAY BE RE-DISTRIBUTED FREELY IN ITS COMPLETE, UNEDITED FORM
Revision RecordRevisionDateComments1.0.7May 16, 2018First version for publication1.0.8February 20, 2019Updated FW version (7.2.0.2)1.0.9March 26, 2019Added both 7.2.0.1 and 7.2.0.2 FW versions1.1.0July 20, 2020Updated SP800-56A revision to 3NPCT7xx TPM 2.02FIPS 140-2 Security Policy
Table of Contents1.MODULE DESCRIPTION . 51.1 GENERAL DESCRIPTION. 51.2 APPROVED MODES. 81.2.1 Approved Mode 1. 81.2.2 Approved Mode 2. 92.CRYPTOGRAPHIC FUNCTIONS AND CRITICAL SECURITY PARAMETERS (CSPS) . 102.1 SUPPORTED CRYPTOGRAPHIC FUNCTIONS . 102.2 NON-APPROVED BUT ALLOWED ALGORITHMS . 112.3 NON-APPROVED ALGORITHMS. 123.PORTS AND INTERFACES . 134.ROLES, AUTHENTICATION AND SERVICES . 144.1 AUTHENTICATION. 154.1.1 Dictionary Attack (DA) Protection . 154.1.2 Authorization Strength . 154.1.3 Authorization Token Value Selection . 164.2 SERVICES . 165.KEY AND CSP MANAGEMENT . 196.SELF TESTS . 226.1 POWER-ON SELF TESTS . 226.2 CONDITIONAL SELF TESTS . 237.PHYSICAL SECURITY . 248.ELECTROMAGNETIC INTERFERENCE AND COMPATIBILITY (EMI/EMC). 259.CRYPTO-OFFICER GUIDANCE . 269.19.29.39.49.5MODES OF OPERATION . 26INSTALLATION . 26OBJECT AUTHORIZATION. 26OBJECT DUPLICATION . 26OBJECT IMPORT. 2710. OBJECT USER GUIDANCE . 2811. DUPLICATE GUIDANCE . 2912. ACRONYMS . 3013. REFERENCES . 31NPCT7xx TPM 2.03FIPS 140-2 Security Policy
FiguresFigure 1. LAG019 in QFN32 Package .5Figure 2. LAG019 in UQFN16 Package .5Figure 3. LAG019 in TSSOP28 Package .6Figure 4. TPM 2.0 Logical Block Diagram.6TablesTable 1. Security Levels.7Table 2. Approved Mode 1.8Table 3. Approved Mode 2.9Table 4. Cryptographic Functions .10Table 5. Non-Approved but Allowed Algorithms .11Table 6. Non-Approved Algorithms .12Table 7. Ports and Interfaces .13Table 8. Roles.14Table 9. Module Services .16Table 10. Cryptographic Keys.19Table 11. Power-On Self Tests (POST) .22Table 12. Conditional Self Tests .23NPCT7xx TPM 2.04FIPS 140-2 Security Policy
1. Module Description1.1 General DescriptionThe Nuvoton Trusted Platform Module (“Module”) is a hardware cryptographic module thatimplements advanced cryptographic algorithms, including symmetric and asymmetriccryptography, as well as key generation and random number generation.The Module is a single-chip module that provides cryptographic services utilized by externalapplications. The Module meets the requirements of FIPS Pub 140-2.The Module meets commercial-grade specifications for power, temperature, reliability, shock,and vibrations, and includes chip packaging to meet the physical security requirements atPhysical Security Level 2.The FIPS 140-2 conformance testing was performed on the following configurations of theNuvoton NPCT7xx TPM 2.0: Firmware version: 7.2.0.1, 7.2.0.2Hardware version 1: LAG019 in TSSOP28 packageHardware version 2: LAG019 in QFN32 packageHardware version 3: LAG019 in UQFN16 packageThe TPM2.0 packages are shown below.Figure 1. LAG019 in QFN32 PackageFigure 2. LAG019 in UQFN16 PackageNPCT7xx TPM 2.05FIPS 140-2 Security Policy
Figure 3. LAG019 in TSSOP28 PackageThe physical cryptographic boundary of the Module is the outer boundary of the chippackaging.Figure 4 shows a logical diagram of the Module:RNGSP I BusP owerNON-VOL ATI L EManagem entDataP r ocessorHost I nter faceCryptoAcceleratorCode(TIS Emulation)GPIOP hysi c al P resencePeripheralsVol ati l eDataGPI0Figure 4. TPM 2.0 Logical Block DiagramNPCT7xx TPM 2.06FIPS 140-2 Security Policy
The Module was tested to meet overall Security Level 2 of the FIPS PUB 140-2 standard. TheSecurity Level for each section of FIPS PUB 140-2 is specified in Table 1.Table 1. Security LevelsFIPS 140-2 SectionSecurit y LevelCryptographic Module Specif ication2Cryptographic Module Ports and Interf aces2Roles, Services and Authentication2Finite State Model2Physical Security2Operational EnvironmentN/ACryptographic Key Management2EMI/E MC3Self Tests2Design Assurance2Mitigation of Other AttacksNPCT7xx TPM 2.0N/A7FIPS 140-2 Security Policy
1.2 Approved ModesFor some TPM host platforms, it might take too much time to execute all self tests duringpower up. Therefore, the TPM supports the following two Approved modes.1.2.1 Approved Mode 1This mode is the default mode when the TPM powers up.Table 2. Approved Mode 1PropertiesDescriptionDef initionTransient modeConf igurationThis mode is the def ault mode when the TPM powers up. Itassumes a list of basic algorithms that is going to be usedf or basic TPM commands. The algorithms are: SHA1,SHA256, SHA384, HMAC, KDFa, KDFe and AES. Th esealgorithms are tested in TPM Init . Thus all the algorithmsf rom this list are tested bef ore the f irst command isexecuted.Services available All se rvices that do not use asymmetric cryptography (RSA,ECDSA, ECDH)Algorithms usedSHS / HMAC / AES / DRBG / KDFCSPs usedOnly asymmetric CSPs ca nnot be used (RSA and ECC keys)Self testsSHS / HMAC / AES / DRBG / KDF and f irmware integrity testNPCT7xx TPM 2.08FIPS 140-2 Security Policy
1.2.2 Approved Mode 2This mode is the Approved mode of operation when all CSPs are accessible.Table 3. Approved Mode 2PropertiesDescriptionDef initionFull Approved mode of operationConf igurationThere are three ways to move to Mode 2:1. TPM2 Self Test(f ullTest YES) command .2. TPM2 Self Test(f ullTest NO) command. If thef irmware is in Mode 1, the command returnsTPM RC TEST ING. I mmediately af ter that , thef irmware runs a self test equivalent toTPM2 Self Test(f ullTest YES). If a c ommand isrece ived before the TPM has completed self testexecution, the TPM wi ll f irst complete Self Test andthen execute the command .3. Command that requires Mode 2 (all commands notlisted in PTP section 5.5.1.6 , Self Test and EarlyPlatform Initializatio n).Incremental ST does not move to Mode 2 even if allthe algorithm testing is completed using thiscommand.Services available All servicesAlgorithms usedAll supported algorithmsCSPs usedAll CSPsSelf testsSHS / HMAC / AES / DRBG / KDF / RSA / ECDH / ECDSAand f irmware integrity testNPCT7xx TPM 2.09FIPS 140-2 Security Policy
2. Cryptographic Functions and Critical Security Parameters (CSPs)2.1 Supported Cryptographic FunctionsThe Module’s cryptographic functions are outlined in Table 4.Table 4. Cryptographic FunctionsFunctionKeySizein BitsUseStandardCLV128 256 DataFIPS 197,Encryption SP800 -38AandDecryption4746AES Encryption andDecryption using OFB, CFBand CTR modesAESRSA Signature Generationand Verif ication usingRSASSA -PKCS1 -v1 5 andRSASSA -PSS modesRSASA2048DigitalSignatureFIPS 186 -4,PKCS#1 v2.12591RSA Decryption OperationPrimiti veRSADP2048KeyTransportPrimiti veSP800 -56B1845RSA Encryption andDecryption using RSAES PKCS1 -v1 5 andRSAES OAEP modesRSAES2048KeyTransportSP800 -56B,VendorPKCS#1 v2.1 Aff irmedGeneration of RSA KeysRSAKG2048Key PairFIPS 186 -4Generation2591CKG 1128256KeySP800 -133GenerationVendorAff irmedECDSA Signature Generationand Verif ication using P -256and P-384 curvesECDSA256384DigitalFIPS 186 -4Signatures1183Generation of ECDSA KeysECCKG256384Key PairFIPS 186 -4Generation1183Generation of symmetrickeys and seeds whengenerating private keys f orasymmetric key algorithms1FunctionNameThe resulting symmetric key or generated seed is an unmodified output from the DRBG.NPCT7xx TPM 2.010FIPS 140-2 Security Policy
FunctionFunctionNameKeySizein BitsUseECC Key Agreement usingFull Unif ied and One PassDH schemesECDH256384KeySP800 -56AAgreement rev. 3H MAC HASH MessageAuthentication Code usingSHA-1, SHA 2-256 andSHA2-384H MAC160256384KeyedMessageDigestFIPS 198 -13161SHS Hash using SHA -1,SHA2-256 and SHA2 -384SHAN/AMessageDigestFIPS 180 -43890Deterministic Random BitGeneration (DRBG)SHA2-256 basedDRBG256DRBGSP800 -90A1628Key Derivation Fun ction(KDF) using Counter modewith H MACKDFaSP800 -108150AES Key W rapping withH MACAKW HSP800 -38F4746,3161160 256 KeyDerivation128256KeyW rappingStandardCLVVendorAff irmed2.2 Non-Approved but Allowed AlgorithmsTable 5 summarizes TPM 2.0 functions that are not approved but allowed.Table 5. Non-Approved but Allowed AlgorithmsFunctionFunctionNameKey Sizein BitsNDRNG (entropy source)NDRBGN/ANPCT7xx TPM 2.011UseEntropy source f or the DRBGFIPS 140-2 Security Policy
2.3 Non-Approved AlgorithmsTable 6 summarizes TPM 2.0-specified algorithm functions that do not meet the FIPS 140-2cryptographic requirements. Usage of these algorithms in a TPM application is limited to noncryptographic functions. The module will enter Non-Approved mode upon any cryptographicuse of any of these algorithms.Table 6. Non-Approved AlgorithmsFunctionDescriptionSHA-1Used f or digital signature verif ication (legacy) and any non -digitalsignature application.Not used for digital signature generation.RSANot permitted f or digital signature generation, key agreement and keytransport schemes with key size 1024. Usage of 1024 bit keysconsidered equivalent to plaintext or obf uscation v ersus cryptography.XORXOR obf uscation used as a hash -based stream cipher.MGF1RSAES OAEP mask generation function equivalent to plaintext orobf uscation versus cryptography.ECDAAUsed f or object creation and approved actions on keys that are nonFIPS compliant. Not used f or cryptography. Usage considered plaintextor obf uscation.EC Schnorr Used f or signing and verif ying signatures that are non -FIPS compliant.Not used for cryptography. Usage considered plaintext or obf uscation.NPCT7xx TPM 2.012FIPS 140-2 Security Policy
3. Ports and InterfacesThe ports of the Module are: SPI BusPP (Physical Presence) PinPlatform ResetPowerThe logical interfaces and the mapping of the logical interfaces to the physical ports of theModule are described in the table below.Table 7. Ports and Control InputInterf aceControl Input commands issued to the chipSPI BusPP pinPlatform ResetPowerStatus OutputInterf aceStatus data output by the chipSPI BusData InputInterf aceData provided to the chip as part of thedata processing commandsSPI BusPP pinPlatform ResetData OutputInterf aceData output by the chip a part of the dataprocessing commandsSPI BusPP pinPlatform ResetPower Interf acePower interf ace of the chipPlatform ResetPowerThe Module does not include a maintenance interface.NPCT7xx TPM 2.013FIPS 140-2 Security Policy
4. Roles, Authentication and ServicesThe two operation roles implemented by the Module are summarized in the table below.Table 8. RolesRoleAc ronymHigh Level DescriptionCrypto -Off icerCOAlso known as “Object Administrator”; installs andconf igures the Module , controls certif ication, chang esauthorizationObject UserOUUses the object to e xecutes servicesDuplicateDUPDuplicates an object (if object duplication is allowed)The Module provides three authorization types to identify the role: Password, HMAC andPolicy.Password Authorization - A plaintext password value presented to authorize an action oridentify a role. A plaintext password may be only appropriate for cases in which the pathbetween the caller and the TPM is trusted or when the password is well known.HMAC Authorization – Proving the knowledge of a shared secret via challenge-responseHMAC protocol to authorize an action or identify a role. HMAC key is the shared secret.Policy Authorization – Also known as “Enhanced Authorization”, allows entity-creators oradministrators to require specific tests or actions to be performed as authorization method oridentity proof. The specific policy is encapsulated in a digest value that is associated with anentity. An entity has a policy that defines the conditions for use of an entity. A policy may bearbitrarily complex. However, the policy is expressed as one (statistically unique) digest calledthe authPolicy.Both HMAC and Policy authorizations include rolling nonce values as part of the protocol, asa challenge and to prevent a replay-attack.Note: For commands that require Platform Authorization and commands that require ahierarchy authorization, it is possible to require an additional out-of-band authorization.This may use a dedicated pin in the TPM – also known as “Physical Presence” (PP).The TPM maintains a table of the commands that require that PP be asserted toauthorize command execution. Only certain commands may be included in this table.NPCT7xx TPM 2.014FIPS 140-2 Security Policy
4.1 Authentication4.1.1 Dictionary Attack (DA) ProtectionThe TPM incorporates mechanisms that provide protection against guessing or exhaustivesearches of authorization values stored within the TPM.The DA protection logic is triggered when the rate of authorization failures is too high. If thisoccurs, the TPM enters Lockout mode preventing any operation that requires use of a DAprotected object. Depending on the settings of the configurable parameters, the TPM can“self-heal” after a specified amount of time or be programmatically reset using proof ofknowledge of an authorization value or satisfaction of a policy (i.e., using lockoutAuth).While authorization values that are expected to be high-entropy values will not need DAprotection, lockoutAuth is always DA-protected even though it may have high-entropy.4.1.2 Authorization StrengthThe Module authenticates operator actions using authorization tokens. Consider mostconservative TPM command throughput on the bus and command execution duration, wouldallow 1,000 commands per second or 60,000 attempts per minute.Password and HMAC Authorization StrengthWhen a high-entropy authorization token is used (where DA protection may be disabled), eachvalue, statistically, has the same probability to be chosen. For worst case scenario, assumeSHA-1 output values size (160 bit array), producing 2160 different possible values.Probability for randomly successful attempt is 2 -160, assuming 60,000 trials per minute wouldproduce probability for success in one minute: 2 -160 60,000 4.1 10-44 10-5.If a lower entropy authorization token is used (e.g., memorized PIN or password), acombination of password size (i.e., determines size of entropy) and DA protection settingshould be selected to meet the FIPS requirements. The requirement of an eight-characterpassword string with TCG’s default DA settings (maxTries 3; recoveryTime 1,000seconds) would produce the necessary strength. For the worst case, assume an eight-digitPIN, allowing 108 different possible values with equal probability. The TCG default DAsettings listed above would allow three trials before lockout (for duration of over a minute).The probability for a randomly successful attempt is 10-8, assuming 3 trials would produce theprobability for success in less than one minute: 10-8 3 3 10-8 10-5.Policy Authorization StrengthSince policy authorization is expressed as (statistically unique) digest, for worst casescenario, assume SHA-1 output values size (160 bit array), producing 2 160 different possiblevalues.Probability for randomly successful attempt is 2 -160, assuming 60,000 trials per minute wouldproduce probability for success in one minute: 2 -160 60,000 4.1 10-44 10-5.NPCT7xx TPM 2.015FIPS 140-2 Security Policy
4.1.3 Authorization Token Value SelectionTPM permits the creation of objects with NULL authorization (empty buffer). However, to meetthe Authorization Strength listed in Section 4.1.2, roles should not use NULL authorizationvalues for CSPs.The TPM Crypto-Officer’s role is to set proper authorization values for the Storage andEndorsement hierarchies (if there is no OS managing these authorization values for the user).4.2 ServicesTable 9 lists all Module services, the affected CSPs, and the associated roles:Table 9. Module ServicesServiceGet StatusDescriptionThe Module implements a GetStatus commands that returns thestatus of the Module, includingsuccess or f ailure of s elf tests.CSPRoleNoneCO,OU,DUPNoneCO,OU,DUPNote: This service (e.g.,TPM2 GetCapability) does not requireauthenticationSelf TestsThe Module runs power -on selftests automatically when poweredon and on demand.Note: This service (e.g.,TPM2 Selftest) does not requireauthenticationEncryptUsed to encrypt dataEncryption keys ,Public storage keys ,Platform keysCO,OU,DUPDecryptUsed to decrypt dataEncryptio n keys,Private storage keys,Endorsement keys,Platform keysCO,OUNPCT7xx TPM 2.016FIPS 140-2 Security Policy
ServiceDescriptionCSPRoleZeroizeUsed to zeroize (irreversiblydestroy) Module's cryptographickeys and CSPsEncryption keys,COPublic verif ication keys,Public storage keys,Private storage keys,Identity keys,H MAC keys,DRBG seeds,Endorsement keys,Platform keysMAC,MAC Verif yUsed to calculate and verif y MACf or dataH MAC keysKeyGenerateUsed to generate keysEncryption keys,CO,Public verif ication keys, OUPublic storage keys,Private storage keys,Identity keys,Ephemeral keys,H MAC keys,DRBG seeds,Endorsement keys ,Platform keysRSA Verif yUsed to verif y data using RSAPublic verif ication keys , CO,Platform keys,OUFirm ware Update keyRSA SignUsed to sign data using RSAIdentity keys ,Platform keysECDSAVerif yUsed to verif y data using ECDSAPublic verif ication keys , CO,Platform keysOUECDSA SignUsed to sign data using ECDSAIdentity keys ,Platform keysKey ImportUsed to import keysEncryption keys,COPublic verif ication keys,Public storage keys,Private storage keys ,Identity keys ,H MAC keys,Platform keysNPCT7xx TPM 2.017CO,OUCO,OUCO,OUFIPS 140-2 Security Policy
ServiceDescriptionCSPRoleKeyDuplicateUsed to export keysEncryption keys,Public storage keys ,Private storage keys ,Ephemeral keys,H MAC keys,Platform keysCO,DUPKeyAgreementUsed to derive a keyEphemeral Keys,Endorsement keys,Platform keysCO,OUTPM IdentityUsed to authenticate TPM Identityto other partiesIdentity keysCO,OUTPMUsed to prove to other parties thatEndorsement TPM i s a genuine TPMEndorsement keysCO,OUTPM GetRandomDRBG seedsCO,OUDRBG seedsCO,OUUsed to generate random dataNote: This service does not requireauthentication .TPM Sti rRandomUsed to add entropy to the randombit generatorNote: This service does not requireauthentication .InstallModuleInstalls ModuleH MAC keys,Platform keysCOFirm wareUpdateUpdates Module’s f irmware.Requires Platf orm Authorization.Firm ware Update keyCONPCT7xx TPM 2.018FIPS 140-2 Security Policy
5. Key and CSP ManagementTable 10 specifies each cryptographic key or CSP utilized by the Module.For access type description, the following acronyms are used:W - Write; the CSP is updated/written by the TPME - Execute; the CSP is used by the TPM for executionTPM commands that have CSP as input/output parameters shall use parameter encryption.Table 10. Cryptographic KeysKey o rCSPFunc.EncryptionkeysAESAKW HKDFaDRBGCKGUsed to :- W rap keys: f or import/duplication, forwrapping keys stored outside the TPMand for session keys (audit orparameter encryption)- Encrypt/decrypt input/outputparameters- Decrypt credentialsKeys generated using DRBG, derivedusing KDFa or securely transportedusing public/private storage keys.Encrypt - EDecrypt - EZeroize - WKey Import - E, WKey Gen erate - WKey Duplicate - EPublicverif icationkeysRSASARSAKGECDSAECCKGDRBGUsed to verif y signatures on data , asservice f or external application, or aspart of Authorization Policy verif ication.Keys may be generated in the TPM (aspart of Identity key generation) orloaded f rom external source.Zeroize - WKey Gen erate - WRSA Verif y - EECDSA Verif y - EKey Import - WPublicstorage keysRSAESRSAKGKDFaDRBGUsed to transport keys generatedexternally or generated by TPM.Keys may be generated in the TPM (aspart of Private storage key generation)or imported f rom external source.Encrypt - EZeroize - WKey Gen erate - WKey Import - WKey Duplicate - EPrivatestorage keysRSAESRSAKGKDFaAKW HDRBGUsed to transport keys generatedexternally or generated by TPM.Keys may be generated in the TPM(stored encapsulated or wrappedoutside the TPM) or imported f romexternal source.Decrypt - EZeroize - WKey Gen erate - WKey Import - E, WKey Duplicate - ENPCT7xx TPM 2.0Usage19Service - AccessFIPS 140-2 Security Policy
Key o rCSPFunc.UsageService - AccessIdentity keysRSASARSAKGECDSAECCKGKDFaAKW HDRBGAuthorization tokens used to proveTPM identity to other parties .Used to sign information generated orcontrolled by the TPM.Keys may be generated in the TPM(stored encapsulated or wrappedoutside the TPM) or imported f romexternal source.Zeroize - WKey Gen erate - WRSA Sign - EECDSA Sign - EKey Import - WTPM Identity - EEphemeralkeysECDHECCKGKDFaAKW HDRBGUsed to exchange secrets to establisha symmetric key , using One-PassDiff ie -Hellman .Used f or:- Encryption of authorization sessionsalt- Secret sharing f or duplication- Secret sharing f or credentialsKeys may be generated in the TPM(stored encapsulated or wrappedoutside the TPM) or imported f romexternal source.Key Generate - WKey Duplicate - EKey Agreement - EH MAC keysH MACAKW HDRBGCKGUsed to calculate and verif y MAC codesf or data .Used f or:- Ensuring associat ion of credentialwith a loaded object- Access or usage authorization- Symmetric s igning- AuditKeys may be generated in the TPM(stored encapsulated or wrappedoutside the TPM) or imported f romexternal source.Zeroize - WMAC, MAC Ver if y - EKey Gen erate - WKey Import - WKey Duplicate - EInstall Module - W , EDRBG seedsDRBG Used to seed the DRBG , generated byNDRBG the NDRBG.Endorsement RSAES Authorization tokens used to prove tokeysRSAKG the external parties that TPM is aECDH genuine TPM.ECCKG Keys may be generated in the TPM orKDFainstalled during TPM manuf acturing.DRBGNPCT7xx TPM 2.020Zeroize - WKey Gen erate - ETPM Get Random - ETPM Sti r Random - WDecrypt - EZeroize - WKey Generate - WKey Agreement - ETPM Endorsement - EFIPS 140-2 Security Policy
Key o rCSPFunc.UsageService - AccessPlatform keys AESKeys used by the Platform Firmwa re .RSAESRSASARSAKGECDHECDSAECCKGKDFaDRBGEncrypt - EDecrypt - EZeroize - WKey Gen erate - WRSA Verif y - ERSA Sign - EECDSA Verif y - EECDSA Sign - EKey Import - EKey Duplicate - EKey Agreement - EInstall Module - W , EFirm wareUpdate keyRSA Verif y - EFirm ware update - ERSASA Used to verif y signature on f irmwareupdates.Key installed at the modulemanuf acturing .NPCT7xx TPM 2.021FIPS 140-2 Security Policy
6. Self Tests6.1 Power-On Self TestsThe Module implements the following tests during power-on:Table 11. Power-On Self Tests (POST)Cryptography FunctionT est T ypeFirm ware integrityMAC using a 128 -bit error detection codeH MACFIPS 198 -1 KAT using SHA2-384SHA-1, SHA2-256 , SHA2-384 FIPS 180 -4 KAT for each SHA typeAES Encryption / DecryptionFIPS 197 KAT f rom SP800 -38AKDFaSP800 -108 KATKDFe 2 (f or ECDH)SP800 -56A rev. 3 KATDRBGSP800 -90A KAT (DRBG Generate, Reseed andInstantiate )SP800-56A rev. 3, section 6.2.2.2. The KDF used is the “One-Step Key Derivation” according to SP800-56C,section 4”.2NPCT7xx TPM 2.022FIPS 140-2 Security Policy
6.2 Conditional Self TestsThe Module implements the following conditional tests:Table 12. Conditional Self TestsCryptographyFunctionConditionT est T ypePOSTPOSTAll tests listed in Table 11ECDSAsign / verif yTPM2 Self Test(f ullTest YES) in transition toApproved Mode 2FIPS 186 -4 KATECDHTPM2 Self Test(f ullTest YES) in transition toApproved Mode 2SP800 -56A rev. 3 KATRSAsign / verif yTPM2 Self Test(f ullTest YES) in transition toApproved Mode 2PKCS#1v2.1, FIPS 186 -4 KATRSA keygenerationKey GenerationConditional pair -wise consistencycheck f or RSA public -private keypairs each time an RSA key pair isgenerated, using FIPS 186 -4ECC keygenerationKey GenerationConditional pair -wise consistencycheck f or ECDSA public -private keypairs each time an ECDSA key pairis generated, using FIPS 186 -4Firm ware LoadTestField UpgradeFirm ware update test during thef irmware update. The digitalsignature is verif ied on t hef irmware image using an RSA(SHA2 -256) algorithm, utilizing a2048-bit Firmware Update keyDRBGNew bits are generatedContinuous Self TestNDRNGNew bits are generatedContinuous Self TestIf a conditional or power-on self test fails, the Module enters an error state where both dataoutput and cryptographic services are disabled.NPCT7xx TPM 2.023FIPS 140-2 Security Policy
7. Physical SecurityThe TPM is implemented as a single integrated circuit (IC) device that attaches to standardsystem PCBs. It is manufactured using de-facto standard integrated circuit manufacturingtechnologies, producing a device that meets all commercial-grade power, temperature,reliability, shock and vibration specifications.The TPM IC physical package provides hardness, opacity and tamper-evidence protectionconforming to FIPS 140-2 Physical Security Level 2. The TPM achieves this level of protectionby implementing an enclosure that is both hard and opaque, as shown in the figures in Section1. This type of IC package ensures that any physical tampering will always result in scratches,chipping or other visible damage on the enclosure.Before the TPM is integrated into a target application system, it must be checked visually fortampering. After it is integrated, typically through soldering onto a PCB, it can be inspected fortampering by opening the application system enclosure and examining the TPM.NPCT7xx TPM 2.024FIPS 140-2 Security Policy
8. Electromagnetic Interference and Compatibility (EMI/EMC)The Module complies with the EMI/EMC requirements spec
NPCT7xx TPM 2.0 8 FIPS 140-2 Security Policy 1.2 Approved Modes For some TPM host platforms, it might take too much time to execute all self tests during power up. Therefore, the TPM supports the following two Approved modes. 1.2.1 Approved Mode 1 This mode is the default mode when the TPM powers up. Table 2. Approved Mode 1 Properties Description
