NPCT6XX TPM

NUVOTON NPCT XX TPM .
TECHNOLOGY
CORPORATION
FIPS - SECURITY POLICY
! HASADNAOT STREET
HERZLIA,
ISRAEL
DOCUMENT VERSION: .
LAST REVISION: AUGUST
THIS DOCUMENT MAY BE REPRODUCED ONLY IN ITS ORIGINAL ENTIRETY

CONTENTS
1. Module Description ............................................................................. 4
2. Cryptographic Functions ................................................................... 9
3. Ports and Interfaces ........................................................................... 11
4 Roles and Services ............................................................................... 13
5. Key Management............................................................................... 16
6. Power-On Self Tests ........................................................................ 21
7. Conditional Self-Tests ...................................................................... 23
8. Crypto Officer Guidance .................................................................. 24
9. User Guidance ..................................................................................... 24
10. Acronyms ........................................................................................... 25
NUVOTON TPM . SECURITY POLICY PAGE OF

LIST OF TABLES AND FIGURES
Figure 1: TPM 1.2 Images ..................................................................... 5
Figure 2: TPM 1.2 Logical Block Diagram ........................................ 7
Table 1: Security Levels........................................................................... 8
Table 2: Cryptographic Functions ........................................................ 9
Table 3: Ports and Interfaces................................................................ 11
Table 4: Roles ........................................................................................... 13
Table 5: Services .................................................................................... 14
Table 6: Cryptographic Keys ............................................................... 16
Table 7: Self-tests .................................................................................... 21

1. MODULE DESCRIPTION
Nuvoton Trusted Platform Module (MODULE) is a hardware

cryptographic module that implements advanced cryptographic
algorithms, including symmetric and asymmetric cryptography;
as well as key generation and random number generation.
The Module is a SINGLE CHIP MODULE that provides

cryptographic services utilized by external applications. The
Module meets requirements of FIPS Pub 140-2.
The module meets commercial-grade specifications for power,

temperature, reliability, shock, and vibrations.
The FIPS 140-2 conformance testing was performed on two

platforms specified below
NUVOTON NPCT6XX TPM 1.2
FIRMWARE VERSION: 5.81.0.0
HARDWARE VERSION 1: FB5C85D IN TSSOP28 PACKAGE
HARDWARE VERSION 2: FB5C85D IN QFN32 PACKAGE
HARDWARE VERSION 3: FB5C85D IN TSSOP28 PACKAGE
HARDWARE VERSION 4: FB5C85E IN QFN32 PACKAGE
Images depicting the Module are provided on the next page.

FIGURE : TPM . IMAGES
FB5C85D IN TSSOP28 PACKAGE
FB5C85D IN QFN32 PACKAGE

FB5C85E IN TSSOP28 PACKAGE
FB5C85E IN QFN32 PACKAGE
The PHYSICAL CRYPTOGRAPHIC BOUNDARY of the Module is the

outer boundary of the chip packaging.

A LOGICAL DIAGRAM of the Module is provided on the next page.
FIGURE : TPM . LOGICAL BLOCK DIAGRAM
RN G POW E R N ON - VOLATI LE
MAN AGE ME N T DATA
HO ST CRYP TO
LP C\I C \ IN TE R FACE PROC ES SO R ACC E LE - CODE
SPI B U S ( TI S RATOR
E MU LATI ON )
PE RI PHE - VOLAT ILE

GP IO
RA LS DATA
GP I
The Module was tested to meet OVERALL SECURITY LEVEL 1 of

the FIPS PUB 140-2 standard. The Security Level as per each
section of FIPS PUB 140-2 is specified in the table on the next
page.

TABLE : SECURITY LEVELS
FIPS - SECTION SECURITY LEVEL
C RY P TO G R A P H I C M O D U L E S P EC I F I C AT I O N
C RY P TO G R A P H I C M O D U L E P O RT S A N D
I N T E R FAC E S
R O L ES , S E RV I C ES A N D A U T H E N T I C AT I O N
F I N I T E S TAT E M O D E L
P H Y S I C A L S EC U R I T Y
O P E R AT I N G E N V I RO N M E N T N/A
C RY P TO G R A P H I C K E Y M A N A G E M E N T
EMI/EMC
S E L F -T E ST S
D ES I G N A S S U R A N C E
M I T I G AT I O N O F O T H E R A T TA C K S N/A
NUVOTON TPM . SECURITY POLICY PAGE ! OF

2. CRYPTOGRAPHIC FUNCTIONS
FUNCTI ONS
The cryptographic functions of the Module are outlined in the

table below.
TABLE : CRYPTOGRAPHIC FUNCTIONS
CERT NUMBER
FUNCTION
KEYSIZE
USE
A P P ROV E D F U N C T I O N S
AES E N C RY P T ! BITS E N C RY P T I O N *
M O D ES : ECB, CTR
RSA V E R I F Y & D I G I TA L !
! BITS S I G N AT U R E
V E R I F I C AT I O N
HMAC K E Y E D H A S H BITS KEYED * !

HMAC-SHA- M ES S A G E
D I G E ST
SHS H A S H N/A M ES S A G E
D I G E ST
G E N E R AT I O N O F RSA K E Y S ! KEY PAIR !

FIPS ! - G E N E R AT I O N
FIPS ! - RNG N/A RANDOM

NUMBER
G E N E R AT I O N
NUVOTON TPM . SECURITY POLICY PAGE * OF

&
SYMMETRIC
KEY
G E N E R AT I O N
A P P ROV E D S E RV I C ES
CVL N/A TPM K E Y

SP ! - REV D E R I VAT I O N
A L LOW E D F O R U S E F U N C T I O N S
RSA K E Y W R A P P I N G ! BITS WRAP & N/A

UNWRAP
SY M M E T R I C
KEYS
H A R DWA R E - BA S E D N O N - N/A G E N E R AT E N/A

A P P ROV E D N O N - SEED & THE
D E T E R M I N I ST I C RNG S E E D K E Y FO R
( E N T RO P Y S O U RC E ). THE RNG
In the Approved mode of operation the Module supports key size

of 2048 bits for RSA key wrapping, which corresponds to the
effective key strength of 112 bits.
The module supports key wrapping using the AES algorithm.
Note: no TPM protocol has been used or tested by the CAVP and
CMVP.
2.1 Non-Approved Non-Allowed Functions

The Module supports signature generation using RSA-SHA-1
which is used in the TPM IDENTITY service. This function is
Non-Approved and is considered equivalent to plaintext or
obfuscation.

3. PORTS AND I NTERFACES
The physical ports of the Module are
- LPC Bus
- SPI Bus
- I2C Bus
- GPIO Bus
The logical interfaces and the mapping of the logical interfaces to

the physical ports of the Module are described in the table below.
TABLE : PORTS AND INTERFACES
LOGICAL DESCRIPTION PHYSICAL

INTERFACE PORTS
C O N T RO L I N P U T C O N T RO L I N P U T CO M M A N D S LPC B U S
I N T E R FAC E I S S U E D TO T H E C H I P SPI B U S
I C BUS
GPIO B U S
S TAT U S O U T P U T S TAT U S D ATA O U T P U T BY T H E LPC B U S

I N T E R FAC E CHIP SPI B U S
I C BUS
GPIO B U S
D ATA I N P U T D ATA P ROV I D E D TO T H E C H I P LPC B U S

I N T E R FAC E A S PA RT O F T H E D ATA SPI B U S
P RO C E S S I N G CO M M A N D S I C BUS
GPIO B U S
D ATA O U T P U T D ATA O U T P U T BY T H E C H I P A LPC B U S

I N T E R FAC E PA RT O F T H E D ATA SPI B U S
P RO C E S S I N G CO M M A N D S I C BUS
GPIO B U S

P OW E R P OW E R I N T E R FAC E O F T H E P OW E R P I N
I N T E R FAC E CHIP G RO U N D P I N
The Module does not include a maintenance interface.

4 ROLES AND SERVICES
The OPERATOR ROLES implemented by the module are

summarized in the table below.
TABLE : ROLES
ROLE HIGH LEVEL DESCRIPTION
C RY P TO O F F I C E R I N STA L L S A N D CO N F I G U R E S T H E
P RO D U C T A N D M A N A G E S U S E R S
USER E X EC U T E S C RY P TO A L G O R I T H M S
A N D G E N E R AT ES K E Y S
The Module provides a set of SERVICES described in the table on

the next page. For each service the table includes a description of
the service, as well as lists roles in which the service is available.

TABLE : SERVICES
SERVICE DESCRIPTION ROLE
G E T S TAT U S T H E M O D U L E I M P L E M E N T S A G E T S TAT U S C RY P TO O F F I C E R
CO M M A N D T H AT R E T U R N S T H E STAT U S O F T H E
M O D U L E , I N C LU D I N G S U C C ES S O R FA I LU R E O F
S E L F - T EST S .
R U N S E L F -T E ST S T H E M O D U L E R U N S P OW E R - U P S E L F - T E ST S C RY P TO O F F I C E R
AU TO M AT I C A L LY W H E N P O W E R E D O N .
O N E C A N E X E C U T E S E L F - T E ST S O N D E M A N D BY
P OW E R - C YC L I N G T H E M O D U L E .
E N C RY P T U S E D TO E N C RY P T D ATA USER
Z E RO I Z E U S E D TO Z E RO I Z E ( I R R E V E RS I B LY D E ST ROY ) C RY P TO O F F I C E R
M O D U L E ' S C RY P TO G R A P H I C K E Y S A N D CSP S .
T H E K E Y S A N D CSP S STO R E D I N T H E N O N -
V O L AT I L E A N D V O L AT I L E M E M O RY A R E Z E RO I Z E D
BY E X EC U T I N G T H E CO R R E S P O N D I N G K E Y / E N T I T Y
Z E RO I Z AT I O N CO M M A N D S :
- TPM_F LU S H S P EC I F I C
- TPM_O W N E R C L EA R
MAC & U S E D TO C A L C U L AT E A N D V E R I F Y M AC FO R D ATA USER

MAC V E R I F Y
K E Y G E N E R AT E U S E D TO G E N E R AT E K E Y S USER
RSA V E R I F Y U S E D TO V E R I F Y D ATA U S I N G RSA USER
RSA W R A P & U N W R A P U S E D TO W R A P & U N W R A P C RY P TO G R A P H I C USER

K E Y S U S I N G RSA

K E Y I M P O RT U S E D TO I M P O RT K E Y S USER
TPM I D E N T I T Y U S E D TO USER
AU T H E N T I C AT E TPM I D E N T I T Y TO OT H E R PA RT I E S
TPM E N D O R S E M E N T U S E D TO P ROV E TO OT H E R PA RT I E S T H AT TPM I S USER

A G E N U I N E TPM
UNBINDING U S E D TO U N B I N D SY M M E T R I C K E Y S U S I N G RSA USER

P R I VAT E B I N D I N G K E Y
TPM G E T R A N D O M U S E D TO G E N E R AT E R A N D O M D ATA USER
TPM S T I R R A N D O M U S E D TO A D D E N T RO P Y TO T H E R A N D O M B I T USER
G E N E R ATO R
I N STA L L M O D U L E I N STA L L S M O D U L E C RY P TO O F F I C E R
F I R M WA R E U P DAT E U P DAT ES M O D U L E S F I R M WA R E C RY P TO O F F I C E R

5 . KEY MANAGEMENT
The table below specifies each cryptographic key utilized by the

Module. For each key the table provides a description of its use;
derivation or import; and storage.
NOTE: READ is defined as read access; WRITE is defined as write

access.
TABLE : CRYPTOGRAPHIC KEYS
KEY OR CSP USAGE SERVICE & ORIGIN &

ACCESS STORAGE
AES U S E D TO E N C RY P T E N C RY P T G E N E R AT E D O R
SY M M E T R I C DATA READ I M P O RT E D BY T H E
E N C RY P T I O N M O D U L E , STO R E D I N
KEYS KEY GEN OTP O R I N N O N -
WRITE V O L AT I L E F L A S H I N
PLAINTEXT
KEY
W R A P /U N W R A P
WRITE
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE

RSA P U B L I C U S E D TO V E R I F Y RSA V E R I F Y G E N E R AT E D O R
V E R I F I C AT I O N S I G N AT U R E S O N READ I M P O RT E D BY T H E
KEYS DATA M O D U L E , STO R E D I N
V O L AT I L E RAM O R I N
KEY GEN N O N - V O L AT I L E F L A S H
WRITE IN PLAINTEXT
Z E RO I Z E
WRITE
KEY
W R A P /U N W R A P
WRITE
K E Y I M P O RT
WRITE
RSA P U B L I C U S E D TO W R A P RSA G E N E R AT E D O R
STO R A G E K E Y S SY M M E T R I C K E Y S W R A P /U N W R A P I M P O RT E D BY T H E
READ M O D U L E , STO R E D I N
N O N - V O L AT I L E F L A S H
K E Y I M P O RT IN PLAINTEXT
WRITE
RSA K E Y G E N
WRITE
Z E RO I Z E
WRITE

RSA P R I VAT E U S E D TO U N W R A P RSA G E N E R AT E D O R
STO R A G E K E Y S SY M M E T R I C K E Y S W R A P /U N W R A P I M P O RT E D BY T H E
READ M O D U L E , STO R E D I N
RSA K E Y G E N N O N - V O L AT I L E F L A S H
WRITE IN PLAINTEXT
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
IDENTITY KEYS A U T H E N T I C AT I O N TPM I D E N T I T Y G E N E R AT E D O R

TO K E N S U S E D TO READ I M P O RT E D BY T H E
TPM I D E N T I T Y TO M O D U L E , STO R E D I N
OT H E R PA RT I E S V O L AT I L E RAM O R I N
WRITE IN PLAINTEXT
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
NUVOTON TPM . SECURITY POLICY PAGE ! OF

RSA P R I VAT E U S E D TO U N B I N D D ATA B I N D I N G G E N E R AT E D O R
BINDING KEYS (UNWRAP) A KEY READ I M P O RT E D BY T H E
B O U N D BY A N M O D U L E , STO R E D I N
EXTERNAL ENTITY V O L AT I L E RAM O R I N
WRITE IN PLAINTEXT
Z E RO I Z E
WRITE
HMAC K E Y S U S E D TO MAC/MAC G E N E R AT E D O R
C A L C U L AT E A N D VERIFY I M P O RT E D BY T H E
VERIFY M AC READ M O D U L E , STO R E D I N
CO D E S F O R D ATA V O L AT I L E RAM O R I N
N O N - V O L AT I L E F L A S H
KEY GEN IN PLAINTEXT
READ
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
RNG S E E D U S E D TO S E E D T H E KEY GEN G E N E R AT E D BY T H E

RNG READ MODULE USING THE
N O N -A P P ROV E D N O N -
D E T E R M I N I ST I C
RSA K E Y G E N H A R DWA R E RNG
READ ( E N T RO P Y S O U RC E )
STO R E D I N V O L AT I L E
RAM I N P L A I N T E X T
Z E RO I Z E
WRITE
NUVOTON TPM . SECURITY POLICY PAGE * OF

RNG S E E D U S E D TO S E E D T H E K E Y G E N E R AT E G E N E R AT E D BY T H E
KEY RNG READ MODULE USING THE
N O N -A P P ROV E D N O N -
RSA K E Y G E N D E T E R M I N I ST I C
READ H A R DWA R E RNG
( E N T RO P Y S O U RC E ),
STO R E D I N V O L AT I L E
Z E RO I Z E RAM I N P L A I N T E X T
WRITE
ENDORSEMENT A U T H E N T I C AT I O N TPM I N STA L L E D AT T H E

KEY TO K E N U S E D TO ENDORSEMENT FAC TO RY
P ROV E TO T H E READ
E X T E R N A L PA RT I E S
T H AT TPM I S A
G E N U I N E TPM
HMAC U S E D FO R HMAC K E Y G E N E R AT E G E N E R AT E D BY T H E
A U T H E N T I C AT I AU T H E N T I C AT I O N WRITE MODULE
ON KEY O F D ATA
MAC/MAC
VERIFY
READ
F I R M WA R E U S E D TO V E R I F Y F I R M WA R E I N STA L L E D AT T H E
U P DAT E K E Y S I G N AT U R E O N U P D AT E FAC TO RY
F I R M WA R E READ
U P D AT E S

The key zeroization service is executed by running the following
two commands in sequence:
- TPM_FLUSHSPECIFIC
- TPM_OWNERCLEAR
All keys and CSPs that are subject to the key zeroization
requirements of FIPS 140-2 are zeroized by executing the key
zeroization service.
The module implements power-up cryptographic algorithm tests

that are described in the table below.
6 . POWER-
POWER - ON SELF TESTS
The Module implements a power-up integrity check using a 128-

bit error detection code.
The module implements power-up cryptographic algorithm tests

that are described in the table below.
TABLE : SELF-TESTS
CRYPTO FUNCTION TEST TYPE
AES CTR E N C RY P T K N OW N A N SW E R T E ST
( E N C RY P T )
RSA V E R I F Y K N OW N A N SW E R T E ST ( V E R I F Y )
HMAC K E Y E D H A S H K N OW N A N SW E R T E ST
(KEYED HASH)
SHS H A S H K N OW N A N SW E R T E ST ( H A S H )
RNG R A N D O M N U M B E R K N OW N A N SW E R T E ST

G E N E R AT I O N ( G E N E R AT E R A N D O M B LO C K )

7. CONDITIONAL SELF-
SELF - TESTS
The Module executes continuous RNG test on each execution of

the FIPS 186-2 RNG.
The Module executes continuous RNG test on each execution of

the non-Approved hardware non-deterministic RNG (entropy
source).
The Module executes conditional pair-wise consistency check for

RSA public-private key pairs each time an RSA key pair is
generated using FIPS 186-4 key pair generation algorithm.
The module executes the firmware update test during the

firmware update. The digital signature is verified on the firmware
image using RSA(SHA-256) algorithm utilizing a 2048-bit
firmware update key.
If any of the conditional or power-on self-tests fail, the Module

enters an error state where both data output and cryptographic
services are disabled.

8 . CRYPTO OFFICER GUIDANCE
GU IDANCE
To install the Module in the Approved Mode of operation, the

following steps must be followed:
- The Module must be physically controlled during the

installation
- The Module must be placed on the PCB as described in the
Module technical specifications
- The module normally would come from the manufacturer
pre-configured with TpmInit script already executed. If the
initialization sequence has not been executed by the
manufacturer, the Crypto Officer shall initialize the module
as described in Nuvoton NPCT6xx Initialization and
Configuration document. This includes running the
the TpmInit script with the -fips flag.
9 . USER GUIDANCE
The users shall take security measures to protect tokens used to

authenticate the user to the Module.
NOTE: authentication is not covered by the FIPS 140-2 Level 1

requirements.

10.
10 . ACRONYMS
AES Advanced Encryption Algorithm
CPU Central Processing Unit
EMC Electro Magnetic Compatibility
EMI Electro Magnetic Interference
FIPS Federal Information Processing Standard
GPIO General Purpose Input Output bus
HMAC Hash-based Message Authentication Code
I2C Inter-integrated circuit bus
LPC Low Pin Count bus
OTP One Time Programmable Memory
PCB Printed Circuit Board
RAM Random Access Memory
RNG Random Number Generator
RSA Rivest-Shamir-Adleman
SHS Secure Hash Standard
SP Special Publication
SPI Serial Peripheral Interface bus
TCG Trusted Computing Group
TIS TPM Interface Specification
TPM Trusted Platform Module

NPCT6XX TPM

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NPCT6XX TPM

Uploaded by

Copyright:

Available Formats

NUVOTON NPCT XX TPM .

LAST REVISION: AUGUST

THIS DOCUMENT MAY BE REPRODUCED ONLY IN ITS ORIGINAL ENTIRETY

1. Module Description ............................................................................. 4

2. Cryptographic Functions ................................................................... 9

3. Ports and Interfaces ........................................................................... 11

4 Roles and Services ............................................................................... 13

6. Power-On Self Tests ........................................................................ 21

7. Conditional Self-Tests ...................................................................... 23

8. Crypto Officer Guidance .................................................................. 24

9. User Guidance ..................................................................................... 24

10. Acronyms ........................................................................................... 25

NUVOTON TPM . SECURITY POLICY PAGE OF

Figure 2: TPM 1.2 Logical Block Diagram ........................................ 7

Table 1: Security Levels........................................................................... 8

Table 2: Cryptographic Functions ........................................................ 9

Table 3: Ports and Interfaces................................................................ 11

Table 4: Roles ........................................................................................... 13

Table 5: Services .................................................................................... 14

Table 6: Cryptographic Keys ............................................................... 16

Table 7: Self-tests .................................................................................... 21

NUVOTON TPM . SECURITY POLICY PAGE OF

Nuvoton Trusted Platform Module (MODULE) is a hardware

The Module is a SINGLE CHIP MODULE that provides

The module meets commercial-grade specifications for power,

The FIPS 140-2 conformance testing was performed on two

NUVOTON NPCT6XX TPM 1.2

FIRMWARE VERSION: 5.81.0.0

HARDWARE VERSION 1: FB5C85D IN TSSOP28 PACKAGE

HARDWARE VERSION 2: FB5C85D IN QFN32 PACKAGE

HARDWARE VERSION 3: FB5C85D IN TSSOP28 PACKAGE

HARDWARE VERSION 4: FB5C85E IN QFN32 PACKAGE

Images depicting the Module are provided on the next page.

NUVOTON TPM . SECURITY POLICY PAGE OF

FB5C85D IN TSSOP28 PACKAGE

FB5C85D IN QFN32 PACKAGE

NUVOTON TPM . SECURITY POLICY PAGE OF

FB5C85E IN QFN32 PACKAGE

The PHYSICAL CRYPTOGRAPHIC BOUNDARY of the Module is the

NUVOTON TPM . SECURITY POLICY PAGE OF

FIGURE : TPM . LOGICAL BLOCK DIAGRAM

PE RI PHE - VOLAT ILE

The Module was tested to meet OVERALL SECURITY LEVEL 1 of

NUVOTON TPM . SECURITY POLICY PAGE OF

FIPS - SECTION SECURITY LEVEL

NUVOTON TPM . SECURITY POLICY PAGE ! OF

The cryptographic functions of the Module are outlined in the

TABLE : CRYPTOGRAPHIC FUNCTIONS

HMAC K E Y E D H A S H BITS KEYED * !

G E N E R AT I O N O F RSA K E Y S ! KEY PAIR !

FIPS ! - RNG N/A RANDOM

NUVOTON TPM . SECURITY POLICY PAGE * OF

CVL N/A TPM K E Y

RSA K E Y W R A P P I N G ! BITS WRAP & N/A

H A R DWA R E - BA S E D N O N - N/A G E N E R AT E N/A

In the Approved mode of operation the Module supports key size

The module supports key wrapping using the AES algorithm.

2.1 Non-Approved Non-Allowed Functions

NUVOTON TPM . SECURITY POLICY PAGE OF

The physical ports of the Module are

The logical interfaces and the mapping of the logical interfaces to

TABLE : PORTS AND INTERFACES

LOGICAL DESCRIPTION PHYSICAL

S TAT U S O U T P U T S TAT U S D ATA O U T P U T BY T H E LPC B U S