AMD Ryzen PRO 6000 Series PSP Cryptographic

CoProcessor

Module Version: bc0d0253FIPS002

FIPS 140-3 Non-Proprietary Security Policy

Document Version: 1.2

Last update: 2023-08-30

Prepared by:

atsec information security corporation

9130 Jollyville Road, Suite 260

Austin, TX 78759

www.atsec.com

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

Table of Contents
1. Introduction .......................................................................................................................... 5
1.1. Overview ................................................................................................................................ 5
1.2. This Security Policy Document ............................................................................................... 5
1.3. How this Security Policy was Prepared ................................................................................... 5
2. General ................................................................................................................................. 6
3. Cryptographic Module Specification ...................................................................................... 7
3.1. Module Overview, Embodiment, Type .................................................................................... 7
3.2. Module Design, Components and Versions ............................................................................ 7
3.2.1. Components Excluded from Security Requirements ....................................................... 9
3.3. Security Level......................................................................................................................... 9
3.4. Tested Operational Environments .......................................................................................... 9
3.5. Modes of Operation of the Module ....................................................................................... 10
3.6. Security Functions ................................................................................................................ 10
3.6.1. Approved Security Functions ......................................................................................... 10
3.6.2. Non-Approved Security Functions Allowed in Approved Services .................................. 11
3.6.3. Non-Approved Security Functions Allowed in Approved Services with No Security
Claimed ................................................................................................................................... 11
3.6.4. Non-Approved Security Functions Not Allowed in Approved Services ........................... 11
3.7. Rules of operation ................................................................................................................ 11
4. Cryptographic Module Interfaces ......................................................................................... 12
5. Roles, Services and Authentication ..................................................................................... 13
5.1. Roles .................................................................................................................................... 13
5.2. Authentication ...................................................................................................................... 13
5.3. Services................................................................................................................................ 13
5.3.1. Approved Services ......................................................................................................... 14
5.3.2. Non-Approved Services ................................................................................................. 14
6. Software/Firmware Security ................................................................................................ 16
6.1. Integrity Techniques ............................................................................................................ 16
6.2. On-Demand Integrity Test .................................................................................................... 16
7. Operational Environment .................................................................................................... 17
7.1. Applicability.......................................................................................................................... 17
7.2. Tested Operational Environments ........................................................................................ 17
7.3. Policy and Requirements ...................................................................................................... 17
8. Physical Security ................................................................................................................. 18
8.1. General ................................................................................................................................ 18
9. Non-Invasive Security ......................................................................................................... 19
© 2023 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
2 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

10. Sensitive Security Parameter Management ....................................................................... 20

10.1. SSP Generation .................................................................................................................. 20
10.2. SSP Establishment.............................................................................................................. 20
10.3. SSP Entry/Output................................................................................................................ 20
10.4. SSP Storage ........................................................................................................................ 20
10.5. SSP Zeroization .................................................................................................................. 20
10.6. Random Number Generation.............................................................................................. 21
11. Self Tests .......................................................................................................................... 22
11.1. Pre-Operational Self-Tests .................................................................................................. 22
11.1.1. Firmware Integrity Test ............................................................................................... 22
11.2. Conditional Tests ................................................................................................................ 23
11.2.1. Cryptographic Algorithm Self-Tests ............................................................................. 23
11.2.2. Periodic/On-Demand Self-Test ..................................................................................... 23
11.3. Error States ........................................................................................................................ 23
12. Life-Cycle Assurance ......................................................................................................... 24
12.1. Delivery and Operation ...................................................................................................... 24
12.1.1. Procedures for Secure installation, Initialization, Start-up, and Operation of the Module
................................................................................................................................................ 24
12.1.2. Maintenance Requirements ......................................................................................... 26
12.1.3. End of Life ................................................................................................................... 26
12.2. Administrator Guidance ..................................................................................................... 26
12.3. Non-Administrator Guidance .............................................................................................. 26
13. Mitigation of Other Attacks ................................................................................................ 27
14. Glossary and Abbreviations ............................................................................................... 28
15. References ........................................................................................................................ 29

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
3 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

List of Tables
Table 1: Security levels ........................................................................................................................................... 6
Table 2: Components in the cryptographic boundary. ............................................................................................ 7
Table 3: Tested operational environments. ............................................................................................................. 9
Table 4: Approved cryptographic algorithms. ....................................................................................................... 10
Table 5: Non-approved cryptographic algorithms not allowed in approved services. ........................................... 11
Table 6: Ports and interfaces. ............................................................................................................................... 12
Table 7: Roles, service commands, input, and output. ......................................................................................... 13
Table 8: Services that use approved and allowed algorithms. .............................................................................. 14
Table 9: Services that use non-approved algorithms. ........................................................................................... 15
Table 10: Sensitive Security Parameters (SSPs). ................................................................................................ 20
Table 11: Self-tests. .............................................................................................................................................. 22
Table 12: Error states............................................................................................................................................ 23

List of Figures
Figure 1: The AMD Ryzen PRO SoC, representing all versions of the single chip tested platforms. ..................... 7
Figure 2: The block diagram depicting the physical perimeter of the operational environment and cryptographic
boundary, and the data flow between the components in the single chip. .............................................................. 9
Figure 3: AFF Tool indicates that the module was not enabled. ........................................................................... 25
Figure 4: AFF Tool indicating that the module is enabled. .................................................................................... 25

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
4 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

1. Introduction
1.1. Overview
This section is informative to the reader to reference cryptographic services and other services of
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor (the “module”) from Advanced Micro
Devices (AMD) (the “vendor”). Only the components listed in Section 3.1 are subject to the FIPS
140-3 validation. The CMVP (Cryptographic Module Validation Program) makes no statement as to
the correct operation of the module or the security strengths of the generated keys (when
supported) if the specific operational environment is not listed on the validation certificate.

1.2. This Security Policy Document

This Security Policy describes the features and design of the module named AMD Ryzen PRO 6000
Series PSP Cryptographic CoProcessor1 using the terminology contained in the FIPS 140-3
specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the
security requirements that will be satisfied by a cryptographic module utilized within a security
system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module
Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are
accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or
designated information.
The Security Policy document is one document in a FIPS 140-3 Submission Package. In addition to
this document, the Submission Package contains:
• The validation report prepared by the lab.
• The Entropy Assessment Report (EAR) if applicable.
• Other supporting documentation and additional references.
This Non-Proprietary Security Policy may be reproduced and distributed, but only whole and intact
and including this notice. Other documentation is proprietary to their authors.

1.3. How this Security Policy was Prepared

The vendor has provided the non-proprietary Security Policy of the cryptographic module, which
was further consolidated into this document by atsec information security together with other
vendor-supplied documentation. In preparing the Security Policy document, the laboratory
formatted the vendor-supplied documentation for consolidation without altering the technical
statements therein contained. The further refining of the Security Policy document was conducted
iteratively throughout the conformance testing, wherein the Security Policy was submitted to the
vendor, who would then edit, modify, and add technical contents. The vendor would also supply
additional documentation, which the laboratory formatted into the existing Security Policy, and
resubmitted to the vendor for their final editing.

1 PSP: Platform Security Processor

© 2023 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
5 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

2. General
This document is the non-proprietary FIPS 140-3 Security Policy for version bc0d0253FIPS002 of
the AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor cryptographic module. It contains
the security rules under which the module must operate and describes how this module meets the
requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication
140-3) for an overall Security Level 1 module.
Table 1 describes the individual security areas of FIPS 140-3, as well as the security levels of those
individual areas.

Table 1: Security levels

ISO/IEC 24759 FIPS 140-3 Section Title Security

Section 6 (full Level
section below)

6.1 General 1
6.2 Cryptographic Module 1
Specification
6.3 Cryptographic Module 1
Interfaces
6.4 Roles, Services, and 1
Authentication
6.5 Software/Firmware Security 1
6.6 Operational Environment 1
6.7 Physical Security 1
6.8 Non-invasive Security n/a
6.9 Sensitive Security Parameter 1
Management
6.10 Self-tests 1
6.11 Life-cycle Assurance 1
6.12 Mitigation of Other Attacks n/a
Overall 1

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
6 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

3. Cryptographic Module Specification

The following subsections describe the cryptographic module and how it conforms to the FIPS 140-
3 specification in each of the required areas.

3.1. Module Overview, Embodiment, Type

The AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor (hereafter referred to as “the
module”) is defined as a hybrid firmware module in a single chip embodiment, with hardware (the
coprocessor) and firmware components implementing general purpose cryptographic algorithms.
The module supports the Ryzen PRO 6000 Series SoC (System on a Chip) by providing digital
signature verification of the key database during secure boot procedures. The module resides
within the Ryzen SoC that contains the module, the processor, the firmware, and other
components in a single chip embodiment (Figure 1).

Figure 1: The AMD Ryzen PRO SoC, representing all versions of the single chip tested platforms.

The Operational Environments tested for the module are described in Section 3.4

3.2. Module Design, Components and Versions

Figure 2 shows a block diagram that represents the design of the module. In this diagram, the
physical perimeter of the operational environment, defined by the perimeter of the AMD Ryzen
PRO SoC (i.e., the enclosure of the SoC), is indicated by a purple dashed line. The cryptographic
boundary is represented by the components painted in orange blocks. These components are
further described in Table 2.

Table 2: Components in the cryptographic boundary.

Component Type Version Description

Bootloader Firmware bc0d0253FIPS002 Performs self-tests, provides service

(boot_loader_stage1 indicator and show status service.
.sbin)
BootROM Non- bc0d0253FIPS002 Provides interface to the hardware
reconfigur cryptographic implementations.
able
© 2023 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
7 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

Component Type Version Description

memory
RSA Hardware bc0d0253FIPS002 Hardware implementation of the
implementation in algorithm.
the CCP
SHA2-384 Hardware bc0d0253FIPS002 Hardware implementation of the
implementation in algorithm.
the CCP
AES-128 Hardware bc0d0253FIPS002 Hardware implementation of the
implementation in algorithm (which is non-approved in
the CCP (non- this module).
approved)

The flow of information between the components and the relation between that data and the
module’s FIPS interfaces are depicted through arrows. The arrows are colored differently to
facilitate visualization. The color does not identify the type of data: the type of data flow (namely,
data input, data output, status output and control input) is indicated by labels pointing to the
arrows.
Components in white are only included in the diagram for informational purposes. They are not
included in the cryptographic boundary (and therefore not part of the module’s validation). For
example, the processor is responsible for executing the non-cryptographic code in the bootloader
and bootROM firmware components.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
8 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

Figure 2: The block diagram depicting the physical perimeter of the operational environment and
cryptographic boundary, and the data flow between the components in the single chip.

3.2.1. Components Excluded from Security Requirements

There are no components within the cryptographic boundary that are excluded from the FIPS 140-
3 security requirements.

3.3. Security Level

The module is validated according to FIPS 140-3 at overall security level 1. The security levels of
individual areas are indicated in Table 1.

3.4. Tested Operational Environments

The module has been tested on the operational environments indicated in Table 3 with the
corresponding module variants and configuration options.

Table 3: Tested operational environments.

# Operating Hardware Platform SoC/Processor PAA/Accelerat

System ion

1 N/A AMD Ryzen PRO 6650H AMD Ryzen PRO 6650H None

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
9 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

# Operating Hardware Platform SoC/Processor PAA/Accelerat

System ion
(100-000000543) (100-000000543)
2 N/A AMD Ryzen PRO 6650H AMD Ryzen PRO 6650H None
(100-000000565) (100-000000565)
3 N/A AMD Ryzen PRO 6650U AMD Ryzen PRO 6650U None
(100-000000539) (100-000000539)
4 N/A AMD Ryzen PRO 6650U AMD Ryzen PRO 6650U None
(100-000000551) (100-000000551)
5 N/A AMD Ryzen PRO 6850H AMD Ryzen PRO 6850H None
(100-000000542) (100-000000542)
6 N/A AMD Ryzen PRO 6850H AMD Ryzen PRO 6850H None
(100-000000564) (100-000000564)
7 N/A AMD Ryzen PRO 6850U AMD Ryzen PRO 6850U None
(100-000000538) (100-000000538)
8 N/A AMD Ryzen PRO 6850U AMD Ryzen PRO 6850U None
(100-000000550) (100-000000550)
9 N/A AMD Ryzen PRO 6950H AMD Ryzen PRO 6950H None
(100-000000541) (100-000000541)
10 N/A AMD Ryzen PRO 6950H AMD Ryzen PRO 6950H None
(100-000000563) (100-000000563)

3.5. Modes of Operation of the Module

The module implements two modes of operation: (1) the approved mode, in which the approved
services are available; and (2) the non-approved mode, in which the non-approved services are
available. After the pre-operational self-tests and cryptographic algorithm self-tests are
successfully concluded, the module automatically transitions to the operational state by default
and can only be transitioned into the non-Approved mode by calling the non-Approved service
listed in Table 5. The current mode of operation of the module can be inferred by the service
indicator, which indicates the approval state of the current service being invoked.

3.6. Security Functions

3.6.1. Approved Security Functions

Table 4 lists all approved security functions (cryptographic algorithms) of the module, including
specific key lengths employed for approved services, and implemented modes or methods of
operation of the algorithms.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
10 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

Table 4: Approved cryptographic algorithms.

CAVP Cert. Algorithm and Mode/Method Description/Key Use/Function

Standard Size/Key Strength

A2578 RSA (FIPS186-4) PKCSPSS with 4096 Digital signature

SHA2-384 verification

A2578 SHA (FIPS180-4) SHA2-384 N/A Message digest

3.6.2. Non-Approved Security Functions Allowed in Approved Services

The module does not offer any non-approved security functions that are allowed in approved
services.

3.6.3. Non-Approved Security Functions Allowed in Approved Services with No Secu-

rity Claimed
The module does not offer any non-approved security functions that are allowed in approved
services but claim no security.

3.6.4. Non-Approved Security Functions Not Allowed in Approved Services

Table 5 lists all non-approved security functions not allowed in approved services of the module.
Note that, although this algorithm is approved for usage per SP 800-140C, it was not tested under
CAVP for this module, nor does the module implement a cryptographic algorithm self-test for this
security function, thus making it non-approved.

Table 5: Non-approved cryptographic algorithms not allowed in approved services.

Algorithm Use/Function

AES-128-ECB Decryption

3.7. Rules of operation

The module initializes upon power-on. After the pre-operational self-tests and cryptographic
algorithm self-tests are successfully concluded, the module automatically transitions to the
operational state.
In the operational state, the module de-obfuscates the stage 2 firmware obfuscation key
(considered unprotected plaintext) using AES-128-ECB (which is a non-approved algorithm for this
module), if required. Then, the module automatically performs the signature verification of the key
database using the RSA signature verification service. The key database and RSA public key are
accessed by the module bootloader component (who then acts as the operator of the module)
without operator input. After the successful signature verification of the key database, the module
loads the next stage 2 firmware into memory, verifies its integrity using the RSA signature
verification service, and, if required, de-obfuscates the firmware using AES-128-ECB and the stage
2 firmware obfuscation key. Finally, the module unloads itself from memory, ceasing its operation.
All the procedures described above are conducted without operator assistance. To perform the
procedures again, the module must be reset, which will trigger a new boot.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
11 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

4. Cryptographic Module Interfaces

Table 6 summarizes the cryptographic module interfaces2. The logical interfaces are logically
separated from each other by the API design. The power interface is physically separated from any
other interface.

Table 6: Ports and interfaces.

Physical Port Logical Interface Data that passes over port/interface

SRAM Data Input API input parameters for data.

SRAM Data Output API output parameters for data.
SRAM Control Input API function calls, API input parameters for control.
SRAM Status Output API return codes, status values.
Power port Power (input) Power port or pin in the single chip.
interface

2The module does not implement a control output interface.

© 2023 Advanced Micro Devices (AMD), atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
12 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

5. Roles, Services and Authentication

5.1. Roles
Table 7 lists the roles supported by the module with corresponding services with input and output.
The module supports the Crypto Officer role only. This sole role is implicitly and always assumed
by the operator of the module.

Table 7: Roles, service commands, input, and output.

Role Service Input Output

Crypto Digital Signature Pointer to message, Success, fail.

Officer Verification signature, public key.
Crypto De-obfuscation of Pointer to stage 2 firmware Success, fail.
Officer stage 2 firmware obfuscation key, key-
obfuscation key obfuscation-key.
Crypto De-obfuscation of Pointer to stage 2 firmware, Success, fail.
Officer stage 2 firmware obfuscation key.
Crypto Show Version None. Name and version
Officer information in data output
interface.
Crypto Show Status None. Current status in status
Officer output interface (as return
codes and/or log
messages).
Crypto On-Demand Self-Test None. None.
Officer
Crypto On-Demand Integrity None None.
Officer Test
Crypto Zeroize None. None.
Officer

5.2. Authentication
The module does not support authentication for roles.

5.3. Services
The module provides services to operators that assume the available role. All services are
described in detail in the user documentation.
The next subsections define the services that utilize approved, allowed, and non-approved security
functions in this module. For the respective tables, the convention below applies when specifying
the access permissions (types) that the service has for each SSP.
• Generate (G): The service establishes the SSP by generation, agreement, or derivation.
• Read (R): The SSP exists in the module and is read by the service, and may be output.
• Write (W): The caller provides the SSP to the service to be imported into the module;
written; or updated if the SSP already exists in the module.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
13 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

• Execute (E) (or use): The service uses the SSP in performing a cryptographic operation.
Other access types identify the provenance of the SSP.
• Zeroize (Z): The service zeroizes the SSP.
• N/A: The service does not access any SSP or key during its operation.
The approved service indicators are readable after successful completion of the pre-operational
and conditional self-tests.

5.3.1. Approved Services

Table 8 lists the approved services in this module, the roles that can request the service, the
algorithms involved, the Sensitive Security Parameters (SSPs) involved and how they are
accessed, and the respective service indicator. The service indicator can be inspected by an
external operator using the Trusted Execution Environment Component (TEEC) command with ID
16. See Section 12.1.1.3 for more information on how to inspect the service indicator.
In the service tables, CO specifies the Crypto Officer role.

Table 8: Services that use approved and allowed algorithms.

Service Service Approved Keys, SSPs Role Access Indicator

Description Security Types
Functions

Digital Verify signature RSA PSS using RSA public CO W, E The first bit in
Signature operations SHA2-384 key FIPS_selftest_stat
Verification us is set to 1.
Show Show the N/A None CO N/A None.
Version version of the
module’s
components
Show Status Show status of N/A None CO N/A None.
the module
state
On-Demand Initiate power- N/A None CO N/A None.
Self-Test on self-tests by
reset
On-Demand Initiate the SHA2-384 None CO N/A Successful
Integrity integrity test completion.
Test (pre-operational
self-test)
Zeroize Zeroize PSP in N/A All SSPs CO Z None.
volatile memory

5.3.2. Non-Approved Services

Table 9 lists the non-approved services that utilize the non-approved security functions listed in
Table 5.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
14 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

Table 9: Services that use non-approved algorithms.

Service Service Description Algorithms Role Indicator

Accessed

De-obfuscation De-obfuscate the stage AES-128-ECB CO The first bit in

of stage 2 2 firmware obfuscation FIPS_selftest_status is set to
firmware key 0.
obfuscation key
De-obfuscation De-obfuscate the stage AES-128-ECB CO The first bit in
of stage 2 2 firmware using the FIPS_selftest_status is set to
firmware stage 2 firmware 0.
obfuscation key

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
15 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

6. Software/Firmware Security
6.1. Integrity Techniques
The integrity of the bootloader component of the module (in firmware) is verified by comparing a
SHA2-384 digest value calculated at run time with the SHA2-384 digest value stored in the module
that was computed at build time.
The bootROM component of the module is a non-reconfigurable memory (specifically masked
ROM), thus exempt from the requirements of integrity test. The vendor declares that this bootROM
component composed of non-reconfigurable memory does not degrade before 10 (ten) years of
manufacture date, thus complying with the requirements of IG 5.A. Please refer to Section 12.1.3.

6.2. On-Demand Integrity Test

Integrity tests are performed as part of the Pre-Operational Self-Tests. The integrity test may be
invoked on-demand in two ways: through the On-Demand Self-Test service, and through the On-
Demand Integrity Test service.
The module provides the On-Demand Self-Test service to perform self-tests on demand. This
service performs the same cryptographic algorithm tests executed during power-up, i.e., the
cryptographic algorithm self-tests and the pre-operational self-test. This service is invoked by
powering-off and reloading the module.
The On-Demand Integrity Test service can be used to perform only the on-demand pre-operational
self-tests. This service is invoked by calling the integrity test API using the module’s logical
interfaces. More details on the API are provided by the vendor in its developer’s manual.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
16 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

7. Operational Environment
7.1. Applicability
The module operates in a non-modifiable operational environment per FIPS 140-3 level 1
specifications: no changes are possible to module firmware code, nor the bootloader firmware
code that interacts with the module.

7.2. Tested Operational Environments

Please see Section 3.4.

7.3. Policy and Requirements

The operational environment provides context separation for the memory and registers utilized by
the module. When these components are used by the module, no other process or sub-component
can access the information concurrently.
The bootloader component also acts as the sole operator of the module, thus there are no
concurrent operators.
No configuration of the operational environment is required for the module to operate in an
approved mode. Therefore, there are no rules, settings, or restrictions to the configuration of the
operational environment.
The module does not have the capability of loading software or firmware from an external source.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
17 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

8. Physical Security
8.1. General
The embodiment of the module is a single chip consisting of production-grade components. The
coating is a standard sealing coat applied over the single chip.
The module provides no additional physical security techniques.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
18 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

9. Non-Invasive Security
The module claims no non-invasive security techniques.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
19 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

10. Sensitive Security Parameter Management

Table 10 summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic
services implemented in the module in the approved services (Table 8).

Table 10: Sensitive Security Parameters (SSPs).

SSP Strength Security Generation Import Establis Storage Zero- Use

Function /Export hment ization
and Cert. #

RSA 150 bits RSA N/A Input in MD/EE Volatile Module RSA
public signature plaintext memory reset signatur
key verification through e
(A2578) data input verificat
interface. ion
No
output.

10.1. SSP Generation

The module does not generate SSPs.

10.2. SSP Establishment

The module does not implement automated SSP establishment.

10.3. SSP Entry/Output

The module only supports manual distribution, electronic entry of the RSA public key, which is
provided in plaintext by the bootloader operator via the data input interface.
No other SSPs are entered into the module. No SSPs are output from the module.

10.4. SSP Storage

SSPs are provided to the module by the calling process and are destroyed when released by the
respective functions.
The module does not perform persistent storage of SSPs; keys in use by the module exist in
volatile memory only.

10.5. SSP Zeroization

The module’s functions deallocates and zeroizes temporary SSP values in volatile memory used
during the function’s execution. The zeroization consists of writing zeroes to the memory location
used by the SSP before deallocating the area. The module does not overwrite the SSP with another
SSP.
The zeroization service for the SSP in volatile memory consists of powering off the module, which
will remove power from the volatile memory. This action will cause the value of the SSP in volatile
memory to be overwritten by random values the next time the module is powered on. The
successful act of powering off the module serves as the implicit indicator of zeroization.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
20 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

10.6. Random Number Generation

The module does not implement random number generation.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
21 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

11. Self Tests

The module performs pre-operational self-tests and conditional self-tests. While the module is
executing the self-tests, services are not available, and data output (via the data output interface)
is inhibited until the tests are successfully completed.
All the self-tests are listed in Table 11, with the respective condition under which those tests are
performed. The firmware integrity test is performed after all conditional algorithm self-tests
(CASTs) are performed.

Table 11: Self-tests.

Algorithm Parameters Condition for Type Test

Test

RSA SHA2-384 Power up Conditional Algorithm KAT signature verification

and 4096- Self-Test
bit key

SHA2-384 N/A Firmware Pre-Operational Self- Digest verification on

integrity test on Test bootloader firmware
bootloader component
component at
power up (after
all CASTs)

SHA2-384 N/A Power up Conditional Algorithm KAT SHA2-384

Self-Test

11.1. Pre-Operational Self-Tests

The module performs pre-operational tests automatically when the module is powered on. The
pre-operational self-tests ensure that the module is not corrupted and that the cryptographic
algorithms work as expected. The module transitions to the operational state only after the pre-
operational self-tests are passed successfully.
The types of pre-operational self-tests are described in the next sub-sections.

11.1.1. Firmware Integrity Test

The integrity of the bootloader component of the module (in firmware) is verified by comparing a
SHA2-384 digest value calculated at run time with the SHA2-384 digest value stored in the module
that was computed at build time. If the comparison verification fails, the module transitions to the
error state (Section 11.3). The SHA2-384 algorithm goes through its conditional algorithm self-test
before the integrity test is performed (Table 11).
The bootROM component of the module is considered non-reconfigurable memory, thus exempt
from the requirements of integrity test. The vendor declares that this bootROM component
composed of non-reconfigurable memory does not degrade before 10 (ten) years of manufacture
date, thus complying with the requirements of IG 5.A.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
22 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

11.2. Conditional Tests

11.2.1. Cryptographic Algorithm Self-Tests

The module performs self-tests on all approved cryptographic algorithms as part of the approved
services supported in the approved mode of operation, using the tests shown in Table 11 and
indicated as Conditional Algorithm Self-Tests. Data output through the data output interface is
inhibited during the self-tests. The cryptographic algorithm self-tests are performed in the form of
Known Answer Tests (KATs), in which the calculated output is compared with the expected known
answer (that are hard-coded in the module). A failed match causes a failure of the self-test.

11.2.2. Periodic/On-Demand Self-Test

The module performs on-demand self-tests initiated by the operator, by powering off and powering
the module back on. The full suite of self-tests in Table 11 is then executed.
The same procedure may be employed by the operator to perform periodic self-tests.

11.3. Error States

If the module fails any of the self-tests, the module enters the error state. In the error state, the
module outputs the error type through the status indicator and status output interface. In the error
state, the data output interface is inhibited and the module accepts no more inputs or requests.
The module does not implement a control output interface.
Table 12 lists the error state and the status indicator (through FW_STATUS variable) values that
explains the error that has occurred.

Table 12: Error states.

Error State Error Condition Status Indicator (FW_STATUS)

Error SHA2-384 self-test error Error code AA0000FB

RSA self-test error Error code AA0000FC

Integrity test error Error code AA0000FD

To recover from the error state (clearing the error condition), the module shall be restarted or
reset.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
23 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

12. Life-Cycle Assurance

12.1. Delivery and Operation

12.1.1. Procedures for Secure installation, Initialization, Start-up, and Operation of

the Module
The procedures herein described are directed at OEMs for producing and configuring their BIOS so
that the FIPS module is properly enabled to operate as the validated module in conformance with
the rules in this Security Policy document.
Once properly installed and enabled, no configuration is necessary for the module to operate. The
module automatically transitions to the approved mode when an approved service is invoked, and
to the non-approved mode when a non-approved service is invoked.

12.1.1.1. To enable the FIPS capability

1. Reserve 16KiB at least for Platform Security Processor level 1 directory, as the FIPS module
requires additional 8KiB of ROM space for the Platform Security Processor L1 Bootloader.
2. The Platform BIOS must include the file with “_FIPS” postfix in the file name as Platform
Security Processor entry 0x1. For example, the file
PspBootLoader_stage1_prod_AB_RN_FIPS.sbin has “_FIPS” postfix in the file name. This file
is thus a FIPS capable Platform Security Processor boot loader. Conversely, the file
PspBootLoader_stage1_prod_AB_RN.sbin does not have “_FIPS” postfix in the file name,
making this file a non-FIPS capable Platform Security Processor boot loader.
3. Set BIT 32 of Platform Security Processor soft fuse chain (Platform Security Processor entry
0xB) to enable FIPS capability.
a. The BIT32 in Platform Security Processor entry 0xB is defined as FIPS capability
enablement. If 0, the FIPS capability is OFF; if 1, the FIPS mode is ON (i.e., the
module is properly installed as the validated module described in this document).

12.1.1.2. To verify whether FIPS capability is on

1. Boot the system into UEFI shell with secure boot disabled.
2. Use the UEFI shell version of the AFF Tool version 0.3 and beyond. This tool is provided by
the vendor. Run the AFF Tool with the command: afftool –fips from the interactive UEFI
shell provided by the BIOS.
a. If it shows “FIPS mode: on”, this is the FIPS capable module installed.
b. If it shows “FIPS mode: off”, the module (described in this document) is disabled.
The screenshot in Figure 3 shows the usage of the AFF Tool. The output indicates that the FIPS
module is disabled. In this condition, the module does not operate in conformance with this
Security Policy document.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
24 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

Figure 3: AFF Tool indicates that the module was not enabled.

The screenshot in Figure 4 again shows the usage of the AFF Tool. The output demonstrates that
the FIPS module is enabled and thus will operate as the FIPS validated module according to the
rules in this Security Policy document.

Figure 4: AFF Tool indicating that the module is enabled.

12.1.1.3. How to Inspect the Service Indicator

The service indicator can be inspected by an external operator using the TEEC command with ID
16. When this command is sent (with the first parameter set to 1) to the trusted application loaded
on the AMD chip, the trusted application retrieves the FIPS status and version variables from the
AMD Trusted OS (TOS). The FIPS_selftest_status variable contains the service indicator:

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
25 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

• If the first bit of this variable is set to 0, the service indicator is OFF.
• If the first bit is set to 1, the service indicator is ON and an approved service is invoked.

12.1.2. Maintenance Requirements

There are no maintenance requirements.

12.1.3. End of Life

The process for performing “End of Life” occurs at the chronological point of 10 years starting from
manufacturing date of the module.
As stated in Section 10.4, the module does not possess persistent storage of SSPs. The SSP value
only exists in volatile memory and that value vanishes when the module is powered off. The
procedure for secure sanitization of the module at the end of life is simply to power it off, which is
the action of zeroization of the SSPs (Section 10.5) . As a result of this sanitization via power-off,
the SSP is removed from the module, so that the module may either be distributed to other
operators or disposed.

12.2. Administrator Guidance

All the functions, ports and logical interfaces described in this document are available to the
Crypto Officer. The module implicitly transitions between the approved mode and the non-
approved mode contingent on the service that is invoked. As such, there are no special procedures
to administer the modes of operation.

12.3. Non-Administrator Guidance

The module implements only the Crypto Officer. There are no requirements for non-administrator
operators.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
26 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

13. Mitigation of Other Attacks

The module does not implement security mechanisms to mitigate other attacks.

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
27 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

14. Glossary and Abbreviations

AES Advanced Encryption Standard
CAVP Cryptographic Algorithm Validation Program
CMVP Cryptographic Module Validation Program
CSP Critical Security Parameter
DRBG Deterministic Random Bit Generator
FIPS Federal Information Processing Standards
HMAC Hash Message Authentication Code
HSTI (Microsoft) Hardware Security Test Interface
KAT Known Answer Test
MAC Message Authentication Code
NIST National Institute of Science and Technology
OS Operating System
PAA Processor Algorithm Acceleration
PSS Probabilistic Signature Scheme
RNG Random Number Generator
RSA Rivest, Shamir, Addleman
SHA Secure Hash Algorithm
SHS Secure Hash Standard
XTS XEX-based Tweaked-codebook mode with cipher text Stealing

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
28 of 29
AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor FIPS 140-3 Non-Proprietary Security Policy

15. References
FIPS PUB 180-4. Secure Hash Standard (SHS). (2012, 3). FIPS PUB 180-4. Secure Hash Standard
(SHS). Gaithersburg, MD 20899-8900: National Institute of Standards & Technology.
Retrieved from http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
FIPS PUB 186-4. Digital Signature Standard (DSS). (2013, 7). FIPS PUB 186-4. Digital Signature
Standard (DSS). https://doi.org/10.6028/NIST.FIPS.186-4.
doi:https://doi.org/10.6028/NIST.FIPS.186-4
Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program. (2021,
5 4). Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation
Program. Retrieved 03 8, 2021, from
https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-
program/documents/fips 140-3/FIPS 140-3 IG.pdf
ISO/IEC. (2012, 8). ISO/IEC 19790:2012 Information technology — Security techniques — Security
requirements for cryptographic modules. ISO/IEC 19790:2012 Information technology —
Security techniques — Security requirements for cryptographic modules. Retrieved from
https://www.iso.org/standard/52906.html
ISO/IEC. (2017, 3). ISO/IEC 24759:2017 Information technology — Security techniques — Test
requirements for cryptographic modules. ISO/IEC 24759:2017 Information technology —
Security techniques — Test requirements for cryptographic modules. Retrieved from
https://www.iso.org/standard/72515.html
National Institute of Standards Technology. (2019, 3). FIPS PUB 140-3. Security Requirements for
Cryptographic Modules. FIPS PUB 140-3. Security Requirements for Cryptographic Modules.
Retrieved from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf

© 2023 Advanced Micro Devices (AMD), atsec information security.

This document can be reproduced and distributed only whole and intact, including this copyright notice.
29 of 29