Module Name
Cryptographic Module for Intel® Platforms' Security Engine Chipset
Historical Reason
SP 800-56Arev3 transition - replaced by certificate #4599
Caveat
When operated in FIPS mode and installed, initialized and configured as specified in Sections 2.3 and 9.1 of the Security Policy. When entropy is externally loaded, no assurance of the minimum strength of generated keys.
Module Type
Firmware-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
The Cryptographic Module for Intel® CSME is a hardware-firmware hybrid module present on Intel® PCH platforms. The module performs crypto functions for CSME applications, including but are not limited to:
PTT (Platform Trust Technology), AMT (Active Management Technology), and DAL (Dynamic Application Loader).
Tested Configuration(s)
- Intel Ice Point PCH chipset with CSME device firmware version 13.0.0.1084
Approved Algorithms
| AES |
Cert. #C849 |
| CKG |
vendor affirmed |
| CVL |
Cert. #C849 |
| DRBG |
Cert. #C849 |
| ECDSA |
Cert. #C849 |
| HMAC |
Cert. #C849 |
| KAS |
Cert. #C849 |
| KBKDF |
Cert. #C849 |
| KTS |
AES Cert. #C849 |
| KTS |
AES Cert. #C849; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #C849 and AES Cert. #C849; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #C849 and ECDSA Cert. #C849; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #C849 and HMAC Cert. #C849; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #C849 and RSA Cert. #C849; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
vendor affirmed |
| RSA |
Cert. #C849 |
| SHS |
Cert. #C849 |
