Module Name
Cryptographic Module for Intel® Converged Security and Manageability Engine (CSME)
Caveat
When operated in FIPS mode
Module Type
Firmware-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
The Cryptographic Module for Intel® Converged Security and Manageability Engine(CSME) (hereafter referred to as 'the module') is classified as a multiple-chip standalone firmware-hybrid module for FIPS 140-2 purpose. The module consists of both hardware and firmware. The hardware portion is the Converged Security Engine (CSE) and the firmware portion is the crypto driver process of the Manageability Engine (ME). The two portions form the logical cryptographic boundary and they combine as Converged Security and Manageability Engine (CSME) to perform cryptographic functions within the Cannon Point PCH applications executing on the CSME.
Tested Configuration(s)
- embedded IA-32 dedicated to support the functionality of the CSME firmware version 12.0.70.1652 running on Cannon Point PCH with Intel Whiskey Lake with device firmware version 12.0.70.1652
- embedded IA-32 dedicated to support the functionality of the CSME firmware version 12.0.70.1652 running on Intel Cannon Point PCH with Intel Coffee Lake with device firmware version 12.0.70.1652
Approved Algorithms
AES |
Certs. #C1769 and #C1770 |
CVL |
Certs. #C1769 and #C1770 |
DRBG |
Certs. #C1769 and #C1770 |
ECDSA |
Certs. #C1769 and #C1770 |
ENT |
P |
HMAC |
Certs. #C1769 and #C1770 |
KAS-SSC |
Cert. #A688 |
KBKDF |
Certs. #C1769 and #C1770 |
KTS |
AES Certs. #C1769 and #C1770; key establishment methodology provides 128 or 256 bits of encryption strength |
KTS |
vendor affirmed; key establishment methodology provides 112 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Certs. #C1769 and #C1770 |
SHS |
Certs. #C1769 and #C1770 |
Firmware Versions
2.5 and 2.6