Page 26 of 51
© Copyright 2017 Oracle Corporation
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
NOTE: The labels pictured in Figure 5 above do not add any additional security to
the module.
2.6 Operational Environment
The operational environment for the StorageTek T10000D Tape Drive consists of
two NIOS II processors, which are the module’s only general-purpose processors.
These processors execute the module’s firmware (Firmware Version: RB411111).
New firmware versions within the scope of this validation must be validated through the
FIPS 140-2 CMVP. Any other firmware loaded into this module is out of the scope of this
validation and require a separate FIPS 140-2 validation.
The module does not employ a general purpose Operating System.
2.7 Cryptographic Key Management
The StorageTek T10000D Tape Drive was designed to operate in several FIPS-
Approved modes of operation: Permanent Encryption Mode, Encryption Enabled
Mode, Encryption Disabled Mode, and Mixed Mode. The following sections
detail which cryptographic algorithms, keys, and CSPs are available for each
FIPS-Approved mode.
2.7.1 Encryption Enabled Cryptographic Algorithm Implementations
The StorageTek T10000D Tape Drive provides access to the same cryptographic
algorithms when operating in either the Permanent Encryption Approved Mode or
Encryption Enabled Approved Mode. The cryptographic algorithms available in
these Approved modes are listed inTable 6.
Table 6 – FIPS-Approved Algorithms in StorageTek T10000D Tape Drive (Permanent Encryption and
Encryption Enabled Modes)
Algorithm
Implementation Description
Certificate
Number
AES
28
256-bit ECB
29
mode
Provides encryption for multiple services
including AES in ECB mode as used in
firmware AES CCM encryption (with Cert #
4039) and with the SP
30
800-90A CTR
31
DRBG (Cert # 1209)
4039
28
AES – Advanced Encryption System
29
ECB – Electronic Code Book
30
SP – Special Publication
31
CTR - Counter
