IBM eServer Cryptographic Coprocessor Security Module Model 4764–001 Security Policy
This document describes services that the IBM eServer Cryptographic Coprocessor 4764–001 (Hardware P/N 16R0911, 12R6536, 12R8241, 12R8561, 41U0438) (“the module”) with Miniboot software resident in ROM and flash, provides to a population of security officers, users, and the security policy governing access to those services. This policy applies to multiple members of the 47xx product family. We describe multiple firmware revisions running on different hardware releases, highlighting differences where appropriate. Firmware identifiers refer to unambiguously identifiable lead digits of Segment 1 (firmware) hash, a unique value describing card firmware status, returned by card configuration queries. This policy applies to the following firmware identifiers: 2a4e5289, 2096a16d, and c16f4102.
Please see Section 10 (p. 28) for validated combinations of hardware and firmware.
The document is built on the foundations of the previously validated IBM 4758 Model 002 (validation certificate 116, validated under FIPS 140-2), reflecting the implementation differences between the 4758 and variants of the 4764–001. Differences between members of the 4764 family are also described in the following pages.
Background of Family The module is a programmable secure coprocessor. It consists of:
• base hardware;
• embedded firmware that is not visible to the outside;
• Miniboot software, which controls the security and configuration of the device (the externally visible part of card firmware);
• higher system software and application layers
Note that higher layers of software and application (Layers 2 and 3) are not included in the current validation.
Get pdf IBM eServer Cryptographic Coprocessor Security Module Model 4764–001 Security Policy