Life-cycle Assurance

Zynq UltraScale+ MPSoC: A FIPS 140-3 Primer (WP543)

Document ID
WP543
Release Date
2024-08-28
Revision
1.0.1 English

Life-cycle assurance ensures that the cryptographic module is properly designed, developed, tested, configured, delivered, installed, disposed, and documented by the vendor. An important change in this FIPS 140-3 clause is the addition of requirements for vendor testing of the module to ensure that it operates in accordance with the module security policy and functional specifications. At SLs 1 and 2, the vendor should specify and document the functional testing performed on the module. At SLs 3 and 4, the vendor should also specify and document the low-level testing performed on the module. The low-level testing details are not defined yet. FIPS 140-3 also dives deeper into the proper way of disposing of the module when it is no longer needed. At SLs 1 and 2, there are requirements for sanitization of the module, such as removing SSPs so that they cannot be distributed to other operators. At SLs 3 and 4, the vendor should also specify and document procedures for the secure destruction of the module.

For the Zynq UltraScale+ MPSoC, AMD follows best-in-class processes and procedures to ensure the highest quality at all stages of production. The Xilinx Quality Manual (QAP0002) can be used as supporting documentation to help meet this requirement. For the programmable portions of a Zynq UltraScale+ MPSoC enabled system, the documentation includes source code (e.g., C/C++) for the PS and HDL (e.g., Verilog or VHDL) for the PL. The designer is responsible for ensuring that a quality process is followed for all the programmable user designs and for supplying the applicable supporting documentation.