NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple macOS 13 Ventura: FileVault

Certificate Date:  2023.12.04

Validation Report Number:  CCEVS-VR-VID11348-2023

Product Type:    Encrypted Storage

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201
  collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201

CC Testing Lab:  atsec information security corporation


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is the Apple macOS 13 Ventura: FileVault full drive encryption product which supports an Authorization Acquisition and Encryption Engine. The TOE is part of the macOS operating system. The macOS operating system is a Unix-based OS which leverages the Apple Secure Enclave, found in the Apple silicon System on a Chip (SoCs) and in the Apple T2 Security Chip, to perform full drive encryption. The TOE also leverages an AES cryptographic implementation built into the Direct Memory Access (DMA) controller chip. The operating system core is a POSIX-compliant operating system built on top of the XNU kernel with standard Unix facilities available from the command line interface.

The TOE type is an authorization and encryption engine product. It meets all the criteria of the collaborative Protection Profiles listed above.

The tested version of the TOE is Apple macOS 13.2.1.


Evaluated Configuration

Devices Covered by the Evaluation

Marketing Name

Model #

Model Identifier

SoC/Processor

microArch

Security Chip

2023

MacBook Pro (16-inch, 2023)

A2780

Mac14,6

M2 Max

ARMv8.6-A

SEP v2.0

Mac14,10

M2 Pro

ARMv8.6-A

SEP v2.0

MacBook Pro (14-inch, 2023)

A2779

Mac14,5

M2 Max

ARMv8.6-A

SEP v2.0

Mac14,9

M2 Pro

ARMv8.6-A

SEP v2.0

Mac mini (M2 Pro, 2023)

A2816

Mac14,12

M2 Pro

ARMv8.6-A

SEP v2.0

Mac mini (M2, 2023)

A2686

Mac14,3

M2

ARMv8.6-A

SEP v2.0

2022

MacBook Pro (13-inch, M2, 2022)

A2338

Mac14,7

M2

ARMv8.6-A

SEP v2.0

MacBook Air (M2, 2022)

A2861

Mac14,2

M2

ARMv8.6-A

SEP v2.0

Mac Studio

A2615

Mac13,2

M1 Ultra

ARMv8.5-A

SEP v2.0

A2615

Mac13,1

M1 Max

ARMv8.5-A

SEP v2.0

2021

MacBook Pro (16-inch, 2021)

A2485

MacBookPro18,2

M1 Max

ARMv8.5-A

SEP v2.0

MacBookPro18,1

M1 Pro

ARMv8.5-A

SEP v2.0

MacBook Pro (14-inch, 2021)

A2442

MacBookPro18,4

M1 Max

ARMv8.5-A

SEP v2.0

MacBookPro18,3

M1 Pro

ARMv8.5-A

SEP v2.0

iMac (24-inch, M1, 2021)

A2438

iMac21,1

M1

ARMv8.5-A

SEP v2.0

A2439

iMac21,2

M1

ARMv8.5-A

SEP v2.0

2020

Mac mini (M1, 2020)

A2348

Macmini9,1

M1

ARMv8.5-A

SEP v2.0

MacBook Air (M1, 2020)

A2337

MacBookAir10,1

M1

ARMv8.5-A

SEP v2.0

MacBook Pro (13-inch, M1, 2020)

A2338

MacBookPro17,1

M1

ARMv8.5-A

SEP v2.0

MacBook Air (Retina, 13-inch, 2020)

A2179

MacBookAir9,1

Core i5-1030NG7
Core i7-1060NG7

Ice Lake

T2

MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports)

A2251

MacBookPro16,2

Core i5-1038NG7
Core i7-1068NG7

Ice Lake

T2

MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports)

A2289

MacBookPro16,3

Core i5-8257U
Core i7-8557U

Coffee Lake

T2

iMac (Retina 5K, 27-inch, 2020)

A2115

iMac20,1
iMac20,2

Core i5-10500
Core i5-10600
Core i7-10700K
Core i9-10910

Comet Lake

T2

2019

MacBook Air (Retina, 13-inch, 2019)

A1932

MacBookAir8,2

Core i5-8210Y

Amber Lake

T2

MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports)

A1989

MacBookPro15,2

Core i5-8279U
Core i7-8569U

Coffee Lake

T2

MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports)

A2159

MacBookPro15,4

Core i5-8257U
Core i7-8557U

Coffee Lake

T2

MacBook Pro (15-inch, 2019)

A1990

MacBookPro15,1
MacBookPro15,3

Core i7-9750H
Core i9-9880H
Core i9-9980HK

Coffee Lake

T2

MacBook Pro (16-inch, 2019)

A2141

MacBookPro16,1
MacBookPro16,4

Core i7-9750H
Core i9-9880H
Core i9-9980HK

Coffee Lake

T2

Mac Pro (2019)

A1991

MacPro7,1

Xeon W-3223
Xeon W-3235
Xeon W-3245
Xeon W-3265M
Xeon W-3275M

Cascade Lake

T2

Mac Pro (2019 Rack)

A2304

MacPro7,1

Xeon W-3223
Xeon W-3235
Xeon W-3245
Xeon W-3265M
Xeon W-3275M

Cascade Lake

T2

2018

MacBook Air (Retina, 13-inch, 2018)

A1932

MacBookAir8,1

Core i5-8210Y

Amber Lake

T2

Mac mini (2018)

A1993

Macmini8,1

Core i5-8500B
Core i7-8700B

Coffee Lake

T2

MacBook Pro (15-inch, 2018)

A1990

MacBookPro15,1
MacBookPro15,3

Core i7-8750H
Core i7-8850H
Core i9-8950HK

Coffee Lake

T2

MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)

A1989

MacBookPro15,2

Core i5-8259U
Core i7-8559U

Coffee Lake

T2

2017

iMac Pro (2017)

A1862

iMacPro1,1

Xeon W-2140B
Xeon W-2150B
Xeon W-2170B
Xeon W-2190B

Skylake

T2

 


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Apple macOS 13 Ventura: FileVault was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited above. The product, when delivered and configured as identified in the Apple macOS 13 Ventura: FileVault Common Criteria Configuration Guide, meets the requirements defined in the Security Target.

Apple macOS 13 Ventura: FileVault

The Apple macOS 13 Ventura: FileVault Common Criteria Configuration Guide document satisfies all of the security functional requirements stated in the Apple macOS 13 Ventura: FileVault Security Target. The evaluation was subject to CCEVS Validator review. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11348-2023, prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE uses the following cryptographic modules to satisfy the cryptographic requirements defined in the ST:

·       Apple silicon

o   Apple corecrypto Module 13.0 [Apple ARM, User, Software, SL1]

o   Apple corecrypto Module 13.0 [Apple ARM, Kernel, Software, SL1]

o   Apple corecrypto Module 13.0 [Apple silicon, Secure Key Store, Hardware, SL2]

o   Apple DMA controller 2.0 [Hardware]

·       Intel with T2

o   Apple corecrypto Module 13.0 [Intel, User, Software, SL1]

o   Apple corecrypto Module 13.0 [Intel, Kernel, Software, SL1]

o   Apple corecrypto Module 13.0 [Apple ARM, Secure Key Store, Hardware, SL2]

o   Apple DMA controller 1.0 [Hardware]

The evaluation supports the following cryptographic algorithms along with their respective standards.

Algorithms

Standards

AES

AES-CBC (as defined in NIST SP 800-38A)

AES

AES-KW (AES as specified in ISO/IEC 18033-3, [NIST SP 800-38F]

AES

AES-XTS (AES as specified in ISO/IEC 18033-3 and XTS as specified in IEEE 1619)

ECDSA

FIPS PUB 186-4 Digital Signature Standard (DSS), Section 6 and Appendix D

RSA

FIPS PUB 186-4 Digital Signature Standard (DSS), Appendix B.3

HMAC

ISO/IEC 9797-2:2011, Section 7 “MAC Algorithm 2”

SHS

NIST FIPS Pub 180-4

DRBG

CTR_DRBG (AES)

User Data Protection

The TOE encrypts all user data using the following algorithms:

·       Apple silicon: AES-XTS-256 using two independent 256-bit keys

·       Intel with T2: AES-XTS-128 using two independent 128-bit keys

When the host platform is provisioned at first run, the user is prompted to enable the TOE's embedded full disk encryption management program (FileVault) and enter a username and password. Once enabled, the storage drive of the host platform remains encrypted and protected from unauthorized access; even if the physical storage device is removed and connected to another host platform.

Security Management

The TOE can perform management functions. The administrator has full access to carry out all management functions, and the user has limited privilege. The System Settings >> Privacy & Security menu on macOS invokes management functionality of the Authorization Acquisition component which supports forwarding requests to change or cryptographically erase the Data Encryption Key (DEK) to the Encryption Engine component as well as configuring authorization factors. The Authorization Acquisition and Encryption Engine components together supports user initialization of the TOE firmware/software updates.

Protection of the TSF

The TOE implements the following protection of TSF data:

·       Protection of key and key material—The TOE only stores keys in non-volatile memory when cryptographically wrapped.

·       Power saving states and timing of power states—The TOE supports G2(S5) state (soft off), which is defined by the Advanced Configuration and Power Interface (ACPI) standard, as well as allowing the user to initiate the power saving state.

·       TSF Testing—The TOE performs Known Answer Tests (KATs) to verify the correct operation of supported cryptographic functions.

·       Trusted updates—Before installing the updates, the TOE’s Authorization Acquisition component validates the digital signature of the updates retrieved by the macOS operating system from the Apple Update Server.


Vendor Information


Apple Inc.
Shawn Geddis
1-669-227-3579
security-certifications@apple.com

https://support.apple.com/guide/certifications/welcome/web
Site Map              Contact Us              Home