The Target of Evaluation (TOE) is the Galleon Embedded Computing Software Encryption Layer version 1.1 running on Red Hat Enterprise Linux 9.5.
\r\nThe TOE is a software application that provides Full Drive Encryption (FDE) of drives within the system in which the software executes. The TOE has been evaluated on various different computing environments including Galleon’s XSR, HPR, G1, G2, and ARINC computing environments. These products/environments can act in multiple different capacities (Network Attached Storage [NAS], data recorder, general server, etc.) and allow for encryption of the drives attached to the system (including a Removable Data Module [RDM]). The XSR model supports encryption of one RDM (at a time), up to 4 internal SSDs, and its internal, non-removable mSATA SSD. The G1 model also supports encryption of one RDM (at a time) and up to 2 internal SSDs. TOE securely encrypts all user data stored on the protected drives.
\r\nThe TOE software executes in a Red Hat Enterprise Linux (RHEL) Release 9.5 operating system running on the computing hardware, and the TOE provides software-based Full Disk Encryption (FDE) of data drives (both internal drives and the RDM).
\r\nIn addition to the software-based FDE layer, some models of Galleon’s computing products include a separate, hardware-based Full Drive Encryption (FDE) layer to further encrypt the drives; however, this hardware-based FDE layer is addressed in a separate evaluation.
\r\nThe TOE supports encrypting data stored by software applications running in the RHEL operating system. The RHEL operating system might include software to support protocols including CIFS and NFS, might include the vendor’s data recording software, might even include customer provided software applications, or might include additional software running within KVM virtualized guest. The RHEL administrator can enable, disable, or install additional (accessing the system directly) desired protocols, software applications, and KVM guests to support their use-case and application.
","evaluation_configuration":"The Target of Evaluation (TOE) is the Galleon Embedded Computing Software Encryption Layer version 1.1 running on Red Hat Enterprise Linux 9.5.
\r\nThe TOE provides software Full Drive Encryption of removable drives and the software can be installed on Red Hat Enterprise Linux on various Galleon computing platforms (including XSR, G1, G2, HPR, and ARINC models). The following table summarizes the CPU options available. Because the Red Hat operating system provides a hardware abstraction layer, the TOE software executes identically irrespective of the underlying CPU.
\r\n\r\n
| \r\n Model \r\n | \r\n\r\n Processor \r\n | \r\n
| \r\n XSR \r\n | \r\n\r\n Intel Xeon E3-1505Lv6 (Kaby Lake) \r\n | \r\n
| \r\n XSR \r\n | \r\n\r\n Intel Xeon E-2276ME (Coffee Lake) \r\n | \r\n
| \r\n XSR \r\n | \r\n\r\n Intel Xeon W-11865MRE (Tiger Lake) \r\n | \r\n
| \r\n HPR \r\n | \r\n\r\n Intel Xeon D-1732TE (Ice Lake) \r\n | \r\n
| \r\n G1 \r\n | \r\n\r\n Intel Atom C2758 (Rangeley) \r\n | \r\n
| \r\n G2 \r\n | \r\n\r\n Intel Atom C3708 (Deverton) \r\n | \r\n
| \r\n ARINC \r\n | \r\n\r\n Intel Atom x6211E (Elkhart Lake) \r\n | \r\n
","security_evaluation_summary":"
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Galleon SW Encryption Layer Certifiable Encryption, Version 1.1.2, May 13, 2026 document, satisfies all of the security functional requirements stated in the Galleon Embedded Computing XSR and G1 Software Encryption Layer Security Target, Version 2.2, May 15, 2026. The project underwent CCEVS Validator review. The evaluation was completed in May 2026. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11654-2026) prepared by CCEVS
","environmental_strengths":"The logical boundaries of the Galleon Embedded Computing XSR and G1 Software Encryption Layer are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Cryptographic support:
\r\nThe TOE includes cryptographic functionality for key management, user authentication, and block-based encryption including: symmetric key generation, encryption/decryption, cryptographic hashing, keyed-hash message authentication, and password-based key derivation. These functions are supported with suitable random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key destruction. These primitive cryptographic functions are used to encrypt Data-At-Rest (including the generation and protection of keys and key encryption keys) used by the TOE.
\r\nUser data protection:
\r\nThe TOE performs Full Drive Encryption on all partitions on the drive (so that no plaintext exists) and does so without user intervention.
\r\nSecurity management:
\r\nThe TOE provides each of the required management services to manage the full drive encryption using a command line interface.
\r\nProtection of the TSF:
\r\nThe TOE implements a number of features to protect itself to ensure the reliability and integrity of its security features. It protects key and key material, and includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt. If any of the self-tests fail, the TOE will not go into an operational mode.
\r\n\r\n
","features":[{"id":4750,"feature_name":"Cryptographic Hashing"},{"id":4748,"feature_name":"Cryptographic Signature Generation"},{"id":4749,"feature_name":"Cryptographic Signature Verification"},{"id":4747,"feature_name":"Encrypted Storage"},{"id":4746,"feature_name":"Full Drive Encryption"},{"id":4751,"feature_name":"Key Destruction"},{"id":4745,"feature_name":"Keyed-hash message authentication"},{"id":4743,"feature_name":"PBKDF"},{"id":4744,"feature_name":"Trusted Update Function"}]}