Compliant Product - Apple macOS 13 Ventura: FileVault
Certificate Date:
2023.12.04
CC Certificate
Security Target
Validation Report
Validation Report Number: CCEVS-VR-VID11348-2023 Product Type: Encrypted Storage Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201 collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 CC Testing Lab: atsec information security corporation Assurance Activity Administrative Guide
Product Description
The TOE is the Apple macOS 13 Ventura: FileVault full drive encryption product which supports an Authorization Acquisition and Encryption Engine. The TOE is part of the macOS operating system. The macOS operating system is a Unix-based OS which leverages the Apple Secure Enclave, found in the Apple silicon System on a Chip (SoCs) and in the Apple T2 Security Chip, to perform full drive encryption. The TOE also leverages an AES cryptographic implementation built into the Direct Memory Access (DMA) controller chip. The operating system core is a POSIX-compliant operating system built on top of the XNU kernel with standard Unix facilities available from the command line interface. The TOE type is an authorization and encryption engine product. It meets all the criteria of the collaborative Protection Profiles listed above. The tested version of the TOE is Apple macOS 13.2.1.
Evaluated Configuration
Devices Covered by the Evaluation
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Apple macOS 13 Ventura: FileVault was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited above. The product, when delivered and configured as identified in the Apple macOS 13 Ventura: FileVault Common Criteria Configuration Guide, meets the requirements defined in the Security Target. Apple macOS 13 Ventura: FileVault The Apple macOS 13 Ventura: FileVault Common Criteria Configuration Guide document satisfies all of the security functional requirements stated in the Apple macOS 13 Ventura: FileVault Security Target. The evaluation was subject to CCEVS Validator review. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11348-2023, prepared by CCEVS.
Environmental Strengths
Cryptographic SupportThe TOE uses the following cryptographic modules to satisfy the cryptographic requirements defined in the ST: · Apple silicon o Apple corecrypto Module 13.0 [Apple ARM, User, Software, SL1] o Apple corecrypto Module 13.0 [Apple ARM, Kernel, Software, SL1] o Apple corecrypto Module 13.0 [Apple silicon, Secure Key Store, Hardware, SL2] o Apple DMA controller 2.0 [Hardware] · Intel with T2 o Apple corecrypto Module 13.0 [Intel, User, Software, SL1] o Apple corecrypto Module 13.0 [Intel, Kernel, Software, SL1] o Apple corecrypto Module 13.0 [Apple ARM, Secure Key Store, Hardware, SL2] o Apple DMA controller 1.0 [Hardware] The evaluation supports the following cryptographic algorithms along with their respective standards.
User Data ProtectionThe TOE encrypts all user data using the following algorithms: · Apple silicon: AES-XTS-256 using two independent 256-bit keys · Intel with T2: AES-XTS-128 using two independent 128-bit keys When the host platform is provisioned at first run, the user is prompted to enable the TOE's embedded full disk encryption management program (FileVault) and enter a username and password. Once enabled, the storage drive of the host platform remains encrypted and protected from unauthorized access; even if the physical storage device is removed and connected to another host platform. Security ManagementThe TOE can perform management functions. The administrator has full access to carry out all management functions, and the user has limited privilege. The System Settings >> Privacy & Security menu on macOS invokes management functionality of the Authorization Acquisition component which supports forwarding requests to change or cryptographically erase the Data Encryption Key (DEK) to the Encryption Engine component as well as configuring authorization factors. The Authorization Acquisition and Encryption Engine components together supports user initialization of the TOE firmware/software updates. Protection of the TSFThe TOE implements the following protection of TSF data: · Protection of key and key material—The TOE only stores keys in non-volatile memory when cryptographically wrapped. · Power saving states and timing of power states—The TOE supports G2(S5) state (soft off), which is defined by the Advanced Configuration and Power Interface (ACPI) standard, as well as allowing the user to initiate the power saving state. · TSF Testing—The TOE performs Known Answer Tests (KATs) to verify the correct operation of supported cryptographic functions. · Trusted updates—Before installing the updates, the TOE’s Authorization Acquisition component validates the digital signature of the updates retrieved by the macOS operating system from the Apple Update Server. Vendor InformationApple Inc. Nina Kominiak +1 907 227 9672 security-certifications@apple.com https://support.apple.com/guide/certifications/welcome/web |