CMUF CPU Equivalency Working Group Panel Report and Discussion (C40b)
Over the last several years, both the CMVP and NIAP have been reducing the number of similar CPUs covered by a single CAVS test. Historically, an ARM was an ARM, an x86 was an x86 and a CAVS test for one, covered all family variants. But recently that has been changing and both bodies have been narrowing the definition of equivalence, sometimes to a single part number. The result is that a vendor validating a module may have to do as many sets of CAVS tests as the number of processors they support and validate/certify. This has become a very significant burden with some vendors having to do hundreds of CAVS tests for each new release version of a module. The question of “what exactly is an equivalent CPU” has become a serious topic of discussion. In the hope of developing a good technical way of determining that, this workgroup was formed with the active participation of both the CMVP and NIAP to examine the issue and to come up with some recommendations. Some significant progress has been made in the last year and with FIPS 140-4 coming into play soon, it is imperative that all parties come to an agreement on the definition of CPU equivalency in the near future. This panel will have representatives from the developer, lab and standards communities and will discuss the determining of equivalence which has proven to be a much more difficult question than originally thought. Since CPUs are now really systems on a chip (SOC), with different firmware and microcode levels, how is it possible to accurately determine equivalence? How can it be tested and confirmed, and how many CPUs in a family can really be deemed equivalent?