Reference Guide

Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy|27

ArubaOS UBoot BootLoader Module

 Firmware Load Test - RSA PKCS#1 v1.5 (2048 bits) signature verification

Conditional Tests on Hardware:

 CRNG Test to non-Approved RNGs

Self-test results are logged in a log file. Upon successful completion of the power-up self tests, the

module logs a KATS: passed message into a log file. Confirm the file update by checking the associated

time of the file.

In the event of a hardware KATs failure, the log file records one of the following messages depending on

the algorithm being validated:

 AES256 HMAC-SHA1 hash failed

 AES256 Encrypt failed

 AES256 Decrypt Failed

 3DES HMAC-SHA1 hash failed

 3DES Encrypt failed

 3DES Decrypt Failed

 DES HMAC-SHA1 hash failed

 DES Encrypt failed

 DES Decrypt Failed

 HW KAT test failed for AESCCM CTR. Rebooting

 AESCCM Encrypt Failed

This text is followed by this message:

The POST Test failed!!!!

Rebooting…

Alternating Bypass State

The controller implements an alternating bypass state when:

 a port is configured in trusted mode to provide unauthenticated services

 a configuration provides wireless access without encryption

The alternating bypass status can be identified by retrieving the port configuration or the wireless network

configuration.