Does the ST60/SU60 support FIPS 140-2?

Answer

The 60 series radio itself is not FIPS certified and cannot be certified, since FIPS must be tied to an entire platform (host, OS, encryption mechanisms, etc..) and have a defined boundary within the platform (data at rest, data at motion, Ethernet, USB, Wi-Fi, etc..).

From a Wi-Fi radio perspective, the on-board encryption hardware accelerators on the Marvell silicon are not FIPS compliant. Therefore, a customer would need to disable the radio encryption accelerator on the 60 series radio and use a FIPS validated crypto-engine. This is similar to what Ezurio did on our 60 Series SOM to achieve FIPS certification – from a high-level perspective we bypassed the silicon's encryption HW accelerators and forwarded all of the encryption functions to a FIPS validated crypto-module on the SOM60. Disabling the radio’s encryption functions can be done from the host.  The rest of the FIPS architecture will need to be determined by customer as FIPS is tied to more than just the radio.

Each implementation of FIPS is different and the radio is just one piece of a larger FIPS strategy. Ezurio's (formerly Laird Connectivity) implementation of FIPS was specifically designed for the SOM60 platform.