In an interesting article on security from Warren Kurisu titled Securing Data on Connected Embedded Devices, he discusses three situations where embedded devices need to protect data – when at rest, when in use, and when in transit. Datalight software can help protect the “data in use” case, including addressing an often overlooked vulnerability.
NAND flash media has become the standard storage media for embedded devices, either as raw flash chips, contained in devices such as eMMC and SD cards or as part of an SOC. In order to modify data on any NAND flash media, a copy is first made in memory, then modified and stored to a new NAND block. At this point, there are two copies of the secure data on the device – to ensure data security the original copy must be securely erased.
On eMMC media, the firmware provides secure operations that can be used to remove those blocks. We have discussed these operations before on our blog. Datalight’s Reliance Nitro is still the only file system that utilizes these secure operations on eMMC media. Another alternative is the Sanitize command, which securely erases any pending deleted blocks, whether or not they contain secure data. (Questions have arisen about the performance impact of that approach. Stay tuned for a report on an analysis of this aspect that Datalight is working on.)
Can the same thing be done on raw flash media? Absolutely!
Datalight’s FlashFX Tera has an API to request a compaction, which is an operation used to erase pending blocks. This is very similar to the eMMC firmware Sanitize operation. We are also considering adding the more direct operations of secure trim and secure delete to FlashFX Tera.
Reliance Nitro also provides features that help address the “data at rest” situations mentioned in Warren’s article. A full set of OEM attributes are supported and stored in the common disk format, available for any RTOS utilized by our customers. These attributes can be used to isolate data between users and groups on the same device or over any connections this device participates in. And of course, our customers can (and many have) plug in their own encryption module using Reliance Nitro APIs designed for this purpose.
Does your design rely on the ability to secure – and securely erase – data?