The present invention relates to systems for enabling an authorized application to access data in restricted storage areas using only a file-system application-interface (FSAPI).
Non-volatile memory (NVM) storage devices that enable the operation of host systems are well-known in the art of computer engineering. Simple security considerations logically motivate developers of host systems to prevent the “boot partition” from being accessed by an ordinary file system.
Access to restricted sub-areas, such as the boot partition and system data (e.g. security keys) is restricted; these sub-areas cannot be accessed by applications using only FSAPI. Other storage sub-areas that are intended to serve applications and users are accessed by the file system using FSAPI. This restriction is typically implemented by limiting the range of addresses that are accessible to the file system, excluding the addresses of the restricted sub-areas.
However, in the course of the life of a host system, it is occasionally necessary to access data in restricted sub-areas (e.g. for updating a boot image, and for reading system keys). A need to update the boot partition can arise for a variety of reasons (e.g. to fix a software bug, or to install a newly-available feature).
Since the restricted area cannot be modified by the operating system (OS) using FSAPI, such an update is complex and requires device-specific, host-specific, and OS-specific applications that are able to bypass the restrictions and access the privileged areas.
Such solutions (e.g. UpdateXIP available from Microsoft™ Corporation) involve flagging the RAM, rebooting the host system without powering down, checking the flag by the boot code, and loading special code from the boot partition that can access the boot partition. This procedure implies that there will be a non-uniformity among the components involved (e.g. storage device, host system, and OS). Such a situation makes the update of restricted areas (e.g. boot partition) in a storage device a very costly feature.
A prior-art system, such as that disclosed by Moran, US Patent Application No. 20060031632 (hereinafter referred to as Moran '632), hereby incorporated by reference as if fully set forth herein, discloses a system for storing data without the data being directly written by the file system of the host system. However, Moran '632 discloses only an internal backup mechanism by which the storage device protects data written by the host system from being lost (by restoring it automatically upon powering up), but fails to disclose how data can be read from a different logical address than the address where the data was written. Therefore, systems according to Moran '632 cannot be useful for enabling access to data in restricted areas.
It would be desirable to have systems for enabling all authorized application to access data in restricted storage areas using only FSAPI.