Field
Embodiments relate generally to an apparatus and method to decrypt file segments in parallel.
Relevant Background
Traditionally, boot files are decrypted by a crypto-engine, after the file is fully assembled by the file system. An example of this, is a Unix File System (UFS), in which the driver and the crypto-engine are purely software implemented, which allows for parallel decryption. However, this implementation is not very secure, as compared to a hardware based crypto-engine implementation. Thus, utilizing current systems, which are purely software implemented, may allow for parallel reads to achieve maximum throughput, these types of systems lack the enhanced security of a hardware based crypto-engine implementation.
On the other hand, more secure types of hardware based crypto-engines have been proposed. A beneficial feature of a hardware based crypto-engine (CE) is speed. A hardware based CE is located in-line, meaning the CE processes the data as it goes.
This hardware based CE implementation is currently defined as requiring Cipher Block Chaining (CBC) or similar chaining modes that are selected by the storage specifications for encryption/decryption implementations. However, for the hardware based CE in-line mode, it is very inconvenient because the CBC implementation assumes the file is processed serially, while the in-line CE may operate as defined by the storage specifications in parallel (e.g., parallel read and decryption of different segments of the file). Strategies are being sought after to be able to decrypt and read hardware based crypto-engine encrypted files in a much more efficient manner.