In some environments, a host device (such as a mobile phone or other device) is used with an embedded or removable storage device (such as a hard drive, a solid state drive, Secure Digital (SD) card, or a MultiMedia Card (MMC)). Some storage devices store a master boot record (MBR) at logical block address (LBA) 0 and store operating system code elsewhere in the storage device. When the host device is first powered up, a small amount of firmware on the host device enables it to read the MBR from LBA 0. The MBR contains computer-readable program code that, when executed by the host device, provides the host device with the ability to read the other parts of the operating system code from the storage device and boot up the host device.
To protect the operating system from being tampered with (e.g., to prevent the introduction of viruses) and to prevent access to important private information if the storage device is lost, the operating system code (including the MBR) can be encrypted, so that the MBR and operating system code are accessible only to authorized users. (In addition to using encryption, the storage device may be configured to restrict access to the protected areas when the protected areas include the operative system code.) As the host device will not be able to read the MBR prior to authenticating to the storage device, the storage device can store a “shadow master boot record (MBR)” that contains computer-readable program code that, when executed by the host device, collects authentication information (e.g., collects a password from the user) and sends the collected authentication information to an authentication program running on the storage device. Because the small amount of firmware on the host device enables the host device to only read LBA 0 prior to fully booting up, the storage device temporarily maps LBA 0 to the shadow MBR. That way, when the host device reads LBA 0, it receives the shadow MBR instead of the actual MBR. After successful authentication, the storage device remaps LBA 0 to the original MBR, so that the host device can receive the actual MBR and boot up as described above.
Over time, the shadow MBR may need to be updated. The shadow MBR is typically implemented as read-only for security reason and can be updated after authentication through special read/write commands. The Trusted Computing Group (TCG) set forth a standard for updating the shadow MBR. While the TCG standard contains general requirements for the update process, such as the requirement that the update be done in an atomic manner and that a certain amount of memory be allocated for the shadow MBR, the standard does not provide specific implementations of the standard that can be used to efficiently update the shadow MBR.
Overview
Embodiments of the present invention are defined by the claims, and nothing in this section should be taken as a limitation on those claims.
By way of introduction, the below embodiments relate to a storage device and method for updating a shadow master boot record (MBR) stored in the storage device. In one embodiment, a storage device is provided having a memory with a first storage area and a second storage area. The storage device receives updated sectors of the shadow MBR from a host device and writes the updated sectors in the second storage area. The storage device determines a highest written sector in the first storage area that is occupied by the shadow MBR. The storage device copies the non-updated sectors of the shadow MBR from the first storage area to the second storage area, wherein only the non-updated sectors up to the highest written sector are copied. Accordingly, any non-updated sectors above the highest written sector are not copied from the first storage area to the second storage area. The storage device then designates the second storage area as storing a current version of the shadow MBR.
Other embodiments are possible, and each of the embodiments can be used alone or together in combination. Accordingly, various embodiments will now be described with reference to the attached drawings.