1. Field
The present embodiments relate to storage devices for computer systems. More specifically, the present embodiments relate to techniques for using storage controller bus interfaces to encrypt and decrypt data transferred between storage devices and hosts connected to the storage devices.
2. Related Art
A modern computer system typically includes a motherboard containing a processor and memory, along with a set of peripheral components connected to the motherboard via a variety of interfaces. For example, a Serial Advanced Technology Attachment (SATA) interface may facilitate data transfer between a storage device (e.g., hard disk drive (HDD), optical drive, solid-state drive (SSD), hybrid hard drive (HHD), etc.) and the motherboard, while a Peripheral Component Interconnect Express (PCIe) bus may enable communication between the motherboard and a number of integrated and/or add-on peripheral components.
Such data transfer within a computer system may be associated with a number of security issues and/or disadvantages. In particular, a storage device that stores and/or transmits data in unencrypted plaintext form may be vulnerable to unauthorized access by an eavesdropper and/or attacker. For example, the confidentiality of unencrypted data on an HDD may be compromised while the data is at rest in the storage device and/or in transit across the interface (e.g., SATA interface) between the HDD and the computer system's motherboard. On the other hand, data that is encrypted by the HDD prior to storage may be protected while at rest, but may also be unencrypted prior to transmission between the HDD and the motherboard and thus vulnerable to unauthorized access outside the HDD.
To further secure the data, a Central-Processing Unit (CPU) on the motherboard may encrypt the data prior to transmitting the data over an interface with the storage device. As a result, the confidentiality of the data may be maintained both while the data is at rest and during transmission of the data over the interface. However, CPU-based encryption of stored data may require the CPU to sequentially retrieve the data, copy the data, encrypt the copied data, and then transmit the data to the storage device, thus increasing the computational overhead and/or power consumption of the computer system.
Hence, what is needed is a mechanism for reducing the power consumption and/or computational overhead associated with securing data storage and transfer in computer systems.