1. Field of the Invention
Embodiments of the invention generally relate to secure storage and, more specifically, to techniques for secure storage with SCSI storage devices.
2. Description of the Related Art
The secure storage of sensitive information is an ongoing issue in computing. Secure storage is especially important for cryptographic keys, which are oftentimes used to keep information secure or authenticate the integrity of a computer system or an application. Such keys can be stored within a discrete chip that is separate from a computer system's main processor and memory. The industry standard for implementing secure storage with a discrete chip in personal computers is the Trusted Platform Module (TPM). In addition to securely storing cryptographic keys, the TPM provides security services, so that the keys and other valuable data can remain within the TPM while the computer system performs authentication procedures.
However, the integration of an additional component, such as a TPM chip, in many types of portable devices can be difficult. Portable devices have limited space, power, and component budgets, so additional components are undesirable.
Firmware TPM has been developed to provide security comparable to TPM for portable devices. Firmware TPM relies upon a Trusted Execution Environment (TEE) to perform the security services in an execution environment that is separate from the user environment. The TEE isolates access to security services and secure storage from the rest of the system, which provides a high level of security without an additional microprocessor. Although an additional TPM chip is not required, firmware TPM still needs to store the cryptographic keys in a secure, authenticated, and separate storage area.
To provide a secure, authenticated, and separate storage area, portable devices typically include a discrete secure storage component in addition to a main storage device. The main storage device is oftentimes a small computer system interface (SCSI) storage device, such as a USB rotating device, which uses the SCSI block commands (SBC) to store user data. Although already included within portable devices, these SCSI storage devices do not provide secure storage separate from the user data area, so the discrete secure storage component is typically added to the portable device. This additional storage component may be an embedded multi-media controller (eMMC) or a discrete read-only memory (ROM). The inclusion of a discrete secure storage component, in addition to the SCSI storage device, adds cost and complexity to the design of a portable device.
As the foregoing illustrates, what is needed in the art is a technique for creating and accessing a secure authenticated separate storage area within a SCSI storage device.