“In order to keep up with the fast-changing data-driven world, controller technology must evolve rapidly. Not only must safety functions be implemented in the core design of flash memory controllers, but also flexible solutions such as APIs must be available so that A security ecosystem is developed in the firmware.
In order to keep up with the fast-changing data-driven world, controller technology must evolve rapidly. Not only must safety functions be implemented in the core design of flash memory controllers, but also flexible solutions such as APIs must be available so that A security ecosystem is developed in the firmware.
As the industrial storage market grows, so does the demand for secure data storage. In order to keep up with the requirements of the ever-changing data-driven world, controller technology must evolve rapidly. This goal is achieved not only by implementing security functions in the core design of the flash memory controller, but also by having more flexible solutions (such as APIs). The API takes into account the development of the security ecosystem within the flash controller firmware.
The flash memory controller is a very important component in a NAND flash memory-based storage system, which manages the data transfer between the host and the flash memory. The quality of these data transfers may vary greatly depending on the function of the flash memory controller. In addition, the design of storage modules such as SSDs, USB flash drives, and SD cards are based on complex trade-offs in cost, quality, and unique use case requirements. One thing that everyone who designs storage systems can agree on is that design flexibility is the key. The flash controller API is a way for many companies that design secure storage systems to overcome the difficulties, because they take customized security features into consideration to make standard application design stand out.
Although the controller manufacturer should implement a series of standard safety functions at any time, the person designing the module should have some flexibility. The controller API allows companies to evaluate various trade-offs in the design and optimize performance, durability, and feature set accordingly. The implementation of security functions and the possibilities that come with APIs are limitless, because they will eventually take into account the development of high-end storage solutions.
Hyperstone, the manufacturer of flash memory controllers, provides APIs for its flash memory controllers. This API provides designers with powerful functions and allows customer firmware extensions (CFE) within the controller firmware. These extensions do not have to be disclosed to Hyperstone. In fact, the code is completely owned by the company that wrote it, and the company’s add-ons and extensions can only be executed with their own creativity. With the help of Hyperstone flash memory controller and free API, the company can produce storage modules that include a series of different security functions, such as key management, AES for secure access and other encryption technologies, and additional GPIOs used to connect to other communication buses. Self-encryption, secure erase, secure TRIM and WORM (write many times) functions. These are only initial functions, because with these functions, you can develop unique security applications. Here, we will explain some of the main security features that the API may provide.
Regarding secure storage, there are many types of encryption. For some flash memory controllers, Hyperstone API enables AES128 and AES256 encryption to ensure secure access, and the design of self-encrypting drives is also taken into consideration. Here, the time required for the encryption unit to process the data should be weighed to determine which security level is necessary, because this is an important compromise that needs to be considered.
Security TRIM not only refers to deleting data, it also involves managing marks that will remain on the memory once deleted. According to the sensitivity of the data, it is very important that no residues can be found on the flash memory after the data is deleted, because this may expose credible information. Finally, in situations where secure data transactions are very important, this feature can be enabled through APIs in some industrial environments.
Smart IC and additional GPIOs
GPIO is enabled via API, allowing designers to connect to communication buses such as ISO7816, UART, I2C and SPI. By using the ISO7816 protocol, it can communicate with the smart IC and realize further key management.
Some applications such as mobile payment, license management, content protection, DRM, data privacy, and FIDO U2F security key (anti-phishing protection/built-in smart card) with AES data encryption function require dedicated firmware to use the ISO 7816 interface. In order to realize encryption key management, and communicate with the host application program safely and reliably.
Write once and read many times
Write Once Read Many (WORM) refers to a data storage device, once written, information cannot be modified. This write protection ensures that once data is written to the device, it will not be tampered with.
This helps to ensure that the content of the data that needs to be transferred will not be changed. Likewise, modules used for license distribution and/or containing service technician keys will also benefit from this feature.
Partitioning can also be performed using API. This allows design engineers to create hidden partitions that can restrict access to certain parts of the storage device. Finally, this feature can optimize the security features of storage devices at the design level.
How the API works
All Hyperstone flash memory controllers contain dedicated firmware for managing flash memory. In addition to acting as a bridge between the host and the flash memory interface, it is also a key element for managing flash memory to improve its performance, reliability, robustness and durability.
Through the API, the company can develop its own proprietary IP as an extension of the Hyperstone standard firmware. The code that addresses a specific application is stored in the flash memory of the target device, called the client firmware load area. These extensions can be easily changed and give the company a certain degree of differentiation, driven entirely by the company’s expertise in the market.
Hyperstone provides the tools needed to develop and install firmware extensions. The company can choose its own CFE authentication key to ensure that others cannot change, replace or update the CFE. You can write or update the company code through a simple data write command, and use the supplier command as the prefix to unlock the access to the reserved address range. The code is managed and maintained by the hyReliability data of the controller, and does not need to be customized for the type of flash memory used. The specificity of each flash memory type is handled by the Hyperstone firmware. Therefore, the customer only needs a binary to execute.
Finally, a reliable storage solution with security features can be realized through a high-end flash memory controller. Through the Hyperstone API, flexible differentiation can be achieved in the storage system. Hyperstone API makes the development of customer firmware extensions (CFE) the company’s proprietary IP.