Search

EP-4742074-A1 - INLINE CRYPTOGRAPHY TECHNIQUES WITH A STORAGE ACCELERATOR

EP4742074A1EP 4742074 A1EP4742074 A1EP 4742074A1EP-4742074-A1

Abstract

Inline cryptography techniques implemented with a storage accelerator may enable encryption of data in transit between the storage accelerator and the storage device. In one example, the storage accelerator maintains local I/O context information for I/O commands and modifies the data pointer (e.g., PRP) in the I/O command sent to the storage device to include a reference (e.g., index) to the I/O context information. For a read command, the storage accelerator receives encrypted data from the SSD along with the modified data pointer. The storage accelerator may then determine the appropriate key and tweak value based on the modified data pointer, decrypt the data with the key and tweak value, and send the decrypted data to the host device without waiting for all data to be received from the storage device.

Inventors

  • SURI, SALIL
  • GONAR, Kalyan Prabhu
  • Anand Karjala, Subramanyam

Assignees

  • Marvell Asia Pte Ltd

Dates

Publication Date
20260513
Application Date
20251106

Claims (15)

  1. A method of performing inline cryptography in a storage accelerator, wherein the storage accelerator is to couple with a host device and a storage device, and wherein the method comprises: receiving an input/output (I/O) command from the host device via a virtual function, wherein the I/O command comprises an address of the storage device and a data pointer; sending a modified I/O command to the storage device, wherein the modified I/O command comprises a modified data pointer; in response to a determination that the I/O command is a write command: receiving data to write from the host device, encrypting the data with a key corresponding to the virtual function, and sending encrypted data to the storage device; and in response to a determination that the I/O command is a read command: receiving the encrypted data and the modified data pointer from the storage device, determining the key based on the modified data pointer, decrypting the encrypted data based on the key, and sending decrypted data to the host device.
  2. The method of claim 1, further comprising: in response to receipt of the I/O command: storing, in a memory of the storage accelerator, context information related to the I/O command, wherein: the modified data pointer comprises a reference to the context information, and determining the key comprises accessing the context information based on the reference.
  3. The method of claim 2, wherein: the context information comprises: an I/O context identifier (ID) for the I/O command, and the reference to the context information in the modified data pointer comprises: the I/O context ID.
  4. The method of claim 2, wherein: the memory is to store a plurality of keys corresponding to virtual functions, and the context information comprises: a key index to access the key from the plurality of keys.
  5. The method of claim 2, wherein: the context information comprises: the data pointer from the I/O command, and the modified data pointer comprises: a data pointer index to access the data pointer.
  6. The method of claim 2, wherein: the address comprises a logical block address (LBA), the context information comprises: the LBA, and the modified data pointer comprises: an LBA index to access the LBA, and an offset relative to the LBA, and/or further comprising: in response to the determination that the I/O command is the read command: determining a tweak value based on the LBA and the offset, and decrypting the encrypted data based on the key and further based on the tweak value, and/or wherein: decrypting the encrypted data comprises: decrypting partial data based on the key and the tweak value, and sending the data to the host device comprises: sending partial decrypted data.
  7. The method of claim 2, further comprising: in response to the determination that the I/O command is the write command: receiving, from the storage device, a first request to fetch the data, wherein the first request comprises the modified data pointer, accessing the context information based on the modified data pointer, and sending, to the host device, a second request for the data based on the context information, wherein the second request comprises the data pointer.
  8. The method of one of claims 1 to 7, wherein: the modified data pointer comprises a tag to specify an address type, including one of a physical region page (PRP) address or PRP list address, and in response to receipt, from the storage device, of a request for a PRP list: providing the PRP list, wherein each element of the PRP list comprises the modified data pointer and an offset.
  9. A storage accelerator to couple with a host device and a storage device and to implement inline cryptography techniques, wherein the storage accelerator comprises: input/output (I/O) interface logic to receive an I/O command from the host device via a virtual function, wherein the I/O command comprises an address of the storage device and a data pointer; and logic to: send a modified I/O command to the storage device, wherein the modified I/O command comprises a modified data pointer; in response to a determination that the I/O command is a write command: receive data to write from the host device, encrypt the data with a key corresponding to the virtual function, and send encrypted data to the storage device; and in response to a determination that the I/O command is a read command: receive the encrypted data from the storage device, determine the key based on the modified data pointer, decrypt the encrypted data based on the key, and send decrypted data to the host device.
  10. The storage accelerator of claim 9, wherein: in response to receipt of the I/O command, the logic is to: store, in a memory of the storage accelerator, context information related to the I/O command, wherein the modified data pointer comprises a reference to the context information, and access the context information based on the reference to determine the key.
  11. The storage accelerator of claim 10, further comprising: the memory to store the context information.
  12. The storage accelerator of claim 10 or 11, wherein: the context information comprises: an I/O context identifier (ID) for the I/O command, and the reference to the context information in the modified data pointer comprises: the I/O context ID, or wherein: the memory is to store a plurality of keys corresponding to virtual functions, and the context information comprises: a key index to access the key from the plurality of keys, or wherein: the context information comprises: the data pointer from the I/O command, and the modified data pointer comprises: a data pointer index to access the data pointer.
  13. The storage accelerator of one of claims 10 to 12, wherein: the address comprises a logical block address (LBA), the context information comprises: the LBA, and the modified data pointer comprises: an LBA index to access the LBA, and an offset relative to the LBA, and/or wherein: in response to the determination that the I/O command is the read command, the logic is to: determine a tweak value based on the LBA and the offset, and decrypt the encrypted data based on the key and further based on the tweak value.
  14. One or more non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to perform a method of inline cryptography in a storage accelerator, wherein the storage accelerator is to couple with a host device and a storage device, and wherein the method comprises: receiving an input/output (I/O) command from the host device via a virtual function, wherein the I/O command comprises an address of the storage device and a data pointer; sending a modified I/O command to the storage device, wherein the modified I/O command comprises a modified data pointer; in response to a determination that the I/O command is a write command: receiving data to write from the host device, encrypting the data with a key corresponding to the virtual function, and sending encrypted data to the storage device; and in response to a determination that the I/O command is a read command: receiving the encrypted data from the storage device, determining the key based on the modified data pointer, decrypting the encrypted data based on the key, and sending decrypted data to the host device.
  15. The one or more non-transitory computer-readable media of claim 14, wherein the method further comprises: in response to receipt of the I/O command: storing, in a memory of the storage accelerator, context information related to the I/O command, wherein: the modified data pointer comprises a reference to the context information, and determining the key comprises accessing the context information based on the reference.

Description

Priority Application This patent application claims priority to and/or receives benefit from U.S. Provisional Application No. 63/717,815, titled, "Nonvolatile Memory express (NVMe) Interposer Inline Crypto," filed on November 7, 2024. The U.S. Provisional Application is hereby incorporated by reference in its entirety. Background Non-volatile storage refers to memory technologies that retain stored data even when power is removed. Examples of non-volatile storage media include flash memory and other persistent memory types. Non-volatile storage is commonly used in computing systems to store firmware, operating system components, application data, and user-generated content. Unlike volatile memory such as dynamic random-access memory (DRAM), which requires continuous power to maintain data integrity, non-volatile storage provides long-term data retention. Flash memory, particularly NAND flash, is widely deployed in solid-state drives (SSDs) and embedded systems due to its high density and cost efficiency. NVMe (Non-Volatile Memory Express) is a protocol designed to optimize access to flash storage over PCI Express (PCle), offering low latency and high throughput. NVMe enables parallel access to multiple storage queues, improving performance in data-intensive applications. Brief Description of the Drawings Embodiments will be readily understood by the following detailed description in conjunction with the accompanying drawings. To facilitate this description, like reference numerals designate like structural elements. Embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings. FIG. 1 illustrates an exemplary computing system in which inline cryptography techniques may be implemented with a storage accelerator, according to some embodiments of the disclosure.FIG. 2 illustrates another exemplary computing system in which inline cryptography techniques may be implemented with a storage accelerator, according to some embodiments of the disclosure.FIGS. 3A-3C depict flow charts illustrating an example of a method for implementing inline cryptography techniques with a storage accelerator, according to some embodiments of the disclosure.FIG. 4 illustrates an example of an input/output (I/O) context table, modified data pointer, and key table, according to some embodiments of the disclosure.FIG. 5A is a diagram of an example method of performing inline cryptography techniques, including a TLP flow for an NVMe write command, according to some embodiments of the disclosure.FIG. 5B is a diagram of an example method of performing inline cryptography techniques, including a TLP flow for an NVMe read command, according to some embodiments of the disclosure.FIG. 6 illustrates an exemplary solid-state drive (SSD) which may be included in a system implementing inline cryptography techniques with a storage accelerator, according to some embodiments of the disclosure.FIG. 7 illustrates an exemplary computing system, which may represent a host device in a system in which inline cryptography techniques are implemented with a storage accelerator, according to some embodiments of the disclosure. Detailed Description Overview Storage devices, such as solid-state drives (SSDs), are often connected directly to host computing devices through physical interfaces such as M.2 connectors, PCIe add-in card slots, or other standardized form factors. These physical connections enable the establishment of communication pathways between the host device and the storage device, allowing for data transfer operations and command exchanges through protocols such as NVMe over PCle or SATA or other standard protocol. In some examples, a system may include a storage accelerator (which may also be referred to as a storage interposer) between the host device and SSDs. In addition to functioning as a pass-through device, a storage accelerator may perform a variety of functions, such as enabling SSD virtualization, data redundancy, and improved serviceability. SSDs may incorporate encryption and decryption functionality to secure data stored on the device, where data is encrypted by the SSD before being written to the storage medium and decrypted by the SSD prior to being transmitted to the requester. This encryption and decryption processing may be performed by dedicated hardware encryption engines within the storage controller of the SSD to ensure data is encrypted at rest on the physical storage medium. In addition to encrypting data at rest, encryption of data in transit between the storage accelerator and the SSD would add an additional layer of security; however, several challenges complicate implementing cryptography in a storage accelerator. For example, implementing a store-forward cryptographic solution would incur a performance penalty because the storage accelerator would have to wait for all the encrypted data to be received from the SSD prior to decrypting the data for transmission