KR-20260065923-A - Autonomous measurement verification of memory devices

Abstract

The processing device calculates a set of reference system measurements based on the initial firmware image corresponding to the memory device. The processing device stores the set of reference system measurements in the measurement proof block of the memory device. A set of current system measurements is calculated by the processing device based on the current firmware image corresponding to the memory device. The processing device performs a comparison between the set of current system measurements and the set of reference system measurements stored in the measurement proof block of the memory device, and performs an action on the memory device based on the result of the comparison.

Inventors

• 루아네, 제임스
• 잔코비치, 아르??

Assignees

• 마이크론 테크놀로지, 인크.

Dates

Publication Date

20260511

Application Date

20240731

Priority Date

20230907

Claims (20)

1. As a memory subsystem, Memory device; A measurement proof block storing a set of reference system measurements calculated based on the initial firmware image of the memory subsystem; and It includes a processing device operably coupled with the memory device and the measurement proof block to perform operations, wherein the operations are, An operation to calculate a set of current system measurements based on the current firmware image of the above memory subsystem; The operation of comparing the set of current system measurements with the set of reference system measurements stored in the measurement proof block; and A memory subsystem comprising an operation to perform an action on the memory device based on the result of comparing the set of current system measurements with the set of reference system measurements stored in the measurement proof block.
2. In paragraph 1, The above measurement proof block specifies the above action; and The above operations are, An operation to identify discrepancy conditions between the set of reference system measurements and the set of current system measurements based on the above comparison; A memory subsystem further comprising an operation to determine the action to be performed based on the measurement proof block in response to identifying the above discrepancy condition.
3. In paragraph 2, A memory subsystem comprising one of the following operations for performing the above action: an operation of warning a host system of the above mismatch condition; an operation of logging the above mismatch condition in an error log; an operation of preventing the memory device from booting; an operation of placing the memory device in a limited function mode to limit the function of the memory device; an operation of preventing the memory device from providing a function; and an operation of performing a recovery process for the memory device.
4. In paragraph 1, A memory subsystem, wherein the above operations further include an operation to determine that the set of current system measurements matches the set of reference system measurements, and the operation to perform the action includes an operation to place the memory device in a normal function mode.
5. In paragraph 1, The above initial firmware image corresponds to the state of the memory subsystem at the time of manufacturing; The calculation of the set of current system measurements based on the above current firmware image is performed during the boot process of the memory subsystem.
6. In paragraph 1, The above operations further include an operation to receive a command to perform system measurement verification, and the comparison operation is performed in response to receiving the command, in a memory subsystem.
7. In paragraph 1, A memory subsystem comprising the above operations further including an operation to verify the measurement proof block before calculating a set of current system measurements based on a current firmware image corresponding to the memory device.
8. In Paragraph 7, A memory subsystem, wherein the above operations further include an operation to generate a digital signature based on the measurement proof block using a private key, and the operation to verify the measurement proof block includes an operation to verify the digital signature using a public key corresponding to the private key.
9. In paragraph 1, A memory subsystem in which the above measurement proof block further includes a security version, and the above operations further include an operation to verify the security version of the above measurement proof block.
10. In paragraph 1, A reference system measurement within the set of reference system measurements includes a first security hash associated with a part of the initial firmware image corresponding to a component of the memory subsystem; A memory subsystem in which a current system measurement within the set of current system measurements includes a second security hash associated with a portion of the current firmware image corresponding to the component of the memory subsystem.
11. As a method, A step of calculating a set of reference system measurements based on an initial firmware image of a memory subsystem including a memory device by a processing device; A step of storing the set of the above reference system measurements in the measurement proof block of the above memory subsystem; A step of calculating a set of current system measurements based on the current firmware image of the memory subsystem by the processing device; A step of performing a comparison between the set of current system measurements and the set of reference system measurements stored in the measurement proof block of the memory device by the processing device; and A method comprising the step of performing an action on a memory device based on the result of comparing a set of current system measurements and a set of reference system measurements stored in a measurement proof block of the memory device by the processing device.
12. In Paragraph 11, The above measurement proof block specifies the above action; and The above method is, A step of identifying conditions of inconsistency between the set of reference system measurements and the set of current system measurements based on the above comparison; A method further comprising the step of determining the action to be performed based on the measurement proof block in response to identifying the above discrepancy condition.
13. In Paragraph 12, A method comprising one of the steps of performing the above action: warning a host system of the above mismatch condition; logging the above mismatch condition in an error log; preventing the memory device from booting; placing the memory device in a limited function mode to limit the function of the memory device; preventing the memory device from providing a function; and performing a recovery process for the memory device.
14. In Paragraph 11, A method further comprising the step of determining that the set of current system measurements matches the set of reference system measurements, wherein the step of performing the action includes the step of placing the memory device in a normal function mode.
15. In Paragraph 11, The above initial firmware image corresponds to the state of the memory subsystem at the time of manufacturing; A method for calculating a set of current system measurements based on the current firmware image, which is performed during the boot process of the memory subsystem.
16. In Paragraph 11, A method further comprising the step of receiving a command to perform system measurement verification, wherein the step of performing the comparison responds to receiving the command.
17. In Paragraph 11, A method comprising the step of verifying the measurement proof block before performing the above comparison.
18. In Paragraph 17, A method further comprising the step of generating a digital signature based on the measurement proof block using a private key, wherein the step of verifying the measurement proof block includes the step of verifying the digital signature using a public key corresponding to the private key.
19. In Paragraph 11, The above measurement proof block further includes a security version, and the method further includes the step of verifying the security version of the above measurement proof block.
20. A computer-readable storage medium comprising instructions, wherein the instructions are configured such that when executed by a processing device, the processing device performs operations, and the operations are An operation to calculate a set of current system measurements based on a current firmware image corresponding to a memory subsystem including a memory device—wherein a current system measurement within the set of current system measurements includes a first hash associated with a part of the current firmware image corresponding to a component of the memory subsystem—; An operation of comparing the set of current system measurements with a set of reference system measurements stored in a measurement proof block of the memory subsystem—the set of reference system measurements is calculated based on an initial firmware image of a memory subsystem including a memory device, and the reference system measurements within the set of reference system measurements include a second hash associated with a part of the initial firmware image corresponding to the component of the memory subsystem—; An operation to identify discrepancy conditions based on the above comparison; An action to determine an action to be performed based on the above measurement proof block and based on the above discrepancy condition; and A computer-readable storage medium comprising an operation to perform the action on the memory device.

Description

Autonomous measurement verification of memory devices Priority application This application claims the benefit of priority to U.S. Provisional Application No. 63/537,058 filed September 7, 2023, the entirety of which is incorporated herein by reference. Technology field The embodiments of the present disclosure generally relate to memory subsystems, and more specifically, to autonomous measurement verification by a memory device. The memory subsystem may be a storage system such as a solid-state drive (SSD) and may include one or more memory components for storing data (also referred to herein as "memory devices"). The memory components may be, for example, non-volatile memory components and volatile memory components. Generally, a host system may use the memory subsystem to store data in memory components and to retrieve data from memory components. The present disclosure will be more fully understood from the specific details given below and the accompanying drawings of various embodiments of the present disclosure. FIG. 1 illustrates an exemplary computing environment including a memory subsystem according to some embodiments of the present disclosure. FIG. 2 is a data flow diagram illustrating interactions between components in a secure communication environment in carrying out an exemplary method for autonomous measurement verification in a memory device within a memory subsystem according to some embodiments of the present disclosure. FIG. 3 is a schematic diagram illustrating the structure of an exemplary measurement attestation block (MAB) according to exemplary embodiments. FIGS. 4 and 5 are flowcharts illustrating an exemplary method for autonomous measurement verification in a memory device within a memory subsystem according to some embodiments of the present disclosure. FIG. 6 is a block diagram of an exemplary computer system in which embodiments of the present disclosure can be operated. Aspects of the present disclosure relate to autonomous measurement verification in memory devices within a memory subsystem. The memory subsystem may be a storage device, a memory module, or a hybrid of a storage device and a memory module. Examples of storage devices and memory modules are described below in connection with FIG. 1. Generally, a host system may utilize a memory subsystem comprising one or more memory devices. The host system may provide data to be stored in the memory subsystem and request data to be retrieved from the memory subsystem. A memory subsystem controller typically receives commands or operations from the host system and converts the commands or operations into instructions or appropriate commands to achieve the required access to the memory components of the memory subsystem. To protect sensitive information stored by memory subsystems, Public Key Infrastructure (PKI) is typically used to cryptographically sign and verify the sensitive information. In this way, the ability to trust the source and detect unauthorized modifications can be derived. Exemplary uses of PKI include firmware signing and verification as well as the authorization of commands that could compromise the security of the memory subsystem. In certain embodiments, the public key of a public/private key pair (also referred to as "cryptographic keys") is provisioned to the memory subsystem by the original equipment manufacturer (OEM) before shipment to customers, while the corresponding public key is secured by a hardware security module (HSM) of a security system that is external to and independent of the memory subsystem (e.g., operating the OEM). Rivest-Shamir-Adleman (RSA) PKI operations enable encryption and decryption operations. Data encrypted by the public key can be decrypted only by the corresponding public key. Additionally, data can be digitally signed using the private key, and the corresponding public key can be used to verify the digital signature. The public key used to verify digital signatures is also referred to herein as the verification key. The verification key can be provisioned to the memory subsystem by the OEM and hardcoded into the memory subsystem's firmware. Typically, specific system metrics are calculated as part of the boot process and used to verify the state of the firmware loaded onto the memory subsystem during boot time. These system metrics are cryptographically linked to the product components they represent (e.g., hardware, firmware, or configuration). For example, firmware metrics include a security hash associated with the component they measure. These metrics are deterministic and can be used to verify the validity of the component used in generating the metrics at runtime. Existing industry standard protocols and architectures (e.g., SPDM/CMA) define mechanisms to verify memory device identity and metric information by establishing the device identity and then polling the device for these metrics. The metrics are signed by leaf elements of the memory device identity chain