In a 5G world, fast and secure connectivity is important. The JEDEC Universal Flash Storage (UFS) version 4.0 helps to ensure this is possible in our everyday devices. As an added security element, a Replay Protected Memory Block (RPMB) is included in UFS devices as a means to store encrypted data securely, only accessible by authentication.
The RPMB stores information in an authenticated and replay-protected manner and the process can only be performed after the authentication key has been programmed. UFS devices have RPMB logical units which contain multiple RPMB regions; each region has its own unique authentication key. This authentication key helps to access RPMB regions when the Message Authentication Code (MAC) is calculated by taking the key as input along with Message (Data) using the HMAC SHA- 256 algorithm. In this blog, we will discuss how the authentication programming flow of Advanced RPMB is more efficient than prior versions.
A review of the old RPMB process
Performing the authentication key programming in RPMB requires sending a request followed by a result read request. The response for the authentication key programming will then be received as a result read response.
Old versions of RPMB require many commands to be transmitted to program the authentication key that is used for the MAC calculation, then the RPMB fields are transmitted into the DATA block for each command. As a reminder, the steps involved in the legacy RPMB process are as follows:
To eliminate the many steps involved in the old RPMB process, UFS 4.0 is equipped with Advanced RPMB, a simple efficient flow utilizing Extra Header Segment (EHS) fields in Command and Response UPIU.
Why should I use Advanced RPMB instead?
In Advanced RPMB, authentication key programming is done with a single Security Protocol Out command and the help of the EHS field.
UFS 4.0 has a new EHS feature which has been added for Advanced RPMB and Vendor specific usage. Let’s see how the transaction UPIU incorporates EHS to convey the RPMB fields.
In the EHS header, the Host needs to specify the EHS type as 01h for accessing Advanced RPMB and EHS length as 02h for sending Advanced RPMB fields in the transaction UPIU itself. In the Advanced RPMB flow, we just need to perform the following steps to achieve the authentication key programming:
The release of UFS 4.0 provides access to this enhanced Advanced RPMB process allowing for an efficient, simple, fast flow of authentication programming versus the old RPMB process.
Synopsys has been a key contributor to the JEDEC specification and continues to provide the industry’s first verification solutions including Synopsys Verification IP for UFS and Test Suite. Synopsys Verification IP for JEDEC UFS provides a comprehensive set of protocol, methodology, verification, and productivity features, enabling users to achieve rapid verification of UFS links operating in high speed and low speed modes.
Running realistic system-level payloads on UFS designs require a faster hardware-based pre-silicon solution. Synopsys Virtual System Adaptors and Transactors based on Synopsys IP enable fast verification hardware solutions including Synopsys ZeBu® emulation systems and Synopsys HAPS® prototyping systems for validation use cases.
Synopsys protocol verification solutions are natively integrated with the Synopsys Verification Family of products including Synopsys Verdi® debugger and regression management and automation with Synopsys VC Execution Manager.
To learn more about Synopsys verification solutions, please visit us at: www.synopsys.com/vip