[Cryptography] trojans in the firmware

John Gilmore gnu at toad.com
Mon Feb 23 22:12:16 EST 2015 

> Besides what others have already said, [encrypting] allows you (as in the
> devicemanufacturer or firmware vendor) to efficiently implement the
> "SECUREERASE" command.

That would be somewhat true on a disk drive, but not on a flash drive.

On a flash drive, the "Secure Erase" command is supposed to restore
the flash chips to their original performance, i.e. it's supposed to
actually erase all the write blocks, so that they can be efficiently
written without a slow erase cycle later.  This will take the same
amount of time, regardless of whether the data was encrypted or not.

Merely dumping the key leaves all the erase blocks full of data,
requiring that each one go through a slow erase cycle before each one
can be overwritten by new data.

The Secure Erase Extended command is also supposed to zeroize the
areas of the drive that might contain user data but which aren't
accessible via the normal read and write commands -- such as spare
sectors that may have had user data in the past, before or after an
error recovery sequence.  This is what distinguishes it from the
regular Erase command.

The UCSD Non-Volatile Systems Lab (a spinoff from their disk drive
research hotbed, the Center for Magnetic Recording Technology) tested
the Secure Erase features in a selection of SSD's, by writing
patterned data to every sector, then issuing Secure Erase, then
pulling out the drive and taking it apart and reading the flash chips
directly.  They didn't name the vendors, but they did find at least
one vendor whose "Secure Erase" command returned immediately without
an error, but didn't actually erase ANYTHING.  And many which only did
partial erasures, leaving the data patterns visible in some parts of
the flash chips.  See:

  http://nvsl.ucsd.edu/index.php?path=projects/sanitize

The paper below, from USENIX 2013, describes some of the challenges
involved in the bizarre internal write performance of modern flash
chips (which Secure Erase is supposed to re-initialize):

  http://cseweb.ucsd.edu/users/swanson/papers/USENIX2013Tortoise.pdf

	John

More information about the cryptography mailing list