Ensuring integrity and secure erasure of important security parameters

Abstract

This application relates to ensuring integrity and secure erasure of important security parameters. A processing device sets a first flag indicating whether a first important security parameter (CSP) file exists. The first CSP file contains a first set of CSPs for a memory device. The processing device sets a second flag indicating whether the first CSP file is valid. The processing device sets a third flag indicating whether a second CSP file exists. The second CSP file contains a second set of CSPs for the memory device. The processing device sets a fourth flag indicating whether the second important security parameter file is valid. The processing device selects one of the first or second CSP files as an active CSP file based on evaluation of the first, second, third, and fourth flags.

Description

Technical Field

[0001] Embodiments of this disclosure generally relate to memory subsystems, and more specifically, to ensuring the integrity and secure erasure of critical security parameters in memory subsystems. Background Technology

[0002] The memory subsystem may include one or more memory devices for storing data. Memory components may be, for example, non-volatile memory devices and volatile memory devices. Typically, a host system may utilize the memory subsystem to store data at the memory devices and retrieve data from the memory devices. Summary of the Invention

[0003] One aspect of this disclosure provides a system comprising: a memory device; and a processing device coupled to the memory device, the processing device being configured to perform operations including: setting a first flag indicating the existence of a first important security parameter file, the first important security parameter file including a first set of important security parameters of the memory device; setting a second flag indicating whether the first important security parameter file is valid; setting a third flag indicating the existence of a second important security parameter file, the second important security parameter file including a second set of important security parameters of the memory device; setting a fourth flag indicating whether the second important security parameter file is valid; and selecting one of the first or second important security parameter files as the active important security parameter file based on an evaluation of the first, second, third, and fourth flags.

[0004] Another aspect of this disclosure provides a method comprising: setting a first flag by a processing device to indicate the existence of a first important security parameter file, the first important security parameter file including a first set of important security parameters of a memory device; setting a second flag by the processing device to indicate whether the first important security parameter file is valid; setting a third flag by the processing device to indicate the existence of a second important security parameter file, the second important security parameter file including a second set of important security parameters of the memory device; setting a fourth flag by the processing device to indicate whether the second important security parameter file is valid; and selecting one of the first or second important security parameter files as the active important security parameter file by the processing device based on an evaluation of the first, second, third, and fourth flags.

[0005] Another aspect of this disclosure provides a computer-readable storage medium including instructions that, when executed by a processing device, configure the processing device to perform operations including: setting a first flag indicating the existence of a first important security parameter file, the first important security parameter file including a first set of important security parameters of a memory device; setting a second flag indicating whether the first important security parameter file is valid; setting a third flag indicating the existence of a second important security parameter file, the second important security parameter file including a second set of important security parameters of the memory device; setting a fourth flag indicating whether the second important security parameter file is valid; and selecting one of the first or second important security parameter files as the active important security parameter file based on an evaluation of the first, second, third, and fourth flags.

[0006] Another aspect of this disclosure provides a system comprising: a memory device; and a processing means coupled to the memory device, the processing means being configured to perform operations including: preparing a buffer using critical security parameter update data for updating one or more critical security parameters of the memory device; calculating a hash based on the critical security parameter update data; writing the hash to the buffer; writing the buffer to an inactive critical security parameter file; and erasing an active critical security parameter file based on successful writing of the buffer to the inactive critical security parameter file.

[0007] Another aspect of this disclosure provides a method comprising: preparing a buffer by a processing device using critical security parameter update data for updating one or more critical security parameters of a memory device; calculating a hash by the processing device based on the critical security parameter update data; writing the hash to the buffer by the processing device; writing the buffer to an inactive critical security parameter file by the processing device; erasing an active critical security parameter file by the processing device based on the successful writing of the buffer to the inactive critical security parameter file; and providing a success status based on the successful erasure of the active critical security parameter file.

[0008] Another aspect of this disclosure provides a computer-readable storage medium including instructions that, when executed by a processing device, configure the processing device to perform operations including: preparing a buffer using critical security parameter update data for updating one or more critical security parameters of a memory device; calculating a hash based on the critical security parameter update data; writing the hash to the buffer; writing the buffer to an inactive critical security parameter file; erasing an active critical security parameter file based on successful writing of the buffer to the inactive critical security parameter file; and providing an error status based on unsuccessful erasure of the active critical security parameter file. Attached Figure Description

[0009] This disclosure will be more fully understood from the detailed description given below and the accompanying drawings of various embodiments thereof.

[0010] Figure 1 This describes an instance computing environment including a memory subsystem according to some embodiments of the present disclosure.

[0011] Figure 2 This is a data structure diagram illustrating an example file structure for protecting important security parameters according to some embodiments of this disclosure.

[0012] Figure 3 and 4 This is a flowchart illustrating an example method for protecting critical security parameters during the initialization of a memory subsystem according to some embodiments of the present disclosure.

[0013] Figure 5 This is a flowchart illustrating an example method for updating critical security parameters in a memory subsystem according to some embodiments of the present disclosure.

[0014] Figure 6 This is a block diagram of an example computer system in which embodiments of this disclosure may be operated. Detailed Implementation

[0015] This disclosure relates to a security capsule for accessing restricted features of a memory device in a memory subsystem. The memory subsystem may be a storage device, a memory module, or a mixture of both. The following is combined with… Figure 1 Describe examples of storage devices and memory modules. Typically, a host system may utilize a memory subsystem, which includes one or more components, such as a memory device for storing data. The host system can provide data to be stored in the memory subsystem and can request to retrieve data from the memory subsystem.

[0016] Memory devices can be non-volatile memory devices. An example of a non-volatile memory device is a NAND flash memory device. (The following text is in conjunction with...) Figure 1 Other examples of non-volatile memory devices are described. Some memory devices, such as NAND memory devices, contain arrays of memory cells (e.g., flash cells) for storing data. Each cell contains a transistor, and within each cell, data is stored as a threshold voltage of the transistor based on the cell's logic value (e.g., 0 or 1). Memory cells in these devices may be grouped into pages, which may refer to the logic cells of the memory device used to store data. For example, memory cells in a NAND memory device are horizontally connected to word lines at their control gates to form pages. For some types of memory devices (e.g., NAND), pages are grouped to form blocks (also referred to herein as "memory blocks").

[0017] Data operations can be performed by the memory subsystem. These data operations can be host-initiated operations. For example, the host system can initiate data operations (e.g., write, read, erase, etc.) targeting the memory subsystem. The host system can send access requests (e.g., write commands, read commands) to the memory subsystem to store data on a memory device located in the memory subsystem and to read data from a memory device located in the memory subsystem.

[0018] The storage subsystem can store confidential, proprietary, or other sensitive information that should only be accessed by specially authorized users. For example, critical security parameters (CSPs) such as cryptographic keys are used to protect sensitive information stored by the storage subsystem. Public key infrastructure (PKI), for instance, is often used to cryptographically sign and verify sensitive information to gain source trust and detect unauthorized modifications.

[0019] When a CSP is to be erased or randomized, a cryptographic erasure process is used. During the cryptographic erasure process, numerous considerations exist to ensure the integrity and security of the CSP. For example, it must be ensured that any copies of the key are completely and irrevocably removed when cryptographic erasure is performed on the key. Furthermore, the cryptographic erasure technique should be capable of an unlimited number of cleanup cycles and should be able to prove that all CSPs have been completely removed while ensuring a high degree of integrity of the CSP. Care must be taken when erasing the CSP to ensure that any power outage does not result in data loss.

[0020] This disclosure relates to a memory subsystem that performs a password erasure process that addresses the above and other considerations regarding the integrity and security of the CSP. In an instance memory subsystem, the CSP, such as a data encryption key (DEK) used to encrypt data stored on memory media and credentials used to authenticate users and administrators, is stored in a persistent storage device (e.g., a persistent NAND device). A file manager (e.g., a file system archive (FSA)) of the memory subsystem stores duplicate copies of the CSP across multiple memory devices to provide redundancy and fault protection in the event of failure of one or more parts of the device. The file manager stores multiple copies of the CSP to provide redundancy. The CSP is securely erased by performing a block erasure function on the memory block (e.g., a NAND block) where the CSP is stored. The erasure process does not return a successful completion indication until the erasure has been successfully performed.

[0021] The memory subsystem can cryptographically erase an entire memory device, a specific namespace, or a specific range, while carefully erasing only the affected keys and preserving the integrity of other CSPs. If the erase command fails, the response depends on the method used to invoke the erase function. Typically, the memory subsystem may retry the operation, but in all cases, the memory subsystem assumes that the keys still exist and the cleanup command has been aborted.

[0022] When performing password erasure, the storage subsystem ensures that any and all copies of the CSP are erased. In the file manager, all backup copies of the CSP must be successfully erased for the erasure operation to succeed. If any erasure operation fails, the erasure of the CSP cannot be guaranteed, and the storage subsystem returns an error. If the password erasure process fails, a failure status is returned to the host, allowing the host to handle the issue at its discretion.

[0023] For example, the loss of certain CSPs, such as DEKs, can lead to the loss of a large amount of data protected by the CSP. Therefore, to prevent CSPs from being damaged or corrupted during updates due to power failures or other system malfunctions, a security manager is included in the storage subsystem to ensure the security and integrity of these CSPs and prevent data loss. For instance, to guarantee the integrity of the CSP during updates, the security manager uses two files to store the CSP, but only a single file is active at any given time. Updates are written to the second file, while the first file remains unchanged, ensuring that the valid file is available even if a power failure or other serious error occurs during the update process. After successfully storing the second file, the security manager erases the first file and sets the second file as the active file. Importantly, the update process is atomic: the update either succeeds or fails and the original data is preserved. In this way, at any time a single CSP is changed, all protected keys and credentials are fully updated.

[0024] The security manager of the memory subsystem is also responsible for protecting the CSP during system initialization. For example, during system initialization (e.g., upon power-on), in the event of a potential error, the security manager determines which of two files to use. The security manager determines whether both files exist and whether both files are valid. The security manager evaluates which file to use based at least on the existence and validity of each file. Based on the evaluation, the security manager selects one file and erases the other.

[0025] By utilizing the instance storage subsystem described herein, the integrity and security of the CSP are ensured during the password erasure process. Furthermore, in some embodiments, the techniques described herein can be implemented without requiring specific hardware to support integrity and security.

[0026] Figure 1 This description describes an example computing system 100 including a memory subsystem 110 according to some embodiments of the present disclosure. The memory subsystem 110 may include media, such as one or more volatile memory devices (e.g., memory device 140), one or more non-volatile memory devices (e.g., memory device 130), or a combination of such devices.

[0027] The memory subsystem 110 may be a storage device, a memory module, or a combination of a storage device and a memory module. Examples of storage devices include solid-state drives (SSDs), flash drives, universal serial bus (USB) flash drives, embedded multimedia controller (eMMC) drives, universal flash memory (UFS) drives, secure digital cards (SD cards), and hard disk drives (HDDs). Examples of memory modules include dual in-line memory modules (DIMMs), small form factor DIMMs (SO-DIMMs), and various types of non-volatile dual in-line memory modules (NVDIMMs).

[0028] The computing system 100 may be a computing device, such as a desktop computer, laptop computer, web server, mobile device, vehicle (e.g., airplane, drone, train, car or other means of transport), device with Internet of Things (IoT) capabilities, embedded computer (e.g., embedded computer contained in a vehicle, industrial equipment or networked commercial device), or such computing device containing memory and processing devices.

[0029] The computing system 100 may include multiple host systems coupled to one or more memory subsystems 110. In some embodiments, the host system 120 is coupled to different types of memory subsystems 110. Figure 1This describes an example host system 120 coupled to a memory subsystem 110. As used herein, “coupled to” or “coupled with” generally refers to a connection between components, which can be an indirect communication connection or a direct communication connection (e.g., without an intermediary component), whether wired or wireless, including connections such as electrical connections, optical connections, magnetic connections, etc.

[0030] Host system 120 may include a processor chipset and a software stack executed by the processor chipset. The processor chipset may include one or more cores, one or more caches, a memory controller (e.g., an NVDIMM controller), and a storage protocol controller (e.g., a Peripheral Component Interconnect (PCIe) controller, a Serial Advanced Technology Attachment (SATA) controller). Host system 120 uses memory subsystem 110 to, for example, write data to and read data from memory subsystem 110.

[0031] Host system 120 can be coupled to memory subsystem 110 via a host interface. Examples of host interfaces include, but are not limited to, SATA interfaces, PCIe interfaces, USB interfaces, Fibre Channel, Serial Attached SCSI (SAS), Small Computer System Interface (SCSI), Dual Data Rate (DDR) memory bus, DIMM interfaces (such as DIMM sockets supporting Dual Data Rate (DDR), Open NAND Flash Interface (ONFI), Dual Data Rate (DDR), Low Power Dual Data Rate (LPDDR), or any other interface). The host interface can be used to transfer data between host system 120 and memory subsystem 110. When memory subsystem 110 is coupled to host system 120 via a PCIe interface, host system 120 can also utilize an NVM High Speed ​​(NVMe) interface to access components (e.g., memory device 130). The host interface provides an interface for transferring control, address, data, and other signals between memory subsystem 110 and host system 120. Figure 1 The memory subsystem 110 is described as an example. Generally, the host system 120 can access multiple memory subsystems via the same communication connection, multiple separate communication connections, and / or a combination of communication connections.

[0032] Memory devices 130 and 140 may comprise any combination of different types of non-volatile memory devices and / or volatile memory devices. Volatile memory devices (e.g., memory device 140) may be, but are not limited to, random access memory (RAM), such as dynamic random access memory (DRAM) and synchronous dynamic random access memory (SDRAM).

[0033] Some examples of non-volatile memory devices (e.g., memory device 130) include NAND-type flash memory and in-place write memory, such as three-dimensional (3D) crosspoint memory devices, which are crosspoint arrays of non-volatile memory cells. Crosspoint arrays of non-volatile memory can perform bit storage based on changes in volume resistance in conjunction with stackable cross-grid data access arrays. Furthermore, compared to many flash-based memories, crosspoint non-volatile memory can perform in-place write operations, where non-volatile memory cells can be programmed without pre-erasing them. NAND-type flash memory includes, for example, two-dimensional NAND (2D NAND) and 3D NAND.

[0034] Each of the memory devices 130 may include one or more arrays of memory cells. One type of memory cell, such as a single-level cell (SLC), may store one bit per cell. Other types of memory cells, such as multi-level cell (MLC), three-level cell (TLC), four-level cell (QLC), and five-level cell (PLC), may store multiple bits per cell. In some embodiments, each of the memory devices 130 may include one or more arrays of memory cells, such as SLC, MLC, TLC, QLC, or any combination thereof. In some embodiments, a particular memory device may include an SLC portion of memory cells, as well as an MLC portion, a TLC portion, a QLC portion, or a PLC portion. The memory cells of the memory device 130 may be grouped into pages, which may refer to logical cells of the memory device used to store data. For example, memory cells in a NAND memory device are horizontally connected to word lines at their control gates to form pages. For some types of memory (e.g., NAND), pages may be grouped to form blocks. In addition, word lines within a memory device can be organized into multiple word line groups, each containing one or more word lines, but each word line group contains fewer word lines than a block contains.

[0035] While a non-volatile memory assembly, such as a NAND flash memory (e.g., 2D NAND, 3D NAND) and a 3D cross-point array of non-volatile memory cells, is described, the memory device 130 may be based on any other type of non-volatile memory, such as read-only memory (ROM), phase-change memory (PCM), select memory, other chalcogenide-based memories, ferroelectric transistor random access memory (FeTRAM), ferroelectric random access memory (FeRAM), magnetic random access memory (MRAM), spin-transfer torque (STT)-MRAM, conductive bridged RAM (CBRAM), resistive random access memory (RRAM), oxide-based RRAM (OxRAM), NOR flash memory, and electrically erasable programmable read-only memory (EEPROM).

[0036] The memory subsystem controller 115 (or, for simplicity, controller 115) can communicate with the memory device 130 to perform operations, such as reading data, writing data, or erasing data at the memory device 130, and other such operations. The memory subsystem controller 115 may include hardware, such as one or more integrated circuits and / or discrete components, buffer memories, or combinations thereof. The hardware may include a digital circuit system with dedicated (i.e., hard-decoded) logic to perform the operations described herein. The memory subsystem controller 115 may be a microcontroller, a dedicated logic circuit system (e.g., a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), etc.), or other suitable processor.

[0037] The memory subsystem controller 115 may include a processor 117 (processing device) configured to execute instructions stored in local memory 119. In the illustrated example, the local memory 119 of the memory subsystem controller 115 includes embedded memory configured to store instructions for performing various processes, operations, logic flows, and routines for controlling the operation of the memory subsystem 110 (including handling communication between the memory subsystem 110 and the host system 120).

[0038] In some embodiments, local memory 119 may include memory registers storing memory pointers, retrieved data, etc. Local memory 119 may also include ROM for storing microcode. Although... Figure 1 The instance memory subsystem 110 is described as including a memory subsystem controller 115, but in another embodiment of this disclosure, the memory subsystem 110 does not include a memory subsystem controller 115 and may instead rely on external control (e.g., provided by an external host or by a processor or controller separate from the memory subsystem).

[0039] Generally, the memory subsystem controller 115 can receive commands or operations from the host system 120 and can translate these commands or operations into instructions or appropriate commands to enable desired access to memory devices 130 and / or 140. The memory subsystem controller 115 may handle other operations such as wear leveling, unused cell collection, error detection and ECC operations, encryption, caching, and address translation between logical addresses (e.g., logical block addresses, namespaces) and physical addresses (e.g., physical block addresses) associated with memory device 130. The memory subsystem controller 115 may also include a host interface circuitry for communicating with the host system 120 via a physical host interface. The host interface circuitry can translate commands received from the host system 120 into command instructions to access memory devices 130 and / or 140, and translate responses associated with memory devices 130 and / or 140 into information for the host system 120.

[0040] In some embodiments, the memory device 130 includes a local media controller 135 that operates in conjunction with the memory subsystem controller 115 to perform operations on one or more memory cells of the memory device 130.

[0041] Memory subsystem 110 also includes file manager 111. File manager 111 stores duplicate copies of the CSP across memory devices 130 and 140 to provide redundancy and fault protection in the event of failure of one or more parts of the device.

[0042] The storage subsystem 110 also includes a security manager 113 responsible for ensuring the security and integrity of the CSP. The security manager 113 prevents the CSP from being corrupted or malfunctioning during updates due to power failures or other system failures. For example, to ensure the integrity of the CSP during updates, the security manager uses two files to store the CSP, but only one file is active at any given time. See below for further details. Figure 2 This describes an instance of a file used to store CSP updates (also known as a "CSP file"). Updates are written to the second file while the first file remains unchanged to ensure that a valid file is available even in the event of a power failure or other critical error during the update process. After successfully storing the second file, the security manager erases the first file and sets the second file as the active file. Further details regarding CSP file updates are provided below. Figure 5 This will be discussed.

[0043] Security Manager 113 is also responsible for protecting the CSP during system initialization. For example, during system initialization (e.g., upon power-on), in the event of a potential error, Security Manager 113 determines which of two files to use. Security Manager 113 evaluates which file to use based at least on the existence and validity of each file, selects one file based on the evaluation, and erases the other file. See below for further details. Figure 3 and 4 Further details are discussed regarding methods for protecting the CSP during system initialization.

[0044] In some embodiments, the memory subsystem controller 115 includes at least a portion of the security manager 113. For example, the memory subsystem controller 115 may include a processor 117 (processing means) configured to execute instructions stored in local memory 119 for performing the operations described herein. In some embodiments, at least a portion of the security manager 113 is a part of the host system 120, an application, or an operating system.

[0045] Figure 2 This is a data structure diagram illustrating an example file 200 for protecting important security parameters according to some embodiments of the present disclosure. As shown, file 200 includes a serial number 202, a file name 204, a file size 206, a firmware security version 208, a CSP 210, and a hash 212.

[0046] Serial number 202 is a monotonically increasing counter. Serial number 202 is initialized to zero when the memory device (e.g., memory device 130 or 140) is out of manufacturing state, and increments whenever file 200 is updated.

[0047] Filename 204 contains an identifier for file 200, which can be used to easily identify file 200 during development and debugging. For example, filename 204 could be a UTF-8 encoded filename terminated with an empty string.

[0048] File size 206 indicates the file size of file 200, which contains all fields of file 200. Firmware security version 208 is a security version of file 200, which is used to determine whether file 200 is valid and to qualify the format of file 200.

[0049] CSP 210 contains the keys and credentials to be protected. All keys and credentials contained in CSP 210 are encrypted to provide confidentiality, but no further restrictions are imposed on CSP 210.

[0050] Hash 212 contains a hash of the entire file 200 to determine the integrity of file 200. In some embodiments, SHA-256 is used to generate hash 212 based on file 200.

[0051] As noted above, the security manager 113 maintains two files to ensure the security and integrity of the CSP. That is, two instances of file 200 are maintained to ensure the security and integrity of the CSP. During system initialization, the security manager 113 selects one of these files as the active file. Therefore, Figure 3 and 4 This is a flowchart illustrating an example method 300 for selecting an active CSP file during memory subsystem initialization according to some embodiments of the present disclosure. Method 300 may be executed by processing logic, which may include hardware (e.g., processing device, circuitry, dedicated logic, programmable logic, microcode, device hardware, integrated circuits, etc.), software (e.g., instructions that run or execute on the processing device), or a combination thereof. In some embodiments, method 300 is performed by… Figure 1 The security manager 113 executes. Although the processes are shown in a specific order or sequence, the order of the processes may be modified unless otherwise specified. Therefore, the illustrated embodiments should be understood as examples only, and the illustrated processes may be executed in different orders, and some processes may be executed in parallel. In addition, one or more processes may be omitted in various embodiments. Therefore, not all processes are required in every embodiment. Other process flows are also possible.

[0052] At operation 305, the processing device initializes a set of flags associated with one or more CSPs. The set of flags includes: a first flag indicating whether a first CSP file exists (“File A exists”); a second flag indicating whether the first CSP file is valid (“File A is valid”); a third flag indicating whether a second CSP file exists (“File B exists”); and a fourth flag indicating whether the second CSP file is valid (“File B is valid”). When initializing the set of flags, the processing device sets each flag to false.

[0053] The processing device performs a read operation on the first CSP file (see operation 310). If the read operation returns a read error, method 300 proceeds to operation 345, where the processing device marks the read error. While marking the read error, the processing device may provide an indication of the read error to the host system. If the read operation performed at operation 310 is successful (e.g., no read error returned), method 300 proceeds to operation 315, where the processing device sets a first flag to true ("File A exists = true") to indicate that the first CSP file exists. Therefore, whether the first flag is set to true or false depends on the result of the read operation on the first CSP file.

[0054] At operation 320, the processing device determines whether the first CSP file has been erased. If the processing device determines that the first CSP file has been erased, method 300 proceeds to operation 350, in which the processing device performs a read operation on the second CSP file.

[0055] If the processing device determines that the first CSP file has not been erased, method 300 proceeds to operation 325, where the processing device determines whether the firmware security version (e.g., firmware security version 208) of the first CSP file is valid. If the processing device determines that the firmware security version is invalid, the method proceeds to operation 350.

[0056] If the processing device determines that the firmware security version is valid, method 300 proceeds to operation 330, where the processing device calculates a first hash based on the first CSP file. More specifically, the processing device calculates the first hash based on the following portions of the first CSP file: the serial number (e.g., serial number 202), file name (e.g., file name 204), file size (e.g., file size 206), firmware security version, and important security parameters contained in the first CSP file. According to some embodiments, the processing device may use one of several known hash algorithms (e.g., SHA-256) to calculate the first hash. At operation 335, the processing device determines whether the first hash is valid based on the result of a comparison between the first hash and a hash contained in the first CSP file (e.g., hash 212). That is, the processing device compares the first hash with the hash in the first CSP file, and if the two hashes are the same, the first hash is valid. If the processing device determines that the first hash is valid, at operation 340, the processing device sets a second flag to true ("File A valid = true") to indicate that the first CSP file is valid.

[0057] If the processing device determines at operation 335 that the first hash is invalid, method 300 proceeds to operation 350. As noted above, at operation 350, the processing device performs a read operation on the second CSP file. If the read operation returns a read error, method 300 proceeds to operation 385, where the processing device marks the read error. When marking the read error, the processing device may provide an indication of the read error to the host system. If the read operation performed at operation 350 is successful (e.g., no read error returned), method 300 proceeds to operation 355, where the processing device sets a third flag to true ("File B exists = true") to indicate that the second CSP file exists.

[0058] At operation 360, the processing device determines whether the second CSP file has been erased. If the processing device determines that the second CSP file has been erased, method 300 proceeds to operation 390, in which the processing device accesses the evaluation table.

[0059] If the processing device determines that the second CSP file has not been erased, method 300 proceeds to operation 365, where the processing device determines whether the firmware security version (e.g., firmware security version 208) of the second CSP file is valid. If the processing device determines that the firmware security version is invalid, the method proceeds to operation 390.

[0060] If the processing device determines that the firmware security version is valid, method 300 proceeds to operation 370, whereby the processing device calculates a second hash based on the second CSP file in the manner described above with reference to the first CSP file. At operation 375, the processing device determines whether the second hash is valid by comparing it with a hash contained in the second CSP file (e.g., hash 212). If the processing device determines that the second hash is valid, then at operation 380, the processing device sets a fourth flag to true (“File B valid = true”) to indicate that the second CSP file is valid.

[0061] If the processing device determines that the second hash is invalid, method 300 proceeds to operation 390. As mentioned above, at operation 390, the processing device determines which of the CSP files should be set as the active CSP file. In some embodiments, the processing device may access an evaluation table to determine which CSP file to use (if it exists) based on the set of tags. An example evaluation table is shown below.

[0062]

[0063]

[0064] Table 1. Evaluation Form

[0065] According to the example evaluation table presented above, if the set of flags is set to true, the processing device performs further evaluation of the CSP file. That is, if both the first and second CSP files exist and are valid, the processing device performs further evaluation.

[0066] like Figure 4 As shown, in some embodiments, method 300 may include operations 401-414. According to these embodiments, at least a portion of operations 401-414 may be performed as part of operation 390, wherein the processing device determines which CSP files are set as active CSP files. Furthermore, according to some embodiments, operations 403-409 correspond to the further evaluation mentioned above in the instance evaluation table. That is, the processing device may perform operations 403-409 based on the results of evaluating the set of tags using the evaluation table.

[0067] At operation 401, the processing device determines whether both the first and second CSP files are valid. If both CSP files are valid, method 300 proceeds to operation 402, where the processing device determines whether the serial number in the second CSP file sequence (e.g., serial number 202) is greater than the serial number in the first CSP file. If the serial number of the second CSP file is greater than the serial number of the first CSP file, the processing device sets the second CSP file as active (operation 403) and erases the first CSP file (operation 404). The processing device can erase the first CSP file by providing or executing a block erase command (e.g., a NAND block erase command) pointing to a block in the memory device storing the first CSP file. If the serial number of the second CSP file is less than or equal to the serial number of the first CSP file, the processing device sets the first CSP file as active (operation 405) and erases the second CSP file (operation 406). The processing device can erase the second CSP file by providing or executing a block erase command pointing to a block in the memory device storing the first CSP file.

[0068] If, at operation 401, the processing device determines that at least one of the CSP files is invalid, method 300 proceeds to operation 407, whereby the processing device determines whether the first CSP file is valid. If the first CSP file is valid, the processing device sets the first CSP file as active (operation 408) and erases the second CSP file (operation 409). If the first CSP file is invalid, the processing device sets the second CSP file as active (operation 410) and erases the first CSP file (operation 411). As noted above, the processing device can erase the CSP file by providing or executing a block erase command pointing to the block storing the CSP file.

[0069] At operation 412, performed after one of operations 404, 406, 409, or 411, the processing device determines whether the erasure performed at operations 404, 406, 409, or 411 was successful. That is, the processing device determines whether the first or second CSP file has been successfully erased. If the erasure is successful, at operation 413, the processing device returns to a success status. If the erasure is unsuccessful, at operation 414, the processing device marks an erasure error (e.g., sets a flag indicating an erasure error). When marking an erasure error, the processing device may provide an indication of the erasure error to the host system.

[0070] Figure 5This is a flowchart illustrating an example method 500 for updating a CSP in a memory subsystem according to some embodiments of the present disclosure. Method 500 may be executed by processing logic, which may include hardware (e.g., processing device, circuitry, dedicated logic, programmable logic, microcode, device hardware, integrated circuits, etc.), software (e.g., instructions that run or execute on the processing device), or a combination thereof. In some embodiments, method 500 is performed by… Figure 1 The security manager 113 executes. Although the processes are shown in a specific order or sequence, the order of the processes may be modified unless otherwise specified. Therefore, the illustrated embodiments should be understood as examples only, and the illustrated processes may be executed in different orders, and some processes may be executed in parallel. In addition, one or more processes may be omitted in various embodiments. Therefore, not all processes are required in every embodiment. Other process flows are also possible.

[0071] At operation 505, the processing device prepares a buffer using CSP update data. The CSP update data is used to update one or more CSPs of the memory device (e.g., memory device 130). The CSP update data includes a serial number (e.g., serial number 202), a file size (e.g., file size 206), a firmware security version (e.g., firmware security version 208), and one or more CSPs (e.g., CSP 210). The processing device prepares the buffer by incrementing the serial number, setting the file size, setting the firmware security version, and writing one or more CSPs (e.g., CSP 210).

[0072] Subsequently, at operation 510, the processing device calculates a hash based on the CSP update data (serial number, file size, firmware security version, and one or more CSPs) and writes the hash to a buffer. The processing device may use one of several known hash algorithms (e.g., SHA-256) to calculate the hash.

[0073] At operation 515, the processing device writes the buffer to the inactive CSP file. If writing the buffer to the inactive CSP file is unsuccessful, at operation 520, the processing device returns an error status to the host system (e.g., host system 120).

[0074] If the buffer is successfully written to the inactive CSP, the processing device erases the active CSP file at operation 530. If erasing the active CSP file is unsuccessful, the processing device returns an error status to the host system at operation 535. If erasure is successful, the processing device returns a success status at operation 540.

[0075] It should be understood that Method 500 for updating a CSP is atomic: the update either succeeds or fails and the original data is preserved. This means that at any time a single CSP is changed, all protected keys and credentials are fully updated.

[0076] In view of the above disclosure, various examples are described below. It should be noted that one or more features of an example used independently or in combination should be considered as being within the disclosure of this application.

[0077] Example 1: A system includes a memory device and a processing device coupled to the memory device, the processing device being configured to perform operations including: setting a first flag indicating the existence of a first important security parameter file, the first important security parameter file containing a first set of important security parameters of the memory device; setting a second flag indicating whether the first important security parameter file is valid; setting a third flag indicating the existence of a second important security parameter file, the second important security parameter file containing a second set of important security parameters of the memory device; setting a fourth flag indicating whether the second important security parameter file is valid; and selecting one of the first or second important security parameter files as the active important security parameter file based on an evaluation of the first, second, third, and fourth flags.

[0078] Example 2 includes the system of Example 1, wherein the operation further includes: performing a first read operation on the first important security parameter file, wherein the setting of the first tag is based on the result of the first read operation; and performing a second read operation on the second important security parameter file, wherein the setting of the third tag is based on the result of the second read operation.

[0079] Example 3 includes a system comprising any one or more of Examples 1 or 2, wherein the operation further comprises: determining whether the first important security parameter file has been erased, the setting of the second marker being partially based on whether the first important security parameter file has been erased; and determining whether the second important security parameter file has been erased, the setting of the fourth marker being partially based on whether the second important security parameter file has been erased.

[0080] Example 4 includes a system comprising any one or more of Examples 1-3, wherein the first important security parameter file contains a first firmware security version, the second important security parameter file contains a second firmware security version, and the operation further comprises: determining whether the first firmware security version is valid, wherein the setting of the second marker is partially based on whether the first firmware security version is valid; and determining whether the second firmware security version is valid, wherein the setting of the fourth marker is partially based on whether the second firmware security version is valid.

[0081] Example 5 includes a system comprising any one or more of Examples 1-4, wherein the first important security parameter file contains a first hash, the second important security parameter file contains a second hash, and the operation further comprises: calculating a third hash based on the first important security parameter file, setting the second tag in part based on a comparison of the third hash and the first hash; and calculating a fourth hash based on the second important security parameter file, setting the fourth tag in part based on a comparison of the fourth hash and the second hash.

[0082] Example 6 includes a system comprising any one or more of Examples 1-5, wherein the operation further comprises: evaluating the first, second, third, and fourth markers using an evaluation table.

[0083] Example 7 includes a system comprising any one or more of Examples 1-6, wherein the first important security parameter file contains a first serial number, the second important security parameter file contains a second serial number, and the operation further comprises: evaluating the first and second serial numbers based on the results of evaluating the first, second, third, and fourth markers using the evaluation table, and selecting the active important security parameter file based on the results of evaluating the first and second serial numbers.

[0084] Example 8 includes a system of any one or more of Examples 1-7, wherein evaluating the first and second serial numbers includes: determining whether the second serial number is greater than the first serial number.

[0085] Example 9 includes a system comprising any one or more of Examples 1-8, wherein selecting one of the first or second important security parameter files as the active important security parameter file comprises selecting the second important security parameter file as the active important security parameter file based on determining that the second serial number is greater than the first serial number.

[0086] Example 10 includes a system comprising any one or more of Examples 1-9, wherein the operation further comprises: erasing the first critical security parameter file.

[0087] Example 11 includes a system comprising any one or more of Examples 1-10, wherein selecting one of the first or second important security parameter files as the active important security parameter file comprises selecting the first important security parameter file as the active important security parameter file based on determining that the second serial number is not greater than the first serial number.

[0088] Example 12 includes a system comprising any one or more of Examples 1-11, wherein the operation further comprises: erasing the second important security parameter file.

[0089] Example 13 is a method comprising: setting a first flag by a processing device to indicate the existence of a first important security parameter file, the first important security parameter file containing a first set of important security parameters of a memory device; setting a second flag by the processing device to indicate whether the first important security parameter file is valid; setting a third flag by the processing device to indicate the existence of a second important security parameter file, the second important security parameter file containing a second set of important security parameters of the memory device; setting a fourth flag by the processing device to indicate whether the second important security parameter file is valid; and selecting one of the first or second important security parameter files as the active important security parameter file by the processing device based on an evaluation of the first, second, third, and fourth flags.

[0090] Example 14 includes the method of Example 13, and further includes: performing a first read operation on the first important security parameter file, wherein the setting of the first tag is based on the result of the first read operation; and performing a second read operation on the second important security parameter file, wherein the setting of the third tag is based on the result of the second read operation.

[0091] Example 15 includes the method of any one or more of Examples 13 or 14, and further includes: determining whether the first important security parameter file has been erased, the setting of the second marker being partially based on whether the first important security parameter file has been erased; and determining whether the second important security parameter file has been erased, the setting of the fourth marker being partially based on whether the second important security parameter file has been erased.

[0092] Example 16 includes the method of any one or more of Examples 13-15, and further includes: the first important security parameter file includes a first firmware security version; the second important security parameter file includes a second firmware security version; and the method further includes: determining whether the first firmware security version is valid, wherein the setting of the second marker is partially based on whether the first firmware security version is valid; and determining whether the second firmware security version is valid, wherein the setting of the fourth marker is partially based on whether the second firmware security version is valid.

[0093] Example 17 includes the method of any one or more of Examples 13-16, wherein the first important security parameter file contains a first hash, the second important security parameter file contains a second hash, and the method further includes: calculating a third hash based on the first important security parameter file, setting the second tag in part based on a comparison of the third hash and the first hash; and calculating a fourth hash based on the second important security parameter file, setting the fourth tag in part based on a comparison of the fourth hash and the second hash.

[0094] Example 18 includes the method of any one or more of Examples 13-17, wherein the first important security parameter file contains a first serial number, the second important security parameter file contains a second serial number, and the method further includes: evaluating the first and second serial numbers based on the evaluation results of the first, second, third, and fourth markers, selecting an activity file based on the evaluation results of the first and second serial numbers, and evaluating the first and second serial numbers includes determining whether the second serial number is greater than the first serial number.

[0095] Example 19 includes a method of any one or more of Examples 13-18, wherein selecting one of the first or second important security parameter files as the active important security parameter file includes selecting the second important security parameter file as the active important security parameter file based on determining that the second serial number is greater than the first serial number; and the method further includes erasing the first important security parameter file.

[0096] Example 20 is a computer-readable storage medium containing instructions that, when executed by a processing device, configure the processing device to perform operations including: setting a first flag indicating the existence of a first important security parameter file, the first important security parameter file containing a first set of important security parameters of a memory device; setting a second flag indicating whether the first important security parameter file is valid; setting a third flag indicating the existence of a second important security parameter file, the second important security parameter file containing a second set of important security parameters of the memory device; setting a fourth flag indicating whether the second important security parameter file is valid; and selecting one of the first or second important security parameter files as the active important security parameter file based on an evaluation of the first, second, third, and fourth flags.

[0097] Example 21 is a system comprising a memory device and a processing means coupled to the memory device, the processing means being configured to perform operations including: preparing a buffer using critical security parameter update data for updating one or more critical security parameters of the memory device; calculating a hash based on the critical security parameter update data; writing the hash to the buffer; writing the buffer to an inactive critical security parameter file; and erasing an active critical security parameter file based on the successful writing of the buffer to the inactive critical security parameter file.

[0098] Example 22 includes the system of Example 23, wherein the operation further includes: providing an error status to the host system based on the failure of the write to the inactive critical security parameter file from the buffer.

[0099] Example 23 includes a system of any one or more of Examples 21 or 22, wherein the operation further includes: providing an error status to the host system based on the failure of the erasure of the active critical security parameter file.

[0100] Example 24 includes a system comprising any one or more of Examples 21-23, wherein the operation further comprises: providing a success status to the host system based on the successful erasure of the activity-critical security parameter file.

[0101] Example 25 includes a system of any one or more of Examples 21-24, wherein preparing the buffer with data updated using important security parameters includes: incrementing the serial number; setting the file size; setting the firmware security version; and writing one or more important security parameters to the buffer.

[0102] Example 26 is a method comprising: preparing a buffer by a processing device using critical security parameter update data for updating one or more critical security parameters of a memory device; calculating a hash by the processing device based on the critical security parameter update data; writing the hash to the buffer by the processing device; writing the buffer to an inactive critical security parameter file by the processing device; and erasing an active critical security parameter file by the processing device based on the successful writing of the buffer to the inactive critical security parameter file, and providing a success status based on the successful erasure of the active critical security parameter file.

[0103] Example 27 is a computer-readable medium containing instructions that, when executed by a processing device, configure the processing device to perform operations including: preparing a buffer using critical security parameter update data for updating one or more critical security parameters of a memory device; calculating a hash based on the critical security parameter update data; writing the hash to the buffer; writing the buffer to an inactive critical security parameter file; erasing an active critical security parameter file based on the successful writing of the buffer to the inactive critical security parameter file; and providing an error status based on the unsuccessful erasure of the active critical security parameter file.

[0104] Figure 6 An example machine in the form of a computer system 600 is described, within which an instruction set is executable to cause the machine to perform any one or more methods discussed herein. In some embodiments, computer system 600 may correspond to including, coupled to, or utilizing a memory subsystem (e.g., Figure 1 The host system (e.g., memory subsystem 110) Figure 1The host system 120) or can be used to perform controller operations (e.g., execute the operating system to perform operations corresponding to...). Figure 1 (Operation of security manager 113). In alternative embodiments, the machine may be connected (e.g., networked) to other machines in a local area network (LAN), intranet, extranet, and / or the Internet. The machine may operate as a peer machine in a peer-to-peer (or distributed) network environment or as a server or client machine in a cloud computing infrastructure or environment, with the capabilities of a server or client machine in a client-server network environment.

[0105] The machine may be a personal computer (PC), tablet PC, set-top box (STB), personal digital assistant (PDA), cellular phone, network device, server, network router, switch, or bridge, or any machine capable of (sequentially or otherwise) executing a set of instructions specifying actions to be taken by the machine. Furthermore, although a single machine has been described, the term "machine" should be understood to include any collection of machines that individually or collectively execute a set (or more) of instructions to perform any of the methods discussed herein.

[0106] Example computer system 600 includes processing device 602 communicating with each other via bus 630, main memory 604 (e.g., ROM, flash memory, DRAM such as SDRAM or RDRAM, etc.), static memory 606 (e.g., flash memory, static random access memory (SRAM), etc.), and data storage system 618.

[0107] Processing device 602 represents one or more general-purpose processing devices, such as microprocessors, central processing units, etc. More specifically, processing device 602 may be a Complex Instruction Set Computing (CISC) microprocessor, a Reduced Instruction Set Computing (RISC) microprocessor, a Very Long Instruction Word (VLIW) microprocessor, or a processor implementing other instruction sets, or a combination of instruction sets. Processing device 602 may also be one or more special-purpose processing devices, such as ASICs, FPGAs, digital signal processors (DSPs), network processors, etc. Processing device 602 is configured to execute instructions 626 for performing the operations and steps discussed herein. Computer system 600 may also include a network interface device 608 for communication via network 620.

[0108] Data storage system 618 may include machine-readable storage medium 624 (also referred to as computer-readable medium) storing one or more sets of instructions 626 or software embodying any one or more methods or functions described herein. Instructions 626 may also reside wholly or at least partially in main memory 604 and / or processing device 602 during execution by computer system 600, which also constitute machine-readable storage medium. Machine-readable storage medium 624, data storage system 618, and / or main memory 604 may correspond to... Figure 1 The memory subsystem 110.

[0109] In one embodiment, instruction 626 includes instructions for implementing a security component (e.g., Figure 1 The instructions for the functions of the security manager 113). Although the machine-readable storage medium 624 is shown as a single medium in the exemplary embodiment, the term "machine-readable storage medium" should be considered to include a single medium or multiple media storing one or more sets of instructions. The term "machine-readable storage medium" should also be considered to include any medium capable of storing or encoding a set of instructions for machine execution and causing the machine to perform any one or more methods of this disclosure. Therefore, the term "machine-readable storage medium" should be considered to include, but is not limited to, solid-state memory, optical media, and magnetic media.

[0110] Some parts of the previously described algorithms and symbolic representations of operations on data bits within computer memory have been presented. These algorithmic descriptions and representations are the means by which those skilled in the art of data processing most effectively communicate the essence of their work to others skilled in the art. Algorithms here, and generally are considered, are self-consistent sequences of operations that produce desired results. These operations are those that require physical manipulation of physical quantities. These quantities are usually, but not necessarily, in the form of electrical or magnetic signals that can be stored, combined, compared, and otherwise manipulated. Sometimes, primarily for general reasons, it has proven convenient to refer to these signals as bits, values, elements, symbols, characters, items, numbers, etc.

[0111] However, it should be remembered that all these and similar terms should be associated with appropriate physical quantities and are merely convenient labels applied to those quantities. This disclosure may refer to the actions and processes of a computer system or similar electronic computing device that manipulate and transform data represented as physical (electronic) quantities in the registers and memories of the computer system into other data similarly represented as physical quantities in the computer system's memory or registers or other such information storage systems.

[0112] This disclosure also relates to apparatus for performing the operations described herein. Such apparatus may be specifically constructed for a particular purpose, or may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in a computer. Such computer programs may be stored in computer-readable storage media, each coupled to a computer system bus, such as, but not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnetic cards, or optical cards, or any type of media suitable for storing electronic instructions.

[0113] The algorithms and demonstrations presented herein are not inherently related to any particular computer or other device. Various general-purpose systems can be used with the programs taught herein, or it may prove convenient to construct more specialized devices to perform the methods. The structures of various such systems will be presented as set forth in the description below. Furthermore, this disclosure is described without reference to any particular programming language. It should be understood that the teachings of this disclosure described herein can be implemented using various programming languages.

[0114] This disclosure can be provided as a computer program product or software, which may include a machine-readable medium having instructions stored thereon that can be used to program a computer system (or other electronic device) to perform processes according to this disclosure. The machine-readable medium includes any mechanism for storing information in a machine-readable (e.g., computer-readable) form. In some embodiments, the machine-readable (e.g., computer-readable) medium includes machine-readable storage media such as ROM, RAM, disk storage media, optical storage media, flash memory components, etc.

[0115] In the foregoing description, embodiments of the present disclosure have been described with reference to specific examples. It will be apparent that various modifications can be made to the present disclosure without departing from the broader scope of the embodiments set forth in the appended claims. Therefore, the description and drawings should be viewed in an illustrative rather than restrictive sense.

Claims

1. A memory system comprising: Memory devices; as well as A processing device coupled to the memory device, the processing device being configured to perform operations including the following: A first flag is set to indicate whether a first important security parameter file exists, the first important security parameter file including a first set of important security parameters of the memory device, and the first important security parameter file including a first hash; Calculate the second hash based on the first important security parameter file; Based on the comparison result between the second hash and the first hash, a second flag is set to indicate whether the first important security parameter file is valid; A third flag is set to indicate the existence of a second important security parameter file, which includes a second set of important security parameters of the memory device and includes a third hash. Calculate the fourth hash based on the second important security parameter file; Based on the comparison result between the fourth hash and the third hash, a fourth flag is set to indicate whether the second important security parameter file is valid; as well as Based on the evaluation of the first, second, third, and fourth markers, one of the first or second important security parameter files is selected as the active important security parameter file.

2. The memory system according to claim 1, wherein the operation further comprises: A first read operation is performed on the first important security parameter file, and the setting of the first tag is based on the result of the first read operation; as well as A second read operation is performed on the second important security parameter file, and the setting of the third marker is based on the result of the second read operation.

3. The memory system according to claim 1, wherein the operation further comprises: Determining whether the first important security parameter file has been erased, the setting of the second marker is partially based on whether the first important security parameter file has been erased; as well as The setting of the fourth marker is partly based on whether the second important security parameter file has been erased.

4. The memory system according to claim 1, wherein: The first important security parameter file includes the first firmware security version; The second important security parameter file includes a second firmware security version; and The operation also includes: Determine whether the first firmware security version is valid, and the setting of the second flag is partly based on whether the first firmware security version is valid; as well as Determining whether the second firmware security version is valid, the setting of the fourth marker is partly based on whether the second firmware security version is valid.

5. The memory system of claim 1, wherein the operation further comprises: Use the evaluation form to evaluate the first, second, third, and fourth markers.

6. The memory system according to claim 5, wherein: The first important security parameter file includes a first serial number; The second important security parameter file includes a second serial number; and The operation also includes: The first and second serial numbers are evaluated based on the results of evaluating the first, second, third, and fourth markers using the evaluation table, and the activity critical security parameter file is selected based on the results of evaluating the first and second serial numbers.

7. The memory system of claim 6, wherein evaluating the first and second serial numbers comprises: Determine whether the second sequence number is greater than the first sequence number.

8. The memory system of claim 7, wherein selecting one of the first or second important security parameter files as the active important security parameter file includes selecting the second important security parameter file as the active important security parameter file based on determining that the second serial number is greater than the first serial number.

9. The memory system of claim 8, wherein the operation further comprises: Erase the first important security parameter file.

10. The memory system of claim 7, wherein selecting one of the first or second important security parameter files as the active important security parameter file includes selecting the first important security parameter file as the active important security parameter file based on determining that the second serial number is not greater than the first serial number.

11. The memory system of claim 10, wherein the operation further comprises: Erase the second important security parameter file.

12. A method for performing memory operations, comprising: The processing device sets a first flag indicating whether a first important security parameter file exists, the first important security parameter file including a first set of important security parameters of the memory device, and the first important security parameter file including a first hash; Calculate the second hash based on the first important security parameter file; Based on the comparison result between the second hash and the first hash, the processing device sets a second flag indicating whether the first important security parameter file is valid; The processing device sets a third flag indicating the existence of a second important security parameter file, the second important security parameter file including a second set of important security parameters of the memory device, and the second important security parameter file including a third hash; Calculate the fourth hash based on the second important security parameter file; Based on the comparison result between the fourth hash and the third hash, the processing device sets a fourth flag indicating whether the second important security parameter file is valid; as well as The processing device selects one of the first or second important security parameter files as the active important security parameter file based on the evaluation of the first, second, third and fourth markers.

13. The method of claim 12, further comprising: A first read operation is performed on the first important security parameter file, and the setting of the first tag is based on the result of the first read operation; as well as A second read operation is performed on the second important security parameter file, and the setting of the third marker is based on the result of the second read operation.

14. The method of claim 12, further comprising: Determining whether the first important security parameter file has been erased, the setting of the second marker is partially based on whether the first important security parameter file has been erased; as well as The setting of the fourth marker is partly based on whether the second important security parameter file has been erased.

15. The method of claim 12, further comprising: The first important security parameter file includes the first firmware security version; The second important security parameter file includes a second firmware security version; and The method further includes: Determine whether the first firmware security version is valid, and the setting of the second flag is partly based on whether the first firmware security version is valid; as well as Determining whether the second firmware security version is valid, the setting of the fourth marker is partly based on whether the second firmware security version is valid.

16. The method of claim 12, wherein: The first important security parameter file includes a first serial number; The second important security parameter file includes a second serial number; and The method further includes: The first and second serial numbers are evaluated based on the results of the evaluation of the first, second, third, and fourth markers. The active file is selected based on the results of the evaluation of the first and second serial numbers. The evaluation of the first and second serial numbers includes determining whether the second serial number is greater than the first serial number.

17. The method of claim 16, wherein: Selecting either the first or second important security parameter file as the activity important security parameter file includes selecting the second important security parameter file as the activity important security parameter file based on determining that the second serial number is greater than the first serial number; and The method also includes erasing the first critical security parameter file.

18. A computer-readable storage medium including instructions that, when executed by a processing means, configure the processing means to perform operations including: The processing device sets a first flag indicating whether a first important security parameter file exists, the first important security parameter file including a first set of important security parameters of the memory device, and the first important security parameter file including a first hash; Calculate the second hash based on the first important security parameter file; Based on the comparison result between the second hash and the first hash, the processing device sets a second flag indicating whether the first important security parameter file is valid; The processing device sets a third flag indicating the existence of a second important security parameter file, the second important security parameter file including a second set of important security parameters of the memory device, and the second important security parameter file including a third hash; Calculate the fourth hash based on the second important security parameter file; Based on the comparison result between the fourth hash and the third hash, the processing device sets a fourth flag indicating whether the second important security parameter file is valid; as well as The processing device selects one of the first or second important security parameter files as the active important security parameter file based on the evaluation of the first, second, third and fourth markers.

19. A memory system comprising: Memory devices; as well as A processing device coupled to the memory device, the processing device being configured to perform operations including the following: The buffer is prepared using critical security parameter update data for updating one or more critical security parameters of the memory device; Hash is calculated based on the updated data of the aforementioned important security parameters; Write the hash into the buffer; Write the buffer to an inactive critical security parameter file; as well as The active critical security parameter file is erased based on the successful writing of the buffer to the inactive critical security parameter file.

20. The memory system of claim 19, wherein the operation further comprises: An error status is provided to the host system if the write to the inactive critical security parameter file fails based on the buffer.

21. The memory system of claim 19, wherein the operation further comprises: If the erasure of the important security parameter file for the activity fails, an error status will be provided to the host system.

22. The memory system of claim 19, wherein the operation further comprises: Based on the successful erasure of the important security parameter file for the activity, a success status is provided to the host system.

23. The memory system of claim 19, wherein preparing the buffer by updating data using important security parameters comprises: Incrementing sequence number; Set the file size; Set the firmware security version; and One or more important security parameters are written to the buffer.

24. A method for performing memory operations, comprising: The processing device prepares the buffer using critical security parameter update data for updating one or more critical security parameters of the memory device; The processing device calculates the hash based on the updated data of the important security parameters; The processing device writes the hash into the buffer; The processing device writes the buffer to an inactive critical security parameter file; as well as The processing device erases the active critical security parameter file based on the successful writing to the inactive critical security parameter file by the buffer. and A success status is provided based on the successful erasure of the important security parameter file for the activity.

25. A computer-readable storage medium including instructions that, when executed by a processing means, configure the processing means to perform operations including: Prepare a buffer using critical security parameter update data used to update one or more critical security parameters of a memory device; Hash is calculated based on the updated data of the aforementioned important security parameters; Write the hash into the buffer; Write the buffer to an inactive critical security parameter file; The active critical security parameter file is erased based on the successful writing of the buffer to the inactive critical security parameter file. as well as An error status is provided if the erasure of the activity's critical security parameter file fails.

Images