A write protection method and system fully compatible with multi-protocol storage media
By virtualizing the storage medium with FPGA as a USB controller under the xHCI protocol, the problem of unified management of multi-protocol storage media is solved, achieving efficient write protection and data integrity, and eliminating the USB bandwidth bottleneck.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIAMEN MEIYA ZHONGMIN TECH CO LTD
- Filing Date
- 2026-04-03
- Publication Date
- 2026-06-30
AI Technical Summary
In existing technologies, electronic data forensics equipment cannot uniformly manage multiple storage media interfaces, which poses a risk of write protection bypass and requires the installation of dedicated drivers, making it cumbersome and potentially causing system conflicts.
The hardware architecture adopts FPGA main control + multi-protocol physical layer interface to directly generate PCIe configuration space read requests, virtualize the storage medium as a USB controller under the xHCI protocol, intercept write commands, remap and protocol conversion read commands through deep detection, and generate interrupt commands to notify the host that the event is completed.
It enables unified management of multiple storage media, prevents write protection bypass, improves event processing efficiency and accuracy, eliminates USB bandwidth bottlenecks, and ensures data integrity.
Smart Images

Figure CN122308742A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data processing technology, and more specifically to a multi-protocol storage medium fully compatible write protection method and system in the field of data processing technology. Background Technology
[0002] In electronic data forensics, ensuring the data integrity of the source storage media (such as hard drives and solid-state drives, SSDs) is paramount. In related technologies, most read-only locks are essentially Universal Serial Bus to Serial ATA / Non-Volatile Memory Express (USB-to-SATA / NVMe) bridges. These devices rely on commercial ASIC chips, which are not only bandwidth-limited by the USB interface speed (typically 5Gbps / 10Gbps) but also lack the flexibility to filter underlying protocol commands. For complex SCSI commands or vendor-specific instructions, application-specific integrated circuits (ASICs) often transmit them directly, posing a risk of write protection bypass. Some high-end devices use direct PCIe switch (Peripheral Component Interconnect Express Switch) technology. While fast, this requires the host to install dedicated drivers to recognize the special backend hardware. At the forensics site, installing non-standard drivers on the forensics workstation (host) is not only cumbersome but can also cause system blue screens or software conflicts. With the coexistence of interfaces such as Non-Volatile Memory Express (NVMe), Serial Advanced Technology Attachment (SATA), Serial Attached SCSI (SAS), and Integrated Drive Electronics (IDE), forensic personnel often need to carry multiple read-only locks with different protocols. There is a lack of a device that can uniformly manage all interfaces and present a single, universal standard interface to the host. Summary of the Invention
[0003] The purpose of this invention is to provide a write protection method and system that is fully compatible with multi-protocol storage media. The specific technical solution adopted is as follows: In a first aspect, embodiments of the present invention provide a write protection method for multi-protocol storage media that is fully compatible, the method comprising: When a device is detected being inserted into the host, a PCIe configuration space read request is generated; In response to a space read request, the back-end connected storage medium is virtualized as a USB controller under the xHCI protocol to generate virtualization information; Based on the virtualization information, the command transmission request block corresponding to the new event in the host memory is prefetched, and the obtained command transmission request block is subjected to deep detection to obtain the instruction type of the command transmission request block; If the instruction type of the command transmission request block is a write instruction type, the data corresponding to the command transmission request block is discarded, and a virtual completion event message for a new event is generated. If the instruction type of the command transmission request block is a read instruction type, the address corresponding to the command transmission request block is remapped and the protocol is converted to obtain the converted read instruction; Based on the virtual completion event message or the converted read instruction, an interrupt instruction is generated and output to notify the host that the new event has been completed.
[0004] Secondly, a write protection system fully compatible with multi-protocol storage media is provided, the system comprising: The generation module is used to generate a PCIe configuration space read request when a device is detected being inserted into the host. The virtualization module is used to virtualize the back-end connected storage medium into a USB controller under the xHCI protocol in response to space read requests, so as to generate virtualization information; The detection module is used to prefetch command transmission request blocks corresponding to new events in the host memory based on the virtualization information, and perform deep detection on the obtained command transmission request blocks to obtain the instruction type of the command transmission request blocks; The discard module is used to discard the data corresponding to the command transmission request block and generate a virtual completion event message for a new event if the instruction type of the command transmission request block is a write instruction type. The conversion module is used to remap and convert the address corresponding to the command transmission request block and obtain the converted read instruction if the instruction type of the command transmission request block is a read instruction type. The output module is used to generate and output an interrupt command based on the virtual completion event message or the converted read instruction, so as to notify the host that the new event has been completed.
[0005] Thirdly, a computer program product is provided, comprising: computer program code, which, when run on a computer, causes the computer to perform the method described in the first aspect or any possible implementation thereof.
[0006] Fourthly, a computer-readable storage medium is provided that stores computer program code, which, when executed on a computer, causes the computer to perform the methods described in the first aspect or any possible implementation thereof.
[0007] This invention offers the following advantages: When a device is detected being inserted into the host, a PCIe configuration space read request is directly generated. The FPGA responds to this request by virtualizing the back-end connected storage medium as a USB controller under the xHCI protocol, generating virtualization information. This information notifies the host that the currently connected storage medium can be considered a USB controller. This allows any physical interface on the back end to be mapped to a standard xHCI device. Subsequently, based on the virtualization information, command transfer request blocks corresponding to new events are prefetched from the host memory. Deep inspection of these command transfer request blocks is then performed to determine their instruction type. This prefetching and deep inspection of command transfer request blocks improves both event processing efficiency and accuracy. If the command transfer request block's instruction type is a write instruction, the data corresponding to the command transfer request block is discarded, and a virtual completion event message for the new event is generated. If the command transfer request block's instruction type is a read instruction, the address corresponding to the command transfer request block is remapped and protocol-converted to obtain a converted read instruction. Finally, based on the virtual completion event message or the converted read instruction, an interrupt instruction is generated and output to notify the host that the new event has been completed. This not only intercepts explicit write operations but also intercepts instructions specific to the SSD, preventing the SSD controller from performing garbage collection in the backend, thus compromising the possibility of recovering deleted data. Since the USB physical layer encoding / decoding process is eliminated, and the FPGA is directly mounted on the PCIe bus, data transfer is a pure DMA operation, eliminating the bandwidth bottleneck of the USB read-only lock and improving transmission efficiency. Attached Figure Description
[0008] To more clearly illustrate the technical solutions and advantages in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0009] Figure 1 This is a schematic diagram illustrating the implementation framework of a multi-protocol storage medium fully compatible write protection system provided in an embodiment of the present invention; Figure 2 This is a schematic diagram illustrating the implementation process of a multi-protocol storage medium fully compatible write protection method provided in an embodiment of the present invention; Figure 3 This is a schematic diagram illustrating another implementation process of a multi-protocol storage medium fully compatible write protection method provided in this embodiment of the invention; Figure 4 This is a schematic diagram illustrating another implementation of a multi-protocol storage medium fully compatible write protection method provided in an embodiment of the present invention; Figure 5 This is a schematic diagram of another implementation process of a multi-protocol storage medium fully compatible write protection method provided by an embodiment of the present invention; Figure 6 This is a schematic diagram illustrating the implementation principle of a multi-protocol storage medium fully compatible write protection method provided in an embodiment of the present invention; Figure 7 This is a schematic diagram of the composition structure of a multi-protocol storage medium fully compatible write protection system provided in an embodiment of the present invention; Figure 8 This is a schematic diagram of the structure of a computer block device provided in an embodiment of the present invention. Detailed Implementation
[0010] To further illustrate the technical means and effects adopted by the present invention to achieve its intended purpose, the following, in conjunction with the accompanying drawings and preferred embodiments, details the specific implementation, structure, features, and effects of a multi-protocol storage medium fully compatible write protection method proposed according to the present invention. In the following description, different "one embodiment" or "another embodiment" do not necessarily refer to the same embodiment. Furthermore, specific features, structures, or characteristics in one or more embodiments can be combined from any suitable form.
[0011] In the description of the embodiments of the present invention, unless otherwise stated, " / " means "or". For example, A / B can mean A or B. The "and / or" in the text is merely a description of the relationship between related objects, indicating that there can be three relationships. For example, A and / or B can mean: A exists alone, A and B exist simultaneously, and B exists alone. In addition, in the description of the embodiments of the present invention, "multiple" means two or more.
[0012] Hereinafter, the terms "first" and "second" are used for descriptive purposes only and should not be construed as implying or suggesting relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature.
[0013] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.
[0014] The specific solution of the multi-protocol storage medium fully compatible write protection method provided by the present invention will be described in detail below with reference to the accompanying drawings. The implementation framework of the multi-protocol storage medium fully compatible write protection system is as follows: Figure 1 As shown, this system adopts a hardware architecture of "FPGA main control + multi-protocol physical layer interface" and is directly plugged into the host as a high-speed serial computer expansion bus endpoint device (Peripheral Component Interconnect Express Endpoint, PCIe Endpoint). The system includes: PCIe Transaction Layer Interface: Used to establish a physical link connection with the host and handle the sending and receiving of Transaction Layer Packets (TLPs). A TLP is the basic unit in the PCIe (Peripheral Component Interconnect) protocol for transmitting data, configuration information, and control commands between devices.
[0015] Constructing the xHCI host controller IP core: Logically, it completely replicates the register space of the Intel / AMD xHCI controller, enabling the host operating system to recognize it as a standard "USB 3.2 / USB4 host controller".
[0016] TRB Deep Inspection and Injection Engine: Used to capture data blocks from the instruction ring and transport ring in host memory, and perform parsing, filtering, and event write-back.
[0017] Unified Protocol Translation Layer: Used to translate xHCI-defined Slot and Endpoint operations into back-end physical interface (NVMe Queue, SATA FIS) operations in real time.
[0018] The backend physical interface group includes: NVMe controller, SATA controller, SAS controller, etc., which are used to physically connect to the target storage media (such as NVMe SSD, SATA HDD, SAS HDD).
[0019] One embodiment of the present invention provides a write protection method for multi-protocol storage media that is fully compatible, such as... Figure 2 As shown, the method includes: 201. When a device is detected being inserted into the host, a PCIe configuration space read request is generated.
[0020] Here, when the device is plugged into the host, the FPGA responds to the PCIe configuration space read request and declares itself as ClassCode: 0C 03 30 (USB xHCI Controller).
[0021] 202, in response to a space read request, virtualizes the back-end connected storage medium as a USB controller under the xHCI protocol to generate virtualization information.
[0022] Here, the FPGA virtualizes the back-end connected storage medium as a USB controller under the xHCI protocol to generate virtualization information. This virtualization information is used to notify the host that the FPGA is a native USB host chip and can be treated as a USB controller.
[0023] The host operating system automatically loads the generic xhci_hcd driver (natively supported by Windows / Linux / macOS). The internal logic of the FPGA virtualizes and maps the actual back-end connected storage media (such as an NVMe SSD and a SATA HDD) as two "connected device slots" of the xHCI controller.
[0024] 203. Based on the virtualization information, prefetch the command transfer request block corresponding to the new event in the host memory, and perform deep detection on the obtained command transfer request block to obtain the instruction type of the command transfer request block.
[0025] Here, after generating virtualization information, the FPGA prefetches and performs deep packet inspection on the command transfer request block corresponding to the new event to obtain the instruction type of the command transfer request block. For example, after the FPGA detects a "doorbell ringing" (i.e., a new event), it uses DMA technology to preemptively move the TRB data in memory to the FPGA's own internal cache. In this way, when the FPGA parses instructions, since its internal cache already contains the command transfer request block corresponding to the new event, it does not need to stop to read the next transfer request block from the host memory when processing each instruction. That is, it does not need to wait, thus enabling high-speed and continuous deep packet inspection of the command transfer request block, preventing the host from reporting errors due to waiting for a response.
[0026] In some possible implementations, step 203 above can be achieved by... Figure 3 The steps shown are to be implemented as follows: 301. Based on the virtualization information, the FPGA is used to read the command transfer request block in the host memory through direct memory access to read multiple command rings.
[0027] Here, after generating virtualization information, the FPGA reads the command transfer request block (TRB) from the host memory via Direct Memory Access (DMA) to read multiple command rings. The host initiates commands by writing to the Doorbell Register. The FPGA reads the command TRB from the host memory via DMA. The FPGA does not actively interfere with the host's memory writing process. The host driver constructs the command ring in memory and then writes it to the Doorbell Register to notify the FPGA. The FPGA hears the doorbell ring and reads the TRB from memory via DMA. At this point, the FPGA has obtained the host's "instruction list".
[0028] 302. Based on the types of the multiple command rings, perform virtualization interception on the multiple command rings to obtain the intercepted command transmission request blocks.
[0029] Here, the command ring types include: management type and sensitive type. Management type command rings include management commands such as EnableSlot and Address Device; sensitive type command rings include commands such as ResetDevice.
[0030] In some possible implementations, if the command ring is of the management command type, a standard communication environment representing virtual control of the USB hardware device is established on the command ring to provide feedback on the virtual control information of the USB hardware device to the host. For example, for management commands such as Enable Slot and Address Device, the FPGA responds normally and establishes a context. When the FPGA reads the EnableSlot command, it allocates a data structure (Slot Context) in its internal RAM to record the status of the device. When it reads the Address Device command, the FPGA records the USB address assigned by the host in its context. In this way, the host believes that everything is normal, establishing a standard xHCI communication environment, making the host believe that it is actually controlling a real USB hardware device.
[0031] If the command ring type is a sensitive command class, audit filtering is performed on the command ring to intercept reset requests sent to the actual USB physical layer, thus obtaining the intercepted command transmission request block. For example, for sensitive commands such as "Reset Device" that may cause data loss, the FPGA performs audit filtering (virtualization interception).
[0032] In some possible implementations, if the command ring is of the sensitive command type, the reset request corresponding to the command ring is recorded in the audit log, and the host's preset security policy determines whether the command ring is allowed to be reset, and the determination result is obtained; and based on the determination result, command completion information is sent to the host to intercept the reset request sent to the real USB physical layer, and the intercepted command transmission request block is obtained.
[0033] Here, when the FPGA parses the Reset Device TRB, it does not send a reset signal to the actual USB physical layer (i.e., it does not actually pull down the reset level of the USB line). The FPGA can log this "reset request" (for auditing) or determine whether to allow the reset based on a preset security policy. Even if the FPGA does not actually reset the physical device, it will immediately send a "Command Completion Event" to the host with a "success" status code. After receiving the "success" feedback, the host assumes that the device has been reset and continues subsequent operations. However, in reality, the underlying physical device may have been running continuously and never been reset. Thus, the FPGA-based virtual controller can perform bit-level parsing of the TRB, intercepting not only explicit write operations but also commands specific to the SSD, thereby preventing the SSD controller from performing garbage collection in the background and compromising the possibility of recovering deleted data.
[0034] 303. Perform transport ring depth packet detection on the intercepted command transmission request block to obtain the instruction type of the intercepted command transmission request block.
[0035] Here, the instruction type is obtained by performing in-depth analysis of the application layer protocol, instruction semantics, and operation code of the intercepted command transmission request block.
[0036] In some possible implementations, firstly, the application layer protocol of the intercepted command transmission request block is parsed to obtain a parsed protocol; then, the instruction semantics of the intercepted command transmission request block is parsed to obtain parsed semantics; next, the operation code of the intercepted command transmission request block is parsed to obtain parsed code; finally, the instruction type of the intercepted command transmission request block is obtained through the parsed protocol, parsed semantics, and parsed code.
[0037] Here, the FPGA parses the Setup Stage (control transfer) or Data Stage (bulk transfer) within the TRB. It extracts the encapsulated CDB (Command Descriptor Block), such as SCSI or UASP instructions. This parsing process goes beyond the PCIe or USB transport layer; it further parses the encapsulated application layer protocol (SCSI or UASP instructions) to extract the encapsulated CDB. The instruction semantic parsing process includes parsing the specific "read / write commands"; the operation code parsing process includes explicitly identifying the specific WRITE or READ code. Thus, by deeply analyzing the application layer protocol, instruction semantics, and operation code of the intercepted command transfer request block, the instruction type of the command transfer request block can be accurately identified.
[0038] In some possible implementations, the instruction type of the intercepted command transport request block can be identified through the following process: First, byte extraction is performed on the parsed protocol, parsed semantics, and parsed code to obtain the extracted bytes; second, the opcode matching the extracted bytes is determined; finally, the opcode is compared with a preset mapping table to obtain the instruction type of the intercepted command transmission request block; wherein, the preset mapping table includes the correspondence between different opcodes and different instruction types.
[0039] Here, after the FPGA completes the TRB prefetch, the FPGA's internal logic decomposes the 32-bit field of the TRB layer by layer according to the xHCI protocol specification. The specific parsing steps are as follows: First, the FPGA reads the last double word (Dword 3) of the TRB and checks the TRB Type field to determine the event type of the TRB, including: Normal TRB: used to transmit actual data (read and write operations); SetupStage TRB: used to transmit control instructions (including CDB commands); Data Stage TRB: used to transmit the data part of the control instructions.
[0040] If it is a Normal TRB or a Data Stage TRB, the FPGA further determines the location and amount of data. It reads the address field in the TRB using the data pointer to obtain the physical address of the data in host memory. It then reads the length field using the Transfer Descriptor Size / Transfer Length (TD Size / Transfer Length) to determine how many bytes will be transferred.
[0041] For read / write control of storage devices, key information is often hidden in the Setup Stage TRB. The process of parsing the Setup Stage TRB includes: The FPGA reads the Setup Data structure carried in the TRB.
[0042] In the USB Mass Storage protocol, the payload of this Setup Data encapsulates either CBW or CDB.
[0043] The FPGA reads the first byte (OpCode) from the extracted CDB, thus obtaining the extracted bytes. The OpCode determines the nature of the instruction: the OpCode can be 0x28 (READ 10) or 0x2A (WRITE 10), etc. The OpCode can be 0x08 (READ 6) or 0x0A (WRITE 6), etc. After parsing the OpCode, the FPGA compares it with its internal blacklist and whitelist, thereby accurately analyzing the instruction type of the intercepted command transmission request block.
[0044] 204. If the instruction type of the command transmission request block is a write instruction type, the data corresponding to the command transmission request block is discarded, and a virtual completion event message for the new event is generated.
[0045] Here, if the FPGA detects a write instruction type, the system strictly prohibits sending any signals to the back-end physical interface.
[0046] In some possible implementations, the following processing steps are performed for write instruction types: First, if the instruction type of the command transfer request block is a write instruction type, determine the target data that the host expects to write for the command transfer request block, and discard the target data; second, use the FPGA to write the virtual transfer event in the host memory via direct memory access (DMA); third, determine the completion code and preset transfer length of the virtual transfer event; finally, generate the virtual completion event message based on the completion code and preset transfer length.
[0047] Here, the virtual completion event message is used to make the host believe that the current event has been completed. If the FPGA detects a write command, the system strictly prohibits sending any signals to the back-end physical interface and executes the following "spoofing" logic: First, discard the data: do not start the main data transfer DMA, and directly discard the data that the host is trying to write.
[0048] Secondly, event generation: The FPGA actively writes a Transfer Event TRB via DMA in the event ring of the host memory.
[0049] Next, fake status: set the completion code of the event TRB to Success, and set a preset transmission length. The preset transmission length can be set according to the amount of data corresponding to the virtual transmission event. For example, the larger the amount of data, the larger the preset transmission length is set, and the smaller the amount of data, the smaller the preset transmission length is set (for example, preset transmission length Residual Length = 0).
[0050] Finally, an interrupt is triggered: the FPGA sends an MSI-X interrupt (Message Signaled Interrupts – eXtended) to the host, notifying the driver that "the operation is complete." The operating system assumes the data has been successfully written to the cache or disk, so it does not report an error or retry; the file system remains stably mounted, but the physical media has not been modified.
[0051] 205. If the instruction type of the command transmission request block is a read instruction type, remap and convert the address corresponding to the command transmission request block to obtain the converted read instruction.
[0052] Here, for read command types, protocol mapping and acceleration processing are performed on read operations. In some possible implementations, if the command transfer request block's command type is a read command type, a mapping relationship is established between the address corresponding to the command transfer request block and the LBA address of the backend storage medium, and the data read from the backend storage medium is written to the physical memory address specified by the host; then, based on the mapping relationship, the USB read command of the backend storage medium is protocol-converted to obtain the converted read command.
[0053] Here, if the FPGA detects a read instruction, it first performs address remapping: the FPGA establishes a mapping between the DMA buffer address in the xHCI TRB and the LBA address of the back-end storage medium.
[0054] Secondly, protocol conversion is performed: If the backend is an NVMe SSD, the Universal Serial Bus Small Computer System Interface (USB SCSI READ) command is converted into an NVMe Read command using the Non-Volatile Memory Express Submission Queue (NVMe Submission Queue). If the backend is a Serial ATA Hard Disk Drive (SATA HDD), the USB SCSI READ command is converted into an AHCI / SATA FIS read command. Finally, zero-copy DMA is implemented: the FPGA starts the DMA engine, directly writing the data read from the backend media to the host's specified memory physical address. This eliminates the need for a large-capacity cache within the FPGA, achieving PCIe line-speed transmission and improving transfer efficiency.
[0055] 206. Based on the virtual completion event message or the converted read instruction, generate and output an interrupt instruction to notify the host that the new event has been completed.
[0056] Here, upon receiving a virtual completion event message or a converted read instruction, an interrupt instruction is generated. The FPGA sends this interrupt instruction to the host to notify the host's driver that the event has completed. The FPGA then sends an MSI-X interrupt to the host, notifying the driver that the operation has been completed. Thus, the operating system considers the data to have been successfully written to the cache or disk, and therefore will not report an error or retry. The file system remains stably mounted, but the physical media has not been modified.
[0057] In this embodiment of the invention, when a device is detected being inserted into the host, a PCIe configuration space read request is directly generated. The FPGA responds to the space read request by virtualizing the back-end connected storage medium as a USB controller under the xHCI protocol, generating virtualization information to notify the host that the currently connected storage medium can be considered a USB controller. This allows any physical interface on the back-end to be mapped to a standard xHCI device. Subsequently, based on the virtualization information, command transfer request blocks for new events are prefetched from the host memory, and deep inspection is performed on the obtained command transfer request blocks to determine their instruction type. The FPGA obtains the "Task Order" (TRB) from the host memory through prefetching, enabling subsequent semantic parsing and determination of whether a write instruction is being performed, thus deciding whether to allow or block the request. Therefore, by prefetching and deep inspection of command transfer request blocks, both event processing efficiency and accuracy are improved. If the command transfer request block's instruction type is a write instruction, the data corresponding to the command transfer request block is discarded, and a virtual completion event message is generated. If the command transfer request block's instruction type is a read instruction, the address corresponding to the command transfer request block is remapped and protocol-converted to obtain a converted read instruction. Finally, based on the virtual completion event message or the converted read instruction, an interrupt instruction is generated and output to notify the host that a new event has been completed. This not only intercepts explicit write operations but also intercepts instructions specific to the SSD, preventing the SSD controller from performing garbage collection in the backend, thus compromising the possibility of recovering deleted data. Since the USB physical layer encoding / decoding process is eliminated, and the FPGA is directly mounted on the PCIe bus, data transfer is a pure DMA operation, eliminating the bandwidth bottleneck of the USB read-only lock and improving transmission efficiency.
[0058] In some embodiments, the multi-protocol fully compatible write protection method for storage media provided by the present invention can be used... Figure 4 The process shown is implemented as follows: The first step is to plug the device into the host and virtualize it as an xHCI controller.
[0059] The second step is to perform TRB prefetching and depth detection.
[0060] The third step is to determine the TRB type.
[0061] If it's a write instruction, proceed to step four: discard the data and generate a false completion event. If it's a read instruction, perform address remapping and protocol conversion. Finally, trigger an interrupt to notify the host of completion.
[0062] Among some possible implementations, the write protection process for NVMe SSDs, such as Figure 5 As shown, suppose the host attempts to format an access NVMe SSD.
[0063] First, the host sends the SCSI FORMAT UNIT command, which is encapsulated in the xHCI Bulk Out endpoint TRB.
[0064] Secondly, the FPGA's DPI engine parses the TRB and identifies the OpCode as 0x04 (Format Unit).
[0065] Furthermore, the FPGA immediately terminates the TRB processing flow and does not send any FormatNVM commands to the backend NVMe controller.
[0066] Next, the FPGA calculates the current event ring enqueue pointer, writes a command completion event, and sets the status to success.
[0067] Next, the FPGA flips the Cycle Bit of the event ring and updates the ERDP (Event Ring Dequeue Pointer) in the host memory.
[0068] Finally, the host received feedback that the formatting was successful, but the SSD data was completely intact, thus achieving the goal of intercepting and filtering various write operations before returning a data transfer completion signal.
[0069] In some embodiments, the implementation principle of metadata pseudo-writing based on virtual caching is as follows: Figure 6 As shown, to support certain file systems (such as APFS) that require writing metadata (such as mount logs) for access, the FPGA internally allocates a DDR4 RAM as a "virtual write cache," where address mapping and redirection are performed. When the host writes to the file system log (i.e., writes metadata), the FPGA redirects the metadata to the DDR4 RAM and records the LBA mapping table. When the host subsequently reads the log (i.e., reads metadata), the FPGA returns the data from the DDR4 RAM. All write operations are directed to a cache space that is cleared of data at any time, while simultaneously returning a data transfer completion signal. This "virtual-physical hybrid" approach ensures the absolute read-only nature of the physical disk while perfectly deceiving the operating system's mount check mechanism.
[0070] In this embodiment of the invention, the xHCI driver built into the operating system is used to completely solve the pain points of traditional PCIe read-only locks, which require dedicated drivers, are prone to causing system blue screens, and cannot be plug-and-play under Linux / Mac. Whether it's Windows XP, the latest Windows 11, or various Linux distribution forensics systems, they can all be directly recognized and used, thus achieving true "zero driver" and high compatibility. Through the "Unified Protocol Translation Layer (UPTL)," any backend physical interface (NVMe, SATA, SAS, IDE, and even future PCIe Gen6 and Gen7 devices) can be mapped to a standard xHCI device. Users only need one device to handle all media. Compared to simple USB bridge chips, FPGA-based virtual controllers can perform bit-level parsing of TRBs. It can not only intercept explicit write operations but also intercept Trim / Unmap instructions for specific SSDs, preventing the SSD controller from performing garbage collection in the background and thus compromising the possibility of recovering deleted data. Because the encoding and decoding process of the USB physical layer is eliminated, and the FPGA is directly mounted on the PCIe bus, data transfer is a pure DMA operation. The measured data reading speed is only limited by the physical speed of the backend medium itself, eliminating the bandwidth bottleneck of the USB read-only lock.
[0071] This invention provides a write protection system that is fully compatible with multiple protocol storage media, such as... Figure 7 As shown, the system 700 includes: The generation module 701 is used to generate a PCIe configuration space read request when a device is detected to be inserted into the host. Virtualization module 702 is used to virtualize the back-end connected storage medium into a USB controller under the xHCI protocol in response to a space read request, so as to generate virtualization information; The detection module 703 is used to prefetch command transmission request blocks corresponding to new events in the host memory based on the virtualization information, and perform deep detection on the obtained command transmission request blocks to obtain the instruction type of the command transmission request blocks. The discard module 704 is used to discard the data corresponding to the command transmission request block and generate a virtual completion event message for a new event if the instruction type of the command transmission request block is a write instruction type. The conversion module 705 is used to remap and convert the address corresponding to the command transmission request block and obtain a converted read instruction if the instruction type of the command transmission request block is a read instruction type. The output module 706 is used to generate and output an interrupt command based on the virtual completion event message or the converted read command, so as to notify the host that the new event has been completed.
[0072] In some possible implementations, the detection module 703 is further configured to read command transfer request blocks in the host memory via DMA based on the virtualization information to read multiple command rings; perform virtualization interception on the multiple command rings based on their types to obtain intercepted command transfer request blocks; and perform transport ring depth packet detection on the intercepted command transfer request blocks to obtain the instruction type of the intercepted command transfer request blocks.
[0073] In some possible implementations, the detection module 703 is further configured to: if the command ring type is a management command type, establish a standard communication environment for the command ring that represents the virtual control of the USB hardware device, so as to feed back the virtual control information of the USB hardware device to the host; if the command ring type is a sensitive command type, perform audit filtering on the command ring to intercept reset requests sent to the real USB physical layer, and obtain the intercepted command transmission request block.
[0074] In some possible implementations, the detection module 703 is further configured to: if the command ring type is a sensitive command class, record the reset request corresponding to the command ring in the audit log, and determine whether the command ring is allowed to be reset based on the host's preset security policy, and obtain a determination result; based on the determination result, send command completion information to the host to intercept the reset request sent to the real USB physical layer, and obtain the intercepted command transmission request block.
[0075] In some possible implementations, the detection module 703 is further configured to parse the application layer protocol of the intercepted command transmission request block to obtain a parsed protocol; parse the instruction semantics of the intercepted command transmission request block to obtain parsed semantics; parse the operation code of the intercepted command transmission request block to obtain parsed code; and based on the parsed protocol, parsed semantics, and parsed code, obtain the instruction type of the intercepted command transmission request block.
[0076] In some possible implementations, the detection module 703 is further configured to extract bytes from the parsed protocol, parsed semantics, and parsed code to obtain extracted bytes; determine the opcode that matches the extracted bytes; compare the opcode with a preset mapping table to obtain the instruction type of the intercepted command transmission request block; wherein the preset mapping table includes the correspondence between different opcodes and different instruction types.
[0077] In some possible implementations, the discard module 704 is further configured to: if the instruction type of the command transfer request block is a write instruction type, determine the target data that the host expects to write for the command transfer request block, and discard the target data; use the FPGA to write a virtual transfer event in the host memory via DMA; determine the completion code and preset transfer length of the virtual transfer event; and generate the virtual completion event message based on the completion code and preset transfer length.
[0078] In some possible implementations, the conversion module 705 is further configured to, if the instruction type of the command transfer request block is a read instruction type, establish a mapping relationship between the address corresponding to the command transfer request block and the LBA address of the back-end storage medium; and based on the mapping relationship, perform protocol conversion on the USB read instruction of the back-end storage medium to obtain the converted read instruction.
[0079] In some possible implementations, the output module 706 is further configured to generate an interrupt instruction based on the virtual completion event message or the converted read instruction; and send the interrupt instruction to the host to notify the host's driver event completion.
[0080] Optionally, the transmission medium can be a wired link (e.g., but not limited to, coaxial cable, optical fiber, and Digital Subscriber Line (DSL)) or a wireless link (e.g., but not limited to, Wireless Fidelity (WIFI), Bluetooth, and mobile block device networks). It should be noted that the control block device provided in the above embodiments is only an example illustrating the division of the above functional modules. In practical applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the computer block device can be divided into different functional modules to complete all or part of the functions described above. Furthermore, the method embodiments provided in the above embodiments belong to the same concept, and their specific implementation processes are detailed in the method embodiments, and will not be repeated here.
[0081] Figure 8 This is a schematic diagram of the structure of a computer block device provided in an embodiment of the present invention. For example, as shown... Figure 8 As shown, the computer block device 800 includes: a memory 801, a processor 802, and a computer program 803 stored in the memory 801 and running on the processor 802, wherein when the processor 802 executes the computer program 803, the computer block device can execute any of the multi-protocol storage medium fully compatible write protection methods described above.
[0082] Furthermore, embodiments of the present invention also protect a control block device, which may include a memory and a processor. The memory stores executable program code, and the processor is used to call and execute the executable program code to perform a multi-protocol storage medium fully compatible write protection method provided by embodiments of the present invention. Embodiments of the present invention can divide the control block device into functional modules according to the above method examples. For example, each module may correspond to a specific function, or two or more functions may be integrated into a processing module. The integrated module can be implemented in hardware. It should be noted that the module division in the embodiments of the present invention is illustrative and only represents a logical functional division; other division methods may exist in actual implementation. It should be noted that all relevant content of each step involved in the above method embodiments can be referenced to the functional description of the corresponding functional module, and will not be repeated here. It should be understood that the control block device provided by the embodiments of the present invention is used to execute the above-mentioned multi-protocol storage medium fully compatible write protection method, and therefore can achieve the same effect as the above-mentioned implementation method. When using integrated units, the control block device may include a processing module and a storage module. When the control block device is applied to a block device, the processing module can be used to control and manage the actions of the block device. The storage module can be used to support block devices in executing mutual program code, etc. The processing module can be a processor or controller, which can implement or execute various exemplary logic blocks, modules, and circuits described in conjunction with the disclosure of this invention. The processor can also be a combination of functions that implement computing capabilities, such as a combination of one or more microprocessors, a combination of Digital Signal Processing (DSP) and microprocessors, etc., and the storage module can be a memory.
[0083] Furthermore, the control block device provided in the embodiments of the present invention may specifically be a chip, component, or module. The chip may include a connected processor and a memory. The memory stores instructions, and when the processor calls and executes the instructions, the chip can execute the multi-protocol storage medium fully compatible write protection method provided in the above embodiments. The embodiments of the present invention also provide a computer-readable storage medium storing computer program code. When the computer program code is run on a computer, the computer executes the aforementioned method steps to implement the multi-protocol storage medium fully compatible write protection method provided in the above embodiments.
[0084] This invention also provides a computer program product. When the computer program product is run on a computer, it causes the computer to perform the aforementioned related steps to achieve the multi-protocol storage medium fully compatible write protection method provided in the above embodiments. The control block device, computer-readable storage medium, computer program product, or chip provided in this invention are all used to execute the corresponding methods provided above. Therefore, the beneficial effects they achieve can be referred to in the beneficial effects of the corresponding methods provided above, and will not be repeated here. Through the description of the above embodiments, those skilled in the art can understand that, for the sake of convenience and brevity, only the division of the above functional modules is used as an example. In practical applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the control block device can be divided into different functional modules to complete all or part of the functions described above. In the embodiments provided by this invention, it should be understood that the disclosed control block device and method can be implemented in other ways. For example, the control block device embodiments described above are merely illustrative. For example, the division of modules or units is only a logical functional division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or integrated into another control block device, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be an indirect coupling or communication connection through some interface, control block device or unit, and can be electrical, mechanical or other forms.
[0085] It should be noted that the order of the above embodiments of the present invention is merely for descriptive purposes and does not represent the superiority or inferiority of the embodiments. The processes depicted in the accompanying drawings do not necessarily require a specific or sequential order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous. The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. The above content is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in the present invention should be covered within the protection scope of the present invention.
Claims
1. A multi-protocol storage medium full-compatibility write protection method, characterized in that, The method includes: When a device is detected being inserted into the host, a PCIe configuration space read request is generated; In response to a space read request, the back-end connected storage medium is virtualized as a USB controller under the xHCI protocol to generate virtualization information; Based on the virtualization information, the command transmission request block corresponding to the new event in the host memory is prefetched, and the obtained command transmission request block is subjected to deep detection to obtain the instruction type of the command transmission request block; If the instruction type of the command transmission request block is a write instruction type, the data corresponding to the command transmission request block is discarded, and a virtual completion event message for the new event is generated. If the instruction type of the command transmission request block is a read instruction type, the address corresponding to the command transmission request block is remapped and the protocol is converted to obtain the converted read instruction; Based on the virtual completion event message or the converted read instruction, an interrupt instruction is generated and output to notify the host that the new event has been completed.
2. The method of claim 1, wherein, Based on the virtualization information, the command transmission request block corresponding to the new event in the host memory is pre-fetched, and deep inspection is performed on the obtained command transmission request block to obtain the instruction type of the command transmission request block, including: Based on the virtualization information, the command transfer request block corresponding to the new event in the host memory is read via DMA to read multiple command rings; Based on the types of the multiple command rings, virtualization interception is performed on the multiple command rings to obtain the intercepted command transmission request blocks; Perform transport ring depth packet detection on the intercepted command transmission request block to obtain the instruction type of the intercepted command transmission request block.
3. The method of claim 2, wherein, The step of virtualizing and intercepting the multiple command rings based on their types to obtain intercepted command transmission request blocks includes: If the command ring is of the management command type, a standard communication environment representing the virtual control of the USB hardware device is established for the command ring to feed back the virtual control information of the USB hardware device to the host. If the command ring is of the sensitive command type, audit filtering is performed on the command ring to intercept reset requests sent to the actual USB physical layer, and the intercepted command transmission request block is obtained.
4. The method of claim 3, wherein, If the command ring type is a sensitive command class, the command ring is audited and filtered to intercept reset requests sent to the actual USB physical layer, resulting in the intercepted command transmission request block, including: If the command ring is of the sensitive command type, the reset request corresponding to the command ring is recorded in the audit log, and the host's preset security policy is used to determine whether the command ring is allowed to be reset, and the determination result is obtained. Based on the judgment result, a command completion message is sent to the host to intercept the reset request sent to the actual USB physical layer, and the intercepted command transmission request block is obtained.
5. The method of claim 2, wherein, The step of performing transport ring depth packet detection on the intercepted command transmission request block to obtain the instruction type of the intercepted command transmission request block includes: The application layer protocol of the intercepted command transmission request block is parsed to obtain the parsed protocol; The instruction semantics of the intercepted command transmission request block are parsed to obtain the parsed semantics; The operation code of the intercepted command transmission request block is parsed to obtain the parsed code; Based on the parsed protocol, parsed semantics, and parsed code, the instruction type of the intercepted command transmission request block is obtained.
6. The method of claim 5, wherein, The method of obtaining the instruction type of the intercepted command transmission request block based on the parsed protocol, parsed semantics, and parsed code includes: The parsed protocol, parsed semantics, and parsed code are subjected to byte extraction to obtain the extracted bytes; Determine the opcode that matches the extracted bytes; The opcode is compared with a preset mapping table to obtain the instruction type of the intercepted command transmission request block; wherein, the preset mapping table includes the correspondence between different opcodes and different instruction types.
7. The method of claim 1, wherein, If the instruction type of the command transmission request block is a write instruction type, the data corresponding to the command transmission request block is discarded, and a virtual completion event message for the new event is generated, including: If the instruction type of the command transmission request block is a write instruction type, determine the target data that the host expects to write for the command transmission request block, and discard the target data; The FPGA is used to write virtual transfer events into the host memory via DMA. Determine the completion code and preset transmission length of the virtual transmission event; The virtual completion event message is generated based on the completion code and the preset transmission length.
8. The method of claim 1, wherein, If the instruction type of the command transmission request block is a read instruction type, the address corresponding to the command transmission request block is remapped and the protocol is converted to obtain a converted read instruction, including: If the instruction type of the command transmission request block is a read instruction type, a mapping relationship is established between the address corresponding to the command transmission request block and the LBA address of the back-end storage medium; Based on the mapping relationship, the USB read command of the back-end storage medium is converted into a protocol to obtain the converted read command.
9. The method of claim 1, wherein, The step of generating and outputting an interrupt command based on the virtual completion event message or the converted read instruction to notify the host that the new event has been completed includes: An interrupt instruction is generated based on the virtual completion event message or the converted read instruction; The interrupt command is sent to the host to notify the host's driver that the new event has been completed.
10. A multi-protocol storage medium full-compatibility write protection system, characterized in that, The system includes: The generation module is used to generate a PCIe configuration space read request when a device is detected being inserted into the host. The virtualization module is used to virtualize the back-end connected storage medium into a USB controller under the xHCI protocol in response to space read requests, so as to generate virtualization information; The detection module is used to prefetch command transmission request blocks corresponding to new events in the host memory based on the virtualization information, and perform deep detection on the obtained command transmission request blocks to obtain the instruction type of the command transmission request blocks. The discard module is used to discard the data corresponding to the command transmission request block if the instruction type of the command transmission request block is a write instruction type, and generate a virtual completion event message for the new event. The conversion module is used to remap and convert the address corresponding to the command transmission request block and obtain the converted read instruction if the instruction type of the command transmission request block is a read instruction type. The output module is used to generate and output an interrupt command based on the virtual completion event message or the converted read instruction, so as to notify the host that the new event has been completed.