• State
  • Locked Locked
  • Replies 5 replies
  • Subscribers 101 subscribers
  • Views 4033 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

SD card security support

Dmitriy Issaev
Intellectual 475 points

Hi all,

I'm developing system based on Logic PD L138 SOM with single removable SD card as storage disk. I'd like to have uboot on SPI flash and kernel with file system on  SD.

so I wonder is there any chance to make application secure? i.e. if card with data removed from devise make it unreadable/encrypted  for somebody who is not authorized to read its contents. 

with starterware and my SD driver I'm able to apply CMD42 to SD card - making it totally  "invisible" ether in Windows or Linux, but accessible by application on EVM. I prefer this option because it is provided by card hardware itself, it is simple - not like Advanced Security part of SD spec, and I now it works if some bits are set.

I understand that uboot at least should "know CMD42". after kernel is loaded to RAM it is making some manipulations with sd and can apply CMD0 making card locked again. thereby SD driver in kernel also should deal with lock/unlock command.

maybe somebody already developed or just used same application, I would be appreciated any feedback.

regards,

Dmitriy.

  • 0
    Guru 31670 points

    Dmitiry,

    Why do you need the SPI flash to be protected like SD card? SD card is removable and SPI flash will not be removable. So, if you use and OTP flash, will that be sufficient? 

  • 0 in reply to Renjith Thomas
    Intellectual 475 points

    I don't need SPI to be protected. I need removable SD card be password protected. there are chip-package sd cards, or memory ICs with sd interface, but I need removable storage.

    I know some nokia smarts can do that things with SD cards and some cameras too.

  • 0 in reply to Dmitriy Issaev
    Guru 31670 points

    Dmitriy,

    I checked the SD spec. As you said earlier CMD42 is the right option. And you've to use the same 128-bit password that is set for the card for unlocking from u-boot. So using SPI flash for storing u-boot and card protection using CMD42 is the best choice. 

  • 0 in reply to Renjith Thomas
    Intellectual 475 points

    Hi Renjith,

    now i see there is a chance to  to have u-boot and kernel in spi flash. boot time is not critical. that mean only kernel should have this "skill". I'm still don't understand all stages of  SD card mounting in Linux. that smells like rewriting drivers..  somewhere right after waking card up and asking for it's relative address cmd42 with right pass and unlock bit should be applied.  I verified this with raw C code, but I'm too new in Linux..

    if you can give me advise where is best place to start with SD in linux I'll be happy.

    Regards, Dmitriy

  • 0 in reply to Dmitriy Issaev
    Guru 31670 points

    Dmitriy,

    I don't think you've to rewrite much of the drivers to support CMD42. You can just add support for CMD42 at u-boot and then unlock it for kernel boot and remaining steps. The card remains unlocked as long as its powered up. If power cycled the card will go back to locked state. So if you unlock it from u-boot it should be available during kernel boot up and for applications. One probable place there could be confusion is during suspend/resume of the device. If the card is power cycled during suspend/resume then you've unlock it again.