{"id":4861,"date":"2021-04-08T14:33:55","date_gmt":"2021-04-08T21:33:55","guid":{"rendered":"https:\/\/phisonblog.com\/?p=4861"},"modified":"2025-07-21T14:47:45","modified_gmt":"2025-07-21T21:47:45","slug":"securing-ssds-with-code-signing-and-digital-signatures-2","status":"publish","type":"post","link":"https:\/\/phisonblog.com\/de\/securing-ssds-with-code-signing-and-digital-signatures-2\/","title":{"rendered":"Sichern von SSDs mit Code Signing und digitalen Signaturen"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.16&#8243; _module_preset=&#8221;default&#8221; custom_margin=&#8221;0px||||false|false&#8221; custom_padding=&#8221;0px||||false|false&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_row _builder_version=&#8221;4.16&#8243; _module_preset=&#8221;default&#8221; width=&#8221;100%&#8221; max_width=&#8221;100%&#8221; custom_margin=&#8221;||||false|false&#8221; custom_padding=&#8221;0px||||false|false&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.16&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.16&#8243; _module_preset=&#8221;default&#8221; ul_line_height=&#8221;1.7em&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p><\/p>\n<p>SSDs have gained a home both in small-scale personal computers and hyper-scale data centers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform (GCP). SSDs are used to store huge databases with trillions of confidential files and user data. System administrators want help from SSD manufacturers in keeping these files safe. That is why Phison implemented code signing and image signatures.<\/p>\n<p>&nbsp;<\/p>\n<h3>Code signing<\/h3>\n<p>Code signing is a method of using a certificate-based digital signature to sign software and programs to ensure the code has not been changed or corrupted. This method helps developers and the software they write to determine whether some code can be trusted.<\/p>\n<p>&nbsp;<\/p>\n<h3>Digital signatures<\/h3>\n<p>Digital signature verification only allows authorized firmware to run on a device. It prevents the SSD from being hacked from unauthorized firmware upgrades.<\/p>\n<h4>\u00a0<\/h4>\n<h3>HSM (Hardware Security Module)<\/h3>\n<p>HSM is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. The HSM uses strict security certificated standards: FIPS 140-2 Level 3 and common Criteria EAL4+.<\/p>\n<p>FIPS 140-2 is a U.S. government computer security standard used to approve cryptographic modules. It defines four security levels: Level 1 is the lowest of security level and Level 4 provides the highest level of security.<\/p>\n<p>Common Criteria is an international standard for computer security certification.<\/p>\n<p>&nbsp;<\/p>\n<h3>RSA based code sign flow:<\/h3>\n<ul>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>Generate firmware digest via SHA256 and PKCS encode method.<\/li>\n<li>Generate signature via signer\u2019s private key and RSA-2048 encrypt.<\/li>\n<li>Merge the signature and signer\u2019s public key to firmware image packet.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\u00a0<\/li>\n<\/ul>\n<h3>Summary<\/h3>\n<p>Code signing is a mandatory feature for high security, government, military, and hyper-scale data centers to ensure personal or confidential information is secure against backdoor hacking.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"banner_wrapper\" style=\"height: 83px;\"><div class=\"banner  banner-33239 bottom vert custom-banners-theme-default_style\" style=\"\"><img decoding=\"async\" width=\"1080\" height=\"150\" src=\"https:\/\/phisonblog.com\/wp-content\/uploads\/2021\/08\/Secure-Erase-of-Data-Stored-on-SSD.jpg\" class=\"attachment-full size-full\" alt=\"\" style=\"height: 83px;\" srcset=\"https:\/\/phisonblog.com\/wp-content\/uploads\/2021\/08\/Secure-Erase-of-Data-Stored-on-SSD.jpg 1080w, https:\/\/phisonblog.com\/wp-content\/uploads\/2021\/08\/Secure-Erase-of-Data-Stored-on-SSD-980x136.jpg 980w, https:\/\/phisonblog.com\/wp-content\/uploads\/2021\/08\/Secure-Erase-of-Data-Stored-on-SSD-480x67.jpg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1080px, 100vw\" \/><a class=\"custom_banners_big_link\"  href=\"https:\/\/phisonblog.com\/secure-erase-of-data-stored-on-ssd-using-secure-erase-feature-with-phison-ssds-2\/\"><\/a><div class=\"banner_caption\" style=\"\"><div class=\"banner_caption_inner\"><div class=\"banner_caption_text\" style=\"\">Read: Secure Erase of Data Stored on SSD<\/div><\/div><\/div><\/div><\/div>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.16&#8243; _module_preset=&#8221;default&#8221; width=&#8221;100%&#8221; max_width=&#8221;100%&#8221; custom_margin=&#8221;||||false|false&#8221; custom_padding=&#8221;0px||||false|false&#8221; saved_tabs=&#8221;all&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.16&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<\/p>\n<h3><strong>Frequently Asked Questions (FAQ) :<\/strong><\/h3>\n<p>[\/et_pb_text][et_pb_toggle _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; title=&#8221;How does Phison implement code signing in its SSDs?&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p><span class=\"NormalTextRun SCXW66596069 BCX0\">Phison<\/span><span class=\"NormalTextRun SCXW66596069 BCX0\"> uses RSA-2048 encryption and SHA256 hashing to generate signed firmware images. The process includes digest generation, private key encryption, and signature merging with a public key into a firmware image packet. This ensures that firmware can be authenticated at runtime.<\/span><\/p>\n<p>[\/et_pb_toggle][et_pb_toggle _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; title=&#8221;What security certifications does Phison\u2019s HSM meet?&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p><span data-contrast=\"auto\">Phison\u2019s HSM implementation complies with:<\/span><\/p>\n<ul>\n<li><b><span data-contrast=\"auto\">FIPS 140-2 Level 3<\/span><\/b><span data-contrast=\"auto\">, a U.S. government standard for cryptographic modules.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Common Criteria EAL4+<\/span><\/b><span data-contrast=\"auto\">, an international standard for IT product security certification.<\/span>\u00a0<br \/><span data-contrast=\"auto\"> These certifications ensure the highest levels of trust and compliance.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p>[\/et_pb_toggle][et_pb_toggle _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; title=&#8221;What is the difference between code signing and digital signatures?&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p><span class=\"TextRun SCXW66520601 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW66520601 BCX0\">Code signing refers to the overall process of securing firmware using digital certificates. Digital signatures are a specific cryptographic mechanism used within this process to confirm the identity of the firmware source and verify its integrity. Together, they ensure trusted firmware execution.<\/span><\/span><\/p>\n<p>[\/et_pb_toggle][et_pb_toggle _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; title=&#8221;Why is RSA-2048 used for code signing instead of a shorter key length?&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p><span class=\"TextRun SCXW109622024 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW109622024 BCX0\">RSA-2048 offers a strong balance between security and performance. It is widely accepted in enterprise security policies and provides sufficient protection against brute-force attacks. Shorter key lengths like RSA-1024 are no longer considered secure for critical systems.<\/span><\/span><\/p>\n<p>[\/et_pb_toggle][et_pb_toggle _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; title=&#8221;How does code signing prevent unauthorized firmware updates?&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p><span class=\"TextRun SCXW76112639 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW76112639 BCX0\">During the boot or update process, the SSD checks the firmware\u2019s digital signature against the stored public key. If the signature does not match or the firmware is altered, the SSD rejects the firmware. This prevents hackers from loading rogue firmware to steal or corrupt data.<\/span><\/span><\/p>\n<p>[\/et_pb_toggle][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSDs have gained a home both in small-scale personal computers and hyper-scale data centers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform (GCP). SSDs are used to store huge databases with trillions of confidential files and user data. System administrators want help from SSD manufacturers in keeping these files safe. That is [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":4868,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[23,3,110],"tags":[22],"class_list":["post-4861","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-all-posts","category-enterprise","category-security","tag-long-content"],"acf":[],"_links":{"self":[{"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/posts\/4861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/comments?post=4861"}],"version-history":[{"count":2,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/posts\/4861\/revisions"}],"predecessor-version":[{"id":86458,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/posts\/4861\/revisions\/86458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/media\/4868"}],"wp:attachment":[{"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/media?parent=4861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/categories?post=4861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phisonblog.com\/de\/wp-json\/wp\/v2\/tags?post=4861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}