SSDs have gained a home both in small-scale personal computers and hyper-scale data centers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform (GCP). SSDs are used to store huge databases with trillions of confidential files and user data. System administrators want help from SSD manufacturers in keeping these files safe. That is why Phison implemented code signing and image signatures.
Code signing
Code signing is a method of using a certificate-based digital signature to sign software and programs to ensure the code has not been changed or corrupted. This method helps developers and the software they write to determine whether some code can be trusted.
Digital signatures
Digital signature verification only allows authorized firmware to run on a device. It prevents the SSD from being hacked from unauthorized firmware upgrades.
HSM (Hardware Security Module)
HSM is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. The HSM uses strict security certificated standards: FIPS 140-2 Level 3 and common Criteria EAL4+.
FIPS 140-2 is a U.S. government computer security standard used to approve cryptographic modules. It defines four security levels: Level 1 is the lowest of security level and Level 4 provides the highest level of security.
Common Criteria is an international standard for computer security certification.
RSA based code sign flow:
-
- Generate firmware digest via SHA256 and PKCS encode method.
- Generate signature via signer’s private key and RSA-2048 encrypt.
- Merge the signature and signer’s public key to firmware image packet.
Summary
Code signing is a mandatory feature for high security, government, military, and hyper-scale data centers to ensure personal or confidential information is secure against backdoor hacking.
Frequently Asked Questions (FAQ) :
How does Phison implement code signing in its SSDs?
Phison uses RSA-2048 encryption and SHA256 hashing to generate signed firmware images. The process includes digest generation, private key encryption, and signature merging with a public key into a firmware image packet. This ensures that firmware can be authenticated at runtime.
What security certifications does Phison’s HSM meet?
Phison’s HSM implementation complies with:
- FIPS 140-2 Level 3, a U.S. government standard for cryptographic modules.
- Common Criteria EAL4+, an international standard for IT product security certification.
These certifications ensure the highest levels of trust and compliance.
What is the difference between code signing and digital signatures?
Code signing refers to the overall process of securing firmware using digital certificates. Digital signatures are a specific cryptographic mechanism used within this process to confirm the identity of the firmware source and verify its integrity. Together, they ensure trusted firmware execution.
Why is RSA-2048 used for code signing instead of a shorter key length?
RSA-2048 offers a strong balance between security and performance. It is widely accepted in enterprise security policies and provides sufficient protection against brute-force attacks. Shorter key lengths like RSA-1024 are no longer considered secure for critical systems.
How does code signing prevent unauthorized firmware updates?
During the boot or update process, the SSD checks the firmware’s digital signature against the stored public key. If the signature does not match or the firmware is altered, the SSD rejects the firmware. This prevents hackers from loading rogue firmware to steal or corrupt data.
English 
繁體中文 
简体中文 
日本語 
Deutsch 
한국어