TWI874051B - Method and computer program product and apparatus for programming and recovering protected data - Google Patents
Method and computer program product and apparatus for programming and recovering protected data Download PDFInfo
- Publication number
- TWI874051B TWI874051B TW112149162A TW112149162A TWI874051B TW I874051 B TWI874051 B TW I874051B TW 112149162 A TW112149162 A TW 112149162A TW 112149162 A TW112149162 A TW 112149162A TW I874051 B TWI874051 B TW I874051B
- Authority
- TW
- Taiwan
- Prior art keywords
- protected data
- flash memory
- data
- memory module
- metadata
- Prior art date
Links
Images
Landscapes
- Techniques For Improving Reliability Of Storages (AREA)
- Storage Device Security (AREA)
Abstract
Description
本發明涉及儲存裝置,尤指一種寫入和恢復受保護資料的方法、電腦程式產品及裝置。The present invention relates to a storage device, and more particularly to a method, a computer program product and a device for writing and restoring protected data.
閃存通常分為NOR閃存與NAND閃存。NOR閃存為隨機存取裝置,主機端(Host Side)可於位址腳位上提供任何存取NOR閃存的位址,並及時地從NOR閃存的資料腳位上獲得儲存於該位址上的資料。相反地,NAND閃存並非隨機存取,而是序列存取。NAND閃存無法像NOR閃存一樣,可以存取任何隨機位址,主機端反而需要寫入序列的位元組(Bytes)的值到NAND閃存中,用於定義請求命令(Command)的類型(如,讀取、寫入、丟棄、抹除等),以及用在此命令上的位址。位址可指向一個頁面(閃存中寫入作業的最小資料塊)或一個區塊(閃存中抹除作業的最小資料塊)。Flash memory is usually divided into NOR flash memory and NAND flash memory. NOR flash memory is a random access device. The host side can provide any address to access the NOR flash memory on the address pins and obtain the data stored at the address from the data pins of the NOR flash memory in a timely manner. In contrast, NAND flash memory is not randomly accessed, but sequentially accessed. NAND flash memory cannot access any random address like NOR flash memory. Instead, the host side needs to write the value of the sequence of bytes into the NAND flash memory to define the type of request command (such as read, write, discard, erase, etc.) and the address used in this command. An address can point to a page (the smallest block of data that can be written to flash memory) or a block (the smallest block of data that can be erased from flash memory).
寫入受保護資料到閃存模組之前,閃存控制器需要檢查受保護資料的安全性。如果從主機端接收到的受保護資料沒有通過鑑別,則閃存控制器不能寫入此受保護資料。Before writing protected data to the flash memory module, the flash memory controller needs to check the security of the protected data. If the protected data received from the host does not pass the authentication, the flash memory controller cannot write the protected data.
有鑑於此,如何減輕或消除上述相關領域的缺失,實為有待解決的問題。In view of this, how to alleviate or eliminate the deficiencies in the above-mentioned related areas is indeed a problem to be solved.
本說明書涉及一種寫入和恢復受保護資料的方法,由處理單元執行,包含:以多個批次從主機端接收資料寫入命令所指示的受保護資料;以及在使用編碼演算法以根據第一部分的受保護資料和鑑別密鑰產生中間計算結果後,安排為其餘部分的受保護資料的多個鑑別計算操作以及為所有部分的所述受保護資料的多個資料寫入操作,用以讓多個鑑別計算操作和多個資料寫入操作能夠部分並行執行。The present specification relates to a method for writing and recovering protected data, which is executed by a processing unit and includes: receiving protected data indicated by a data write command from a host in multiple batches; and after using a coding algorithm to generate an intermediate calculation result based on a first portion of the protected data and an identification key, arranging multiple identification calculation operations for the remaining portion of the protected data and multiple data write operations for all portions of the protected data, so that the multiple identification calculation operations and the multiple data write operations can be executed partially in parallel.
多個鑑別計算操作用以使用此編碼演算法依據所述中間計算結果、所述其餘部分的所述受保護資料和所述鑑別密鑰來計算訊息鑑別碼。每個資料寫入操作用以寫入相應部分的受保護資料和其關聯的元資料到閃存模組中的當前塊。元資料包含運用在瞬間斷電恢復程序中的用以判斷受保護資料是否通過鑑別的資訊。A plurality of authentication calculation operations are used to calculate a message authentication code using the encoding algorithm based on the intermediate calculation results, the remaining portion of the protected data and the authentication key. Each data writing operation is used to write the corresponding portion of the protected data and its associated metadata to the current block in the flash memory module. The metadata includes information used in the instantaneous power failure recovery process to determine whether the protected data has passed the authentication.
本說明書另涉及一種電腦程式產品,包含程式碼。當處理單元執行所述程式碼時,實施如上所述的寫入和恢復受保護資料的方法。The present specification also relates to a computer program product, comprising a program code. When a processing unit executes the program code, the method of writing and restoring protected data as described above is implemented.
本說明書還另涉及一種寫入和恢復受保護資料的裝置,包含:主機介面,耦接主機端;閃存介面,耦接閃存模組;處理單元,耦街主機介面和閃存介面。處理單元設置以驅動主機介面以多個批次從主機端接收資料寫入命令所指示的受保護資料;以及在使用編碼演算法以根據第一部分的受保護資料和鑑別密鑰產生中間計算結果後,安排為其餘部分的受保護資料的多個鑑別計算操作以及為所有部分的受保護資料的多個資料寫入操作,用以讓多個鑑別計算操作和多個資料寫入操作能夠部分並行執行。The present specification also relates to a device for writing and restoring protected data, comprising: a host interface coupled to a host end; a flash memory interface coupled to a flash memory module; and a processing unit coupled to the host interface and the flash memory interface. The processing unit is configured to drive the host interface to receive protected data indicated by a data write command from the host end in multiple batches; and after using a coding algorithm to generate an intermediate calculation result based on the first portion of the protected data and an identification key, arrange multiple identification calculation operations for the remaining portion of the protected data and multiple data write operations for all portions of the protected data, so that the multiple identification calculation operations and the multiple data write operations can be partially executed in parallel.
上述實施例的優點之一,通過在元資料中提供能夠用在瞬間斷電恢復程序中的用以判斷受保護資料是否通過鑑別的資訊,讓瞬間斷電恢復程序能夠參考元資料以丟棄已經寫入到閃存模組但沒有通過鑑別的受保護資料。One of the advantages of the above embodiment is that by providing information in the metadata that can be used in the instantaneous power failure recovery process to determine whether the protected data has passed the identification, the instantaneous power failure recovery process can refer to the metadata to discard the protected data that has been written to the flash memory module but has not passed the identification.
本發明的其他優點將搭配以下的說明和圖式進行更詳細的解說。Other advantages of the present invention will be explained in more detail with the following description and drawings.
以下將配合相關附圖來說明本發明的實施例。在這些附圖中,相同的標號表示相同或類似的組件、步驟或操作。The following will be used in conjunction with the accompanying drawings to illustrate embodiments of the present invention. In these drawings, the same reference numerals represent the same or similar components, steps or operations.
以下提供本揭露書的數個面向和實施例。有一些實施例可以獨立地實施,而有一些實施例可以讓所屬技術領域具有通常知識者在容易想到的情況下,結合起來實施。以下的描述只是為了說明的目的,其中的特定細節用以讓本發明申請的各個面向的能夠完整地被理解。然而,顯而易見的,這些實施例並不一定要這麼鉅細彌遺的完整實作。附圖和描述,並不欲作為本發明的限制。Several aspects and embodiments of the present disclosure are provided below. Some embodiments can be implemented independently, while some embodiments can be implemented in combination with one of ordinary skill in the art as would be easily conceived. The following description is for illustrative purposes only, and the specific details are provided to enable the various aspects of the present invention to be fully understood. However, it is apparent that these embodiments do not necessarily require such detailed and complete implementation. The accompanying drawings and descriptions are not intended to be limitations of the present invention.
之後的描述只是提供各種面向的示例,並不企圖用來限制本揭露書的範圍、可應用領域、或者設置環境。相反的,各種面向的示例將提供所屬技術領域具有通常知識者能夠據以實現的描述。需要理解的是,其中的元件功能和安排可以在不違反權利要求的應用範圍和精神的情況下,做出改變。The following descriptions are merely examples of various aspects and are not intended to limit the scope, applicable fields, or settings of the present disclosure. Instead, the examples of various aspects will provide descriptions that can be implemented by a person of ordinary skill in the art. It should be understood that the functions and arrangements of the components therein may be changed without violating the scope and spirit of the claims.
參考圖1。電子裝置10包含主機端(Host Side)110、閃存控制器130及閃存模組150,並且閃存控制器130及閃存模組150可合稱為裝置端(Device Side)。電子裝置10可實施於外接儲存裝置、個人電腦、筆記型電腦(Laptop PC)、平板電腦、手機、數位相機、數位攝影機、智慧電視、智慧電冰箱、車用電子系統(Automotive Electronics System)等電子產品之中。主機端110與閃存控制器130的主機介面(Host Interface)131可以通用序列匯流排(Universal Serial Bus,USB)、先進技術附著(Advanced Technology Attachment,ATA)、序列先進技術附著(Serial Advanced Technology Attachment,SATA)、快速周邊元件互聯(Peripheral Component Interconnect Express,PCI-E)、通用快閃記憶儲存(Universal Flash Storage,UFS)、嵌入式多媒體卡(Embedded Multi-Media Card,eMMC)等通訊協定彼此溝通。閃存控制器130的閃存介面(Flash Interface)139與閃存模組150可以雙倍資料率(Double Data Rate,DDR)通訊協定彼此溝通,例如,開放NAND快閃(Open NAND Flash Interface,ONFI)、雙倍資料率開關(DDR Toggle)或其他通訊協定。閃存控制器130包含處理單元134,可使用多種方式實施,如使用通用硬體(例如,微控制器單元、單一處理器、具平行處理能力的多處理器、圖形處理器或其他具運算能力的處理器),並且在執行軟體以及/或韌體指令時,提供之後描述的功能。處理單元134通過主機介面131接收主機命令,例如寫入命令(Write Command)、讀取命令(Read Command)、捨棄命令(Discard Command)、擦寫命令(Erase Command)等,排程並執行這些命令。閃存控制器130另包含隨機存取記憶體(Random Access Memory, RAM)136,可實施為動態隨機存取記憶體(Dynamic Random Access Memory,DRAM)、靜態隨機存取記憶體(Static Random Access Memory,SRAM)或上述兩者的結合,用於配置空間作為資料緩衝區,儲存從主機端110讀取並即將寫入閃存模組150的使用者資料(也可稱為主機資料),以及從閃存模組150讀取並即將輸出給主機端110的使用者資料。隨機存取記憶體136另可儲存執行過程中需要的資料,例如,變數、資料表、資料結構、主機-閃存對照表(Host-address to Flash-address Mapping/H2F Table)、閃存-主機對照表(Flash-address to Host-address Mapping/F2H Table)等。閃存介面139包含NAND閃存控制器(NAND Flash Controller,NFC),提供存取閃存模組150時需要的功能,例如命令序列器(Command Sequencer)、低密度奇偶校驗(Low Density Parity Check,LDPC)等。Referring to FIG. 1 , the
閃存控制器130中可配置匯流排架構(Bus Architecture)132,用於讓元件之間彼此耦接以傳遞資料、位址、控制訊號等,這些元件包含但不限於主機介面131、處理單元134、RAM 136、閃存介面139等。元件中的直接記憶體存取(Direct Memory Access,DMA)電路可依據指令或控制訊號,通過匯流排架構132在元件間遷移資料,例如,主機介面131或閃存介面139中的DMA電路將其中的資料緩存器(Data Buffer)的資料搬到RAM 136中的特定位址,或者將RAM 136中特定位址的資料搬到其中的特定資料緩存器等。The
閃存模組150提供大量的儲存空間,通常是數百個千兆位元組(Gigabytes,GB),甚至是數個萬億位元組(Terabytes,TB),用於儲存大量的使用者資料,例如高解析度圖片、影片等。閃存模組150中包含控制電路以及記憶體陣列,記憶體陣列中的記憶單元可組態為單層式單元(Single Level Cells, SLCs)、多層式單元(Multiple Level Cells, MLCs)三層式單元(Triple Level Cells, TLCs)、四層式單元(Quad-Level Cells QLCs)或上述的任意組合。處理單元134通過閃存介面139寫入使用者資料到閃存模組150中的指定位址(目的位址),以及從閃存模組150中的指定位址(來源位址)讀取使用者資料。閃存介面139使用數個電子訊號來協調閃存控制器130與閃存模組150間的資料與命令傳遞,包含資料線(Data Line)、時脈訊號(Clock Signal)與控制訊號(Control Signal)。資料線可用於傳遞命令、位址、讀出及寫入的資料;控制訊號線可用於傳遞晶片致能(Chip Enable,CE)、位址提取致能(Address Latch Enable,ALE)、命令提取致能(Command Latch Enable,CLE)、寫入致能(Write Enable,WE)等控制訊號。The
參考圖2,閃存模組150中的介面151可包含四個輸出入通道(I/O channels,以下簡稱通道)CH#0至CH#3,每一個通道連接四個NAND閃存單元,例如,通道CH#0連接NAND閃存單元153#0、153#4、153#8及153#12。每個NAND閃存單元可封裝為獨立的芯片(die)。閃存介面139可通過介面151發出致能訊號CE#0至CE#3中的一個來致能NAND閃存單元153#0至153#3、153#4至153#7、153#8至153#11、或153#12至153#15,接著以並行的方式從致能的NAND閃存單元讀取使用者資料,或者寫入使用者資料至致能的NAND閃存單元。2, the
參考圖3的NAND閃存單元的部分硬體架構。每個NAND閃存單元可包含記憶塊(Memory Blocks)300,記憶體塊300包含多個記憶單元,例如浮閘電晶體(Floating Gate Transistors)310或其他電荷捕捉裝置(Charge Trap Devices)。記憶體塊300的結構包含多條位元線(Bit Lines)和多條字元線(Word Lines)。為求簡明,圖3只標示位元線BL1至BL3,以及字元線WL0至WL5。舉例來說,字元線WL0至WL2、WL3至WL5上的浮閘電晶體分別形成不同頁面,用以儲存兩個頁面的資料。Refer to FIG. 3 for a partial hardware architecture of a NAND flash memory cell. Each NAND flash memory cell may include a
主機端110分配一段連續的邏輯區塊位址(Logical Block Addresses,LBA)給受保護資料,並且發出攜帶LBA的特殊寫入命令給閃存控制器130,用以指示閃存控制器130將指定LBA的受保護資料寫入閃存模組150。閃存控制器130可在閃存模組150中儲存受保護資料,例如重播保護記憶塊(Replay Protected Memory Block,RPMB)資料、進階重播保護記憶塊(Advanced RPMB)資料等。由於受保護資料通常為機密性或敏感性資料,例如系統資訊、作業系統使用到的鍵值等,因此從主機端110接收到的受保護資料在寫入到閃存模組150之前,或者從閃存模組150讀取到的受保護資料在回覆給主機端110之前,必須讓受保護資料經過鑑別處理。一旦受通過鑑別後,閃存控制器130才能夠把受保護資料寫入到閃存模組150或者把讀出的受保護資料回覆給主機端110。The
以進階RPMB為例,主機端110在初始時將鑑別密鑰(Authentication Key)寫入裝置端的指定區域中,例如一次編程(One Time Programmable,OTP)區域,其長度為32位元組,使得裝置端將來可使用指定的編碼演算法(如,SHA128、SHA256、SHA512等)和認證密鑰來檢驗從主機端110傳送來的受保護資料。Taking Advanced RPMB as an example, the
主機端110可使用一個鑑別資料寫入命令(Authenticated Data Write Command)來寫入64K或128K位元組的受保護資料。詳細來說,參考圖4所示的進階RPMB的資料寫入的順序圖。主機端110可發送命令通用快閃記憶儲存協議資訊單元(Command UFS Protocol Information Unit—UPIU)430給裝置端400,其中包含安全協議輸出“SECURITY PROTOCOL OUT”的操作碼和額外標題段(Extra Header Segment,EHS)欄位。EHS欄位中的請求類型(Request Type)為鑑別資料寫入請求(Authenticated Data Write Request)“0003h”。 EHS欄位包含這64K位元組的受保護資料的LBAs。EHS欄位另包含32位元組的訊息鑑別碼(Message Authentication Code,MAC),用於讓裝置端400檢驗接下來將傳送的64K位元組的RPMB資料。MAC是主機端110使用指定的編碼演算法(如,SHA128、SHA256、SHA512等)及認證密鑰,根據64K位元組的受保護資料來產生的。此認證密鑰相同於初始時寫入裝置端400的鑑別密鑰。裝置端400通過主機介面131接收到此COMMAND UPIU 340後,準備開始接收受保護資料。The
一但準備就緒,主機端110和裝置端400會協力地反覆執行一個迴圈450以讓裝置端400接收64K位元組的受保護資料。在每次迭代中,主機介面131可傳送傳輸就緒通用快閃記憶儲存協議資訊單元(Ready To Transfer UFS Protocol Information Unit,RTT UPIU)451給主機端110。每次在主機端110接收到RTT UPIU 451後,傳送資料輸出通用快閃記憶儲存協議資訊單元(DATA Out UFS Protocol Information Unit—UPIU)455給裝置端400,使得主機介面131可接收DATA Out UPIU 455中攜帶的4K位元組的受保護資料,並且將接收到的受保護資料儲存在其中的資料緩存器。Once ready, the
不論裝置端400是否成功地將64K位元組的受保護資料寫入閃存模組150,當裝置端400接收完相應於COMMAND UPIU 430的64K位元組的受保護資料之後,主機介面131傳送回覆通用快閃記憶儲存協議資訊單元(Response UFS Protocol Information Unit—UPIU)470給主機端110,其中包含EHS欄位。EHS欄位中的訊息類型(Message Type)為鑑別資料寫入回覆(Authenticated Data Write Response)“0300h”。Regardless of whether the
為了確保64K位元組的受保護資料的安全性,在一些實施例,處理單元134可執行計算機指令來實施指定的編碼演算法(如,SHA128、SHA256、SHA512等),用以根據接收到的受保護資料和OTP區域中的鑑別密鑰產生MAC。接著,處理單元134判斷COMMAND UPIU 430中攜帶的MAC是否相同於指定的編碼演算法所計算出來的MAC。如果相同,則處理單元134判定64K位元組的受保護資料在傳輸過程中沒有遺漏或被篡改,且發送端為合法來源,並且驅動閃存介面139將受保護資料寫入閃存模組150。如果不相同,則處理單元134不讓64K位元組的受保護資料成功寫入閃存模組150。In order to ensure the security of the 64K-byte protected data, in some embodiments, the
閃存模組150中的每個實體塊依其功能可區分為當前塊(Current block)或資料塊(Data Block)。處理單元134可在每個NAND閃存單元中選擇出一個空的實體塊做為當前塊,用於預備寫入從主機端110接收的受保護資料。為了提昇資料寫入的效率,主機端110提供的受保護資料可並行地寫入多個NAND閃存單元中的多個當前塊中的特定頁面。處理單元134可在RAM 136中維護每個當前塊的閃存-主機對照表(F2H Table),包含多筆紀錄,依頁面編號的順序儲存當前塊中每個頁面的受保護資料或一般使用者資料(Normal User Data)關聯於於哪個邏輯位址的資訊。邏輯位址可使用邏輯區塊位址(Logical Block Address,LBA)或其他方式表示,由主機端110管理。一個當前塊中的所有頁面都儲存滿資料之後,或者一個當前塊中的剩餘頁面都填入虛假值之後,處理單元134可驅動閃存介面139將RAM 136中的相應F2H表寫入當前塊的指定頁面(例如最後一個頁面),或者其他指定實體塊中的空頁面。當相應F2H表已經寫入閃存模組150後,當前塊就改變為資料塊,換句話說,其中儲存的使用者資料不會再改變。需要注意的是,橫跨不同NAND閃存單元的當前塊可稱為超當前塊(Super Current Block),而橫跨不同NAND閃存單元的特定頁面可稱為超頁面(Super Page)。但為了簡化說明,以下段落中所稱的當前塊可代表橫跨不同NAND閃存單元的超當前塊中的一個或者多個當前塊,而實體頁面可代表橫跨不同NAND閃存單元的超頁面中的一個或者多個實體頁面。Each physical block in the
參考圖5所示的一些實施方式的受保護資料的寫入示意圖。處理單元134在時間區間510,驅動主機介面131從主機端110獲取受保護資料,並且將受保護資料儲存在RAM 136的指定位址。之後,在時間區間520,處理單元134使用指定的編碼演算法,根據獲取的受保護資料和鑑別密鑰來產生MAC。接著,處理單元134在時間區間t
CMP比較主機端110傳送來的MAC和裝置端400計算出來的MAC。當兩者相同時,處理單元134才能驅動閃存介面139以將受保護資料寫入到閃存模組150。
Refer to FIG. 5 for a schematic diagram of writing protected data of some embodiments. The
假設處理單元134以兩個輸出入通道CH#0和CH#1寫入受保護資料資料到閃存模組150:處理單元134在時間區間531驅動閃存介面139以輸出入通道CH#0來傳送部分的受保護資料(例如在時間區間510中接收到的第一部分)至閃存模組150。在時間區間531之後,處理單元134驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作,而實際的寫入操作需要一段時間區間542;並且在時間區間551驅動閃存介面139以輸出入通道CH#1來傳送部分的受保護資料(例如在時間區間510中接收到的第二部分)至閃存模組150。在時間區間551之後,處理單元134驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作,而實際的寫入操作需要一段時間區間562。在時間區間542之後,處理單元134在時間區間533驅動閃存介面139以輸出入通道CH#0來傳送部分的受保護資料(例如在時間區間510中接收到的第三部分)至閃存模組150。在時間區間533之後,處理單元134驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作,而實際的寫入操作需要一段時間區間544;並且在時間區間553驅動閃存介面139以輸出入通道CH#1來傳送部分的受保護資料(例如在時間區間510中接收到的第四部分)至閃存模組150。在時間區間553之後,處理單元134驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作,而實際的寫入操作需要一段時間區間564。Assume that the
為了縮短如上所述的受保護資料的寫入時間,本發明實施例提出一種資料寫入方法,用於讓MAC的計算和受保護資料的實際寫入並行執行。參考圖6所示的並行執行的MAC計算和受保護資料的寫入示意圖。處理單元134以四個批次來驅動主機介面131從主機端110獲取部分的受保護資料,並且將受保護資料儲存在RAM 136的指定位址。例如,處理單元134在時間區間611、613、615和617中的每一段,驅動主機介面131以從主機端110獲取部分的受保護資料。在時間區間611之後,處理單元134在時間區間622使用指定的編碼演算法,根據獲取的受保護資料和鑑別密鑰來產生中間計算結果。在時間區間613或615之後,處理單元134在時間區間624或626使用指定的編碼演算法,根據新獲取的受保護資料、之前產生的中間計算結果和鑑別密鑰來更新中間計算結果。在時間區間617之後,處理單元134以時間區間628來使用指定的編碼演算法,根據新獲取的受保護資料、之前產生的中間計算結果和鑑別密鑰來產生MAC。接著,處理單元134在時間區間t
CMP比較主機端110傳送來的MAC和裝置端400計算出來的MAC。當兩者相同時,處理單元134才能驅動閃存介面139以將受保護資料寫入到閃存模組150。舉例來說,處理單元134通過主機介面131在時間區間611、613、615和617中的任一段獲取16K位元組的受保護資料。一旦主機介面131的實體層(未顯示)從主機端110收集完16K位元組的受保護資料並儲存到主機介面131的資料緩存器(未顯示)後,主機介面131的DMA電路(未顯示)通過匯流排架構132將資料緩存器中的16K位元組的受保護資料儲存到RAM 136中的指定位址。16K位元組的受保護資料可完整寫入閃存模組150的當前塊中的一個實體頁。整個64K位元組的受保護資料可寫入閃存模組150的指定當前塊中的四個實體頁。為了縮短受保護資料的寫入時間,處理單元134在期間622結束後,立即開始驅動閃存介面139以輸出入通道CH#0來傳送16K位元組的受保護資料(也就是在時間區間611中接收到的)至閃存模組150,而實際的傳輸操作需要一段時間區間631。在時間區間631之後,處理單元134立即驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作,而實際的寫入操作需要一段時間區間642;並且立即驅動閃存介面139以輸出入通道CH#1來傳送16K位元組的受保護資料(例如在時間區間613中接收到的)至閃存模組150,而實際的傳輸操作需要一段時間區間651。在時間區間651之後,處理單元134立即驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作,而實際的寫入操作需要一段時間區間662。時間區間633、653、644和664的操作分別類似於時間區間533、553、544和564的技術細節,為求簡明不再贅述。
In order to shorten the writing time of the protected data as described above, the embodiment of the present invention proposes a data writing method for allowing the calculation of MAC and the actual writing of protected data to be performed in parallel. Refer to the schematic diagram of the parallel execution of MAC calculation and protected data writing shown in Figure 6. The
然而,如果64K位元組的受保護資料被鑑別為不合法,但至少一個16K位元組的受保護資料已經寫入閃存模組150的實體頁後發生了瞬間斷電(Sudden Power Off,SPO),會發生不可預期的錯誤。因為RAM 136中的鑑別結果因為斷電而消失,使得這些已寫入實體頁中的部分受保護資料卻在之後的瞬間斷電恢復(Sudden Power Off Recovery,SPOR)程序中被錯誤的保留下來,危害了安全性。雖然說明書中描述了一些技術缺點,但這只是說明以下所述的發明實施例的原始啟發。所屬技術領域人員可應用這些技術解決方案以解決其他技術問題,或者是應用到其他技術環境,本發明不應該因此受侷限。However, if the 64K bytes of protected data are identified as illegal, but a sudden power off (SPO) occurs after at least one 16K bytes of protected data has been written into the physical page of the
為了解決或緩解如上所述實施例的缺陷,處理單元134以多個批次通過主機介面131從主機端110接收資料寫入命令所指示的受保護資料;以及在使用編碼演算法以根據第一部分的受保護資料和鑑別密鑰產生中間計算結果後,安排為其餘部分的受保護資料的多個鑑別計算操作以及為所有部分的受保護資料的多個資料寫入操作,用以讓多個鑑別計算操作和多個資料寫入操作能夠部分並行執行。所述多個鑑別計算操作用以使用相同編碼演算法依據中間計算結果、其餘部分的受保護資料和相同鑑別密鑰來計算MAC。每個資料寫入操作用以通過閃存介面139寫入相應部分的受保護資料和其關聯的元資料到閃存模組150中的當前塊的一個實體頁。元資料包含將來使用在SPOR程序中的關於保護資料是否通過鑑別的資訊。In order to solve or alleviate the defects of the above-mentioned embodiments, the
本發明實施例提出如圖7所示的受保護資料的寫入方法,以及如圖8所示的在SPOR程序中實施的相應受保護資料的重建方法。除了儲存受保護資料之外,每個實體頁還會保留一些空間(例如,96位元組)來讓處理單元134儲存元資料(Metadata)、循環冗餘校驗碼(Cyclic Redundancy Check,CRC)和錯誤檢查修正碼(Error Check and Correction,ECC)。元資料用於描述此實體頁中的受保護資料。元資料可包含受保護資料的四個LBA,每個LBA指出4K位元組的受保護資料的邏輯位址。為了確保一個資料寫入命令(如,鑑別資料寫入命令)的受保護資料的安全性,處理單元134可在每個實體頁的元資料儲存寫入頁面總數和此頁面索引。並且,在最後一個實體頁的元資料儲存整個受保護資料的鑑別結果。CRC是根據此實體頁中儲存的受保護資料和元資料所產生,用於檢查相應受保護資料和元資料中是否含有錯誤位元。ECC也是根據此實體頁中儲存的受保護資料和元資料所產生,用於更正相應受保護資料和元資料中的有限數目的錯誤位元。ECC可為低密度奇偶較驗碼(Low-Density Parity Check Code,LDPC)、BCH碼(Bose–Chaudhuri–Hocquenghem Code)等。The embodiment of the present invention proposes a method for writing protected data as shown in FIG7 , and a method for reconstructing the corresponding protected data implemented in a SPOR procedure as shown in FIG8 . In addition to storing protected data, each physical page also reserves some space (e.g., 96 bytes) for the
參考圖7所示的寫入受保護資料的方法流程圖,此方法由處理單元134在載入和執行韌體轉換層(Firmware Translation Layer,FTL)的程式碼時實施,詳細說明如下:Referring to the flowchart of the method for writing protected data shown in FIG. 7 , the method is implemented by the
步驟S710:使用指定的編碼演算法以根據首部分的受保護資料和鑑別密鑰產生中間計算結果。Step S710: Use a specified encoding algorithm to generate an intermediate calculation result based on the protected data in the header and the identification key.
步驟S720:將變數i設為0。處理單元134可使用變數i來記錄相應於資料寫入命令的受保護資料的頁面索引。Step S720: Set the variable i to 0. The
步驟S730:將第i+1個部分的受保護資料的LBAs、頁面索引idx=i和寫入頁面總數(Write Page Count)MAXpg儲存到RAM 136的元資料區域。寫入頁面總數MAXpg設定以指出受保護資料的一個資料寫入命令所需要的實體頁面總數。Step S730: Store the LBAs, page index idx=i and write page count MAXpg of the i+1th portion of protected data in the metadata area of the
步驟S740:判斷變數i是否等於寫入頁面總數MAXpg減1。如果是,代表此次迭代中所要寫入的實體頁為此資料寫入命令的最後一個實體頁(也可以代表此次迭代中所要寫入的資料關聯於最後一個部分的受保護資料),則流程繼續進行步驟S762的處理;否則,流程繼續進行步驟S752的處理。Step S740: Determine whether the variable i is equal to the total number of written
步驟S752:驅動閃存介面139以將第i+1個部分的受保護資料、元資料、CRC和ECC經由特定輸出入通道傳送到閃存模組150。需要注意的是,此步驟中所傳送的元資料中並不包含整個受保護資料的鑑別結果。此外,處理單元134在驅動閃存介面139之後,隨即可以跳開以執行其他任務(例如,執行指定的編碼演算法),而不需要等待實際的傳輸操作完成後才能執行其他任務。Step S752: Drive the
步驟S754:驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作。需要注意的是,處理單元134在驅動閃存介面139之後,隨即可以跳開以執行其他任務(例如,執行指定的編碼演算法),而不需要等待實際的寫入操作完成後才能執行其他任務。在寫入操作完成後,處理單元139更新暫存於RAM 136中的對照表(Mapping Table),也可稱為主機-閃存對照表(H2F Table),用以修改第i個部分的受保護資料的LBAs所對應到的實體位址。對照表包含多筆紀錄,依據LBA編號由小到大儲存每個LBA編號所對應到的實體位址。Step S754: Drive the
步驟S756:偵測到閃存介面139和閃存模組150處於可用狀態。Step S756: Detect that the
步驟S758:將變數i加1。Step S758: Increase the variable i by 1.
步驟S762:將整個受保護資料的鑑別結果儲存到RAM 136中的元資料區域。Step S762: Store the identification result of the entire protected data into the metadata area in
步驟S764:驅動閃存介面139以將最後一個部分的受保護資料、元資料、CRC和ECC經由特定輸出入通道傳送到閃存模組150。需要注意的是,處理單元134在驅動閃存介面139之後,隨即可以跳開以執行其他任務(例如,執行指定的編碼演算法),而不需要等待實際的傳輸操作完成後才能執行其他任務。Step S764: Drive the
步驟S766:驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作。需要注意的是,處理單元134在驅動閃存介面139之後,隨即可以跳開以執行其他任務(例如,執行指定的編碼演算法),而不需要等待實際的寫入操作完成後才能執行其他任務。在寫入操作完成後,處理單元134更新暫存於RAM 136中的對照表,用以修改最後一個部分的受保護資料的LBAs所對應到的實體位址。當處理單元134為最後一個部分的受保護資料更新完RAM 136中的對照表後,不一定會驅動閃存介面139將RAM 136中的對照表寫入閃存模組150中的指定實體位址。在正常情況下,處理單元134會在當前塊被寫滿後,才驅動閃存介面139將RAM 136中的對照表寫入閃存模組150中的指定實體位址。需要注意的是,當RAM 136中的對照表寫入閃存模組150中的指定實體位址時,此受保護資料才能視為被安全地保存在閃存模組150。Step S766: Drive the
參考圖6,假設一個鑑別資料寫入命令可指示閃存控制器130寫入64K位元組的受保護資料,而且閃存模組150的一個實體頁可儲存4個LBAs(也就是16K位元組)的受保護資料:閃存控制器130在執行鑑別資料寫入命令時,將64K位元組的受保護資料寫入到閃存模組150的指定當前塊的四個實體頁。在步驟S730中,第一個實體頁的索引為0,第二個實體頁的索引為1,依此類推。寫入頁面總數MAXpg設定為4。6 , assuming that an identification data write command can instruct the
處理單元134在時間區間622執行步驟S710。接著,為第一個部分的受保護資料,處理單元134在時間區間631依序執行步驟S720、S730、S740和S752,並且在時間區間642執行步驟S754。接著,為第二個部分的受保護資料,處理單元134在時間區間651依序執行步驟S756、S758、S730、S740和S752,並且在時間區間662執行步驟S754。接著,為第三個部分的受保護資料,處理單元134在時間區間633依序執行步驟S756、S758、S730、S740和S752,並且在時間區間644執行步驟S754。接著,為最後一個部分的受保護資料,處理單元134在時間區間653依序執行步驟S756、S758、S730、S740、S762和S764,並且在時間區間664執行步驟S766。如果時間區間t
CMP中發現主機端110傳送來的MAC和裝置端400計算出來的MAC相同時,相應於最後一個部分的受保護資料的元資料中包含鑑別成功的資訊。反之,相應於最後一個部分的受保護資料的元資料中包含鑑別失敗的資訊。相應於最後一個部分的受保護資料的元資料中可包含一個位元的鑑別旗標,用於指出鑑別成功或失敗的資訊。
The
搭配圖7的受保護資料的寫入方法,參考圖8所示的在SPOR程序中實施的受保護資料的重建方法流程圖,此方法由處理單元134在載入和執行FTL的程式碼時實施,詳細說明如下:In conjunction with the protected data writing method of FIG. 7 , refer to the flowchart of the protected data reconstruction method implemented in the SPOR program shown in FIG. 8 . This method is implemented by the
步驟S810:驅動閃存介面139以從閃存模組150中讀取受保護資料的對照表,並且儲存對照表至RAM 136的指定位址。Step S810: Drive the
步驟S820:從閃存模組150中的用於儲存受保護資料的當前塊中找到瞬間斷電前的最後一個成功寫入頁(Last Success-programmed Page Before SPO)。處理單元134可從閃存模組150中的用於儲存受保護資料的當前塊中的最後一個實體頁開始向前掃描,用以反覆讀取一個實體頁中的受保護資料、元資料、CRC和ECC,直到找到斷電前的最後一個成功寫入頁為止。針對每次迭代的讀取,處理單元134檢查原始的受保護資料和元資料是否能夠使用CRC來通過初步檢測。如果能通過初步檢測,則此實體頁為瞬間斷電前的最後一個成功寫入頁。如果不能通過初步檢測,則使用ECC來修正受保護資料和元資料中的錯誤位元以產生修正後的受保護資料和元資料。接著,處理單元134檢查修正後的受保護資料和元資料是否能夠使用CRC來通過再次檢測。如果能通過再次檢測,則此實體頁為瞬間斷電前的最後一個成功寫入頁。如果不能通過再次檢測,則此實體頁被標記為無法錯誤校驗修正的頁面(Uncorrectable ECC—UECC page)。Step S820: Find the last successfully written page (Last Success-programmed Page Before SPO) from the current block for storing protected data in the
步驟S830:從瞬間斷電前的最後一個成功寫入頁中的元資料獲取頁面索引idx和寫入頁面總數MAXpg。Step S830: Obtain the page index idx and the total number of written pages MAXpg from the metadata of the last successfully written page before the instantaneous power failure.
步驟S840:判斷頁面索引idx是否等於寫入頁面總數MAXpg減1。如果是,代表此瞬間斷電前的最後一個成功寫入頁為一個資料寫入命令的最後一個實體頁,繼續進行步驟S850的處理;否則,流程繼續進行步驟S870的處理。Step S840: Determine whether the page index idx is equal to the total number of written
步驟S850:判斷元資料中是否包含鑑別成功的資訊。如果是,繼續進行步驟S860的處理;否則,流程繼續進行步驟S870的處理。Step S850: Determine whether the metadata contains information of successful identification. If yes, proceed to step S860; otherwise, the process continues to step S870.
步驟S860:更新RAM 136中的對照表。處理單元134驅動閃存介面139以從閃存模組150中讀取此資料寫入命令的其他實體頁。根據此瞬間斷電前的最後一個成功寫入頁和其他實體頁儲存在閃存模組150的實體位址以及此瞬間斷電前的最後一個成功寫入頁和其他實體頁的元資料中的LBAs,更新RAM 136中的對照表。接著,驅動閃存介面139以將RAM 136中的更新後的對照表儲存到閃存模組150中的指定位址,以反映通過鑑別的整個受保護資料在瞬間斷電前寫入閃存模組150的狀態。換句話說,當更新後的對照表儲存到閃存模組150之後,瞬間斷電前的受保護資料得以成功地恢復。Step S860: Update the lookup table in
步驟S870:不更新RAM 136中的對照表,使得未通過鑑別的整個受保護資料不能成功地寫入閃存模組150。Step S870: The comparison table in
在另一些實施例中,本發明還提出如圖9所示的受保護資料的寫入方法,以及如圖11所示的在SPOR程序中實施的相應受保護資料的重建方法。類似地,每個實體頁還會保留一些空間來讓處理單元134儲存元資料、CRC和ECC。為了確保一個資料寫入命令(如,鑑別資料寫入命令)的受保護資料的安全性,處理單元134可在每個實體頁的元資料儲存寫入頁面總數和此頁面索引,但不會在最後一個實體頁的元資料儲存整個受保護資料的鑑別結果。In other embodiments, the present invention also proposes a protected data writing method as shown in FIG9 , and a corresponding protected data reconstruction method implemented in a SPOR program as shown in FIG11 . Similarly, each physical page also reserves some space for the
參考圖9所示的寫入受保護資料的方法流程圖,此方法由處理單元134在載入和執行FTL的程式碼時實施。圖9中的步驟S710、S720、S730、S752、S754、S756、S758、S764和S766的技術細節基本上和圖7的一致,為求簡明不再贅述。圖9中所示的方法不執行圖7中的步驟S762。圖9中所包含的不同於圖7的技術細節,詳細說明如下:Referring to the flowchart of the method for writing protected data shown in FIG9 , the method is implemented by the
步驟S910:判斷變數i是否等於寫入頁面總數MAXpg減1。如果是,代表此次迭代中所要寫入的實體頁為此資料寫入命令的最後一個實體頁(也可以代表此次迭代中所要寫入的資料關聯於最後一個部分的受保護資料),則流程繼續進行步驟S920的處理;否則,流程繼續進行步驟S752的處理。Step S910: Determine whether the variable i is equal to the total number of written
步驟S920:判斷整個受保護資料是否鑑別成功。如果是,則流程繼續進行步驟S764的處理;否則,流程結束,不將最後一個部分的受保護資料寫入閃存模組150。Step S920: Determine whether the entire protected data is successfully identified. If yes, the process continues to process step S764; otherwise, the process ends and the last portion of the protected data is not written into the
圖9所示的受保護資料的寫入方法的實際執行同樣可以參考圖6,而假設條件可參考以上段落的說明。處理單元134在時間區間631、642、651、662、633和644中所執行的步驟可參考以上段落的說明,為求簡明不再贅述。如果整個受保護資料通過鑑別,為最後一個部分的受保護資料,處理單元134在時間區間653依序執行步驟S756、S758、S730、S910、S920和S764,並且在時間區間664執行步驟S766。需要注意的是,由於圖9並沒有執行如圖7所示的步驟S762,因此,在步驟S766中所寫入的關聯於最後一個部分的受保護資料的元資料中並沒有鑑別結果的資訊。The actual execution of the protected data writing method shown in FIG. 9 can also refer to FIG. 6, and the assumptions can refer to the description in the above paragraph. The steps executed by the
如果整個受保護資料沒有通過鑑別,受保護資料的寫入可參考圖10所示的示意圖。相較於圖6,圖10缺少了時間區間653和664。If the entire protected data fails to pass the identification, the writing of the protected data can refer to the schematic diagram shown in Figure 10. Compared with Figure 6, Figure 10 lacks
搭配圖9的受保護資料的寫入方法,參考圖11所示的在SPOR程序中實施的受保護資料的重建方法流程圖。圖11中的步驟S810、S820、S830、S860和S870的技術細節基本上和圖8的一致,為求簡明不再贅述。由於最後一個實體頁中的元資料不包含鑑別結果,圖11中所示的方法不執行圖8中的步驟S850。圖11中所包含的不同於圖8的技術細節,詳細說明如下:In conjunction with the protected data writing method of FIG9 , refer to the flowchart of the protected data reconstruction method implemented in the SPOR program shown in FIG11 . The technical details of steps S810, S820, S830, S860 and S870 in FIG11 are basically the same as those in FIG8 , and will not be repeated for the sake of brevity. Since the metadata in the last entity page does not include the identification result, the method shown in FIG11 does not execute step S850 in FIG8 . The technical details included in FIG11 that are different from those in FIG8 are described in detail as follows:
步驟S1110:判斷頁面索引idx是否等於寫入頁面總數MAXpg減1。如果是,代表此瞬間斷電前的最後一個成功寫入頁為一個資料寫入命令的最後一個實體頁(也可以代表此瞬間斷電前的最後一個成功寫入頁所寫入的資料關聯於最後一個部分的受保護資料),繼續進行步驟S860的處理;否則,流程繼續進行步驟S870的處理。Step S1110: Determine whether the page index idx is equal to the total number of written
在另一些實施例中,本發明還提出如圖12所示的受保護資料的寫入方法。類似地,每個實體頁還會保留一些空間來讓處理單元134儲存元資料、CRC和ECC。但是,處理單元134不會為受保護資料的安全性在元資料中儲存任何資訊。In other embodiments, the present invention also proposes a method for writing protected data as shown in FIG12. Similarly, each physical page also reserves some space for the
參考圖12所示的寫入受保護資料的方法流程圖,此方法由處理單元134在載入和執行FTL的程式碼時實施。圖12中的步驟S710、S720、S752、S754、S756、S758、S764和S766的技術細節基本上和圖7的一致,為求簡明不再贅述。圖12中所示的方法不執行圖7中的步驟S730和S762。圖12中所包含的不同於圖7的技術細節,詳細說明如下:Referring to the flowchart of the method for writing protected data shown in FIG12, the method is implemented by the
步驟S1210:判斷變數i是否等於寫入頁面總數MAXpg減1。如果是,代表此迭代中所要寫入的實體頁為此資料寫入命令的最後一個實體頁(也可以代表此次迭代中所要寫入的資料關聯於最後一個部分的受保護資料),則流程繼續進行步驟S764的處理;否則,流程繼續進行步驟S752的處理。Step S1210: Determine whether the variable i is equal to the total number of written
步驟S1220:在驅動閃存介面139以發出命令給閃存模組150以開始最後一個部分的受保護資料的實際寫入操作後,判斷整個受保護資料的鑑別是否成功。如果是,則流程繼續進行步驟S1230的處理;否則,流程結束,不將RAM 136中更新後的對照表寫入閃存模組150。需要注意的是,如果更新後的對照表沒有寫入到閃存模組150,則閃存模組150只保留前一個版本的對照表,造成此資料寫入命令的受保護資料就算被寫入到閃存模組150中還是沒辦法被讀取出來。Step S1220: After driving the
步驟S1230:偵測到閃存介面139和閃存模組150處於可用狀態。Step S1230: Detect that the
步驟S1240:驅動閃存介面139以將RAM 136中的更新後的對照表經由特定輸出入通道傳送到閃存模組150。需要注意的是,處理單元134在驅動閃存介面139之後,隨即可以跳開以執行其他任務,而不需要等待實際的傳輸操作完成後才能執行其他任務。Step S1240: Drive the
步驟S1250:驅動閃存介面139以發出命令給閃存模組150,用以開始實際的寫入操作。需要注意的是,處理單元134在驅動閃存介面139之後,隨即可以跳開以執行其他任務,而不需要等待實際的寫入操作完成後才能執行其他任務。Step S1250: Drive the
參考圖13所示的受保護資料的寫入示意圖。假設一個鑑別資料寫入命令可指示閃存控制器130寫入64K位元組的受保護資料,而且閃存模組150的一個實體頁可儲存4個LBAs(也就是16K位元組)的受保護資料:閃存控制器130在執行鑑別資料寫入命令時,將64K位元組的受保護資料寫入到閃存模組150的指定當前塊的四個實體頁。Refer to the schematic diagram of protected data writing shown in Figure 13. Assume that an identification data write command can instruct the
處理單元134在時間區間611、613、615、617、622、624、626和628中所執行的操作可參考以上段落的說明,為求簡明不再贅述。處理單元134在時間區間622執行步驟S710。接著,為第一個部分的受保護資料,處理單元134在時間區間1331依序執行步驟S720、S1210和S752,並且在時間區間1342執行步驟S754。接著,為第二個部分的受保護資料,處理單元134在時間區間1351依序執行步驟S756、S758、S1210和S752,並且在時間區間1362執行步驟S754。接著,為第三個部分的受保護資料,處理單元134在時間區間1333依序執行步驟S756、S758、S1210和S752,並且在時間區間1344執行步驟S754。接著,為最後一個部分的受保護資料,處理單元134在時間區間1353依序執行步驟S756、S758、S1210和S764,並且在時間區間1364執行步驟S766。如果處理單元134在步驟S1220中發現主機端110傳送來的MAC和裝置端400計算出來的MAC相同時,在時間區間1335依序執行步驟S1230和S1240,並且在時間區間1346執行步驟S1250。The operations performed by the
搭配圖12的受保護資料的寫入方法,針對受保護資料,SPOR程序中並不額外實施受保護資料的重建方法。因為,閃存模組150的受保護資料的對照表中所包含的所有有效紀錄,不會關聯到還沒有通過鑑別的受保護資料。In conjunction with the protected data writing method of FIG. 12 , the SPOR procedure does not additionally implement a protected data reconstruction method for the protected data, because all valid records contained in the protected data comparison table of the
儘管本發明在本文中參照具體實施例進行說明和描述,但本發明並不意圖要限定到所示的細節。相反的,在不脫離本發明的情況下,可以在權利要求的範圍和均等範圍內對細節進行各種修改。應當離解,以上描述是對本發明的說明,不應被解釋為限制本發明。在不脫離由權利要求限定的本發明的範圍的情況下,所屬技術領域具有通常知識者可以想到實施例的各種修改、應用和/或結合。Although the present invention is illustrated and described herein with reference to specific embodiments, the present invention is not intended to be limited to the details shown. On the contrary, various modifications may be made to the details within the scope and equivalents of the claims without departing from the present invention. It should be understood that the above description is illustrative of the present invention and should not be interpreted as limiting the present invention. Various modifications, applications and/or combinations of the embodiments may be conceived by a person of ordinary skill in the art without departing from the scope of the present invention as defined by the claims.
所屬技術領域具有通常知識者將容易理解,以上所討論的本發明,可以使用與所公開的硬件元件的不同配置來實現。因此,儘管已經基於這些較佳實施例描述了本發明,但是對於所屬技術領域具有通常知識者來說,某些修改、變換和替代構造是顯而易見的,同樣在本發明的範圍內。It will be readily understood by those skilled in the art that the present invention discussed above can be implemented using different configurations of hardware components than those disclosed. Therefore, although the present invention has been described based on these preferred embodiments, certain modifications, variations, and alternative configurations are obvious to those skilled in the art and are also within the scope of the present invention.
必須了解的是,使用於本說明書中的“包含”、“包括”等詞,用以表示存在特定的技術特徵、數值、方法步驟、作業處理、元件以及/或組件,但並不排除可加上更多的技術特徵、數值、方法步驟、作業處理、元件、組件,或以上的任意組合。It must be understood that the words "comprise", "include" and the like used in this specification are used to indicate the existence of specific technical features, numerical values, method steps, operation processes, elements and/or components, but do not exclude the addition of more technical features, numerical values, method steps, operation processes, elements, components, or any combination of the above.
於權利要求中使用如“第一”、“第二”、“第三”等詞是用來修飾權利要求中的元件,並非用來表示之間具有優先順序,前置關係,或者是一個元件先於另一個元件,或者是執行方法步驟時的時間先後順序,僅用來區別具有相同名字的元件。The terms "first", "second", "third", etc. used in the claims are used to modify the elements in the claims, and are not used to indicate a priority order, a preceding relationship, or that one element precedes another element, or a temporal sequence in performing method steps. They are only used to distinguish elements with the same name.
必須了解的是,當元件描述為“連接”或“耦接”至另一元件時,可以是直接連結、或耦接至其他元件,可能出現中間元件。相反地,當元件描述為“直接連接”或“直接耦接”至另一元件時,其中不存在任何中間元件。使用來描述元件之間關係的其他語詞也可類似方式解讀,例如“介於”相對於“直接介於”,或者是“鄰接”相對於“直接鄰接”等等。It should be understood that when an element is described as being "connected" or "coupled" to another element, it may be directly connected or coupled to the other element, and there may be intervening elements. Conversely, when an element is described as being "directly connected" or "directly coupled" to another element, there are no intervening elements. Other words used to describe the relationship between elements may also be interpreted in a similar manner, such as "between" versus "directly between", or "adjacent" versus "directly adjacent", etc.
詞語“裝置”或“模組”不限於一個或特定數量的實體物(例如一個智慧手機、一個控制器、一個處理系統等)。如本文使用,裝置可以是具有一個或者多個部件的任何電子裝置,其可實現本公開中的本發明的至少一些部分功能。雖然說明內容和示例使用詞語“裝置”或“模組”來描述本公開的各種面向,但是詞語“裝置”或“模組”不限定到特定配置、類型或者數目的實體。此外,詞語“系統”或“模組”不限定為多個組件或特定方向。例如,系統可在一個或者多個印刷電路板或其他基板上實現,並且可具有可移動的或靜態的組件。雖然說明內容和示例使用詞語“系統”來描述本公開中的本發明的各種面向,但是詞語“系統”不限定到特定配置、類型或者數目的實體。The word "device" or "module" is not limited to one or a specific number of physical objects (e.g., a smart phone, a controller, a processing system, etc.). As used herein, a device can be any electronic device having one or more components that can implement at least some of the functions of the present invention in this disclosure. Although the description and examples use the word "device" or "module" to describe various aspects of the present disclosure, the word "device" or "module" is not limited to a specific configuration, type, or number of entities. In addition, the word "system" or "module" is not limited to multiple components or a specific direction. For example, a system can be implemented on one or more printed circuit boards or other substrates and can have movable or static components. Although the description and examples use the word "system" to describe various aspects of the invention in this disclosure, the word "system" is not limited to a specific configuration, type, or number of entities.
上面的描述中提供了特定細節以幫助各種發明面向的透徹了解。然而,所屬技術領域具有通常知識者將理解,可以在缺少這些特定細節的情況下實做這些面向。為了能夠清楚解釋,在一些實例,本技術可被呈現為包括單獨的功能塊,這些功能塊包括裝置、裝置組件、軟體的方法中體現的步驟或子程式、或硬體和軟體的結合。另可以使用不同於圖中所示和/或本文所述的其他附加組件。例如,電路、系統、網路、處理和其他組件可以顯示為方塊圖形式的組件,以免不必要的細節模糊這些面向。在其他實例中,為免不必要的細節模糊這些面向,可以在沒有不必要的細節的情況下顯示眾所皆知的電路、處理、演算法、結構和技術。Specific details are provided in the above description to assist in a thorough understanding of various aspects of the invention. However, it will be understood by those skilled in the art that these aspects can be implemented without these specific details. In order to be able to explain clearly, in some examples, the present technology can be presented as including separate functional blocks, which include steps or subroutines embodied in methods of devices, device components, software, or a combination of hardware and software. Other additional components different from those shown in the figures and/or described herein can also be used. For example, circuits, systems, networks, processing and other components can be displayed as components in the form of block diagrams to avoid unnecessary details blurring these aspects. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring these aspects.
一些面向可以在文中被描述為處理或方法,以流程圖、資料流圖、結構圖或方塊圖顯示。雖然流程圖可將操作描述為順序性的處理,但是多個操作可以並行或同時執行。此外,可重新安排這些操作的順序。流程會在操作完成時終止,但可能存在圖中為包含的其他步驟。處理可對應於方法、函數、程序、子例程、子程式等。當處理對應於函數時,其終止可以對應於此函數返回到呼叫函數或主函數。Some aspects may be described herein as processes or methods, which may be shown as flowcharts, data flow diagrams, structure diagrams, or block diagrams. Although a flowchart may describe the operations as a sequential process, multiple operations may be performed in parallel or simultaneously. In addition, the order of the operations may be rearranged. The process terminates when the operations are completed, but there may be additional steps not included in the diagram. A process may correspond to a method, function, procedure, subroutine, subprogram, etc. When a process corresponds to a function, its termination may correspond to the function returning to the calling function or the main function.
本發明所述的方法中的全部或部分步驟可以計算機指令實現,例如儲存裝置中的韌體轉換層(Firmware Translation Layer,FTL)、特定硬體的驅動程式等。此外,也可實現於其他類型程式。所屬技術領域具有通常知識者可將本發明實施例的方法撰寫成計算機指令,為求簡潔不再加以描述。依據本發明實施例方法實施的計算機指令可儲存於適當的電腦可讀取媒體,亦可置於可通過網路(例如,網際網路,或其他適當載具)存取的網路伺服器。All or part of the steps in the method described in the present invention can be implemented by computer instructions, such as the firmware translation layer (FTL) in the storage device, the driver of the specific hardware, etc. In addition, it can also be implemented in other types of programs. A person with ordinary knowledge in the relevant technical field can write the method of the embodiment of the present invention into computer instructions, and for the sake of brevity, it will not be described again. The computer instructions implemented according to the method of the embodiment of the present invention can be stored in an appropriate computer-readable medium, and can also be placed in a network server that can be accessed through a network (for example, the Internet, or other appropriate carriers).
電腦可讀取儲存媒體包含揮發性和非揮發性、可卸載和不可卸載的媒體,其以任何方法或技術來實現資訊的儲存,如電腦可讀取指令、資料結構、程式模組、或其他資料。電腦可讀取儲存媒體包含但不限於RAM、ROM、EEPROM、閃存或其他記憶體、CD-ROM、DVD、藍光碟或其他光儲存體、磁卡、磁帶、磁碟或其他磁性儲存體,或者其他可以用以儲存讓指令執行系統所需要和存取的資訊的載具。需要注意的是,電腦可讀取儲存媒體可以是紙張或者其他適當媒體,用以印出程式碼,使其程式碼能夠通過電性方式獲取,例如通過光學掃描紙張或其他媒體,接著在必需的情況下,編譯、解譯或以其他適當方法處理後,接著再儲存到電子裝置的記憶體中。Computer-readable storage media include volatile and non-volatile, removable and non-removable media that use any method or technology to implement the storage of information, such as computer-readable instructions, data structures, program modules, or other data. Computer-readable storage media include but are not limited to RAM, ROM, EEPROM, flash or other memory, CD-ROM, DVD, Blu-ray disc or other optical storage, magnetic cards, tapes, disks or other magnetic storage, or other carriers that can be used to store information required and accessed by the instruction execution system. It should be noted that the computer-readable storage medium can be paper or other suitable medium for printing out the program code so that the program code can be obtained electronically, such as by optically scanning the paper or other medium, and then, if necessary, compiled, interpreted or processed by other appropriate methods, and then stored in the memory of the electronic device.
程式碼可由處理器執行,其可包括一個或多個處理器,例如一個或多個數位訊號處理器(Digital Signal Processors—DSPs)、通用微處理器、特殊應用積體電路、現場可程式邏輯陣列(Field ProGrammable logic Arrays—FPGAs)或其他均等的積體或離散邏輯電路。這樣的處理器可被組態來執行如揭露內容所描述的任何技術。通用處理器可為微處理器;但在另選實例中,處理器可以是任何傳統的處理器、控制器、微處理器或者狀態機(State Machine)。處理器可實施為多個計算裝置的組合,例如,DSP和微處理器、多個微處理器、一個或多個微處理器搭配DSP核、或任何其他的類似設置。據此,在這裡使用的詞語“處理器”可代表任何前述結構、前述結構的任意組合,或適合於實施本文所描述的計數的任何其他結構或裝置。The program code may be executed by a processor, which may include one or more processors, such as one or more digital signal processors (DSPs), general-purpose microprocessors, application-specific integrated circuits, field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuits. Such processors may be configured to perform any of the techniques described in the disclosure. A general-purpose processor may be a microprocessor; however, in alternative embodiments, the processor may be any conventional processor, controller, microprocessor, or state machine. The processor may be implemented as a combination of multiple computing devices, such as a DSP and a microprocessor, multiple microprocessors, one or more microprocessors with a DSP core, or any other similar configuration. Accordingly, the term "processor," as used herein, may represent any of the foregoing structures, any combination of the foregoing structures, or any other structure or device suitable for implementing the counting described herein.
結合本文公開的發明面向所描述的各種說明性邏輯塊、模組、引擎、電路和演算法步驟,可實施為電子硬體、計算機軟體、韌體、或以上的任意組合。為了清楚地表示硬體和軟體的可互換性,各種說明性組件、方塊、模組、引擎、電路和步驟已經在上文中根據其功能進行了一般性描述。這些功能是否要以硬體或者軟體實現,取決於特定的應用場景和加給整個系統的設計約束。所屬技術領域具有通常知識者可以針對每個特殊應用場景以不同的方式實現所描述的功能,但這樣的實施決定不應該被解釋為脫離了本申請的範圍。The various illustrative logic blocks, modules, engines, circuits, and algorithmic steps described in conjunction with the invention disclosed herein may be implemented as electronic hardware, computer software, firmware, or any combination thereof. In order to clearly indicate the interchangeability of hardware and software, various illustrative components, blocks, modules, engines, circuits, and steps have been generally described above according to their functions. Whether these functions are to be implemented in hardware or software depends on the specific application scenario and the design constraints imposed on the entire system. A person of ordinary skill in the art may implement the described functions in different ways for each specific application scenario, but such implementation decisions should not be interpreted as departing from the scope of this application.
雖然圖1至圖3中包含了以上描述的元件,但不排除在不違反發明的精神下,使用更多其他的附加元件,已達成更佳的技術效果。此外,雖然圖7至圖9和圖11至圖12的流程圖採用指定的順序來執行,但是在不違反發明精神的情況下,熟習此技藝人士可以在達到相同效果的前提下,修改這些步驟間的順序,所以,本發明並不侷限於僅使用如上所述的順序。此外,熟習此技藝人士亦可以將若干步驟整合為一個步驟,或者是除了這些步驟外,循序或平行地執行更多步驟,本發明亦不因此而侷限。Although FIG. 1 to FIG. 3 include the elements described above, it is not excluded that more additional elements may be used to achieve better technical effects without violating the spirit of the invention. In addition, although the flowcharts of FIG. 7 to FIG. 9 and FIG. 11 to FIG. 12 are executed in a specified sequence, a person skilled in the art may modify the sequence of these steps without violating the spirit of the invention, so the present invention is not limited to the sequence described above. In addition, a person skilled in the art may also integrate several steps into one step, or perform more steps sequentially or in parallel in addition to these steps, and the present invention is not limited thereto.
雖然本發明使用以上實施例進行說明,但需要注意的是,這些描述並非用以限縮本發明。相反地,此發明涵蓋了熟習此技藝人士顯而易見的修改與相似設置。所以,申請權利要求範圍須以最寬廣的方式解釋來包含所有顯而易見的修改與相似設置。Although the present invention is described using the above embodiments, it should be noted that these descriptions are not intended to limit the present invention. On the contrary, the present invention covers modifications and similar arrangements that are obvious to those skilled in the art. Therefore, the scope of the claims should be interpreted in the broadest manner to include all obvious modifications and similar arrangements.
10:電子裝置
110:主機端
130:閃存控制器
131:主機介面
132:匯流排
134:處理單元
136:隨機存取記憶體
139:閃存介面
150:閃存模組
151:介面
153#0~153#15:NAND閃存單元
CH#0~CH#3:通道
CE#0~CE#3:致能訊號
300:記憶塊
310:浮閘電晶體
BL1~BL3:位元線
WL0~WL5:字元線
400:裝置端
430:命令通用快閃記憶儲存協議資訊單元
450:迴圈
451:傳輸就緒通用快閃記憶儲存協議資訊單元
455:資料輸出通用快閃記憶儲存協議資訊單元
470:回覆通用快閃記憶儲存協議資訊單元
510,520,531,533,542,544,551,553,562,564:時間區間
611,613,615,617,622,624,626,628,631,633,642,644,651,653,662,664:時間區間
S710~S766:方法步驟
S810~S870:方法步驟
S910~S920:方法步驟
S1110:方法步驟
S1210~S1250:方法步驟
1331,1333,1335,1342,1344,1346,1351,1353,1362,1364:時間區間10: Electronic device
110: Host side
130: Flash memory controller
131: Host interface
132: Bus
134: Processing unit
136: Random access memory
139: Flash memory interface
150: Flash memory module
151:
圖1為依據本發明實施例的電子裝置的系統架構圖。FIG. 1 is a system architecture diagram of an electronic device according to an embodiment of the present invention.
圖2為依據本發明實施例的閃存模組的示意圖。FIG. 2 is a schematic diagram of a flash memory module according to an embodiment of the present invention.
圖3為依據本發明實施例的NAND閃存單元的部分硬體架構的示意圖。FIG3 is a schematic diagram of a partial hardware architecture of a NAND flash memory unit according to an embodiment of the present invention.
圖4為依據本發明實施例的進階重播保護記憶塊的資料寫入的順序圖。FIG. 4 is a sequence diagram of data writing into an advanced replay protection memory block according to an embodiment of the present invention.
圖5為依據一些實施方式的獨立執行的訊息鑑別碼(Message Authentication Code,MAC)計算和受保護資料寫入的示意圖。FIG. 5 is a diagram illustrating independently performing Message Authentication Code (MAC) calculation and protected data writing according to some implementations.
圖6為依據本發明實施例的並行執行的MAC計算和受保護資料寫入的示意圖。FIG. 6 is a schematic diagram of MAC calculation and protected data writing performed in parallel according to an embodiment of the present invention.
圖7為依據本發明實施例的受保護資料的寫入方法的流程圖。FIG. 7 is a flow chart of a method for writing protected data according to an embodiment of the present invention.
圖8為依據本發明實施例的適配於圖7的在瞬間斷電恢復(Sudden Power Off Recovery,SPOR)程序中實施的受保護資料的重建方法的流程圖。FIG. 8 is a flow chart of a method for restoring protected data in a sudden power off recovery (SPOR) procedure adapted to FIG. 7 according to an embodiment of the present invention.
圖9為依據本發明實施例的受保護資料的寫入方法的流程圖。FIG. 9 is a flow chart of a method for writing protected data according to an embodiment of the present invention.
圖10為依據本發明實施例的並行執行的MAC計算和受保護資料寫入的示意圖。FIG. 10 is a schematic diagram of MAC calculation and protected data writing performed in parallel according to an embodiment of the present invention.
圖11為依據本發明實施例的適配於圖9的在SPOR程序中實施的受保護資料的重建方法的流程圖。FIG. 11 is a flow chart of a protected data reconstruction method adapted to FIG. 9 and implemented in a SPOR procedure according to an embodiment of the present invention.
圖12為依據本發明實施例的受保護資料的寫入方法的流程圖。FIG. 12 is a flow chart of a method for writing protected data according to an embodiment of the present invention.
圖13為依據本發明實施例的並行執行的MAC計算、受保護資料寫入和主機-閃存對照表寫入的示意圖。FIG. 13 is a diagram illustrating MAC calculation, protected data writing, and host-flash lookup table writing performed in parallel according to an embodiment of the present invention.
S710~S766:方法步驟 S710~S766: Method steps
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112149162A TWI874051B (en) | 2023-12-18 | 2023-12-18 | Method and computer program product and apparatus for programming and recovering protected data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112149162A TWI874051B (en) | 2023-12-18 | 2023-12-18 | Method and computer program product and apparatus for programming and recovering protected data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TWI874051B true TWI874051B (en) | 2025-02-21 |
| TW202526949A TW202526949A (en) | 2025-07-01 |
Family
ID=95557399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW112149162A TWI874051B (en) | 2023-12-18 | 2023-12-18 | Method and computer program product and apparatus for programming and recovering protected data |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI874051B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018014630A1 (en) * | 2016-07-16 | 2018-01-25 | 华为技术有限公司 | Network verification method and associated apparatus and system |
| US10362011B2 (en) * | 2015-07-12 | 2019-07-23 | Qualcomm Incorporated | Network security architecture |
| US20210336767A1 (en) * | 2021-06-25 | 2021-10-28 | Intel Corporation | Memory bus integrity and data encryption (ide) |
| US20220014356A1 (en) * | 2021-09-24 | 2022-01-13 | David M. Durham | Seamless access to trusted domain protected memory by virtual machine manager using transformer key identifier |
| WO2022093242A1 (en) * | 2020-10-29 | 2022-05-05 | Hewlett-Packard Development Company, L.P. | Protecting information regarding machine learning models |
| US20230161715A1 (en) * | 2014-03-28 | 2023-05-25 | Samsung Electronics Co., Ltd. | Storage system and method for performing and authenticating write-protection thereof |
-
2023
- 2023-12-18 TW TW112149162A patent/TWI874051B/en active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230161715A1 (en) * | 2014-03-28 | 2023-05-25 | Samsung Electronics Co., Ltd. | Storage system and method for performing and authenticating write-protection thereof |
| US10362011B2 (en) * | 2015-07-12 | 2019-07-23 | Qualcomm Incorporated | Network security architecture |
| WO2018014630A1 (en) * | 2016-07-16 | 2018-01-25 | 华为技术有限公司 | Network verification method and associated apparatus and system |
| WO2022093242A1 (en) * | 2020-10-29 | 2022-05-05 | Hewlett-Packard Development Company, L.P. | Protecting information regarding machine learning models |
| US20210336767A1 (en) * | 2021-06-25 | 2021-10-28 | Intel Corporation | Memory bus integrity and data encryption (ide) |
| US20220014356A1 (en) * | 2021-09-24 | 2022-01-13 | David M. Durham | Seamless access to trusted domain protected memory by virtual machine manager using transformer key identifier |
Also Published As
| Publication number | Publication date |
|---|---|
| TW202526949A (en) | 2025-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200042223A1 (en) | System and method for facilitating a high-density storage device with improved performance and endurance | |
| KR102625637B1 (en) | Data storage device and operating method thereof | |
| CN107957959B (en) | Memory system with file-level secure erase and method of operation | |
| CN101576853B (en) | Data access method, controller and storage system using the method | |
| US20250156338A1 (en) | Data integrity protection for relocating data in a memory system | |
| US20130080787A1 (en) | Memory storage apparatus, memory controller and password verification method | |
| US11550906B2 (en) | Storage system with separated RPMB sub-systems and method of operating the same | |
| KR20190117117A (en) | Data storage device and operating method thereof | |
| KR102810438B1 (en) | Method of operating storage device including fingerprint recognition sensor and storage device performing the same | |
| TWI722496B (en) | Method and apparatus for encrypting and decrypting user data | |
| WO2018192488A1 (en) | Data processing method and apparatus for nand flash memory device | |
| TWI415134B (en) | Data accessing method, controller and system using the same | |
| EP4187398A1 (en) | Controller controlling non-volatile memory device, storage device including the same, and operating method thereof | |
| TWI874051B (en) | Method and computer program product and apparatus for programming and recovering protected data | |
| TWI886856B (en) | Method and computer program product and apparatus for read retry | |
| TWI884122B (en) | Method and computer program product and apparatus for programming and recovering protected data | |
| TWI821965B (en) | Method and computer program product and apparatus for accessing to encoding-history information | |
| CN113467709A (en) | Memory system and operating method thereof | |
| US12299316B2 (en) | Method of writing data in storage device using write throttling and storage device performing the same | |
| US12505242B2 (en) | Method and non-transitory computer-readable storage medium and apparatus for programming and recovering protected data | |
| CN120183469A (en) | Method for writing and restoring protected data, computer readable medium and device | |
| CN109508252B (en) | Data encoding method, memory control circuit unit, and memory storage device | |
| KR102547251B1 (en) | Controller for controlling nonvolatile memory device, storage device having the same, and operating method thereof | |
| US12032492B2 (en) | Method of operating storage device and method of operating storage system using the same | |
| US11829228B2 (en) | Storage devices of performing metadata management and methods of operating the same |