User equipment (UE), such as smartphones, notebooks, laptops, and the like, require protection from malicious software and firmware. To this end, device manufacturers install security chips on their devices, which are often located on the motherboard of the device. This publication describes hardware designs and methods to detect the removal of a storage device, such as a solid-state drive (SSD), a non-volatile memory (NVM), a non-volatile dual in-line memory module (NVDIMM), an embedded multimedia card (eMMC), and other types of non-volatile memory. After the UE detects the removal of the storage device, the UE sends a signal to a security chip (root of trust (ROT)). The ROT notifies a user that the storage device was removed, later re-installed or replaced, and that a full verification of the firmware of the storage device needs to occur. Full verification of firmware of the storage device has limitations, such as a limited access speed to the storage device. To this end, at times, the UE performs verification of critical OS areas (files). The verification process changes depending on the power state of the UE and the removal detection of the storage device. A "cold boot," or the removal detection of the storage device, triggers a full verification of the storage device, whereas, a "warm boot," without an indication that the storage device was removed, triggers verification of critical OS areas (files).
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Sukhomlinov, Vadim; Pronin, Andrey; and Spangler, Randall, "Mitigating Malicious Firmware by Detecting the Removal of a Storage Device", Technical Disclosure Commons, (August 02, 2019)