What is RPMB? This is the very unique memory partition in the eMMC device. What is the usage of this RPMB? Mainly for the security feature, it is like the safe-box which provide the highest level protection in the eMMC device. Why the name RPMB is so strange? It is the acronym of the Replay Protected Memory Block. So we finally came to the key point what is the Replay Protected?
什么是RPMB?这是eMMC器件里面非常独特的存储分区。RPMB的作用是什么?只要是为了安全特性,就像是eMMC器件里面提供最高安全等级的保险箱。为什么RPMB名字这么奇怪?这个是存储块重放保护的首字母缩写。我们终于来到了关键点,什么是重放保护。
To understand what is the Replay Protected, we need first understand what is Replay attack. Replay attack also known as playback attack is a form of network attack in which valid data transmission is sniffed and then maliciously or fraudulently repeated or delayed by the ‘man-in-the-middle’ (a.k.a MITM)。
为了理解什么是重放保护,我们首先需要理解什么是重放攻击。重放攻击也叫回放攻击,是一种有效数据被中间人(也加MITM)嗅探到,接着被恶意或者欺诈的重复或者延迟的一种网络攻击。
We have two levels of concept, attack and Replay attack. In order to prevent the first level attack, the efficient way is to use the encryption. Key and Message Authentication Code (a.k.a MAC) are used for this encryption. To be more precisely, the host or the eMMC device will share the same Key, which is implanted in advance into both sides when manufactured, to generate a Hash-based MAC. Once the message data is encrypted, it will be hardly to be decrypted so to preventing from modification. But hardly do not mean 100% impossibly. To enhanced this encryption, both sides will adding a Nonce (Number ONCE),into each interactive message. This will cause the maliciously decryption to take much longer time which cannot be achieved theoretically, because the Nonce is randomly generated and will be used for one time.
我们有两层概念,攻击和重放攻击。为了阻止第一层次攻击,最有效的方式是加密。密钥和消息认证码(也加MAC)。更准确的说,主机或者eMMC器件共享同一个在生产的时候就预先植入双方的密钥,用这个密钥来生成基于哈希的MAC。一旦消息数据被加密,几乎不可能被解密从而防止被篡改。但是几乎不可能不意味着百分之百不可能。为了加强这种加密,两边都加入了一个Nonce(一次性数字)在每一个交互的消息里。因为这个Nonce是随机生成而且只会用一次,这个会导致恶意解密要花更长的时间,从理论上不可能做到。
Even without decryption, the attacker still could repeatedly send the message that is sniffed by the MITM. Here it comes the 2nd level Replay attack. A counter in each message is used to guarantee the same message could be sent for only one time, not possible to be replayed at any situation.
即使没有解密,攻击者仍然可以重复发出中间人嗅探到的数据。现在来到了第二层次重放攻击。在每个消息里面会用到一个计数器来保证同样的数据只能被发送一次,在任何情况下都不可能被重放。
The RPMB operations could be categorized into two groups, one is write-like operations and the other one is read-like operations. There is no erase operation for the RPMB. Write-like operations include Authentication Key programming, Authenticated Data Write and Authenticated Device Configuration Write. Read-like operation include reading of the Counter Value, Authenticated Data Read,Authenticated Device Configuration Read and Result register read.
RPMB的操作可以分成两个组,一个是类写的操作,另一个是类读的操作。对于RPMB来说没有操作操作。类写的操作包括用于认证的密钥的写入,认证的数据写入以及认证的器件写配置。类读的操作包括计数器值的读取,认证的数据读取,认证的器件读配置以及读取结果寄存器。
Read-like operations are relative simpler than write-like operations, so we start from them. First using write command CMD25 to write the corresponding read request like read data, counter, configuration or result. CMD23 argument should be set to one prior the CMD25, as the request message is only one sector length. Here we only discuss 1 sector case, actually eMMC RPMB suppout larger sectors access as well.
相对类写操作,类读操作要简单一些,所以我们从他们开始。首先用CMD25写相应的读请求比如读数据,计数器,配置或者结果。在CMD25之前CMD23的参数应该被设置为1,因为这些请求只有一个块长度。这里我们只讨论一个块的场景,其实 eMMC RPMB也支持多个块的访问。
It is kind of confused as the RPMB read operation goes from eMMC write command. This is because the 32-bit argument of eMMC command is not longer enough and also no any encryption mechanism. All the Host RPMB operation requests, no matter read-like or host-like, are embedded in a one 512-Byte data sector for the easier encryption purpose. Then how host deliver this 512-Byte pack to eMMC device could be treated like a one sector write from Host to eMMC device. It could be implemented by introduce a totally new command with the name RPMB request or something like this, but there is no essential difference from CMD25. CMD25 is good enough to take this job.
这个有点让人迷糊因为RPMB的读操作需要用eMMC的写指令。这是因为eMMC命令的32比特参数不够长而且也没有任何加密的机制。所有的主机RPMB的操作请求,不论是类读的还是类写的,都嵌进了一个512字节的数据块,目的是更容易加密。那么主机如何把这个512字节的包传递给eMMC器件可以被认为是一个块的写。这个可以通过引入一个完全全新的指令叫做RPMB请求或者类似的这样的名字,但是本质上跟CMD25并没有什么不同。CMD25足以胜任这个工作。
If you still have some confusion, think about the eMMC read command, the command itself is to send or so called write some parameters from host to eMMC device to let it know what need to be done next. After polling the D0 from busy low to ready high for this request pack written done (note that this busy time is not because of the flash program but time needed of the RPMB pack decryption), host could then use read command CMD18 to get the desired length data from the eMMC device. One more thing is that the status in R1 response to CMD25 could not be used for the RPMB operation result indication as this result need be encrypted too in the RPMB read data packet.
如果你仍然有疑惑,想想eMMC读指令,这个指令本身是从主机发送或者称为写入一些参数到eMMC器件,让他知道下一步要做什么。轮询D0从忙低电平到高准备好表示这个请求包写入完毕之后(注意这个忙时间不是因为闪存编程而是RPMB解密需要的时间),主机就可以用CMD18命令从eMMC器件得到需要的数据。多说一句,CMD25的R1应答里的状态不能用来表示RPMB操作的结果,因为这个结果也需要放到读数据包里面加密。
Write-like operations are a little different. First, write command CMD25 which carry the write-like operation request need to set a special bit-31 reliable write in the 32-bit argument. This is to ensure the old data is still valid until the new data have been successfully programmed into the same LBA address of RBMB area. Another difference is the return result of the write-like operation. As mentioned in the read-like operation, this result could not be embedded in eMMC command R1 response as not encrypted. What’s more, not like read-like opeartion, there is no data sent back from eMMC device to host after write-like operation. In order to get the result, we need to use one of the read-like operations, a dedicated Read result request of to get the result after the RPMB data programming done.
类写操作有一些不一样。首先,携带类写操作请求的CMD25需要设置32比特参数的比特31为可靠写入。这个是为了保证直到新数据成功被写入RPMB区域里同一样的逻辑块地址,老的数据仍然有效。另一个不同的是类写操作的结果返回。就像在类读操作里提到过,读结果不能嵌入到eMMC命令的R1应答,因为没有加密。而且,不像类读操作,在类写操作之后没有数据从eMMC器件返回主机。为了得到结果,我们需要用到一个类读操作,一个专门读结果请求,在RPMB数据写入结束之后得到结果。
eMMC RPMB Operation / eMMC RPMB 操作
The last remained thing is the Authenticated Device Configuration Area which is acessed by the Authenticated Device Configuration Read and write. We leave it in the topic of the security operation.
最后剩下的是认证器件配置区域,通过认证器件配置读和写来访问。我们把这个留到安全操作话题。
,
