TCG Storage in SD Memory cards
The Trusted Computing Group (TCG) provides open standards for secure computing, including enterprise storage and mobile devices, to name a few. Thousands of vendors offer a variety of TCG-based products, including hardware, applications and services. TCG was adopted in the market mainly for self encrypted drive (SED) applications. The TCG Storage protocol was already defined to be used over NVMe and other various command layer protocols.
SD Specification Part 1 v9.0, along with the Extended Security Addendum v1.0, defines how TCG may be used on SD memory cards, either through the SD protocol over the SD interface or through the NVMe protocol over the PCIe interface on SD Express cards.
The use of TCG through the NVMe interface in SD Express cards is the same as defined in NVMe standards.
In order to allow TCG support over the SD protocol two new commands were added – ACMD53 and ACMD54 correspond to IF-RECV and IF-SEND respectively and are defined in TCG Storage Architecture Core Specification. These two commands are generic and may be used to transfer transparently other security protocols over SD protocol (RPMB feature is using them as well).
TCG specifications define the Storage Interface Interaction Specification (SIIS) used with SD protocol.
TCG storage performs two major functions:
- Encrypt/Decrypt (AES) automatically any user data written/read to/from the user area of the card
- May Lock/Unlock access to the user area.
It serves as access protection if the user area access is locked or as data protection, if the storage media is removed from the host.
TCG function may be supported by any SD, SD UHS-I or SD Express cards. TCG is not defined for UHS-II mode and cannot be implemented in UHS-II cards.
Further detailed explanation about TCG and its usage as SED with NVMe may be found in the following link