The recently released SD Specification Version 9 (SD 9) delivers on the SD Association’s promise of continuous innovation by delivering new device boot support and advanced security features. The features are applicable for both microSD and full-size SD memory cards across all capacity types, from SD to the forthcoming SDUC memory cards. Bus support includes SD, SD UHS-I and notably, SD Express for products needing solid-state disk (SSD)-level performance. The new functionality will provide product manufacturers with the ability to save some embedded memory and/or have a single memory device with ease of user upgradability and improved serviceability options by replacing embedded storage with a semi-embedded SD memory card across a wide spectrum of devices. SD 9 also helps product manufacturers meet new right to repair regulations and simplifies maintenance processes for devices using soldered embedded memories and/or installed in locations without internet connectivity.
Boot Support
New Boot functionality, the instructions every device uses to begin its operations when powered on, can work in just about any host device. Small devices like IoT or mobile devices may benefit from using boot code from an SD memory card. With this new feature, host devices no longer require embedded memory for such code in addition to its existing upgradable removable card. Moreover, if boot code is stored on the SD memory card, the card can meet all storage needs and is easy to replace or update when new boot code is needed or if the memory was wearied after long use.
The SDA defined two new features for Boot Support: Fast Boot and Secure Boot. These features not only give memory cards the ability to serve as the device’s boot code memory but also define a simple and fast boot code hardware based uploading process with minimal operations from the host side and without any need for boot loader code, plus offer a secure method of providing boot code updates.
Boot function is also supported by NVMe through the PCIe interface of SD Express card (except Fast Boot which is supported through the SD physical interface).
Use of TCG Storage Protocol
The Trusted Computing Group (TCG) provides open standards for secure computing, including enterprise storage and mobile devices, among others. Various vendors offer a variety of TCG-based products, including hardware, applications and services. SD 9 integrates a secured storage method defined by the TCG by adding a self-encrypted drive capability.
TCG storage performs two major functions. First, to Ecrypt/Decrypt (AES) automatically any user data written/read to/from the user area of the memory card. Second, to Lock/Unlock access to the user area; it serves as access protection if the user area access is locked or as data protection if the storage media is removed from the host.
TCG function is supported by any SD, SD UHS-I or SD Express memory cards. TCG is not supported in SD UHS-II memory cards. SD 9, along with the Extended Security Addendum v1.0, defines how TCG may be used on SD memory cards, either through the SD protocol over the SD interface or through NVMe over the PCIe interface found on SD Express cards. The TCG Storage protocol was already defined for use over NVMe and other various command layer protocols. Further detailed explanation about TCG and its usage as SED with NVMe may be found at this link.
Replay Protected Memory Block (RPMB)
The SD 9 specification defines RPMB as a secured hidden memory that is accessible only through a secured authentication process. It also provides a secured boot code update process, plus write-protect and replay protection security mechanisms. RPMB is used to store data in an authenticated memory area to protect data from a replay attack or avoid unexpected data updates.
In standard SD memory cards, the RPMB feature may be supported through the standard SD interface. For an SD Express memory card, RPMB may be supported through both the SD and PCIe interface. The usage of RPMB through PCIe interface is done through the NVMe protocol as defined by the NVM Express Base specification.
The RPMB feature allows memory cards to have a Secured Write Protect capability. RPMB restricts the use of the Write Protect features, Permanent Write Protect and Write Protect Until Power Cycle, to occur after performing RPMB authentication. An authentication key programming must be stored in a secured environment that typically occurs during the manufacturing process. This creates a shared secret with the host application. Therefore, RPMB is best when a product manufacturer uses specific memory cards with specific hosts. Apparently, RPMB would probably be more appealing for SD cards used for OEM applications.
A Valuable Alternative for Embedded Storage (…at least in some use cases)
Devices ideally suited for the new capabilities defined by SD 9 include Chromebooks, tablets, drones, surveillance cameras, dash cameras, gaming consoles, virtual reality (VR) headsets/glasses, small IoT modules and wearable medical devices, to name a few. In devices such as these, the SD memory card is usually bound to a specific product, sometimes as an embedded or semi-embedded memory card where it is accessible under a cover but still provides easy access for increased serviceability and replaceability.
Previously, SD memory cards were occasionally relied upon as an alternative to embedded memory whenever serviceability is required in the field. More commonly, cards serve side-by-side relatively small embedded memory serving and provide real memory expansion.
The new features introduced by SD 9 further support products using conventional SD memory cards and SD Express memory cards as the primary choice for both storage and memory. Because SD memory cards will now boot devices, are capable of delivering SSD-level performance and simplify device repairs or upgrades, they can serve as a replacement for various cases of embedded memory in a wide range of new devices.
Hiroyuki Sakamoto is president of the SD Association. He can be reached at president@sdcard.org.
SD trademarks are owned and licensed by SD-3C LLC.
PCI Express® and PCIe® registered trademarks of PCI-SIG®.
NVM Express™ and NVMe™ are trademarks of NVM Express, Inc.
TCG Storage specifications are copyrighted and published by the Trusted Computing Group®.
The Trusted Computing Group mark is trademarked by Trusted Computing Group.
©2022 SD Association. All Rights Reserved.
