e.MMC Security Methods
4
WHITE PAPER
1. Introduction
The term “information security” can cover a number of very different design features. In general, informa-
tion security is the practice of preventing unauthorized access, use, disclosure, disruption, modification,
inspection, recording, or destruction of information.
The three fundamental goals for information security are confidentiality, integrity, and availability:
n
Confidentiality means that information that should stay secret can be read and understood
only by authorized entities. Others without access authorization can’t read or understand
the confidential information.
n
Integrity means the ability to ascertain that the information is protected from unauthorized
alteration, modification, or deletion. Integrity of information covers its origin, completeness,
and correctness using methods such as identification and authentication.
n
Availability means that the information is always available to the authorized users.
Every system design will support these security goals in different ways, depending on the type and value
of the assets it is trying to protect. Every security solution should be able to protect against subsets
of possible attacks, but a combination of several solutions is more likely to achieve a design that is
completely secure. For example, e.MMC write protect is designed to ensure data availability. The replay
protected memory block (RPMB) solution is designed to ensure data integrity. Compare that to Android
FDE (full device encryption), a different type of security solution that is designed to protect data privacy
and to ensure confidentiality.
2. The Evolution of e.MMC Security Features
e.MMC devices contain multiple data protection and security features including: password lock/unlock,
write protect, and RPMB. These features have evolved over the years and continue to improve with each
version of the eMMC specification.
2.1 Password Lock
Password lock was the first security feature integrated into the eMMC spec; previously it had been
implemented in legacy SD cards. The password lock feature is designed to protect the contents of the
user area from any type of access (read, write, or erase).
The password lock/unlock feature is set using CMD42. After password lock is enabled, a host can perform
certain actions — including reset, initialize, select, query for status, etc. — but may not access any data on
the user area of the device. The host can still access the boot partitions, RPMB, and general partition area.
This kind of protection can be useful against data theft, but it also limits what anyone (including the data
owner) can do with the device because no access (of any type) is allowed to the protected data.
WHITE PAPER