Our commitment starts here

At Micron, 我们对卓越的承诺根植于我们对全面安全解决方案的坚定奉献, 由我们对质量的不懈关注驱动.

在当今以数据为中心的世界中,安全性至关重要. IT managers, 首席信息官(cio), chief information security officers (CISOs) and everyday consumers face ever-increasing threats from cybercriminals attempting to access and acquire private, sensitive and valuable data. 这些威胁需要分层数据保护,以保护飞行中的数据, 在存储器或存储器设备之间传输的数据, and stored data, 它驻留在存储或记忆设备中.

美光将强大的安全功能集成到我们的沙巴体育结算平台设计中, 例如实现安全引导过程, 建立信任的硬件根, 在适用的情况下加密数据, 并实现标准化的安全特性.1 我们的“设计安全”方法将安全集成为核心沙巴体育结算平台和业务需求, 增强我们对不断变化的安全威胁的抵御能力.

We take security seriously. 如果您有问题或担忧,请在我们的 沙巴体育结算平台安全和漏洞报告站点.

Note that no hardware, software, 或系统可以提供绝对的安全性,以应对所有威胁, so education on best practices to avoid things like spearfishing attacks is critical for individuals and organizations.

1 美光不对丢失、被盗或损坏的数据承担任何责任.

Defending your data

美光沙巴体育结算平台旨在加强您最关键的数据.

美光内存DIMM沙巴体育结算平台的黑色和紫色矢量图形

美光DRAM沙巴体育结算平台达到或超过JEDEC标准,该标准是由业界共同开发的. 该联盟包括一个专门负责安全和数据完整性的任务小组. 除了内置的安全特性外,DRAM的固有操作需要恒定的功率. 物理地将设备从系统中移除将干扰已编程的内容.

美光是存储器行业中第一个将DRAM沙巴体育结算平台认证为ASIL D的公司, 最高级别的ISO 26262功能安全要求. Our proprietary product safety features use existing JEDEC supported pins and mode registers and are developed to improve diagnostic coverage of transient and permanent faults. 其中一个特性就是我们的Testmode Entry Flag. This feature will alert the host to the use of modes that could represent attacks if the host did not specifically request these actions.

DRAM security related assets

美光存储SSD沙巴体育结算平台的黑色和紫色矢量图形

美光客户信任我们的沙巴体育结算平台来存储和帮助保护他们最关键和最敏感的数据. 这就是为什么我们在ssd的设计中加入了强大的加密和身份验证功能, 以及符合行业标准的数据处理方法. We also test the security of our data center SSDs and other select products at key development milestones to ensure they are hardened against known attacks.

我们的美光品牌SSD沙巴体育结算平台组合包括强大的安全功能,旨在满足客户的需求, 哪些通常超出了行业组织为可信计算平台指定的范围.1 我们使用多种方法来增强沙巴体育结算平台组合中各种ssd的数据安全性.

美光集成了专注于平台级安全的功能:

  • Security Protocol and Data Model2 (SPDM): Defines messages, data objects and sequences for performing message exchanges between devices over a variety of transport and physical media.
  • 美光安全执行环境(SEE):由专用ROM组成的专用安全处理器, 固件和安全微处理器. The secure microprocessor is electrically isolated from other microprocessors within the SSD controller and SEE execution cannot be preempted by nonsecure code. This isolation significantly reduces the opportunity for the security functionality of the storage device to be accidentally or maliciously circumvented.
美光通过以下功能帮助在SSD退役或重新使用时保护数据:

  • 加密擦除:通过永久销毁加密密钥来擦除自加密驱动器(SED).
  • Sanitize: Removing data from the storage device to a point that exceeds the ability to reconstruct the data by known forensic means.
  • 安全擦除:对SSD内NAND闪存阵列中的每个元素执行块擦除.
Micron supports data security when debugging SSDs in the data center by utilizing mechanisms designed to provide helpful diagnostic information without exposing user data and blocking access through dedicated debug ports on shipping drives. 我们还通过验证我们的加密函数 red team testing, and on some products seek FIPS certification.

此外,为了帮助打击恶意数字篡改:

  • 认证:使用安全机制来验证服务器组件(如ssd)中的信任.
  • Secure boot: Uses a trust relationship between different entities where each entity honors the other’s authenticity, 并且每个步骤在执行之前都要进行验证(例如在上电期间)。. Micron SSD secure boot uses a chain of trust mechanism in which the SSD firmware bootloader trusts the immutable SSD ROM, and the main firmware, in turn, trusts the bootloader.
  • 已签名固件:在SSD固件更新之前对其进行身份验证, 可以保护我们的固态硬盘免受恶意固件的攻击.
除上述安全外, Micron SSDs are designed to provide additional data protection by implementing standards-based encryption and other security mechanisms. 通过利用行业指定的机制, 美光促进了数据安全的快速采用, 以及广泛的互操作性.

  • Trusted Computing Group (TCG)3 Pyrite:提供基本安全性但不支持用户数据加密的标准.
  • TCG蛋白石:一种标准,旨在提供比黄铁矿更高级的安全性. Opal标准可用于加密sed中的用户数据.
  • TCG Enterprise:一种标准,旨在帮助防止由于物理存储设备被盗而导致的数据丢失.
  • eDrive: A combination of IEEE-1667 and TCG Opal that works with Windows BitLocker to help encrypt the contents of the SSD.4
  • 硬件安全引擎:美光公司部署AES-256等加密引擎, RSA 4096, and SHA-512 in select SSDs. 中指定的关键安全标准 商用国家安全算法(CNSA)套件 document.
SSD security-related assets

请注意,并不是所有的安全特性都在所有沙巴体育结算平台族或一个沙巴体育结算平台族中的所有沙巴体育结算平台sku上实现.

1 对于目前的美光固态硬盘组合. 参考的标准是本页SSD部分中提到的标准, such as TCG, SPDM and eDrive.
2 The DMTF website 提供有关SPDM的更多信息.
3 Trusted Computing Group 安全标准(“TCG标准”)包括TCG存储安全子系统Opal类, Pyrite, and Enterprise.
4 This page on Microsoft's website 提供有关BitLocker的更多详细信息.

美光NAND沙巴体育结算平台的黑色和紫色矢量图形

Micron NAND器件广泛应用于各种需要高性价比非易失性存储器的系统中. Micron NAND devices are designed to meet and exceed the ONFI and JEDEC standards for NAND that are collaboratively developed by those open-membership industry-leading consortiums.

Micron NAND器件实现了数据完整性的常用最佳实践, 错误恢复和访问控制, allowing host data to reside in a robust device that will meet the performance and reliability needs of the wide variety of systems that use NAND. 以下是部分NAND沙巴体育结算平台中较为显著的安全特性:

  • Read unique ID: All Micron NAND supports an identifier programmed into the device that allows host systems to uniquely identify a NAND device.
  • One-time programmable storage: All Micron NAND supports a one-time-programmable (OTP) area outside the main flash array where customers can program their unique data. OTP功能允许主机系统锁定编程到OTP区域的数据,使其不被修改.
  • 块锁定和保护:选择支持块锁定和保护功能的Micron低密度NAND器件, 允许主机系统锁定在块地址范围内编程的数据, 保护它不被修改. Contact your local Micron field support representative to understand what features are available on these devices.

NAND related assets

  • 开放NAND闪存接口(ONFI)标准 webpage.
  • 联合电子器件工程委员会(JEDEC)标准 webpage.

 

美光管理NAND沙巴体育结算平台的黑色和紫色矢量图形

Micron offers a full range of secure managed NAND products to meet the storage needs of a broad array of solutions. 我们完全管理的设备-包括美元, eMMC, and UFS — handle media management and error correction code (ECC) internally to help make technology transitions more seamless.

Managed NAND products released after April 2019 support an authenticated firmware update mechanism as described in NIST 800-193平台固件弹性指南.

托管NAND和特定组件的安全功能
2019年4月以后发布的托管NAND沙巴体育结算平台支持以下功能:

  • 经过身份验证的固件更新:为固件二进制文件和ROM中的公钥设计了RSA签名, 在生产流程和现场固件更新(FFU)期间进行检查. HMAC (Hash Message Authentication Code)签名检查, 基于秘密密钥和设备唯一密钥, performed by ROM at each boot.
  • Disabling debug ports in production parts: Executed with required host authentication (based on RSA) for unlocking debug ports for failure analysis.
  • 静态安全关键参数的加密:旨在帮助防止物理攻击(例如.g., RPMB keys).

Note that not all security features are implemented on all managed NAND product families or all product SKUs within a family.

美光NOR闪存沙巴体育结算平台的黑色和紫色矢量图形

NOR设备通常用于高可靠性的系统引导环境中, 需要低延迟和粒度数据访问. 而针对核心NOR功能的安全行业标准却很少, 美光NOR器件支持数据完整性和访问控制的常用最佳实践, allowing user content to reside in a robust device that will perform the system-critical boot process in a reliable manner.

  • Baseline block locking: Micron NOR devices offer several forms of block locking that are customer-configurable based on their unique system requirements. 可以通过几种方式保护块免受恶意和虚假的操作, 包括基于命令的易失性和非易失性锁定以及密码锁定. 一旦块被锁定,它就变为只读,从而确保了数据的完整性和可靠性.
  • Advanced block locking: Micron Xccela™ MT35X and select Quad SPI MT25Q part numbers offer additional block locking capabilities, 例如,使用状态和管理配置寄存器进行基于范围的块锁定.
  • 唯一ID:美光NOR设备具有64位,14到16字节的唯一标识码.
  • 一次性可编程存储:Micron Quad SPI MT25Q和Xccela MT35X设备各有64字节, 主闪存阵列外的一次性可编程区域,客户可以在其中设置自己的唯一标识符. 美光MT28EW器件将该区域扩展到1KB. 这个内置功能便于库存控制, 客户的可追溯性或类似功能.
  • Replay-protected monotonic counter (RPMC): Micron Quad SPI MT25Q product lines add four integrated monotonic counters on select part numbers, 只有知道256位加密密钥的主机才会增加. 每个计数器的内容也可以由主机进行加密验证. This enables one-time use numbers from each counter that preserve uniqueness and help to make systems more resistant to rollback and replay attacks.

NOR security-related asset

Micron Security Resources

两个穿着白色防护服的人正在交谈

Micron customer trust center

At Micron, we realize that addressing the challenges of today’s digital landscape requires steadfast commitment to protecting the trust relationship we have with our customers

View more >
+
卷发戴眼镜的人

Reporting a security issue

如果您有与美光资产相关的安全问题或漏洞的信息, send an email to security@weizhichao999.com.


请提供尽可能多的有关漏洞的信息, 包括受影响的任何沙巴体育结算平台名称和版本.

+
一个人在服务器机房用他的笔记本电脑

Information security at Micron

美光科技致力于确保公司所有资产的最佳安全, including products, processes, tools, intellectual property, 特权或机密信息. 我们致力于解决出现的问题.

+


Micron is steadfastly committed to assessing and remediating a discovered or reported security vulnerability to minimize the impact on our customers and product users.  以说明我们对沙巴体育结算平台安全的承诺, 我们在美光的漏洞处理过程中包含了一些相关的实践,如下图所示.

如果您有问题或担忧,请在我们的 沙巴体育结算平台安全和漏洞报告站点有关这些做法的更多详细信息,请与您的美光客户代表联系.

+