	US 12,189,758 B2
	Securing critical data in a storage device of a computer system
Rsong-Hsiang Shiao, San Jose, CA (US); and Hung-Ming Chien, Taoyuan (TW)
Assigned to Super Micro Computer, Inc., San Jose, CA (US)
Filed by Super Micro Computer, Inc., San Jose, CA (US)
Filed on Oct. 7, 2022, as Appl. No. 17/962,325.
Prior Publication US 2024/0119139 A1, Apr. 11, 2024
Int. Cl. G06F 21/53 (2013.01); G06F 21/62 (2013.01)

CPC G06F 21/53 (2013.01) [G06F 21/6245 (2013.01); G06F 2221/034 (2013.01)]

15 Claims

1. A method of securing critical data in a computer system that comprises a system on a chip (SOC) with a Reduced Instruction Set Computer (RISC) processor core that operates in a normal world and a secure world, the RISC processor core providing hardware-level isolation between the normal world and the secure world, the method comprising:

providing an external storage device that is external to the SOC;

storing the critical data in a protected data region of the external storage device;

storing a storage command pool in a secure memory space in the secure world, the secure world being a Trusted Execution Environment (TEE) and the normal world being a Rich Execution Environment (REE);

making a secure monitor call from the normal world to the secure world;

validating the secure monitor call in the secure world; and

in response to the secure monitor call passing validation in the secure world, performing a direct memory access (DMA) operation in the secure world in accordance with the storage command pool to transfer the critical data between the protected data region of the external storage device and a normal memory space in an external random-access memory (RAM) of the computer system, the normal memory space being accessible in the normal world, the external RAM being external to the SOC.