US 12,353,609 B2
Method and system for a secure management of storage devices using a key management service
Chandrashekar Nelogal, Round Rock, TX (US); James Peter Giannoules, Round Rock, TX (US); Marcelo S. Saraiva, Austin, TX (US); Karthikeyan Rajagopalan, Austin, TX (US); Sanjeev S. Dambal, Austin, TX (US); Sisir K. Dash, Bangalore (IN); and Sura Reddy, Kothapalli (IN)
Assigned to DELL PRODUCTS L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Oct. 21, 2021, as Appl. No. 17/507,431.
Prior Publication US 2023/0132176 A1, Apr. 27, 2023
Int. Cl. G06F 21/78 (2013.01); G06F 3/06 (2006.01); G06F 9/4401 (2018.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01)
CPC G06F 21/78 (2013.01) [G06F 3/0623 (2013.01); G06F 3/0634 (2013.01); G06F 3/0659 (2013.01); G06F 3/0673 (2013.01); G06F 9/4401 (2013.01); H04L 9/06 (2013.01); H04L 9/0816 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A method for managing a storage system, the method comprising:
obtaining, by a hardware resource manager of the storage system and from an administrative system, a security mode request for a storage controller managing the storage system comprising a plurality of storage devices,
wherein the security mode request indicates an unsecured mode of the storage controller,
wherein the hardware resource manager is external to the storage system and to the storage controller, and
wherein the hardware resource manager is a baseboard management controller (BMC) managing life cycles of the storage system with the storage controller;
in response to obtaining the security mode request: identifying, by the hardware resource manager and based on the unsecured mode, security states of each of the plurality of storage devices;
obtaining, from a key management service, corresponding storage device keys using the security states;
initiating, by the hardware resource manager of the storage system and after obtaining the storage device keys, a boot-up of the storage controller;
making a determination, by the storage controller and after initiating the boot-up, that the storage controller is in a secured mode;
based on the determination:
identifying a security state of each of the plurality of storage devices;
determining that a storage device of the plurality of storage devices is in an unsecured state; and
based on the unsecured state, sending, by the storage controller, a security operation request for securing the storage device;
in response to receiving the security operation request:
obtaining, by the hardware resource manager, a new storage device key for the storage device from the key management service;
initiating, by the hardware resource manager, a security algorithm on the storage device using the new storage device key to obtain a secured storage device and generate a secure state response,
wherein the key management service is external to the storage system,
wherein the key management service manages storage and generation of the storage device keys and the new storage device key, and
wherein the storage controller acts as a pass-through entity as the hardware resource manager initiates the security algorithm on the storage device;
obtaining the secure state response from the hardware resource manager corresponding to securing the storage device; and
based on the secure state response, resuming operation of the storage controller based on the secure mode.