摘要 |
The various implementations described herein include systems, methods and/or devices used to enable power failure tolerant cryptographic erasure in a storage device having a first encryption key established as a current encryption key. The method includes performing a set of first stage operations including selecting first and second sets of memory blocks and obtaining a second encryption key. The method includes performing a set of second stage operations including storing, in the first set of memory blocks, first and second sets of metadata, encrypted using the second encryption key. The method includes performing a set of third stage operations, including storing, in the second set of memory blocks, the second set of metadata encrypted using the second encryption key. The method includes setting the second encryption key as the current encryption key for the plurality of memory blocks. |
主权项 |
1. A method of cryptographically erasing data in a storage device, at a controller, the storage device having a first encryption key established as a current encryption key prior to performance of the method, the method comprising:
updating a durably stored progress indicator to indicate a first stage; performing a set of first stage operations, including:
selecting or identifying a first set of memory blocks and a second set of memory blocks from a plurality of memory blocks on the storage device, wherein the second set of memory blocks does not comprise any memory block in the first set of memory blocks;obtaining a second encryption key; in accordance with a determination that a power fail condition did not occur while the progress indicator indicates the first stage:
updating the progress indicator to indicate a second stage;performing a set of second stage operations, including:
storing, in the first set of memory blocks, a first set of metadata corresponding to the first set of memory blocks, encrypted using the second encryption key; andstoring, in the first set of memory blocks, a second set of metadata corresponding to the second set of memory blocks, encrypted using the second encryption key; and, in accordance with a determination that a power fail condition did not occur while the progress-counter indicates the second stage:
updating the progress indicator to indicate a third stage;performing a set of third stage operations, including storing, in the second set of memory blocks, the second set of metadata encrypted using the second encryption key; andsubsequent to storing, in the second set of memory blocks, the second set of metadata encrypted using the second encryption key, setting the second encryption key as the current encryption key for the plurality of memory blocks. |