Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

Abstract: Systems and methods for providing features that enable anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The controller manages input/output operations for the storage device. The firmware provides features for protection against malware. The memory includes secure storage that is configured to provide a set of storage operations.

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

Abstract: Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

Abstract: Embodiments of systems, apparatuses, and methods for securely transferring data between a storage system and an agent are described. In some embodiments, a system establishes a tunnel between the storage system and the agent. The system further securely transfers the data between the storage system and the agent using the tunnel. In one embodiment, the tunnel uses an action and results mailbox to transfer the data. In another embodiment, the tunnel is based on a trusted send facility.

Abstract: Systems and methods for providing anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The firmware communicates with an authorized entity (e.g., external entity, operating system) to establish a secure communication channel. The system includes secure storage to securely store data.

Abstract: Systems and methods for providing features that enable anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The controller manages input/output operations for the storage device. The firmware provides features for protection against malware. The memory includes secure storage that is configured to provide a set of storage operations.

Abstract: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, transferring first data from the storage device to the agent via the secure tunnel, the secure tunnel to prevent software executing in an operating system from modifying the data, and identifying a data modification by comparing the first data to second data.

Abstract: Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.

Abstract: An anti-malware approach uses a storage drive with the capability to lock selected memory areas. Platform assets such as OS objects are stored in the locked areas and thus, unauthorized changes to them may not be made by an anti-malware entity.