NVMe and Self-Encrypting Drives – The Perfect Match

9 years ago

NVMe technology had a big presence at the Intel Developer Forum (IDF), held in San Francisco of September this year. There were products and demonstrations from about a dozen leading vendors including Intel and Micron. I also attended quite a few sessions, but the one on NVMe was the only one that was overflowing with people.

The NVM Express specification defines an optimized register interface; command set and feature set for PCI Express (PCIe®)-based Solid-State Drives (SSDs). The goal of NVM Express is to unlock the potential of PCIe SSDs now and in the future, and standardize the PCIe SSD interface.

From a client platform (e.g. PCs, notebooks, etc.) perspective, people buy SSDs for the performance boost it can give their systems. There are other advantages too, but performance is often the main motivator. It is most common for today’s SSDs to attach to the PC via the SATA (Serial ATA) bus. SATA was just fine for the older and slower spinning magnetic drives but has become the performance bottle neck when connecting today’s supper fast SSDs. That is where NVMe comes in to remove this bottle neck in a standard way.

Below are a few takeaways from Amber Huffman’s – Senior Principal Engineer, Intel Corporation “NVM Express*: “Going Mainstream and What’s Next”

Presentation on the benefits of NVMe at IDF:

Lower latency
Performance (4 or more times faster than SATA SSD’s depending on what is measured.)
Less CPU cycles per IO
Less power consumed per IO (very important for mobile devices that run off batteries)
Support for “Security protocols: Trusted Computing Group Opal”.

It is that last point that I want to stress. If you have a security or compliance requirement for full disk encryption (FDE) then you are going to want your new NVMe SDD to be a SED (Self-Encrypting Drive). The alternative, software FDE, doesn’t impact performance much at all on the slower SATA connected mechanical hard drives because the CPU can keep up. However, with SATA SSDs there is a noticeable impact on performance with software encryption even when the CPU’s advanced crypto instructions (AES-NI) are utilized. Now with NVMe, the SATA bottle neck for SSDs is eliminated so the relative performance hit of software encryption on NVMe drives is going to be even greater than on SATA SSDs. That is why I am happy to see that the Trusted Computing Group (TCG) has been on top of this technology for some time now, first adding NVM Express support to the TCG Storage Interface Interactions Specification (SIIS) almost 3 years ago.

If the prediction comes true, NVM Express will have more than 70% of the client SSD market by 2018. While this may seem optimistic, given the advantages of the technology and the focus the industry is applying, it just might happen. Meanwhile, we are doing our part to ensure they are SEDs and will be enterprise manageable by SecureDoc.

Garry McCracken https://winmagic.com

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic.

Safeguarding Transactions

Risks Long After Breach

Tackling the Caesars and MGM Hacks with Secure Authentication Fallback

Early September 2023, two of the world’s largest casino hotel companies — MGM Resorts and Caesars — were struck by…

October 3, 2023

Thi Nguyen-Huu

Why Relying on Phones for Online Authentication Is a Bad Idea

In 2022, the US Government released memorandum M-22-09 addressing the requirements for achieving zero-trust security. This introduction has sparked a…

September 18, 2023

Garry McCracken