Replay Protected Memory Block Explained

A Replay Protected Memory Block (RPMB) is provided as a means for a system to store data to the specific memory area in an authenticated and replay protected manner and can only be read and written via successfully authenticated read and write accesses. The data may be overwritten by the host but can never be erased.[1]

Use in computing systems

Since RPMB is tamper-resistant, it can be used as a storage medium for a variety of data-critical purposes on an embedded system:

Some operating systems, such as Linux may provide a generic driver for accessing an RPMB device attached to an eMMC. However, in other cases the access to RPMB is controlled through a proprietary driver; this may require use of a Trusted Application instead of a normal application to access the data. Some embedded flash storage devices, such as eMMC, eUFS and NVMe, are support this standard.

Logical unit addressing

The UFS specification allocates a "Well-Known LUN" identifier of 44h for the RPMB device. This can be represented as:

Memory layout

An RPMB device supplies the following memory sections:

SectionAccessSize
Authentication KeyWrite-only32 bytes
Write CounterRead-only4 bytes (32 bits)
Data AreaRead/writeMultiple of 128 Kbytes*
* This is the minimum defined by the specification, the actual block size depends on the flash vendor's implementation.

Notes and References

  1. https://www.jedec.org/sites/default/files/docs/JESD220A.pdf JEDEC Standard No. 220