Login / Register
At Micron, our commitment to excellence is anchored in our steadfast dedication to comprehensive security for our solutions, driven by our relentless focus on quality.
In today’s data-centric world, security is of paramount importance. IT managers, chief information officers (CIOs), chief information security officers (CISOs) and everyday consumers face ever-increasing threats from cybercriminals attempting to access and acquire private, sensitive and valuable data. These threats call for layered data protection that secures both data in flight, data being transferred into and from storage or memory devices, and stored data, that resides within a storage or memory device.
Micron integrates robust security features into our product designs, such as implementing secure boot processes, establishing a hardware root of trust, encrypting data where applicable, and implementing standardized security features.1 Our “security by design” approach integrates security as a core product and business requirement, increasing our resilience to evolving security threats.
Note that no hardware, software, or system can provide absolute security against all threats, so education on best practices to avoid things like spearfishing attacks is critical for individuals and organizations.
We take security seriously. If you have an issue or concern, report it at our
Defending your data
Micron products are designed to fortify your most critical data.
- Micron DRAM and HBM
- Micron SSD
- Micron NAND Components
- Micron Managed NAND
- Micron NOR
Micron DRAM and HBM
Micron DRAM products meet or exceed JEDEC standards that are collaboratively developed by the industry. This consortium includes a dedicated task group on security and data integrity. In addition to designed-in security features, the inherent operation of DRAM requires constant power. Physically removing the device from the system will disturb programmed content.
Micron was first in the memory industry to certify a DRAM product to ASIL D, the highest level of ISO 26262 functional safety requirements. Our proprietary product safety features use existing JEDEC supported pins and mode registers and are developed to improve diagnostic coverage of transient and permanent faults. One such feature is our Testmode Entry Flag. This feature will alert the host to the use of modes that could represent attacks if the host did not specifically request these actions.
DRAM security related assets
Micron customers trust our products to store and help protect their most critical and sensitive data. That is why we build security into the design of our SSDs with robust encryption and authentication features, as well as data sanitization methods consistent with industry standards. We also test the security of our data center SSDs and other select products at key development milestones to ensure they are hardened against known attacks.
Our Micron-branded SSD portfolio includes robust security features and is designed to meet our customers’ needs, which often go beyond those specified by industry groups for trusted computing platforms.1 We use numerous methods to enhance the security of data across various SSDs in our portfolio.
Micron integrates features focused on platform-level security:
Security Protocol and Data Model2 (SPDM): Defines messages, data objects and sequences for performing message exchanges between devices over a variety of transport and physical media.
Micron secure execution environment (SEE): A dedicated security processor consisting of dedicated ROM, firmware and a security microprocessor. The secure microprocessor is electrically isolated from other microprocessors within the SSD controller and SEE execution cannot be preempted by nonsecure code. This isolation significantly reduces the opportunity for the security functionality of the storage device to be accidentally or maliciously circumvented.
Micron helps secure data upon SSD retirement or repurpose with features like these:
Cryptographic erase: Erasing a self-encrypting drive (SED) by permanently destroying the encryption key.
- Sanitize: Removing data from the storage device to a point that exceeds the ability to reconstruct the data by known forensic means.
- Secure erase: Executing a block erase on each element in the NAND flash array in the SSD.
Micron supports data security when debugging SSDs in the data center by utilizing mechanisms designed to provide helpful diagnostic information without exposing user data and blocking access through dedicated debug ports on shipping drives. We also validate our cryptographic functions through red team testing, and on some products seek FIPS certification.
Furthermore, to help combat malicious digital tampering:
Attestation: Uses a secure mechanism to validate trust in server components such as SSDs.
- Secure boot: Uses a trust relationship between different entities where each entity honors the other’s authenticity, and each step is subject to attestation prior to execution (such as during power-on). Micron SSD secure boot uses a chain of trust mechanism in which the SSD firmware bootloader trusts the immutable SSD ROM, and the main firmware, in turn, trusts the bootloader.
- Signed firmware: Authenticates SSD firmware prior to updating it, which helps protect our SSDs against malicious firmware.
- In addition to the above security, Micron SSDs are designed to provide additional data protection by implementing standards-based encryption and other security mechanisms. By leveraging industry-specified mechanisms, Micron facilitates rapid adoption of data security, as well as broad interoperability.
- Trusted Computing Group (TCG)3 Pyrite: A standard that provides basic security but does not support user data encryption.
- TCG Opal: A standard designed to provide more advanced security than Pyrite. The Opal standard can be used to encrypt user data in SEDs.
- TCG Enterprise: A standard designed to help protect against data loss due to theft of physical storage devices.
- eDrive: A combination of IEEE-1667 and TCG Opal that works with Windows BitLocker to help encrypt the contents of the SSD.4
- Hardware security engines: Micron deploys encryption engines such as AES-256, RSA 4096, and SHA-512 in select SSDs. These engines meet or exceed key security standards specified in the Commercial National Security Algorithm (CNSA) Suite document.
SSD security-related assets
- For a list of the security features supported by Micron SSDs, read the Micron SSD security features flyer, confirm the capabilities of your specific part number, and consult with Micron technical support.
- For an overview of SSD security terms, read the Micron Technical Brief: SSD Security Features.
Note that not all security features are implemented on all product families or all product SKUs within a family.
1 For the current portfolio of Micron SSDs. Standards referenced are those mentioned in the SSD section of this page, such as TCG, SPDM and eDrive.
2 The DMTF website offers additional information on SPDM.
3 Trusted Computing Group security standards (“TCG standard”) include TCG storage security subsystem classes Opal, Pyrite, and Enterprise.
4 This page on Microsoft's website offers additional details on BitLocker
Micron NAND components
Micron NAND devices are used in a wide variety of systems where cost-effective nonvolatile memory is needed. Micron NAND devices are designed to meet and exceed the ONFI and JEDEC standards for NAND that are collaboratively developed by those open-membership industry-leading consortiums.
Micron NAND devices enable commonly used best practices for data integrity, error recovery and access control, allowing host data to reside in a robust device that will meet the performance and reliability needs of the wide variety of systems that use NAND. These are some of the more notable security features available in select NAND products:
- Read unique ID: All Micron NAND supports an identifier programmed into the device that allows host systems to uniquely identify a NAND device.
- One-time programmable storage: All Micron NAND supports a one-time-programmable (OTP) area outside the main flash array where customers can program their unique data. The OTP functionality allows a host system to lock data programmed into the OTP area from being modified.
- Block lock and protect: Select Micron low-density NAND devices support block lock and protect functionality, allowing a host system to lock data programmed in ranges of block addresses, protecting it from being modified. Contact your local Micron field support representative to understand what features are available on these devices.
NAND related assets
Micron Managed NAND
Micron offers a full range of secure managed NAND products to meet the storage needs of a broad array of solutions. Our fully managed devices — including uSD, eMMC, and UFS — handle media management and error correction code (ECC) internally to help make technology transitions more seamless.
Managed NAND products released after April 2019 support an authenticated firmware update mechanism as described in NIST 800-193 Platform Firmware Resiliency Guidelines.
Managed NAND and component-specific security features
Managed NAND products released after April 2019 support the following features:
- Authenticated firmware update: Designed with an RSA signature for firmware binaries and public keys in ROM, checked both during manufacturing flow and field firmware update (FFU). Hash Message Authentication Code (HMAC) signature check, based on secret and device-unique keys, performed by ROM at each boot.
- Disabling debug ports in production parts: Executed with required host authentication (based on RSA) for unlocking debug ports for failure analysis.
- Encryption of security-critical parameters at rest: Designed to help protect against physical attacks (e.g., RPMB keys).
Note that not all security features are implemented on all managed NAND product families or all product SKUs within a family.
NOR devices are typically used in system boot environments where high reliability, low latency and granular data access are desired. While few security industry standards exist for core NOR functionality, Micron NOR devices enable commonly used best practices for data integrity and access control, allowing user content to reside in a robust device that will perform the system-critical boot process in a reliable manner.
- Baseline block locking: Micron NOR devices offer several forms of block locking that are customer-configurable based on their unique system requirements. Blocks may be protected from malicious and spurious manipulation in several ways, including command-based volatile and nonvolatile locking and password locking. Once a block is locked, it becomes read-only, ensuring data integrity and reliability.
- Advanced block locking: Micron Xccela™ MT35X and select Quad SPI MT25Q part numbers offer additional block locking capabilities, such as range-based block locking with status and management configuration registers.
- Unique ID: Micron NOR devices come with a 64-bit, 14-to-16-byte unique identifier code.
- One-time programmable storage: Micron Quad SPI MT25Q and Xccela MT35X devices each have a 64-byte, one-time-programmable area outside the main flash array where customers can set their own unique identifiers. The Micron MT28EW devices expand this area to 1KB. This built-in feature facilitates inventory control, traceability or similar functions by the customer.
- Replay-protected monotonic counter (RPMC): Micron Quad SPI MT25Q product lines add four integrated monotonic counters on select part numbers, which may only be incremented by a host with knowledge of a secret 256-bit cryptographic key. The contents of each counter are also cryptographically verifiable by the host. This enables one-time use numbers from each counter that preserve uniqueness and help to make systems more resistant to rollback and replay attacks.
NOR security-related asset
- Learn more about NOR flash here Versatility: Easy, Scalable, Efficient NOR Flash.
1 Micron assumes no liability for lost, stolen, or corrupted data.