EMMC Memory Chips and Their RPMB Guide

Understanding EMMC Memory Chips and Their RPMB (Replay Protected Memory Block)

EMMC (Embedded MultiMediaCard) memory chips are widely used in modern electronic devices for data storage. One of the critical features of eMMC is the Replay Protected Memory Block (RPMB)—a specialized, access-protected memory section designed to store sensitive information securely. This article explores RPMB's security mechanisms and practical considerations for accessing and using it.

What is RPMB?

The RPMB is a secure region within the eMMC memory that ensures data integrity and prevents unauthorized access or tampering. It is typically used to store:

• Cryptographic keys.
• Secure boot parameters.
• Sensitive configuration settings.

The RPMB cannot be directly accessed or modified without the proper key. This security feature ensures only authorized processors with the correct credentials can interact with the RPMB.

How RPMB Works

The operation of the RPMB revolves around a unique cryptographic key and a write counter:

1. Key Initialization:

   • When the RPMB key is absent, the processor (CPU) initializes the key.
   • This key is generated based on the processor's serial number (SN) and the eMMC's chip ID (CID), ensuring uniqueness for each processor-eMMC pair.
   • Once programmed, the key is immutable—it cannot be changed or erased.

2. If a Key Already Exists:

• The RPMB's write counter will typically have a value greater than zero.
• For further operations, the processor must use the existing key for encrypted communication.

Modes of Operation

Reading Mode:

1. The processor retrieves the current write counter value from the RPMB.
2. Data is requested in 256-byte blocks.
3. The chip sends the encrypted data (secured with the counter and key).
4. The processor decrypts the data using its stored key and counter value and validates its integrity.

Writing Mode:

1. The processor retrieves the current write counter from the chip.
2. Data is encrypted with the key and counter in 256-byte blocks.
3. The encrypted data is sent to the chip, which validates it.
4. If the data is valid, it is written to the RPMB and the write counter is incremented by one.

The write counter tracks how many times data blocks have been written to the RPMB, ensuring replay attacks are prevented.

Accessing the RPMB

• Writing Data: Writing to the RPMB requires knowledge of the 16-byte cryptographic key stored in the eMMC chip. Without this key, data cannot be written.
• Reading Data: Experimental reading of the RPMB is possible using specialized tools like Z3x Easy JTAG. While the integrity of such reads cannot be guaranteed, experiments show over 90% validity in practice.

Practical Tools and Observations

Recent versions of the Z3x Easy JTAG Classic software (v3.4.4.0 and later) include features for RPMB status monitoring. For example:

• A log entry like "EMMC RPMB is not yet programmed (clear) or NO Error" indicates the RPMB area is unprogrammed.
• Another entry, such as "EMMC RPMB is programmed and written 12 times," indicates the number of 256-byte blocks written to the RPMB.

In such cases, RPMB sections can be selected for experimental reading via the ROM selection interface.

Important Notes

1. Firmware Writing Implications:
   Rewriting firmware to the eMMC reinitializes its internal NAND memory. This process erases the RPMB key, counter, and data.

2. Immutability of RPMB Key and Counter:

   • Once programmed, the RPMB key cannot be deleted or changed.
   • The write counter can only increase with valid, key-encrypted data writes.