Pandora's Box in Your SSD: The Untold Dangers of NVMe

Abstract: Modern operating systems manage and abstract hardware resources, to ensure efficient execution of user workloads. The operating system must securely interface with often untrusted user code while relying on hardware that is assumed to be trustworthy. In this paper, we challenge this trust by introducing the eNVMe platform, a malicious NVMe storage device. The eNVMe platform features a novel, Linux-based, open-source NVMe firmware. It embeds hacking tools and it is compatible with a variety of PCI-enabled hardware. Using this platform, we uncover several attack vectors in Linux and Windows, highlighting the risks posed by malicious NVMe devices. We discuss available mitigation techniques and ponder about open-source firmware and open-hardware as a viable way forward for storage. While prior research has examined compromised existing hardware, our eNVMe platform provides a novel and unique tool for security researchers, enabling deeper exploration of vulnerabilities in operating system storage subsystems.