08-13-2018 07:50 AM
To support certain high-integrity applications—notably public elections, where the integrity of electronic voting systems is of paramount concern—the software image used on certain systems must be proven at point of use. The principle would make the image public ahead of time, and a public observer would make a copy of the media when the image is to be applied.
A high-integrity WORM MicroSD card would fit this purpose well. In systems such as the Raspberry Pi, the SOC itself contains non-modifiable bootcode which specifically loads a bootloader from the SD card. No firmware to manipulate between one end and the other (such as by patching a DVD reader's firmware).
To accomplish WORM, SanDisk could place a write-protect switch on the side of the SD card. When power is applied to the SD card, there is a voltage across the eFuse, with this switch in the circuit. The eFuse is also in a parallel circuit for the write pin on the NAND. If this switch is closed, the eFuse immediately blows upon powering up, and it becomes physically-impossible to write to NAND—forever.
Blowing the eFuse should also ground the write pin on the opposite end.
Clearly marking such cards, such as by making them gold-color plastic with a black mark shown when set to normal and a red mark when switched to WORM (which is permanent after applying power), would provide visible demonstration of integrity. Otherwise, they're similar to current cards, with a minor amount of additional circuitry.