Comment by peter_d_sherman

>I am pretty confident, however, that the author knows more about it than I do and their conclusion has been that it's worth using an existing SSD controller.

When an off-the-shelf SSD controller (as opposed to an FPGA which is much more auditable) is used for a commercial, mass-market SSD -- whoever is making that SSD -- is also putting the root-of-trust for that SSD user's data -- in the hands of the SSD controller manufacturer...

You sure that that SSD controller manufacturer didn't put a hardware backdoor in that SSD controller? You sure that that SSD controller manufacturer didn't embed a hidden "security processor" in the silicon? You sure that it won't covertly communicate your data over RF and/or near-field signals with other nearby similar "black box" electronic components?

Because I'm not!

I wasn't there when the SSD controller was designed, I wasn't there when the SSD controller was fabricated. Any off-the-shelf existing SSD controller is truly a Black Box to me...

Your argument is one of efficiency and expediency.

That's fine for 99% of the Corporations on the planet who value time and efficiency over doing things the harder, slower, less-profitable -- but more correct and ethical transparent way...

My argument is one of transparency, security, knowledge, "doing the homework" -- and understanding how systems truly work under the hood.

Your argument is correct for 99% of the people and corporations out there who value speed and "time-to-market" -- over all other virtues.

But your argument is not correct for 1% of people, and your argument is not correct for me -- for reasons explained above.

In summation, your argument is not wrong...

You are about 99% correct -- but not 100%...

Sure, I could buy a Tesla (or any completely assembled consumer product for that matter!) -- but then I would never have the satisfaction or the fun (or learning!) of trying to build my own! <g>