We study the properties, design, implementation and performance of trusted storage, an architecture that ensures the integrity, confidentiality and accountability of data, by enforcing storage policies at the lowest layer of a storage system, within the hardware and firmware of disk enclosures. The guarantees provided by trusted storage depend only on the integrity and correctness of the trusted device/enclosure firmware and hardware, not on the absence of bugs and security vulnerabilities in any higher level software of a system and operator error or malice. Trusted storage primitives enable applications to associate and enforce a policy with each data object they create, and to obtain firmware-generated, cryptographically signed certificates, which attest to a given stored data object’