Automated secure data and firmware migration between removable storage devices that supports boot partitions and replay protected memory blocks

We claim: 1 . A system comprising: a system memory device including a secure memory region; a trusted execution environment; and a data migration management apparatus communicatively coupled to the trusted execution environment, the data migration management apparatus including: a mode switch to detect a data migration request, a backup controller communicatively coupled to the mode switch, the backup controller to conduct a first transfer, via the trusted execution environment, of storage context information from a first removable storage device to the secure memory region, and a migration controller to conduct a second transfer, via the trusted execution environment, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information is to include factory data, security data and boot firmware. 2 . The system of claim 1 , wherein the storage context information is to further include an operating system (OS) image, an OS recovery image and user data, and wherein the migration controller is to write the factory data to a factory partition in the second removable storage device, write the security data to a security partition in the second removable storage device, write the boot firmware to a boot partition in the second removable storage device, and write the OS image, the OS recovery image and the user data to one or more remaining partitions in the second removable storage device. 3 . The system of claim 2 , wherein the migration controller is to create the factory partition in the second removable storage device. 4 . The system of claim 1 , wherein the migration controller is to instruct the trusted execution environment to provision the second removable storage device with a replay protected memory block. 5 . The system of claim 1 , wherein the data migration management apparatus further includes: a transfer monitor to confirm a completion of the first transfer; and a notification controller communicatively coupled to the transfer monitor, the notification component to generate a user prompt to connect the second removable storage device to the system in response to the completion of the first transfer. 6 . The system of claim 1 , wherein the data migration management apparatus further includes: a transfer monitor to confirm a completion of the second transfer; an integrity controller communicatively coupled to the transfer monitor, the integrity controller to invalidate the storage context information in the secure memory region in response to the completion of the second transfer; and a reboot controller communicatively coupled to the transfer monitor, the reboot controller to trigger a cold reboot of the system in response to the completion of the second transfer. 7 . An apparatus comprising: a mode switch to detect a data migration request; a backup controller communicatively coupled to the mode switch, the backup controller to conduct a first transfer, via a trusted execution environment, of storage context information from a first removable storage device to a secure memory region of a system; and a migration controller to conduct a second transfer, via the trusted execution environment, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information is to include factory data, security data and boot firmware. 8 . The apparatus of claim 7 , wherein the storage context information is to further include an operating system (OS) image, an OS recovery image and user data, and wherein the migration controller is to write the factory data to a factory partition in the second removable storage device, write the security data to a security partition in the second removable storage device, write the boot firmware to a boot partition in the second removable storage device, and write the OS image, the OS recovery image and the user data to one or more remaining partitions in the second removable storage device. 9 . The apparatus of claim 8 , wherein the migration controller is to create the factory partition in the second removable storage device. 10 . The apparatus of claim 7 , wherein the migration controller is to instruct the trusted execution environment to provision the second removable storage device with a replay protected memory block. 11 . The apparatus of claim 7 , further including: a transfer monitor to confirm a completion of the first transfer; and a notification controller communicatively coupled to the transfer monitor, the notification component to generate a user prompt to connect the second removable storage device to the system in response to the completion of the first transfer. 12 . The apparatus of claim 7 , further including: a transfer monitor to confirm a completion of the second transfer; an integrity controller communicatively coupled to the transfer monitor, the integrity controller to invalidate the storage context information in the secure memory region in response to the completion of the second transfer; and a reboot controller communicatively coupled to the transfer monitor, the reboot controller to trigger a cold reboot of the system in response to the completion of the second transfer. 13 . A method comprising: detecting a data migration request; conducting a first transfer, via a trusted execution environment, of storage context information from a first removable storage device to a secure memory region of a system in response to the data migration request; and conducting a second transfer, via the trusted execution environment, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information includes factory data, security data and boot firmware. 14 . The method of claim 13 , wherein the storage context information further includes an operating system (OS) image, an OS recovery image and user data, and wherein conducting the second transfer includes: writing the factory data to a factory partition in the second removable storage device; writing the security data to a security partition in the second removable storage device; writing the boot firmware to a boot partition in the second removable storage device; and writing the OS image, the OS recovery image and the user data to one or more remaining partitions in the second removable storage device. 15 . The method of claim 14 , further including creating the factory partition in the second removable storage device. 16 . The method of claim 13 , wherein conducting the second transfer includes instructing the trusted execution environment to provision the second removable storage device with a replay protected memory block. 17 . The method of claim 13 , further including: confirming a completion of the first transfer; and generating a user prompt to connect the second removable storage device to the system in response to the completion of the first transfer. 18 . The method of claim 13 , further including: confirming a completion of the second transfer; invalidating the storage context information in the secure memory region in response to the completion of the second transfer; and triggering a cold reboot of the system in response to the completion of the second transfer. 19 . At least one computer readable storage medium comprising a set of instructions, which when executed by a computing system, cause the computing system to: detect a data m