A method for data integrity protection includes storing items of data in a plurality of data blocks in a storage medium. Respective block signatures are stored in an integrity structure in the storage medium. A block signature of the given data block is computed in response to a first request to read a first data item from a given data block, and the computed signature is verified against a stored signature read from the integrity structure. The verified block signature is saved in a secure cache. The block signature is recomputed upon receiving a second request to read a second data item, subsequent to the first request, and is verified against the verified block signature in the secure cache. The data item is output from the storage medium in response to verifying the recomputed block signature.