CRYPTOGRAPHIC SEPARATION OF MEMORY ON DEVICE WITH USE IN DMA PROTECTION
Abstract:
A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator device, the authentication tag in response to a finalization command from the trusted execution environment. Other embodiments are described and claimed.
Information query
Patent Agency Ranking
0/0