Processors, methods and systems to allow secure communications between protected container memory and input/output devices
First Claim
1. An integrated circuit comprising:
- a protected container access control logic including at least some integrated circuitry, disposed on the integrated circuit, including a memory management unit (MMU), including one or more translation lookaside buffers (TLBs), and including a data structure to map device protected container modules (DPCMs) to input/output (I/O) devices, the protected container access control logic operative to perform a set of access control checks and to determine whether to allow a DPCM and an I/O device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO), the protected container access control logic, responsive to an attempt by the DPCM and the I/O device to said communicate securely, to allow the DPCM and the I/O device to said communicate securely if the set of access control checks determine that at least;
the DPCM and the I/O device are mapped to one another using the data structure;
an access address associated with the communication resolves into a protected container memory; and
a page of the protected container memory into which the access address resolves allows for said one of the DMA and the MMIO and has a page type dedicated to secure I/O instead of a plurality of other possible page types for pages of the protected container memory that are not dedicated to the secure I/O and that the protected container access control logic does not allow the I/O device to perform either one of the DMA or the MMIO to;
a decode unit to decode an instruction of an instruction set, wherein the integrated circuit is to perform the instruction to reconfigure the page from one of the plurality of other possible page types to the page type dedicated to the secure I/O in a protected container memory control structure.
1 Assignment
0 Petitions
Accused Products
Abstract
An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device. In some cases, a determination may be made that a type of access is compatible with one or more allowed access types for the page as represented in a protected container page metadata structure.
-
Citations
23 Claims
-
1. An integrated circuit comprising:
-
a protected container access control logic including at least some integrated circuitry, disposed on the integrated circuit, including a memory management unit (MMU), including one or more translation lookaside buffers (TLBs), and including a data structure to map device protected container modules (DPCMs) to input/output (I/O) devices, the protected container access control logic operative to perform a set of access control checks and to determine whether to allow a DPCM and an I/O device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO), the protected container access control logic, responsive to an attempt by the DPCM and the I/O device to said communicate securely, to allow the DPCM and the I/O device to said communicate securely if the set of access control checks determine that at least; the DPCM and the I/O device are mapped to one another using the data structure; an access address associated with the communication resolves into a protected container memory; and a page of the protected container memory into which the access address resolves allows for said one of the DMA and the MMIO and has a page type dedicated to secure I/O instead of a plurality of other possible page types for pages of the protected container memory that are not dedicated to the secure I/O and that the protected container access control logic does not allow the I/O device to perform either one of the DMA or the MMIO to; a decode unit to decode an instruction of an instruction set, wherein the integrated circuit is to perform the instruction to reconfigure the page from one of the plurality of other possible page types to the page type dedicated to the secure I/O in a protected container memory control structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
decoding and executing an instruction of an instruction set to reconfigure, in a control structure in a protected container memory, a page of the protected container memory from one of a plurality of possible page types that are not dedicated to secure input/output (I/O) to a page type that is dedicated to the secure I/O; determining that a set of access control checks succeed, including; determining that a device protected container module (DPCM) and an I/O device are mapped to one another; determining that an access address associated with an attempted access by one of the DPCM and the I/O device resolves into the protected container memory; and determining that the page of the protected container memory into which the access address resolves has the page type that is dedicated to the secure I/O, wherein the page type that is dedicated to the secure I/O allows for at least one of direct memory access (DMA) and memory-mapped input/output (MMIO) into the page by the I/O device; allowing the DPCM and the I/O device to communicate securely with one another through the page of the protected container memory after and based on said determining that the set of access control checks succeed; and not allowing the I/O device to perform either the DMA or the MMIO into any pages of the plurality of possible page types that are not dedicated to the secure I/O. - View Dependent Claims (16, 17)
-
-
18. An article of manufacture comprising a non-transitory machine-readable storage medium, the non-transitory machine-readable storage medium storing instructions that if executed by a machine are to cause the machine to perform operations, the operations including:
-
send for execution an instruction of an instruction set to reconfigure, in a control structure in a protected container memory, a page of the protected container memory from one of a plurality of possible page types that are not dedicated to secure input/output (I/O) to a page type that is dedicated to the secure I/O; request, from a protected container module in the protected container memory, that an I/O device be mapped to the protected container module; access the page in the protected container memory that has the page type that is dedicated to the secure I/O, wherein the page type that is dedicated to the secure I/O allows for at least one of direct memory access (DMA) and memory-mapped input/output (MMIO) into the page by the I/O device; and perform said one of the DMA and the MMIO with the I/O device into the page in the protected container memory. - View Dependent Claims (19, 20, 21, 22)
-
-
23. An integrated circuit comprising:
at least one memory management unit (MMU) and at least one translation lookaside buffer (TLB) that together are operative to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input/output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO), the at least one MMU and the at least one TLB to allow the DPCM and the I/O device to said communicate securely through said one of the DMA and said MMIO only if the set of access control checks determine that at least; the DPCM and the I/O device are mapped to one another; an access address associated with the communication resolves into a protected container memory; and a page of the protected container memory into which the access address resolves has a given page type for which the integrated circuit allows the I/O device to perform at least said one of the DMA and the MMIO into the page instead of a plurality of other possible page types for pages of the protected container memory for which the integrated circuit does not allow the I/O device to perform either one of the DMA or the MMIO into the pages, wherein the page is reconfigurable from one of the plurality of other possible page types to the given page type by performance of an instruction of an instruction set.
Specification