ENCRYPTED MEMORY ACCESS USING PAGE TABLE ATTRIBUTES
First Claim
1. A memory system comprising:
- memory elements organized into memory regions;
a memory controller at a memory interface, the memory controller comprising;
an encryptor to control a plurality of memory access keys respectively associated with the memory regions, wherein each memory region is allocated to a respective client;
an access manager to;
receive an access request from a client, the access request including a client access key to access a memory element,look up a memory access key from a page table attribute associated with a physical address of the memory element, anddetermine if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element, andprovide a response to the access request based on the determination and a mode of operation.
1 Assignment
0 Petitions
Accused Products
Abstract
Encrypted memory access using page table attributes is disclosed. One example is a memory system including a memory controller at a memory interface. The memory controller includes an encryptor to control a plurality of memory access keys respectively associated with memory regions, where each memory region is allocated to a respective client, and an access manager to receive an access request from a client, the access request including a client access key to access a memory element. The access manager looks up a memory access key from a page table attribute associated with a physical address of the memory element, and determines if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element. Based on the determination and a mode of operation, the access manager provides a response to the access request.
-
Citations
20 Claims
-
1. A memory system comprising:
-
memory elements organized into memory regions; a memory controller at a memory interface, the memory controller comprising; an encryptor to control a plurality of memory access keys respectively associated with the memory regions, wherein each memory region is allocated to a respective client; an access manager to; receive an access request from a client, the access request including a client access key to access a memory element, look up a memory access key from a page table attribute associated with a physical address of the memory element, and determine if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element, and provide a response to the access request based on the determination and a mode of operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
controlling, via a memory controller at a memory interface, a plurality of memory access keys respectively associated with memory regions of the memory system, wherein each memory region is allocated to a respective client; receiving, via the memory controller, an access request from a client, the access request including a client access key to access a memory element included in a memory region; looking up, via the memory controller, a memory access key from a page table attribute associated with a physical address of the memory element; determining, via the memory controller, if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element; and providing, via the memory controller, a response to the access request based on the determination and a mode of operation. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A programmable memory controller comprising:
a non-transitory computer readable medium that stores configuration data for logic to enable the memory controller to; control a plurality of memory access keys respectively associated with memory regions of the memory system, wherein each memory region is allocated to a respective client; receive an access request from a client, the access request including a client access key to access a memory element included in a memory region; look up a memory access key from a page table attribute associated with a physical address of the memory element; determine if the access request is valid by comparing the client access key with the memory access key associated with the memory region that includes the memory element; and provide a response to the access request based on the determination and a mode of operation, wherein the mode of operation is one of isolation only, encryption and error correction only, or a combination of isolation, encryption and error correction. - View Dependent Claims (18, 19, 20)
Specification