This disclosure pertains to computing systems, and in particular (but not exclusively) to secure communications over computer buses.
Advances in semi-conductor processing and logic design have permitted an increase in the amount of logic that may be present on integrated circuit devices. As a corollary, computer system configurations have evolved from a single or multiple integrated circuits in a system to multiple cores, multiple hardware threads, and multiple logical processors present on individual integrated circuits, as well as other interfaces integrated within such processors. A processor or integrated circuit typically comprises a single physical processor die, where the processor die may include any number of cores, hardware threads, logical processors, interfaces, memory, controller hubs, etc. As the processing power grows along with the number of devices in a computing system, the communication between sockets and other devices becomes more critical. Accordingly, interconnects, have grown from more traditional multi-drop buses that primarily handled electrical communications to full blown interconnect architectures that facilitate fast communication. Unfortunately, as the demand for future processors to consume at even higher-rates corresponding demand is placed on the capabilities of existing interconnect architectures. Interconnect architectures may be based on a variety of technologies, including Peripheral Component Interconnect Express (PCIe), Universal Serial Bus, and others.
In the following description, numerous specific details are set forth, such as examples of specific types of processors and system configurations, specific hardware structures, specific architectural and micro architectural details, specific register configurations, specific instruction types, specific system components, specific measurements/heights, specific processor pipeline stages and operation etc. in order to provide a thorough understanding of the present disclosure. It will be apparent, however, to one skilled in the art that these specific details need not be employed to practice embodiments of the present disclosure. In other instances, well known components or methods, such as specific and alternative processor architectures, specific logic circuits/code for described algorithms, specific firmware code, specific interconnect operation, specific logic configurations, specific manufacturing techniques and materials, specific compiler implementations, specific expression of algorithms in code, specific power down and gating techniques/logic and other specific operational details of computer system haven't been described in detail in order to avoid unnecessarily obscuring embodiments of the present disclosure.
Although the following embodiments may be described with reference to energy conservation and energy efficiency in specific integrated circuits, such as in computing platforms or microprocessors, other embodiments are applicable to other types of integrated circuits and logic devices. Similar techniques and teachings of embodiments described herein may be applied to other types of circuits or semiconductor devices that may also benefit from better energy efficiency and energy conservation. For example, the disclosed embodiments are not limited to desktop computer systems or Ultrabooks™. And may be also used in other devices, such as handheld devices, tablets, other thin notebooks, systems on a chip (SOC) devices, and embedded applications. Some examples of handheld devices include cellular phones, Internet protocol devices, digital cameras, personal digital assistants (PDAs), and handheld PCs. Embedded applications typically include a microcontroller, a digital signal processor (DSP), a system on a chip, network computers (NetPC), set-top boxes, network hubs, wide area network (WAN) switches, or any other system that can perform the functions and operations taught below. Moreover, the apparatus', methods, and systems described herein are not limited to physical computing devices, but may also relate to software optimizations for energy conservation and efficiency. As will become readily apparent in the description below, the embodiments of methods, apparatus', and systems described herein (whether in reference to hardware, firmware, software, or a combination thereof) are vital to a ‘green technology’ future balanced with performance considerations.
As computing systems are advancing, the components therein are becoming more complex. As a result, the interconnect architecture to couple and communicate between the components is also increasing in complexity to ensure bandwidth requirements are met for optimal component operation. Furthermore, different market segments demand different aspects of interconnect architectures to suit the market's needs. For example, servers require higher performance, while the mobile ecosystem is sometimes able to sacrifice overall performance for power savings. Yet, it's a singular purpose of most fabrics to provide highest possible performance with maximum power saving. Below, a number of interconnects are discussed, which would potentially benefit from aspects of the present disclosure.
One interconnect fabric architecture includes the Peripheral Component Interconnect (PCI) Express (PCIe) architecture. A primary goal of PCIe is to enable components and devices from different vendors to inter-operate in an open architecture, spanning multiple market segments; Clients (Desktops and Mobile), Servers (Standard, Rack Scale, Cloud, Fog, Enterprise, etc.), and Embedded and Communication devices. PCI Express is a high performance, general purpose I/O interconnect defined for a wide variety of future computing and communication platforms. Some PCI attributes, such as its usage model, load-store architecture, and software interfaces, have been maintained through its revisions, whereas previous parallel bus implementations have been replaced by a highly scalable, fully serial interface. The more recent versions of PCI Express take advantage of advances in point-to-point interconnects, Switch-based technology, and packetized protocol to deliver new levels of performance and features. Power Management, Quality Of Service (QoS), Hot-Plug/Hot-Swap support, Data Integrity, and Error Handling are among some of the advanced features supported by PCI Express.
Referring to
System memory 110 includes any memory device, such as random access memory (RAM), non-volatile (NV) memory, or other memory accessible by devices in system 100. System memory 110 is coupled to controller hub 115 through memory interface 116. Examples of a memory interface include a double-data rate (DDR) memory interface, a dual-channel DDR memory interface, and a dynamic RAM (DRAM) memory interface.
In one embodiment, controller hub 115 is a root hub, root complex, or root controller in a Peripheral Component Interconnect Express (PCIe or PCIE) interconnection hierarchy. Examples of controller hub 115 include a chipset, a memory controller hub (MCH), a northbridge, an interconnect controller hub (ICH) a southbridge, and a root controller/hub. Often the term chipset refers to two physically separate controller hubs, i.e. a memory controller hub (MCH) coupled to an interconnect controller hub (ICH). Note that current systems often include the MCH integrated with processor 105, while controller 115 is to communicate with I/O devices, in a similar manner as described below. In some embodiments, peer-to-peer routing is optionally supported through root complex 115.
Here, controller hub 115 is coupled to switch/bridge 120 through serial link 119. Input/output modules 117 and 121, which may also be referred to as interfaces/ports 117 and 121, include/implement a layered protocol stack to provide communication between controller hub 115 and switch 120. In one embodiment, multiple devices are capable of being coupled to switch 120.
Switch/bridge 120 routes packets/messages from device 125 upstream, i.e. up a hierarchy towards a root complex, to controller hub 115 and downstream, i.e. down a hierarchy away from a root controller, from processor 105 or system memory 110 to device 125. Switch 120, in one embodiment, is referred to as a logical assembly of multiple virtual PCI-to-PCI bridge devices. Device 125 includes any internal or external device or component to be coupled to an electronic system, such as an I/O device, a Network Interface Controller (NIC), an add-in card, an audio processor, a network processor, a hard-drive, a storage device, a CD/DVD ROM, a monitor, a printer, a mouse, a keyboard, a router, a portable storage device, a Firewire device, a Universal Serial Bus (USB) device, a scanner, and other input/output devices. Often in the PCIe vernacular, such as device, is referred to as an endpoint. Although not specifically shown, device 125 may include a PCIe to PCI/PCI-X bridge to support legacy or other version PCI devices. Endpoint devices in PCIe are often classified as legacy, PCIe, or root complex integrated endpoints.
Graphics accelerator 130 is also coupled to controller hub 115 through serial link 132. In one embodiment, graphics accelerator 130 is coupled to an MCH, which is coupled to an ICH. Switch 120, and accordingly I/O device 125, is then coupled to the ICH. I/O modules 131 and 118 are also to implement a layered protocol stack to communicate between graphics accelerator 130 and controller hub 115. Similar to the MCH discussion above, a graphics controller or the graphics accelerator 130 itself may be integrated in processor 105. Further, one or more links (e.g., 123) of the system can include one or more extension devices (e.g., 150), such as retimers, repeaters, etc.
Turning to
PCI Express uses packets to communicate information between components. Packets are formed in the Transaction Layer 205 and Data Link Layer 210 to carry the information from the transmitting component to the receiving component. As the transmitted packets flow through the other layers, they are extended with additional information necessary to handle packets at those layers. At the receiving side the reverse process occurs and packets get transformed from their Physical Layer 220 representation to the Data Link Layer 210 representation and finally (for Transaction Layer Packets) to the form that can be processed by the Transaction Layer 205 of the receiving device.
Transaction Layer
In one embodiment, transaction layer 205 is to provide an interface between a device's processing core and the interconnect architecture, such as data link layer 210 and physical layer 220. In this regard, a primary responsibility of the transaction layer 205 is the assembly and disassembly of packets (i.e., transaction layer packets, or TLPs). The translation layer 205 typically manages credit-base flow control for TLPs. PCIe implements split transactions, i.e. transactions with request and response separated by time, allowing a link to carry other traffic while the target device gathers data for the response.
In addition PCIe utilizes credit-based flow control. In this scheme, a device advertises an initial amount of credit for each of the receive buffers in Transaction Layer 205. An external device at the opposite end of the link, such as controller hub 115 in
In one embodiment, four transaction address spaces include a configuration address space, a memory address space, an input/output address space, and a message address space. Memory space transactions include one or more of read requests and write requests to transfer data to/from a memory-mapped location. In one embodiment, memory space transactions are capable of using two different address formats, e.g., a short address format, such as a 32-bit address, or a long address format, such as 64-bit address. Configuration space transactions are used to access configuration space of the PCIe devices. Transactions to the configuration space include read requests and write requests. Message space transactions (or, simply messages) are defined to support in-band communication between PCIe agents.
Therefore, in one embodiment, transaction layer 205 assembles packet header/payload 206. Format for current packet headers/payloads may be found in the PCIe specification at the PCIe specification website.
Quickly referring to
Transaction descriptor 300 includes global identifier field 302, attributes field 304 and channel identifier field 306. In the illustrated example, global identifier field 302 is depicted comprising local transaction identifier field 308 and source identifier field 310. In one embodiment, global transaction identifier 302 is unique for all outstanding requests.
According to one implementation, local transaction identifier field 308 is a field generated by a requesting agent, and it is unique for all outstanding requests that require a completion for that requesting agent. Furthermore, in this example, source identifier 310 uniquely identifies the requestor agent within a PCIe hierarchy. Accordingly, together with source ID 310, local transaction identifier 308 field provides global identification of a transaction within a hierarchy domain.
Attributes field 304 specifies characteristics and relationships of the transaction. In this regard, attributes field 304 is potentially used to provide additional information that allows modification of the default handling of transactions. In one embodiment, attributes field 304 includes priority field 312, reserved field 314, ordering field 316, and no-snoop field 318. Here, priority sub-field 312 may be modified by an initiator to assign a priority to the transaction. Reserved attribute field 314 is left reserved for future, or vendor-defined usage. Possible usage models using priority or security attributes may be implemented using the reserved attribute field.
In this example, ordering attribute field 316 is used to supply optional information conveying the type of ordering that may modify default ordering rules. According to one example implementation, an ordering attribute of “0” denotes default ordering rules are to apply, wherein an ordering attribute of “1” denotes relaxed ordering, wherein writes can pass writes in the same direction, and read completions can pass writes in the same direction. Snoop attribute field 318 is utilized to determine if transactions are snooped. As shown, channel ID Field 306 identifies a channel that a transaction is associated with.
Link Layer
Link layer 210, also referred to as data link layer 210, acts as an intermediate stage between transaction layer 205 and the physical layer 220. In one embodiment, a responsibility of the data link layer 210 is providing a reliable mechanism for exchanging Transaction Layer Packets (TLPs) between two components a link. One side of the Data Link Layer 210 accepts TLPs assembled by the Transaction Layer 205, applies packet sequence identifier 211, i.e. an identification number or packet number, calculates and applies an error detection code, i.e. CRC 212, and submits the modified TLPs to the Physical Layer 220 for transmission across a physical to an external device.
Physical Layer
In one embodiment, physical layer 220 includes logical sub block 221 and electrical sub-block 222 to physically transmit a packet to an external device. Here, logical sub-block 221 is responsible for the “digital” functions of Physical Layer 221. In this regard, the logical sub-block includes a transmit section to prepare outgoing information for transmission by physical sub-block 222, and a receiver section to identify and prepare received information before passing it to the Link Layer 210.
Physical block 222 includes a transmitter and a receiver. The transmitter is supplied by logical sub-block 221 with symbols, which the transmitter serializes and transmits onto to an external device. The receiver is supplied with serialized symbols from an external device and transforms the received signals into a bit-stream. The bit-stream is de-serialized and supplied to logical sub-block 221. In one embodiment, an 8b/10b transmission code is employed, where ten-bit symbols are transmitted/received. Here, special symbols are used to frame a packet with frames 223. In addition, in one example, the receiver also provides a symbol clock recovered from the incoming serial stream.
As stated above, although transaction layer 205, link layer 210, and physical layer 220 are discussed in reference to a specific embodiment of a PCIe protocol stack, a layered protocol stack is not so limited. In fact, any layered protocol may be included/implemented. As an example, an port/interface that is represented as a layered protocol includes: (1) a first layer to assemble packets, i.e. a transaction layer; a second layer to sequence packets, i.e. a link layer; and a third layer to transmit the packets, i.e. a physical layer. As a specific example, a common standard interface (CSI) layered protocol is utilized.
Referring next to
A transmission path refers to any path for transmitting data, such as a transmission line, a copper line, an optical line, a wireless communication channel, an infrared communication link, or other communication path. A connection between two devices, such as device 405 and device 410, is referred to as a link, such as link 415. A link may support one lane—each lane representing a set of differential signal pairs (one pair for transmission, one pair for reception). To scale bandwidth, a link may aggregate multiple lanes denoted by xN, where N is any supported Link width, such as 1, 2, 4, 8, 12, 16, 32, 64, or wider. In some implementations, each symmetric lane contains one transmit differential pair and one receive differential pair. Asymmetric lanes can contain unequal ratios of transmit and receive pairs. Some technologies can utilize symmetric lanes (e.g., PCIe), while others (e.g., Displayport) may not and may even including only transmit or only receive pairs, among other examples.
A differential pair refers to two transmission paths, such as lines 416 and 417, to transmit differential signals. As an example, when line 416 toggles from a low voltage level to a high voltage level, i.e. a rising edge, line 417 drives from a high logic level to a low logic level, i.e. a falling edge. Differential signals potentially demonstrate better electrical characteristics, such as better signal integrity, i.e. cross-coupling, voltage overshoot/undershoot, ringing, etc. This allows for better timing window, which enables faster transmission frequencies.
A variety of interconnect architectures and protocols may utilize the concepts discussed herein. With advancements in computing systems and performance requirements, improvements to interconnect fabric and link implementations continue to be developed, including interconnects based on or utilizing elements of PCIe or other legacy interconnect platforms. In one example, Compute Express Link (CXL) has been developed, providing an improved, high-speed CPU-to-device and CPU-to-memory interconnect designed to accelerate next-generation data center performance, among other application. CXL maintains memory coherency between the CPU memory space and memory on attached devices, which allows resource sharing for higher performance, reduced software stack complexity, and lower overall system cost, among other example advantages. CXL enables communication between host processors (e.g., CPUs) and a set of workload accelerators (e.g., graphics processing units (GPUs), field programmable gate array (FPGA) devices, tensor and vector processor units, machine learning accelerators, purpose-built accelerator solutions, among other examples). Indeed, CXL is designed to provide a standard interface for high-speed communications, as accelerators are increasingly used to complement CPUs in support of emerging computing applications such as artificial intelligence, machine learning and other applications.
A CXL link may be a low-latency, high-bandwidth discrete or on-package link that supports dynamic protocol multiplexing of coherency, memory access, and input/output (I/O) protocols. Among other applications, a CXL link may enable an accelerator to access system memory as a caching agent and/or host system memory, among other examples. CXL is a dynamic multi-protocol technology designed to support a vast spectrum of accelerators. CXL provides a rich set of protocols that include I/O semantics similar to PCIe (CXL.io), caching protocol semantics (CXL.cache), and memory access semantics (CXL.mem) over a discrete or on-package link. Based on the particular accelerator usage model, all of the CXL protocols or only a subset of the protocols may be enabled. In some implementations, CXL may be built upon the well-established, widely adopted PCIe infrastructure (e.g., PCIe 5.0), leveraging the PCIe physical and electrical interface to provide advanced protocol in areas include I/O, memory protocol (e.g., allowing a host processor to share memory with an accelerator device), and coherency interface.
Turning to
In some implementations, a Flex Bus™ port may be utilized in concert with CXL-compliant links to flexibly adapt a device to interconnect with a wide variety of other devices (e.g., other processor devices, accelerators, switches, memory devices, etc.). A Flex Bus port is a flexible high-speed port that is statically configured to support either a PCIe or CXL link (and potentially also links of other protocols and architectures). A Flex Bus port allows designs to choose between providing native PCIe protocol or CXL over a high-bandwidth, off-package link. Selection of the protocol applied at the port may happen during boot time via auto negotiation and be based on the device that is plugged into the slot. Flex Bus uses PCIe electricals, making it compatible with PCIe retimers, and adheres to standard PCIe form factors for an add-in card.
Turning to
As discussed above, CXL links (e.g., 615a, 650b) may be utilized to interconnect a variety of accelerator devices (e.g., 510, 610). Accordingly, corresponding ports (e.g., Flex Bus ports 635, 640) may be configured (e.g., CXL mode selected) to enable CXL links to be established and interconnect corresponding host processor devices (e.g., 505, 605) to accelerator devices (e.g., 510, 610). As shown in this example, Flex Bus ports (e.g., 636, 639), or other similarly configurable ports, may be configured to implement general purpose I/O links (e.g., PCIe links) 630a-b instead of CXL links, to interconnect the host processor (e.g., 505, 605) to I/O devices (e.g., smart I/O devices 620, 625, etc.). In some implementations, memory of the host processor 505 may be expanded, for instance, through the memory (e.g., 565, 665) of connected accelerator devices (e.g., 510, 610), or memory extender devices (e.g., 645, connected to the host processor(s) 505, 605 via corresponding CXL links (e.g., 650a-b) implemented on Flex Bus ports (637, 638), among other example implementations and architectures.
Continuing with the example of
The CXL I/O protocol, CXL.io, provides a non-coherent load/store interface for I/O devices. Transaction types, transaction packet formatting, credit-based flow control, virtual channel management, and transaction ordering rules in CXL.io may follow all or a portion of the PCIe definition. CXL cache coherency protocol, CXL.cache, defines the interactions between the device and host as a number of requests that each have at least one associated response message and sometimes a data transfer. The interface consists of three channels in each direction: Request, Response, and Data.
The CXL memory protocol, CXL.mem, is a transactional interface between the processor and memory and uses the physical and link layers of CXL when communicating across dies. CXL.mem can be used for multiple different memory attach options including when a memory controller is located in the host CPU, when the memory controller is within an accelerator device, or when the memory controller is moved to a memory buffer chip, among other examples. CXL.mem may be applied to transaction involving different memory types (e.g., volatile, persistent, etc.) and configurations (e.g., flat, hierarchical, etc.), among other example features. In some implementations, a coherency engine of the host processor may interface with memory using CXL.mem requests and responses. In this configuration, the CPU coherency engine is regarded as the CXL.mem Master and the Mem device is regarded as the CXL.mem Subordinate. The CXL.mem Master is the agent which is responsible for sourcing CXL.mem requests (e.g., reads, writes, etc.) and a CXL.mem Subordinate is the agent which is responsible for responding to CXL.mem requests (e.g., data, completions, etc.). When the Subordinate is an accelerator, CXL.mem protocol assumes the presence of a device coherency engine (DCOH). This agent is assumed to be responsible for implementing coherency related functions such as snooping of device caches based on CXL.mem commands and update of metadata fields. In implementations, where metadata is supported by device-attached memory, it can be used by the host to implement a coarse snoop filter for CPU sockets, among other example uses.
In current CXL link implementations, data transiting the link will not be cryptographically protected. Aspects of the present disclosure, however, provide for techniques to protect communications across CXL links from adversaries, for example, by providing confidentiality, integrity, and replay protection, e.g., for CXL.cache and CXL.mem traffic transiting the link. The architecture, methods, and other techniques described herein may provide for protection of all traffic transiting a CXL link. For instance, in particular embodiments, all protocol flits may be encrypted and integrity protected, while low level control flits are not encrypted or integrity protected. The protection offered by the techniques in this disclosure may secure CXL-based communications while ensuring one or more of: (a) full link layer bandwidth support, (b) minimum bandwidth and latency overhead of link protection, and (c) use of standard-based crypto algorithms.
Aspects of the present disclosure may implement a security model as follows. The security modem may include the following assets: (1) transactions (data+metadata) communicated between the two sides of the physical link (with the agents that on each side of the physical link being in the trust boundary of the respective devices/hardware blocks they live in), and (2) symmetric cryptographic keys used to provide confidentiality, integrity and replay protection. Any suitable certificates and asymmetric keys used for device authentication (and corresponding key exchange protocols) may be used. Device attestation and key exchange definitions may define the security model for those assets. Further, in some embodiments, the Trusted Compute Base (TCB) may include (1) hardware blocks on each side of the link that implement the link encryption and integrity; (2) agents that are used to configure the crypto engines (e.g., trusted firmware/software agent and/or security agent hardware and firmware that implement key exchange protocol or facilitate programming of the keys); and (3) otherhardware blocks in the device that may have access to the assets directly or indirectly, including those that perform operations such as reset, debug, and link power management. Because, CXL.cache/mem is envisioned to be point-to-point protection in certain implementations, switches will be in TCB as well. In certain embodiments, adversaries and threats may include: (1) threats from physical attacks on links, including cases where an adversary can examine data intended to be confidential, modify data or protocol meta-data, record and replay recorded transactions, reorder and/or delete data flits, inject transactions including requests/data or non-data responses, using lab equipment, purpose-built interposers, or malicious Extension Devices; and (2) threats arising from physical replacement of a trusted device with an untrusted one, and/or removal of a trusted device and accessing it with a system that is under adversaries' control.
In particular embodiments of the present disclosure, all protocol flits will be encrypted an integrity protected (e.g., 32 bits of a flit header in slot 0 will not be encrypted but will be integrity protected, while the rest of the content of slots 0/1/2/3 are encrypted and integrity protected, as described further below), while low level control flits and flit CRCs are not encrypted or integrity protected (i.e., there may be no confidentiality, integrity or replay protection for these flits). Link CRC codes may be computed based on the encrypted portions of flits. In some embodiments, link retries may occur first, and only flits that pass link error/CRC checks will be further decrypted and/or integrity checked. If the integrity check fails, it may result in future secured traffic getting dropped. In some embodiments, Multi-Data Header capabilities may be supported. This may allow for packing of multiple (e.g., up to 4) data headers into a single slot, with subsequent 16 slots including all data.
Additionally, in some embodiments, an Advanced Encryption Standard (AES)-based protocol may be used for encrypting data and/or for integrity. For example, in some cases, AES-GCM may be utilized to provide authenticated encryption and integrity protection. In other cases, AES-CTR mode encryption may be utilized for confidentiality protection with AES-GMAC being utilized for integrity and replay protection. The encryption protocols may utilize any suitable bit-length encryption standard, e.g., 256-bit or 128-bit-based protocols. Further, key refreshes may occur without any loss of data. Key refresh may be needed for at least the following example reasons: (1) when a device moves from one virtual machine (VM) or process to a different one (e.g., accelerator-type device usages); or (2) crypto considerations (e.g., key wear-out) may require moving to a new key (such as for long running devices or devices that are part of platform). Key refresh may be expected to occur infrequently in certain implementations.
Turning to
In the example system 1000A shown in
In the example shown in
In certain implementations, at least two integrity configurations may be supported: a deterministic containment configuration and a skid mode configuration. In the deterministic containment configuration, the flit data may only be released for further processing after an integrity check passes. This mode may have both latency and bandwidth impact. For example, the latency impact may be due to the need to buffer several flits until the integrity value has been received and checked, while the bandwidth impact may come from the fact that integrity value will be sent quite frequently. The deterministic containment mode may be available when a flit count parameter (e.g., “skid_mode_flit_count”) is set to the lowest possible setting (e.g., “containment_flit_count value”).
In the skid mode configuration, the flit data may be released for further processing without waiting for the integrity value to be received and/or checked. This may allow for less frequent transmission of integrity value (e.g., MACs) and may allow for near zero latency overhead and very low bandwidth overhead. In some cases, data modified by an adversary may potentially be consumed by software, but such attacks would be subsequently detected when the integrity value is received and checked. The skid mode configuration may allow for tuning of the bandwidth overhead of carrying the MAC. This may be accomplished in some embodiments by setting the flit count parameter (e.g., “skid_mode_flit_count” above) in the range of the smallest value (e.g., “containment_flit_count” above) up to particular value (e.g., 255).
In some implementations, a “Crypto Disable” mode may be supported, where the cryptography functionality is disabled. This may be implemented as a boot-time configuration, since there may be no expectation for it to be possible to move from such a mode to one of the other modes described above without reset.
In some implementations, an “Encryption Only” mode may be supported. In this mode, a MAC or other integrity value may never be sent across the link or checked on the receiver. This can be accomplished by setting the flit count parameter (e.g., “skid_mode_flit_count” above) equal to zero (0).
Table 1 below describes potential latency and bandwidth impacts for different modes of operation as compared to the legacy mode of operation (where cryptographic protection is disabled). The impacts below This analysis assume one 64-byte flit is processed every cycle by a crypto engine and two cycles for integrity computation and checking.
In certain implementations, each port will enumerate the different modes it supports and the range of allowed values for the containment_flit_count and skid_mode_flit_count parameters. Further, in many cases, devices that support functionality described herein may support at least the crypto disable mode and the deterministic containment mode. The operating mode and the settings for containment_flit_count and skid_mode_flit_count may be negotiated by the devices on the link.
In the example shown in
In the skid mode of operation, a transmitter device may accumulate an integrity value over a predetermined number of flits (e.g., skid_mode_flit_count), and may send the MAC flit containing this integrity value at the earliest possible time. There may be a delay between the transmission of last flit that was part of integrity computation and the actual transmission of the MAC flit. Such a delay may be bounded to be at most 5 flits in some instances. In the skid mode of operation, the receiver may release flits for consumption as soon as they are received. The integrity value (e.g., MAC) will be accumulated over the received flits up to the predetermined number of flits (e.g., skid_mode_flit_count) and the integrity check may be performed upon receipt of the MAC flit. As noted before in the example related to
In some cases, the link may be ready to go idle prior to the transmission of MAC flit. This can happen, for example, when there is less than a predetermined number of flits (i.e., skid_mode_flit_count or containment_flit_count) to be transmitted. In such cases, before the transmitter side of link can be ready to go idle, it may ensure that a MAC flit is first transmitted for any flits that have been previously sent. This may involve injecting placeholder flits (e.g., MAC_NOPs or IDE idle flits) until the predetermined number of flits (e.g., skid_mode_flit_count or containment_flit_count) is reached or sending an early MAC termination indication. Once the transmitter sends out the MAC flit for all previous flits, the link can then go idle. The receiver may only go idle after the MAC flit corresponding to previous in-flight flits has been received and verified. MAC flits may use a 0b110 (H6) slot type indication in the header, and may be sent in Slot0 of the flit (e.g., 802A of flit 800A of
In some cases, a start indication (e.g., “start_indication) may be sent by a transmitter on the link to trigger a switch on the receiver side to a new set of keys (e.g., encryption and/or MAC keys). The start indication may be set via a control flit, which may be unencrypted.
Since MACs may only be sent periodically in certain implementations, there may be cases where the MAC is not yet sent out (because the predetermined number of flits, e.g., skid_mode_flit_count, has not yet been sent), but the link goes idle as there is no more data to transmit. One option to address this may include sending a placeholder flit (e.g., a “MAC_NOP” flit using a LLCRD Flit encoding with subtype=Security). The placeholder flit may include an indication that a MAC transmission is pending but there is no data to transmit. Another option may include terminating the MAC early and sending a Truncated MAC Flit. In this case, (i.e. MAC terminated prior to the predetermined of flits, e.g., skid_mode_flit_count) a truncated MAC flit may be sent. The truncated MAC flit may be a LLCTRL flit containing the MAC. This option may allow the receiver to know that the MAC is terminating early. In addition, since there is no partial MAC computation in progress on either side, the two sides can go idle without needing to maintain lots of additional internal state.
In some cases, a set of keys for decryption and/or integrity checking (e.g., MAC generation) may be pre-programmed into registers of the devices on the link. For instance, each port may expose key programming registers to program the keys. These keys may be programmed as “backup” keys, in the sense that they are just values programmed into registers and are not yet active. For instance, the keys may be exchanged/configured into the port while the link is using a previously configured set of keys. The new keys may accordingly not take effect until certain actions are taken. As one example, after keys have been programmed into “backup” registers on both sides of link, there may be a write to the transmitter to trigger sending of a start indication flit as described above. This start indication may be carried as part of the MAC flit slot (e.g., 904 of
Error handling may be performed for flits based on the CRC codes generated and sent by the transmitter. Errors may occur in the data or header portions, and it may be unfeasible to contain or locate the source of an error. Integrity failures may be logged in the error reporting registers and an error may be signaled in response. In the deterministic containment mode of operation, any buffered flits may be dropped and all subsequent secure traffic may be dropped until the link is reset. In some cases, the device may clear out any stored data/state or have access control measures implemented to prevent leakage of stored information. In some cases, a MAC flit may be received when the link is not in a secure mode of operation or when it is not expected. In these instances, receipt of the MAC flit may be treated similar to an integrity failure.
Referring to
Referring to
Turning to
At 1404, at least a portion of the information is encrypted to yield ciphertext. In some cases, the information corresponding to portions of a flit other than the flit header is to be encrypted, while the flit header portion (e.g., 902 of
At 1406, a CRC code is generated based on the ciphertext generated at 1404. The CRC code may be generated using any suitable technique, such as those described in a CXL-related specification. At 1408, the sender agent causes a flit to be generated that includes the ciphertext, and at 1410, the flit and CRC code are transmitted to another device or apparatus over the CXL-based link (e.g., by a port that includes circuitry to implement one or more layers of the CXL-based protocol).
Referring to
At 1508, it is determined whether a particular number of flits have been sent over the link. The particular number of flits may be based on a set parameter, such as the skid_mode_flit_count or containment_flit_count parameters described above. If the particular number of protected flits have been sent, then the agent, at 1510, may generate a MAC flit comprising an integrity value (e.g., MAC code) that is based on a number of previously-transmitted flits equal to the particular number indicated by the parameter (e.g., as described above with respect to
If the particular number of flits indicated by the parameter have not yet been sent, it is further determined at 1512 whether there is more data to send over the CXL-based link. If so, the process returns to 1506 where an additional protected flit is generated. If there is no more data to be sent over the link (e.g., where the link is ready to go idle), then one of two options may be utilized. In one option, at 1514, one or more placeholder flits (e.g., MAC_NOP or IDE idle flits, which may have LLCRD Flit encoding with subtype=Security) may be generated and transmitted over the CXL-based link until the particular number of flits have been sent, after which a MAC flit is generated and transmitted as described above with respect to 1510 (with the integrity value being based at least in part on the placeholder flits). In another option, at 1516, a truncated MAC flit (e.g., a LLCTRL flit containing the integrity value) may be generated and sent over the CXL-based link to indicate an early MAC termination.
At 1604, an agent of the port performs an error check on the flit based on the CRC code received, and if the error check passes, at 1606, decrypts the ciphertext portion of the flit to yield plaintext flit information. The decryption may be based on an AES-based protocol, such as the AES Galois/Counter Mode (AES-GCM) protocol or AES Counter Mode (AES-CTR) protocol. At 1608, the plaintext information is processed, which may include being unpacked and passed to/stored in a buffer. For instance, as described above with respect to
Referring to
At 1706, a set of flits are received at the port circuitry from the CXL-based link and are queued. At 1708, an agent of the port determines whether a MAC flit has been received in the set. If not, the agent waits as additional flits are received until a MAC flit is detected. If a MAC flit has been received, the agent at 1712 performs an integrity check on a set of flits in the queue based on an integrity value (e.g., MAC) of the MAC flit. In some cases, the MAC and integrity check may be based on the Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol, the Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol, or another AES-based protocol. The number of flits in the set of flits may be based on a parameter, such as the skid_mode_flit_count or containment_flit_count parameters described above. In the deterministic mode of operation as shown in
The foregoing disclosure has presented a number of example techniques for securing flits on CXL links. It should be appreciated that such techniques may be applied to other interconnect protocols. For instance, while some of the techniques discussed herein were described with reference to PCIe- or CXL-based protocols, it should be appreciated that techniques may apply to other interconnect protocols, such as OpenCAPI™, Gen-Z™, UPI, Universal Serial Bus, (USB), Cache Coherent Interconnect for Accelerators (CCIX™), Advanced Micro Device™'s (AMD™) Infinity™, Common Communication Interface (CCI), or Qualcomm™'s Centriq™ interconnect, among others, or to other types of packet-based protocols.
Note that the apparatus', methods', and systems described above may be implemented in any electronic device or system as aforementioned. As specific illustrations, the figures below provide exemplary systems for utilizing embodiments as described herein. As the systems below are described in more detail, a number of different interconnects are disclosed, described, and revisited from the discussion above. And as is readily apparent, the advances described above may be applied to any of those interconnects, fabrics, or architectures.
Referring to
In one embodiment, a processing element refers to hardware or logic to support a software thread. Examples of hardware processing elements include: a thread unit, a thread slot, a thread, a process unit, a context, a context unit, a logical processor, a hardware thread, a core, and/or any other element, which is capable of holding a state for a processor, such as an execution state or architectural state. In other words, a processing element, in one embodiment, refers to any hardware capable of being independently associated with code, such as a software thread, operating system, application, or other code. A physical processor (or processor socket) typically refers to an integrated circuit, which potentially includes any number of other processing elements, such as cores or hardware threads.
A core often refers to logic located on an integrated circuit capable of maintaining an independent architectural state, wherein each independently maintained architectural state is associated with at least some dedicated execution resources. In contrast to cores, a hardware thread typically refers to any logic located on an integrated circuit capable of maintaining an independent architectural state, wherein the independently maintained architectural states share access to execution resources. As can be seen, when certain resources are shared and others are dedicated to an architectural state, the line between the nomenclature of a hardware thread and core overlaps. Yet often, a core and a hardware thread are viewed by an operating system as individual logical processors, where the operating system is able to individually schedule operations on each logical processor.
Physical processor 1800, as illustrated in
As depicted, core 1801 includes two hardware threads 1801a and 1801b, which may also be referred to as hardware thread slots 1801a and 1801b. Therefore, software entities, such as an operating system, in one embodiment potentially view processor 1800 as four separate processors, i.e., four logical processors or processing elements capable of executing four software threads concurrently. As alluded to above, a first thread is associated with architecture state registers 1801a, a second thread is associated with architecture state registers 1801b, a third thread may be associated with architecture state registers 1802a, and a fourth thread may be associated with architecture state registers 1802b. Here, each of the architecture state registers (1801a, 1801b, 1802a, and 1802b) may be referred to as processing elements, thread slots, or thread units, as described above. As illustrated, architecture state registers 1801a are replicated in architecture state registers 1801b, so individual architecture states/contexts are capable of being stored for logical processor 1801a and logical processor 1801b. In core 1801, other smaller resources, such as instruction pointers and renaming logic in allocator and renamer block 1830 may also be replicated for threads 1801a and 1801b. Some resources, such as re-order buffers in reorder/retirement unit 1835, ILTB 1820, load/store buffers, and queues may be shared through partitioning. Other resources, such as general purpose internal registers, page-table base register(s), low-level data-cache and data-TLB 1815, execution unit(s) 1840, and portions of out-of-order unit 1835 are potentially fully shared.
Processor 1800 often includes other resources, which may be fully shared, shared through partitioning, or dedicated by/to processing elements. In
Core 1801 further includes decode module 1825 coupled to fetch unit 1820 to decode fetched elements. Fetch logic, in one embodiment, includes individual sequencers associated with thread slots 1801a, 1801b, respectively. Usually core 1801 is associated with a first ISA, which defines/specifies instructions executable on processor 1800. Often machine code instructions that are part of the first ISA include a portion of the instruction (referred to as an opcode), which references/specifies an instruction or operation to be performed. Decode logic 1825 includes circuitry that recognizes these instructions from their opcodes and passes the decoded instructions on in the pipeline for processing as defined by the first ISA. For example, as discussed in more detail below decoders 1825, in one embodiment, include logic designed or adapted to recognize specific instructions, such as transactional instruction. As a result of the recognition by decoders 1825, the architecture or core 1801 takes specific, predefined actions to perform tasks associated with the appropriate instruction. It is important to note that any of the tasks, blocks, operations, and methods described herein may be performed in response to a single or multiple instructions; some of which may be new or old instructions. Note decoders 1826, in one embodiment, recognize the same ISA (or a subset thereof). Alternatively, in a heterogeneous core environment, decoders 1826 recognize a second ISA (either a subset of the first ISA or a distinct ISA).
In one example, allocator and renamer block 1830 includes an allocator to reserve resources, such as register files to store instruction processing results. However, threads 1801a and 1801b are potentially capable of out-of-order execution, where allocator and renamer block 1830 also reserves other resources, such as reorder buffers to track instruction results. Unit 1830 may also include a register renamer to rename program/instruction reference registers to other registers internal to processor 1800. Reorder/retirement unit 1835 includes components, such as the reorder buffers mentioned above, load buffers, and store buffers, to support out-of-order execution and later in-order retirement of instructions executed out-of-order.
Scheduler and execution unit(s) block 1840, in one embodiment, includes a scheduler unit to schedule instructions/operation on execution units. For example, a floating point instruction is scheduled on a port of an execution unit that has an available floating point execution unit. Register files associated with the execution units are also included to store information instruction processing results. Exemplary execution units include a floating point execution unit, an integer execution unit, a jump execution unit, a load execution unit, a store execution unit, and other known execution units.
Lower level data cache and data translation buffer (D-TLB) 1850 are coupled to execution unit(s) 1840. The data cache is to store recently used/operated on elements, such as data operands, which are potentially held in memory coherency states. The D-TLB is to store recent virtual/linear to physical address translations. As a specific example, a processor may include a page table structure to break physical memory into a plurality of virtual pages.
Here, cores 1801 and 1802 share access to higher-level or further-out cache, such as a second level cache associated with on-chip interface 1810. Note that higher-level or further-out refers to cache levels increasing or getting further way from the execution unit(s). In one embodiment, higher-level cache is a last-level data cache—last cache in the memory hierarchy on processor 1800—such as a second or third level data cache. However, higher level cache is not so limited, as it may be associated with or include an instruction cache. A trace cache—a type of instruction cache—instead may be coupled after decoder 1825 to store recently decoded traces. Here, an instruction potentially refers to a macro-instruction (i.e. a general instruction recognized by the decoders), which may decode into a number of micro-instructions (micro-operations).
In the depicted configuration, processor 1800 also includes on-chip interface module 1810. Historically, a memory controller, which is described in more detail below, has been included in a computing system external to processor 1800. In this scenario, on-chip interface 1810 is to communicate with devices external to processor 1800, such as system memory 1875, a chipset (often including a memory controller hub to connect to memory 1875 and an I/O controller hub to connect peripheral devices), a memory controller hub, a northbridge, or other integrated circuit. And in this scenario, bus 1805 may include any known interconnect, such as multi-drop bus, a point-to-point interconnect, a serial interconnect, a parallel bus, a coherent (e.g. cache coherent) bus, a layered protocol architecture, a differential bus, and a GTL bus.
Memory 1875 may be dedicated to processor 1800 or shared with other devices in a system. Common examples of types of memory 1875 include DRAM, SRAM, non-volatile memory (NV memory), and other known storage devices. Note that device 1880 may include a graphic accelerator, processor or card coupled to a memory controller hub, data storage coupled to an I/O controller hub, a wireless transceiver, a flash device, an audio controller, a network controller, or other known device.
Recently however, as more logic and devices are being integrated on a single die, such as SOC, each of these devices may be incorporated on processor 1800. For example in one embodiment, a memory controller hub is on the same package and/or die with processor 1800. Here, a portion of the core (an on-core portion) 1810 includes one or more controller(s) for interfacing with other devices such as memory 1875 or a graphics device 1880. The configuration including an interconnect and controllers for interfacing with such devices is often referred to as an on-core (or un-core configuration). As an example, on-chip interface 1810 includes a ring interconnect for on-chip communication and a high-speed serial point-to-point link 1805 for off-chip communication. Yet, in the SOC environment, even more devices, such as the network interface, co-processors, memory 1875, graphics processor 1880, and any other known computer devices/interface may be integrated on a single die or integrated circuit to provide small form factor with high functionality and low power consumption.
In one embodiment, processor 1800 is capable of executing a compiler, optimization, and/or translator code 1877 to compile, translate, and/or optimize application code 1876 to support the apparatus and methods described herein or to interface therewith. A compiler often includes a program or set of programs to translate source text/code into target text/code. Usually, compilation of program/application code with a compiler is done in multiple phases and passes to transform hi-level programming language code into low-level machine or assembly language code. Yet, single pass compilers may still be utilized for simple compilation. A compiler may utilize any known compilation techniques and perform any known compiler operations, such as lexical analysis, preprocessing, parsing, semantic analysis, code generation, code transformation, and code optimization.
Larger compilers often include multiple phases, but most often these phases are included within two general phases: (1) a front-end, i.e. generally where syntactic processing, semantic processing, and some transformation/optimization may take place, and (2) a back-end, i.e. generally where analysis, transformations, optimizations, and code generation takes place. Some compilers refer to a middle, which illustrates the blurring of delineation between a front-end and back end of a compiler. As a result, reference to insertion, association, generation, or other operation of a compiler may take place in any of the aforementioned phases or passes, as well as any other known phases or passes of a compiler. As an illustrative example, a compiler potentially inserts operations, calls, functions, etc. in one or more phases of compilation, such as insertion of calls/operations in a front-end phase of compilation and then transformation of the calls/operations into lower-level code during a transformation phase. Note that during dynamic compilation, compiler code or dynamic optimization code may insert such operations/calls, as well as optimize the code for execution during runtime. As a specific illustrative example, binary code (already compiled code) may be dynamically optimized during runtime. Here, the program code may include the dynamic optimization code, the binary code, or a combination thereof.
Similar to a compiler, a translator, such as a binary translator, translates code either statically or dynamically to optimize and/or translate code. Therefore, reference to execution of code, application code, program code, or other software environment may refer to: (1) execution of a compiler program(s), optimization code optimizer, or translator either dynamically or statically, to compile program code, to maintain software structures, to perform other operations, to optimize code, or to translate code; (2) execution of main program code including operations/calls, such as application code that has been optimized/compiled; (3) execution of other program code, such as libraries, associated with the main program code to maintain software structures, to perform other software related operations, or to optimize code; or (4) a combination thereof.
Referring now to
While shown with only two processors 1970, 1980, it is to be understood that the scope of the present disclosure is not so limited. In other embodiments, one or more additional processors may be present in a given processor.
Processors 1970 and 1980 are shown including integrated memory controller units 1972 and 1982, respectively. Processor 1970 also includes as part of its bus controller units point-to-point (P-P) interfaces 1976 and 1978; similarly, second processor 1980 includes P-P interfaces 1986 and 1988. Processors 1970, 1980 may exchange information via a point-to-point (P-P) interface 1950 using P-P interface circuits 1978, 1988. As shown in
Processors 1970, 1980 each exchange information with a chipset 1990 via individual P-P interfaces 1952, 1954 using point to point interface circuits 1976, 1994, 1986, 1998. Chipset 1990 also exchanges information with a high-performance graphics circuit 1938 via an interface circuit 1992 along a high-performance graphics interconnect 1939.
A shared cache (not shown) may be included in either processor or outside of both processors; yet connected with the processors via P-P interconnect, such that either or both processors' local cache information may be stored in the shared cache if a processor is placed into a low power mode.
Chipset 1990 may be coupled to a first bus 1916 via an interface 1996. In one embodiment, first bus 1916 may be a Peripheral Component Interconnect (PCI) bus, or a bus such as a PCI Express bus or another third generation I/O interconnect bus, although the scope of the present disclosure is not so limited.
As shown in
While aspects of the present disclosure have been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this present disclosure.
A design may go through various stages, from creation to simulation to fabrication. Data representing a design may represent the design in a number of manners. First, as is useful in simulations, the hardware may be represented using a hardware description language or another functional description language. Additionally, a circuit level model with logic and/or transistor gates may be produced at some stages of the design process. Furthermore, most designs, at some stage, reach a level of data representing the physical placement of various devices in the hardware model. In the case where conventional semiconductor fabrication techniques are used, the data representing the hardware model may be the data specifying the presence or absence of various features on different mask layers for masks used to produce the integrated circuit. In any representation of the design, the data may be stored in any form of a machine readable medium. A memory or a magnetic or optical storage such as a disc may be the machine readable medium to store information transmitted via optical or electrical wave modulated or otherwise generated to transmit such information. When an electrical carrier wave indicating or carrying the code or design is transmitted, to the extent that copying, buffering, or re-transmission of the electrical signal is performed, a new copy is made. Thus, a communication provider or a network provider may store on a tangible, machine-readable medium, at least temporarily, an article, such as information encoded into a carrier wave, embodying techniques of embodiments of the present disclosure.
A module as used herein refers to any combination of hardware, software, and/or firmware. As an example, a module includes hardware, such as a micro-controller, associated with a non-transitory medium to store code adapted to be executed by the micro-controller. Therefore, reference to a module, in one embodiment, refers to the hardware, which is specifically configured to recognize and/or execute the code to be held on a non-transitory medium. Furthermore, in another embodiment, use of a module refers to the non-transitory medium including the code, which is specifically adapted to be executed by the microcontroller to perform predetermined operations. And as can be inferred, in yet another embodiment, the term module (in this example) may refer to the combination of the microcontroller and the non-transitory medium. Often module boundaries that are illustrated as separate commonly vary and potentially overlap. For example, a first and a second module may share hardware, software, firmware, or a combination thereof, while potentially retaining some independent hardware, software, or firmware. In one embodiment, use of the term logic includes hardware, such as transistors, registers, or other hardware, such as programmable logic devices.
Use of the phrase ‘configured to,’ in one embodiment, refers to arranging, putting together, manufacturing, offering to sell, importing and/or designing an apparatus, hardware, logic, or element to perform a designated or determined task. In this example, an apparatus or element thereof that is not operating is still ‘configured to’ perform a designated task if it is designed, coupled, and/or interconnected to perform said designated task. As a purely illustrative example, a logic gate may provide a 0 or a 1 during operation. But a logic gate ‘configured to’ provide an enable signal to a clock does not include every potential logic gate that may provide a 1 or 0. Instead, the logic gate is one coupled in some manner that during operation the 1 or 0 output is to enable the clock. Note once again that use of the term ‘configured to’ does not require operation, but instead focus on the latent state of an apparatus, hardware, and/or element, where in the latent state the apparatus, hardware, and/or element is designed to perform a particular task when the apparatus, hardware, and/or element is operating.
Furthermore, use of the phrases ‘to,’ ‘capable of/to,’ and or ‘operable to,’ in one embodiment, refers to some apparatus, logic, hardware, and/or element designed in such a way to enable use of the apparatus, logic, hardware, and/or element in a specified manner. Note as above that use of to, capable to, or operable to, in one embodiment, refers to the latent state of an apparatus, logic, hardware, and/or element, where the apparatus, logic, hardware, and/or element is not operating but is designed in such a manner to enable use of an apparatus in a specified manner.
A value, as used herein, includes any known representation of a number, a state, a logical state, or a binary logical state. Often, the use of logic levels, logic values, or logical values is also referred to as 1 's and 0's, which simply represents binary logic states. For example, a 1 refers to a high logic level and 0 refers to a low logic level. In one embodiment, a storage cell, such as a transistor or flash cell, may be capable of holding a single logical value or multiple logical values. However, other representations of values in computer systems have been used. For example the decimal number ten may also be represented as a binary value of 1010 and a hexadecimal letter A. Therefore, a value includes any representation of information capable of being held in a computer system.
Moreover, states may be represented by values or portions of values. As an example, a first value, such as a logical one, may represent a default or initial state, while a second value, such as a logical zero, may represent a non-default state. In addition, the terms reset and set, in one embodiment, refer to a default and an updated value or state, respectively. For example, a default value potentially includes a high logical value, i.e. reset, while an updated value potentially includes a low logical value, i.e. set. Note that any combination of values may be utilized to represent any number of states.
The embodiments of methods, hardware, software, firmware or code set forth above may be implemented via instructions or code stored on a machine-accessible, machine readable, computer accessible, or computer readable medium which are executable by a processing element. A non-transitory machine-accessible/readable medium includes any mechanism that provides (i.e., stores and/or transmits) information in a form readable by a machine, such as a computer or electronic system. For example, a non-transitory machine-accessible medium includes random-access memory (RAM), such as static RAM (SRAM) or dynamic RAM (DRAM); ROM; magnetic or optical storage medium; flash memory devices; electrical storage devices; optical storage devices; acoustical storage devices; other form of storage devices for holding information received from transitory (propagated) signals (e.g., carrier waves, infrared signals, digital signals); etc., which are to be distinguished from the non-transitory mediums that may receive information there from.
Instructions used to program logic to perform embodiments of the present disclosure may be stored within a memory in the system, such as DRAM, cache, flash memory, or other storage. Furthermore, the instructions can be distributed via a network or by way of other computer readable media. Thus a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer), but is not limited to, floppy diskettes, optical disks, Compact Disc, Read-Only Memory (CD-ROMs), and magneto-optical disks, Read-Only Memory (ROMs), Random Access Memory (RAM), Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), magnetic or optical cards, flash memory, or a tangible, machine-readable storage used in the transmission of information over the Internet via electrical, optical, acoustical or other forms of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.). Accordingly, the computer-readable medium includes any type of tangible machine-readable medium suitable for storing or transmitting electronic instructions or information in a form readable by a machine (e.g., a computer).
The following examples pertain to embodiments in accordance with this Specification. Although each example described below is described with respect to Compute Express Link (CXL)-based protocols, any of the following examples may be utilized for a PCIe-based protocol, a Universal Serial Bus (USB)-based protocol, a Cache Coherent Interconnect for Accelerators (CCIX) protocol, or a Transmission Control Protocol/Internet Protocol (TCP/IP).
Example 1 is an apparatus that includes: a port comprising circuitry to implement one or more layers of a Compute Express Link (CXL)-based protocol, where the port comprises an agent to: obtain information to be transmitted to another device over a link based on the CXL-based protocol via a flit; encrypt at least a portion of the information to yield a ciphertext; generate a cyclic redundancy check (CRC) code based on the ciphertext; and cause a flit to be generated, the flit comprising the ciphertext; wherein the port is to use the circuitry to transmit the flit and the CRC code to the other device over the link.
Example 2 may include the subject matter of Example 1, and/or some other example(s) herein, and optionally wherein the agent is further to generate a message authentication code (MAC) based on a set of previously-transmitted flits, and the flit comprises the MAC.
Example 3 may include the subject matter of Example 2, and/or some other example(s) herein, and optionally wherein the MAC is generated based on one of an Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol and an Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol.
Example 4 may include the subject matter of Example 2 or 3, and/or some other example(s) herein, and optionally wherein the set of flits comprises a number of flits indicated by a parameter.
Example 5 may include the subject matter of Example 4, and/or some other example(s) herein, and optionally wherein the set of flits comprises at least one placeholder flit.
Example 6 may include the subject matter of Example 2, and/or some other example(s) herein, and optionally wherein a parameter indicates a number of flits the MAC is to be based on, the set of flits comprises fewer flits than indicated by the parameter, and the flit indicates that the MAC is based on fewer flits than indicated by the parameter.
Example 7 may include the subject matter of any one of Examples 1-6, and/or some other example(s) herein, and optionally wherein the encryption is based on an Advanced Encryption Standard (AES)-based protocol.
Example 8 may include the subject matter of Example 7, and/or some other example(s) herein, and optionally wherein the AES-based protocol is one of AES Galois/Counter Mode (AES-GCM) protocol and AES Counter Mode (AES-CTR) protocol.
Example 9 may include the subject matter of any one of Examples 1-8, and/or some other example(s) herein, and optionally wherein: prior to generating the flit comprising the ciphertext, the agent is further to: cause an unencrypted control flit to be generated comprising an indication that subsequent flits sent to the other device over the link will be at least partially encrypted; and the port is to use the circuitry to transmit the unencrypted control flit to the other device before transmitting the flit comprising the ciphertext.
Example 10 may include the subject matter of Example 9, and/or some other example(s) herein, and optionally wherein the agent is further to obtain a new key for encrypting information in subsequent flits.
Example 11 may include the subject matter of any one of Examples 1-10, and/or some other example(s) herein, and optionally wherein the flit is a header flit to comprise a header field and a set of additional fields, and the agent is to encrypt the information associated with the additional fields to yield the ciphertext.
Example 12 may include the subject matter of Example 11, and/or some other example(s) herein, and optionally wherein the flit comprises 528 bits, and the header field comprises 32 bits of the 528 bits.
Example 13 may include the subject matter of any one of Examples 1-12, and/or some other example(s) herein, and optionally wherein the CXL-based protocol is one of a CXL.cache or CXL.mem protocol.
Example 14 includes a method comprising: obtaining information to be transmitted to another device over a link based on a Compute Express Link (CXL)-based protocol via a flit; encrypting at least a portion of the information to yield a ciphertext; generating a cyclic redundancy check (CRC) code based on the ciphertext; generating a flit comprising the ciphertext; and transmitting the flit and the CRC to the other device over the link.
Example 15 may include the subject matter of Example 14, and/or some other example(s) herein, and optionally further comprising generating a message authentication code (MAC) based on a set of previously-transmitted flits, and the flit comprises the MAC.
Example 16 may include the subject matter of Example 15, and/or some other example(s) herein, and optionally wherein the MAC is generated based on one of an Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol and an Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol.
Example 17 may include the subject matter of Example 15 or 16, and/or some other example(s) herein, and optionally wherein the set of flits comprises a number of flits indicated by a parameter.
Example 18 may include the subject matter of Example 17, and/or some other example(s) herein, and optionally wherein the set of flits comprises at least one placeholder flit.
Example 19 may include the subject matter of Example 15 or 16, and/or some other example(s) herein, and optionally wherein a parameter indicates a number of flits the MAC is to be based on, the set of flits comprises fewer flits than indicated by the parameter, and the flit indicates that the MAC is based on fewer flits than indicated by the parameter.
Example 20 may include the subject matter of any one of Examples 14-19, and/or some other example(s) herein, and optionally wherein the encryption is based on an Advanced Encryption Standard (AES)-based protocol.
Example 21 may include the subject matter of Example 20, and/or some other example(s) herein, and optionally wherein the AES-based protocol is one of AES Galois/Counter Mode (AES-GCM) protocol and AES Counter Mode (AES-CTR) protocol.
Example 22 may include the subject matter of any one of Examples 14-21, and/or some other example(s) herein, and optionally further comprising: prior to generating the flit comprising the ciphertext, generating an unencrypted control flit comprising an indication that subsequent flits sent to the other device over the link will be at least partially encrypted; and transmitting the unencrypted control flit to the other device before transmitting the flit comprising the ciphertext.
Example 23 may include the subject matter of Example 22, and/or some other example(s) herein, and optionally further comprising obtaining a new key for encrypting information in subsequent flits.
Example 24 may include the subject matter of any one of Examples 14-23, and/or some other example(s) herein, and optionally wherein the flit is a header flit to comprise a header field and a set of additional fields, and the method further comprises encrypting the information associated with the additional fields to yield the ciphertext.
Example 25 may include the subject matter of Example 24, and/or some other example(s) herein, and optionally wherein the flit comprises 528 bits, and the header field comprises 32 bits of the 528 bits.
Example 26 may include the subject matter of any one of Examples 14-25, and/or some other example(s) herein, and optionally wherein the CXL-based protocol is one of a CXL.cache or CXL.mem protocol.
Example 27 includes an apparatus comprising: a port comprising circuitry to implement one or more layers of a Compute Express Link (CXL)-based protocol, wherein: the circuitry is to receive a flit and a corresponding cyclic redundancy check (CRC) code from another device over a link, wherein the link is based on the CXL-based protocol and the flit comprises ciphertext; and the port comprises an agent to: perform an error check on the flit based on the CRC code; decrypt the ciphertext portion of the flit to yield plaintext flit information based on a determination that the error check passed; and process the plaintext flit information.
Example 28 may include the subject matter of Example 27, and/or some other example(s) herein, and optionally wherein flit is a first flit and the agent is further to: receive a second flit comprising a message authentication code (MAC), the MAC based on a set of flits comprising the first flit; and perform, based on the MAC, an integrity check on the set of flits.
Example 29 may include the subject matter of Example 28, and/or some other example(s) herein, and optionally wherein the agent is to process the plaintext information based on a determination that the integrity check passed.
Example 30 may include the subject matter of Example 28, and/or some other example(s) herein, and optionally wherein the set of flits comprises a number of flits indicated by a parameter.
Example 31 may include the subject matter of any one of Examples 28-30, and/or some other example(s) herein, and optionally wherein the MAC is based on one of an Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol and an Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol.
Example 32 may include the subject matter of any one of Examples 27-31, and/or some other example(s) herein, and optionally wherein the agent is the process the plaintext flit information by unpacking and buffering the plaintext flit information.
Example 33 may include the subject matter of any one of Examples 27-32, and/or some other example(s) herein, and optionally wherein the flit is a header flit comprising an unencrypted header field and the ciphertext.
Example 34 may include the subject matter of Examples 33, and/or some other example(s) herein, and optionally wherein the flit comprises 528 bits, and the header field comprises 32 bits of the 528 bits.
Example 35 may include the subject matter of any one of Examples 27-34, and/or some other example(s) herein, and optionally wherein: prior to receiving the flit comprising the ciphertext, the circuitry is to receive an unencrypted control flit comprising an indication that subsequent flits received over the link will be at least partially encrypted; and the agent is to obtain a new decryption key for decrypting ciphertext in subsequent flits based on the unencrypted control flit.
Example 36 may include the subject matter of any one of Examples 27-35, and/or some other example(s) herein, and optionally wherein the decryption is based on an Advanced Encryption Standard (AES)-based protocol.
Example 37 may include the subject matter of Example 36, and/or some other example(s) herein, and optionally wherein the AES-based protocol is one of AES Galois/Counter Mode (AES-GCM) and AES Counter Mode (AES-CTR).
Example 38 may include the subject matter of any one of Examples 27-37, and/or some other example(s) herein, and optionally wherein the CXL-based protocol is one of a CXL.cache or CXL.mem protocol.
Example 39 includes a method comprising: obtaining a flit and a corresponding cyclic redundancy check (CRC) code from another device over a link based on Compute Express Link (CXL)-based protocol, the flit comprising ciphertext; performing an error check on the flit based on the CRC code; decrypting the ciphertext of the flit to yield plaintext flit information based on a determination that the error check passed; and processing the plaintext flit information.
Example 40 may include the subject matter of Example 39, and/or some other example(s) herein, and optionally wherein the flit is a first flit and the method further comprises: receiving a second flit comprising a message authentication code (MAC), the MAC based on a set of flits comprising the first flit; and performing, based on the MAC, an integrity check on the set of flits.
Example 41 may include the subject matter of Example 40, and/or some other example(s) herein, and optionally wherein processing the plaintext information is based on a determination that the integrity check passed.
Example 42 may include the subject matter of Example 40, and/or some other example(s) herein, and optionally wherein the set of flits comprises a number of flits indicated by a parameter.
Example 43 may include the subject matter of any one of Examples 40-42, and/or some other example(s) herein, and optionally wherein the MAC is based on one of an Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol and an Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol.
Example 44 may include the subject matter of any one of Examples 39-43, and/or some other example(s) herein, and optionally wherein processing the plaintext flit information comprises unpacking and buffering the plaintext flit information.
Example 45 may include the subject matter of any one of Examples 39-44, and/or some other example(s) herein, and optionally wherein the flit is a header flit comprising an unencrypted header field and the ciphertext.
Example 46 may include the subject matter of Example 45, and/or some other example(s) herein, and optionally wherein the flit comprises 528 bits, and the header field comprises 32 bits of the 528 bits.
Example 47 may include the subject matter of any one of Examples 39-46, and/or some other example(s) herein, and optionally further comprising: prior to receiving the flit comprising the ciphertext, receiving an unencrypted control flit comprising an indication that subsequent flits received over the link will be at least partially encrypted; and obtaining a new decryption key for decrypting ciphertext in subsequent flits based on the unencrypted control flit.
Example 48 may include the subject matter of any one of Examples 39-47, and/or some other example(s) herein, and optionally wherein the decryption is based on an Advanced Encryption Standard (AES)-based protocol.
Example 49 may include the subject matter of Examples 48, and/or some other example(s) herein, and optionally wherein the AES-based protocol is one of AES Galois/Counter Mode (AES-GCM) and AES Counter Mode (AES-CTR).
Example 50 may include the subject matter of any one of Examples 39-49, and/or some other example(s) herein, and optionally wherein the CXL-based protocol is one of a CXL.cache or CXL.mem protocol.
Example 51 includes a system comprising: a first device; and a second device coupled to the first device over a link based on a Compute Express Link (CXL)-based protocol; wherein the first device comprises a port comprising circuitry to implement one or more layers of the CXL-based protocol, the port comprising an agent to: obtain information to be transmitted to another device over a link based on the CXL-based protocol via a flit; encrypt at least a portion of the information to yield a ciphertext; generate a cyclic redundancy check (CRC) code based on the ciphertext; and cause a flit to be generated, the flit comprising the ciphertext; wherein the port is to use the circuitry to transmit the flit and the CRC to the other device.
Example 52 may include the subject matter of Example 51, and/or some other example(s) herein, and optionally wherein the agent is further to generate a message authentication code (MAC) based on a set of previously-transmitted flits, and the flit comprises the MAC.
Example 53 may include the subject matter of Example 52, and/or some other example(s) herein, and optionally wherein the MAC is generated based on one of an Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol and an Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol.
Example 54 may include the subject matter of Example 52 or 53, and/or some other example(s) herein, and optionally wherein the set of flits comprises a number of flits indicated by a parameter.
Example 55 may include the subject matter of Example 54, and/or some other example(s) herein, and optionally wherein the set of flits comprises at least one placeholder flit.
Example 56 may include the subject matter of Example 52 or 53, and/or some other example(s) herein, and optionally wherein a parameter indicates a number of flits the MAC is to be based on, the set of flits comprises fewer flits than indicated by the parameter, and the flit indicates that the MAC is based on fewer flits than indicated by the parameter.
Example 57 may include the subject matter of any one of Examples 51-56, and/or some other example(s) herein, and optionally wherein the encryption is based on an Advanced Encryption Standard (AES)-based protocol.
Example 58 may include the subject matter of Example 57, and/or some other example(s) herein, and optionally wherein the AES-based protocol is one of AES Galois/Counter Mode (AES-GCM) protocol and AES Counter Mode (AES-CTR) protocol.
Example 59 may include the subject matter of any one of Examples 51-58, and/or some other example(s) herein, and optionally wherein: prior to generating the flit comprising the ciphertext, the agent is further to: cause an unencrypted control flit to be generated comprising an indication that subsequent flits sent to the other device over the link will be at least partially encrypted; and the port is to use the circuitry to transmit the unencrypted control flit to the other device before transmitting the flit comprising the ciphertext.
Example 60 may include the subject matter of Example 59, and/or some other example(s) herein, and optionally wherein the agent is further to obtain a new key for encrypting information in subsequent flits.
Example 61 may include the subject matter of any one of Examples 51-60, and/or some other example(s) herein, and optionally wherein the flit is a header flit to comprise a header field and a set of additional fields, and the agent is to encrypt the information associated with the additional fields to yield the ciphertext.
Example 62 may include the subject matter of Example 61, and/or some other example(s) herein, and optionally wherein the flit comprises 528 bits, and the header field comprises 32 bits of the 528 bits.
Example 63 may include the subject matter of any one of Examples 51-62, and/or some other example(s) herein, and optionally wherein the CXL-based protocol is one of a CXL.cache or CXL.mem protocol.
Example 64 may include the subject matter of any one of Examples 51-63, and/or some other example(s) herein, and optionally wherein the second device comprises: a port comprising circuitry to implement one or more layers of the CXL-based protocol, wherein the circuitry is to receive the flit from the first device over the link and the port comprises an agent to: perform an error check on the flit based on the CRC code; decrypt the ciphertext of the flit to yield plaintext flit information based on a determination that the error check passed; and process the plaintext flit information.
Example 65 may include the subject matter of Example 64, and/or some other example(s) herein, and optionally wherein flit is a first flit and the agent is further to: receive a second flit comprising a message authentication code (MAC), the MAC based on a set of flits comprising the first flit; and perform, based on the MAC, an integrity check on the set of flits.
Example 66 may include the subject matter of Example 65, and/or some other example(s) herein, and optionally wherein the agent is to process the plaintext information based on a determination that the integrity check passed.
Example 67 may include the subject matter of Example 65, and/or some other example(s) herein, and optionally wherein the set of flits comprises a number of flits indicated by a parameter.
Example 68 may include the subject matter of any one of Examples 65-67, and/or some other example(s) herein, and optionally wherein the MAC is based on one of an Advanced Encryption Standard Galois/Counter Mode (AES-GCM) protocol and an Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC) protocol.
Example 69 may include the subject matter of any one of Examples 64-68, and/or some other example(s) herein, and optionally wherein the agent is the process the plaintext flit information by unpacking and buffering the plaintext flit information.
Example 70 may include the subject matter of any one of Examples 64-69, and/or some other example(s) herein, and optionally wherein the flit is a header flit comprising an unencrypted header field and the ciphertext.
Example 71 may include the subject matter of Example 70, and/or some other example(s) herein, and optionally wherein the flit comprises 528 bits, and the header field comprises 32 bits of the 528 bits.
Example 72 may include the subject matter of any one of Examples 64-71, and/or some other example(s) herein, and optionally wherein: prior to receiving the flit comprising the ciphertext, the circuitry is to receive an unencrypted control flit comprising an indication that subsequent flits received over the link will be at least partially encrypted; and the agent is to obtain a new decryption key for decrypting ciphertext in subsequent flits based on the unencrypted control flit.
Example 73 may include the subject matter of any one of Examples 64-72, and/or some other example(s) herein, and optionally wherein the decryption is based on an Advanced Encryption Standard (AES)-based protocol.
Example 74 may include the subject matter of Example 73, and/or some other example(s) herein, and optionally wherein the AES-based protocol is one of AES Galois/Counter Mode (AES-GCM) and AES Counter Mode (AES-CTR).
Example 75 may include the subject matter of any one of Examples 64-74, and/or some other example(s) herein, and optionally wherein the CXL-based protocol is one of a CXL.cache or CXL.mem protocol.
Example 76 includes an apparatus comprising means to perform one or more elements of a method described in or related to any of Examples 14-26 and 39-50 above, or any other method or process described herein.
Example 77 includes an apparatus comprising logic, modules, or circuitry to perform one or more elements of a method described in or related to any of Examples 14-26 and 39-50 above, or any other method or process described herein.
Example 78 includes a system comprising: one or more processors and one or more computer-readable media comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform the method, techniques, or process as described in or related to any of Examples 14-26 and 39-50 above, or portions thereof.
Example 79 includes machine-readable storage media including machine-readable instructions, when executed, to implement a method or realize an apparatus of any one of Examples 1-50, or any other method or apparatus described herein.
Example 80 includes a method, technique, system, apparatus, or process as described in or related to any of Examples 1-75 or portions or parts thereof.
Reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In the foregoing specification, a detailed description has been given with reference to specific exemplary embodiments. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative sense rather than a restrictive sense. Furthermore, the foregoing use of embodiment and other exemplarily language does not necessarily refer to the same embodiment or the same example, but may refer to different and distinct embodiments, as well as potentially the same embodiment.
This application claims the benefit of and priority from U.S. Provisional Patent Application No. 62/885,935 entitled “Secure Communications Over Computer Buses” and filed Aug. 13, 2019, the entire disclosure of which is incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
62885935 | Aug 2019 | US |