CRYPTOGRAPHIC CACHE LINES FOR A TRUSTED EXECUTION ENVIRONMENT

摘要

Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.

主权项

1. A processor comprising:
a processor core; and a memory controller coupled between the processor core and a memory, wherein the processor core is to perform the following in response to receiving a content read instruction from an application:
identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction;load, from a cryptographic tree, tree nodes with security metadata, wherein the security metadata comprises a first message authentication code (MAC), version (VER) data, and counter data;retrieve, from the memory, the CCB;generate a second MAC from the CCB;compare the first MAC with the second MAC;decrypt the CCB using security metadata when the first MAC matches the second MAC; andsend at least the identified CL from the decrypted CCB to the application.