Search

US-12625978-B2 - Technologies for trusted I/O protection of I/O data with header information

US12625978B2US 12625978 B2US12625978 B2US 12625978B2US-12625978-B2

Abstract

Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Inventors

  • SOHAM JAYESH DESAI
  • Siddhartha Chhabra
  • Bin Xing
  • Pradeep M. Pappachan
  • Reshma Lal

Assignees

  • NTEL CORPORATION

Dates

Publication Date
20260512
Application Date
20241001

Claims (20)

  1. 1 . A device comprising: an input/output (I/O) device to output I/O data to be provided to a processor; an I/O controller coupled with the I/O device, the I/O controller to generate a first message including one or more trusted direct memory access (DMA) transactions, the first message having the I/O data; and a first cryptographic circuit coupled with the I/O controller, the first cryptographic circuit to receive the first message and to generate a second message, the second message including: an unencrypted portion starting at a start of the second message and including an unencrypted header and unencrypted metadata; and an encrypted portion having a length, the encrypted portion after the unencrypted portion and including encrypted I/O data generated by encrypting the I/O data, wherein the encrypted portion is to be encrypted with a key associated with a channel ID (CID) of the I/O device used to provide the second message to the processor, wherein the device is to store the second message to a location in memory.
  2. 2 . The device of claim 1 , further comprising: the processor, the processor to support execution of a trusted execution environment (TEE); and a second cryptographic circuit to decrypt the encrypted portion of the second message, including to decrypt the encrypted I/O data.
  3. 3 . The device of claim 1 , wherein the I/O device has a device configuration, and wherein the I/O device is to prevent a change to the device configuration.
  4. 4 . The device of claim 1 , wherein the I/O controller is to be connected to a Peripheral Component Interconnect Express (PCIe) bus.
  5. 5 . The device of claim 1 , wherein the second message comprises a transaction layer packet (TLP).
  6. 6 . The device of claim 1 , wherein the first cryptographic circuit is to determine a start of the first message.
  7. 7 . The device of claim 1 , wherein the first cryptographic circuit is to determine the length of the unencrypted portion.
  8. 8 . The device of claim 1 , wherein the I/O data is to be provided to a trusted execution environment supported by the processor, wherein the I/O controller is to be connected to a Peripheral Component Interconnect Express (PCIe) bus, and wherein the second message comprises a transaction layer packet (TLP).
  9. 9 . The device of claim 8 , wherein the first cryptographic circuit is to determine a start of the first message, and wherein the first cryptographic circuit is to determine the length of the unencrypted portion.
  10. 10 . A device comprising: an input/output (I/O) device to output I/O data to be provided to a processor; and an I/O controller and a first cryptographic circuit coupled with the I/O device to generate a message including one or more trusted direct memory access (DMA) transactions and having the I/O data, the message including: an unencrypted portion starting at a start of the message and including an unencrypted header and unencrypted metadata; and an encrypted portion having a length, the encrypted portion after the unencrypted portion and including encrypted I/O data generated by encrypting the I/O data, wherein the encrypted portion is to be encrypted with a key associated with a channel ID (CID) of the I/O device used to provide the second message to the processor, wherein the device is to store the second message to a location in memory.
  11. 11 . The device of claim 10 , wherein the I/O data is to be provided to a trusted execution environment supported by the processor, wherein the I/O controller is to be connected to a Peripheral Component Interconnect Express (PCle) bus, and wherein the message comprises a transaction layer packet (TLP).
  12. 12 . The device of claim 11 , wherein the first cryptographic circuit is to determine a start of the message.
  13. 13 . The device of claim 11 , wherein the first cryptographic circuit is to determine the length of the unencrypted portion.
  14. 14 . The device of claim 11 , wherein the I/O device has a device configuration, and wherein the I/O device is to prevent a change to the device configuration.
  15. 15 . The device of claim 11 , further comprising: the processor, the processor to support execution of a trusted execution environment (TEE); and a second cryptographic circuit to decrypt the encrypted portion of the message, including to decrypt the encrypted I/O data.
  16. 16 . A system comprising: a device including: an input/output (I/O) device to output I/O data to be provided to a trusted execution environment (TEE); an I/O controller coupled with the I/O device by a Peripheral Component Interconnect Express (PCIe) bus, the I/O controller to generate a first message including one or more trusted direct memory access (DMA) transactions, the first message having the I/O data; and a first cryptographic circuit coupled with the I/O controller, the first cryptographic circuit to receive the first message and to generate a second message, wherein the second message comprises a transaction layer packet (TLP), the second message including: an unencrypted portion starting at a start of the second message and including an unencrypted header and unencrypted meta data; an encrypted portion having a length, the encrypted portion after the unencrypted portion and including encrypted I/O data generated by encrypting the I/O data, wherein the encrypted portion is to be encrypted with a key associated with a channel ID (CID) of the I/O device used to provide the second message to a processor, wherein the device is to store the second message to a location in memory; the processor coupled with the device, the processor to support execution of the TEE; and a second cryptographic circuit to decrypt the encrypted portion of the second message, including to decrypt the encrypted I/O data.
  17. 17 . The system of claim 16 , wherein the first cryptographic circuit is to determine a start of the first message.
  18. 18 . The system of claim 16 , wherein the first cryptographic circuit is to determine the length of the unencrypted portion.
  19. 19 . A device comprising: a cryptographic circuit to receive a message including one or more trusted direct memory access (DMA) transactions and having input/output (I/O) data, the message including: an unencrypted portion starting at a start of the message and including an unencrypted header and unencrypted metadata; and an encrypted portion having a length, the encrypted portion after the unencrypted portion and including encrypted I/O data generated by encrypting the I/O data, wherein the encrypted portion is to be encrypted with a key associated with a channel ID (CID) of the I/O device sending the I/O data used to convey the message to a processor, wherein the cryptographic circuit is to decrypt the encrypted I/O data; and the processor coupled with the cryptographic circuit, the processor to support execution of a trusted execution environment (TEE), wherein the TEE is to access the I/O data.
  20. 20 . The device of claim 19 , wherein the message is to be received over a Peripheral Component Interconnect Express (PCIe) bus, and wherein the message comprises a transaction layer packet (TLP).

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This Application is a continuation of co-pending U.S. patent application Ser. No. 17/820,628, filed Aug. 18, 2022, which is a continuation of and claims the benefit of and priority to U.S. application Ser. No. 16/704,168, entitled TECHNOLOGIES FOR TRUSTED I/O PROTECTION OF I/O DATA WITH HEADER INFORMATION, by Soham Jayesh Desai, et al., filed Dec. 5, 2019, now allowed, which is a continuation of and claims the benefit of and priority to U.S. application Ser. No. 15/628,006, entitled TECHNOLOGIES FOR TRUSTED I/O PROTECTION OF I/O DATA WITH HEADER INFORMATION, by Soham Jayesh Desai, et al., filed Jun. 20, 2017, now issued as 10,552,620, which claims the benefit of U.S. Provisional Patent Application Nos. 62/352,356 and 62/352,357, which were both filed Jun. 20, 2016. the entire contents of which are incorporated herein by reference. BACKGROUND Current processors may provide support for a trusted execution environment such as a secure enclave. Secure enclaves include segments of memory (including code and/or data) protected by the processor from unauthorized access including unauthorized reads and writes. In particular, certain processors may include Intel® Software Guard Extensions (SGX) to provide secure enclave support. In particular, SGX provides confidentiality, integrity, and replay-protection to the secure enclave data while the data is resident in the platform memory and thus provides protection against both software and hardware attacks. The on-chip boundary forms a natural security boundary, where data and code may be stored in plaintext and assumed to be secure. Intel® SGX does not protect I/O data that moves across the on-chip boundary. Trusted I/O (TIO) technology enables an application to send and/or receive I/O data securely to/from a device. In addition to the hardware that produces or consumes the I/O data, several software and firmware components in the I/O pipeline might also process the data. HCTIO (Hardware Cryptography-based Trusted I/O) is a technology that provides cryptographic protection of DMA data via an inline Crypto Engine (CE) in the system-on-a-chip (SoC). Channel ID, an identifier, uniquely identifies a DMA channel on the platform, and the CE filters DMA traffic and encrypts select I/O transactions upon a match with the Channel ID programmed in the CE. Certain devices may provide trusted I/O using an inline Channel ID filter in the SoC and a processor-based Crypto Engine (e.g., using microcode or other processor resources). BRIEF DESCRIPTION OF THE DRAWINGS The concepts described herein are illustrated by way of example and not by way of limitation in the accompanying figures. For simplicity and clarity of illustration, elements illustrated in the figures are not necessarily drawn to scale. Where considered appropriate, reference labels have been repeated among the figures to indicate corresponding or analogous elements. FIG. 1 is a simplified block diagram of at least one embodiment of a computing device for protecting I/O transfers with header data; FIG. 2 is a simplified block diagram of at least one embodiment of an environment of the computing device of FIG. 1; FIG. 3 is a simplified flow diagram of at least one embodiment of a method for protecting I/O transfers with header data that may be executed by the computing device of FIGS. 1-2; FIG. 4 is a simplified flow diagram of at least one embodiment of a method for protecting I/O transfers with header data using an inline cryptographic engine that may be executed by the computing device of FIGS. 1-2; FIG. 5 is a simplified flow diagram of at least one embodiment of a method for protecting I/O transfers with header data using an inline channel identifier filter that may be executed by the computing device of FIGS. 1-2; FIG. 6 is a simplified flow diagram of at least one embodiment of a method for protecting I/O transfers with header data using a processor-based cryptographic engine that may be executed by the computing device of FIGS. 1-2; FIG. 7 is a simplified flow diagram of at least one embodiment of a method for protecting I/O device configuration that may be executed by the computing device of FIGS. 1-2; FIG. 8 is a simplified block diagram of at least one embodiment of an environment of the computing device of FIG. 1; and FIG. 9 is a simplified flow diagram of at least one embodiment of a method for matching encrypted data with authentication tags that may be executed by the computing device of FIGS. 1 and 8. DETAILED DESCRIPTION OF THE DRAWINGS While the concepts of the present disclosure are susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will be described herein in detail. It should be understood, however, that there is no intent to limit the concepts of the present disclosure to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equiv