PCIe 6.0 Integrity and Data Encryption Security Module

PCI Express is a ubiquitous interface for a wide variety of applications, from connecting accelerators and peripheral devices to data center servers to their use in consumer electronics. PCI Express links carry high value information between the host and the peripheral and from endpoint to endpoint.

The Integrity and Data Encryption (IDE) Security IP Module for PCIe 6.x provides confidentiality, integrity, and replay protection against hardware-level attacks. IDE adds optional capabilities for PCIe devices to perform hardware encryption and integrity checking on packets transferred across PCIe links.

The IDE Security Module for PCIe 6.x offers seamless integration with the Controller for PCIe 6.x via the Transaction Layer Packets (TLP) interface as defined in the PCI-SIG IDE specification. This interface matches the data width used by the controller, e.g., 1024-bit or 512-bit, together with the maximum number of TLP prefixes to offer an optimal performance vs. area implementation.

The IDE extended capability registers are accessible from the Controller for PCIe 6.x, offering a clear view of the link capabilities during discovery and configuration timeframes.

The Secure PCIe Controllers with IDE provide support for the TEE Device Interface Security Protocol (TDISP), an Engineering Change Notice (ECN) released by PCI-SIG. TDISP standardized framework defines how to secure the interconnect between virtual machine hosts and devices, regardless of where the data center resides or who has access to the servers inside. The PCIe Controllers with IDE enable designers to build full TDISP support in their hyperscale SoCs and mitigate against data and system attacks to address the challenges of virtualized cloud security.

Interoperability between the IDE Security Module and Controller for PCIe 6.x is part of the development process, offering customers version compatibility and reference integration templates.

• Compliant with PCI Express IDE specification
• Support for TDISP
• High-performance AES-GCM based packet encryption, decryption, authentication
• Seamless integration with Synopsys controllers via TLP packet-based interface
• FLIT mode support
• Support for PCIe 6.0, 5.0, 4.0 and 3.1 data rates
• Supports all required features of PCIe 6.0.1, PCIe 6.1 and PCIe 6.2
• Customer configurable
• Aligns with PCIe controller’s configuration options
• Scalable data bus width: 128, 256, 512, 1024
• Lanes: x1, x2, x4, x8, x16, x32
• Optimized for area, performance & latency
• FIPS 140-3 certification test mode
• Multi-stream support
• PCRC calculation & validation
• Efficient key control & refresh