PCI Express is a ubiquitous interface for a wide variety of applications, from connecting accelerators and peripheral devices, to data center servers, to their use in consumer electronics. PCI Express links carry high value information between the host and the peripheral and from endpoint to endpoint.
The Integrity and Data Encryption (IDE) Security IP Modules for PCIe 7.0 provide confidentiality, integrity, and replay protection against hardware-level attacks. IDE adds optional capabilities for PCIe devices to perform hardware encryption and integrity checking on packets transferred across PCIe links.
The IDE Security Modules for PCIe 7.0 offer seamless integration with the Controller for PCIe 7.0 via the Transaction Layer Packets (TLP) or Flow Control Units (FLITs) interfaces as defined in the PCI-SIG IDE specification. These interfaces match the data width used by the controller, e.g., 1024-bit or 512-bit, together with the maximum number of TLP prefixes to offer an optimal performance vs. area implementation.
The IDE extended capability registers are accessible from the Controller for PCIe 7.0, offering a clear view of the link capabilities during discovery and configuration timeframes.
The Secure PCIe Controllers with IDE provide support for the TEE Device Interface Security Protocol (TDISP), an Engineering Change Notice (ECN) released by PCI-SIG. TDISP standardized framework defines how to secure the interconnect between virtual machine hosts and devices, regardless of where the data center resides or who has access to the servers inside. The PCIe Controllers with IDE enable designers to build full TDISP support in their hyperscale SoCs and mitigate against data and system attacks to address the challenges of virtualized cloud security.
Interoperability between the IDE Security Modules and Controller for PCIe 7.0 is part of the development process, offering customers version compatibility and reference integration templates.