IDE Security IP Modules for PCI Express 7.0

Overview

PCI Express is a ubiquitous interface for a wide variety of applications, from connecting accelerators and peripheral devices, to data center servers, to their use in consumer electronics. PCI Express links carry high value information between the host and the peripheral and from endpoint to endpoint.

The Integrity and Data Encryption (IDE) Security IP Modules for PCIe 7.0 provide confidentiality, integrity, and replay protection against hardware-level attacks. IDE adds optional capabilities for PCIe devices to perform hardware encryption and integrity checking on packets transferred across PCIe links.

The IDE Security Modules for PCIe 7.0 offer seamless integration with the Controller for PCIe 7.0 via the Transaction Layer Packets (TLP) or Flow Control Units (FLITs) interfaces as defined in the PCI-SIG IDE specification. These interfaces match the data width used by the controller, e.g., 1024-bit or 512-bit, together with the maximum number of TLP prefixes to offer an optimal performance vs. area implementation.

The IDE extended capability registers are accessible from the Controller for PCIe 7.0, offering a clear view of the link capabilities during discovery and configuration timeframes.

The Secure PCIe Controllers with IDE provide support for the TEE Device Interface Security Protocol (TDISP), an Engineering Change Notice (ECN) released by PCI-SIG. TDISP standardized framework defines how to secure the interconnect between virtual machine hosts and devices, regardless of where the data center resides or who has access to the servers inside. The PCIe Controllers with IDE enable designers to build full TDISP support in their hyperscale SoCs and mitigate against data and system attacks to address the challenges of virtualized cloud security.

Interoperability between the IDE Security Modules and Controller for PCIe 7.0 is part of the development process, offering customers version compatibility and reference integration templates.

Key Features

  • Full support of PCI Express 7.0 (64GT/s) IDE specification
  • High-performance AES-GCM based packet encryption, decryption, authentication
  • Seamless integration with Synopsys controllers via TLP/FLIT packet-based interface
  • FLIT mode support
  • Support for PCIe 7.0, 6.0, 5.0, 4.0 and 3.1 data rates
  • Customer configurable
    • Aligns with PCIe controller’s configuration options
    • Scalable data bus width: 128, 256, 512, 1024
    • Lanes: x1, x2, x4, x8, x16, x32
  • Partial header encryption support
  • TDISP support
  • Supports Arm Confidential Compute Architecture
  • Optimized for area, performance & latency
  • FIPS 140-3 certification support
  • Multi-stream support
  • PCRC calculation & validation
  • Efficient key control & refresh

Block Diagram

IDE Security IP Modules for PCI Express 7.0 Block Diagram

Technical Specifications

×
Semiconductor IP