As our connected world expands, the technological advances in
high-performance computing (HPC) are reshaping system-on-chip (SoC) designs to address the need for more acceleration, more storage capacity, new compute architectures, and increased bandwidths for faster data movement. High bandwidth interfaces such as DDR/LPDDR are proliferating, and their speeds continue to grow from generation to generation.
At the same time, the security of data and systems is paramount, driven by multiple factors, including significant growth in confidential and sensitive information, laws, regulations, and standards evolution.
Synopsys Inline and Memory Encryption (IME) Security Module IP provides confidentiality of data in use or stored in off-chip memory over memory interfaces. It integrates seamlessly with Synopsys DDR and LPDDR IP Controllers for most optimal solutions in the industry with latency as low as 2 cycles, accelerating SoC integration and reducing risk.
Inline Memory Encryption (IME) Security Module for DDR/LPDDR
Overview
Key Features
- The configurable IP supports a variety of features including:
- Scalable throughput, including DDR5/LPDDR5
- Scalable datapath widths: 128-bit, 256-bit or 512-bit
- Configurable data unit block size, up to 1024-bits
- AES-XTS encryption/decryption
- AES-ECB encryption/decryption for Test Modes
- Option for SM4-XTS
- 128-bit and 256-bit keys
- Per region encryption/decryption
- Up to 16 address-based regions
- Up to 1024K index-based selection
- Configurable number of tweak value contexts for write and read paths
- In-order latency optimized bypass channel
- FIPS 140-3 support
- SRAM zeroization
- Configuration and key programming locking inputs
- Data Counters for key freshness monitoring
- Mission mode key swap support for addressed-based key selection or single memory region environments
- RAS SRAM ECC and Single Port SRAM Support
- Area & latency optimization options
Benefits
- Data confidentiality with independent cryptographic support for read & write channels
- Standards compliant: NIST SP800-38E, IEEE Std. 1619-2018
- FIPS 140-3 certification support
- Per region protection (index or address based)
- Modes: AES-XTS, AES-ECB (test mode)
- Encryption/decryption
- Support for 128-bit and 256-bit keys
- Support for different datapath widths (128/256/512-bit)
- Efficient key control & refresh
- Key readback protection
- SRAM zeroization
- Mission mode bypass
- Pass-through mode
- RAS SRAM ECC
- Configurable for optimal PPA & latency
- Solution standalone or integrated with Synopsys memory interface controllers
- Ultra low latency: IME latency overhead as low as 2 cycles when integrated with Synopsys DDR Controllers
Applications
- Data centers / Servers
- Networking
- Storage
- Artificial Intelligence
- Mobile / IoT
- Automotive
Deliverables
- Synthesizable RTL developed in compliance with the IEEE1364 Verilog-2005 standard
- Verilog integration testbench
- Sample synthesis script and constraints
- Sample simulation script
- Databook
- Hardware user guide
- Hardware installation guide
Technical Specifications
Maturity
Available on request
Availability
Available
Related IPs
- LPDDR5/4/4X Controller with Inline Memory Encryption (IME) Security Module
- LPDDR5X/5/4X Controller with Inline Memory Encryption (IME) Security Module
- PCIe 5.0 Integrity and Data Encryption Security Module
- CXL 2.0 Integrity and Data Encryption Security Module
- PCIe 6.0 Integrity and Data Encryption Security Module
- CXL 3.0 Integrity and Data Encryption Security Module