Douma Posted February 14, 2023 Share Posted February 14, 2023 Synopsys has launched security IP and controller hardware for the latest protocols in PCI Express 6.0 chips in the data centre. The TEE Device Interface Security Protocol (TDISP) is a new framework and architecture to secure I/O virtualization that was introduced in the most recent PCIe 6.0 specification. Although PCIe 6.0 introduced the new 64GT/s signaling speed, TDISP can be used at any speed and provides a standardized interface framework that defines how to secure the interconnect between the virtual machine host and the device, regardless of where the data centre resides or who has access to the servers inside of it. While software has been the long-standing target for cyberattacks, hardware is now also vulnerable to security breaches. This is particularly important for devices across the data centre that have encryption to exchange keys with virtual machines. This process can be complex and problematic. For instance, the virtual machine hardware in the data centre already knows the CPU. In this case, there’s no need for an interface framework for security because the virtual machine already knows the hardware encryption for that CPU. But when the virtual server is shared, as is prevalent in today’s cloud computing environment, the devices plug into CPUs and accelerators from a range of companies, each needs to know about the correct encryption. Key management is the primary role of TDISP. It has the ability to turn on and off the encryption, performing like a control panel, for example to refresh keys for the next hour, or the next 10 minutes, or any other timeframe. The TDISP framework standardizes the process and manages the entire key exchange, eliminating the need to build unique interfaces for each different device. On the hardware side, once the connection is negotiated and the link secured, if there is register manipulation outside of TDISP, users can identify the connection as no longer secure. TDISP can detect the attempt to intercept the communications, enabling users to flag the software, letting it know that something is wrong so that it re-secures the link before the breach ever occurs. TDISP enables a standard approach to IO interconnect security, mitigating attacks before they happen, and Synopsys has developed the first controllers and Integrity and Data Encryption (IDE) security IP module that supports TDISP, as applicable for PCIe and CXO.io. It includes all the hardware hooks and building blocks to implement TDISP is part of the overall PCIe security offering. The TDISP IP includes the PCIe Controller and IDE capability and other registers as well as T-bit packet per packet support (TX and RX) and updated rule checks for inbound requests and completions as well as additional checks for TEE limited stream support. It also includes an interface to allow Device Security Manager (DSM) to track TEE-Device-Interface-owned (TDI-owned) configuration changes as well as supporting TDISP-specific error conditions updates, lock signals to avoid configuration registers update and trusted assignment of Virtual Functions to Trusted Virtual Machines (TVMs). https://www.eenewseurope.com/en/security-ip-and-controller-for-tdisp-in-pci-express-6-0/ 2 Member -> Moderator -> Super Moderator -> Supervisor -> Ex-Staff (Absent) -> Supervisor -> Administrator -> Ex-Staff -> Administrator -> Ex-Staff Link to comment Share on other sites More sharing options...
Recommended Posts