Multi-Master RAM Content Protection: Page 2 of 3

March 25, 2020 //By Sandeep Jain, Kirk Taylor, Pradip Singh (NXP Semiconductors)
Multi-Master RAM Content Protection
This article describes a mechanism to secure RAM content by storing the data encrypted and allowing selective decryption of the data, based on master privileges. The feature is especially useful for scenarios where we allow a master to access the RAM data for copy etc but do not allow to interpret the contents. The encryption-decryption steps are handled at the RAM controller level, transparent to the Software.

During debug or test, the descrambler can be permanently disabled –

  • No master can access plaintext data
  • Avoids ram zero-ising FSM

Data travel across the RAM controller and memory are secure, avoids side-channel based attacks.


Fig. 2  RAM Memory Access for masters with different privileges.

Example:

Consider a 64kB RAM with 64-bits data, thus a depth of 8K addresses

If we implement 1-bit for each word to indicate whether the data is encrypted or not -> 8K bits will be needed.

We can also create blocks/page/group of larger words to reduce config bits.

Thus, in a best Case: 1–bit is needed, if entire RAM is marked as secure.


Fig. 3  RAM dimensions and secure flag

When reading the data, the controller will return additional flag (as sideband AHB/AXI) to indicate if the data is plaintext or not. A scrambled data will be saved as-is at destination, and will not be re-scrambled, based on the flag, as shown in Fig4.

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.