021--辜善群.pdf

《021--辜善群.pdf》由会员分享，可在线阅读，更多相关《021--辜善群.pdf（23页珍藏版）》请在三个皮匠报告上搜索。

1、August 23,2024Dr.Paul Shan-Chyun Ku Andes TechnologyHigh Area-Efficiency IOPMP Architecture for Large SystemsSpeaker:辜善群Experience:The Chair of IOPMP Task Group(2022-)The Vice-chair of TEE TG(2021-2022)Deputy Director,Andes TechnologyAgenda A brief on the IOPMP The problem of IOPMPs scalability IOPM

2、P non-priority rules and cacheability Area-effective architecture Experiment and remarksA typical platformInterconnect-1RISC-V CPUDMA,NIC,orDisplay CTLRDSP/GPUinterconnect-2devicesdevicesdevicesFlashSRAM/DRAMCrypto EngineAddr,Len,R/W/X Addr,Len,R/W/X Addr,Len,R/W Addr,Len,R/Wregionregionregionregion

3、regionregiondevicesdevicesPMP4Taking RISC-V MainstreamVulnerability and threat5Taking RISC-V Mainstream RISC-V CPUs transactions are checked by PMP/ePMP:By(1)CPU mode,(2)memory region,and(3)operation The other I/O agents:DSP,GPU,DMA,NIC,LCDC Transactions from them are NOT CHECKED vulnerability!A mal

4、icious SW that can control the I/O agents to access anywherebecomes the threats.EX:an attack asks the I/O agent to read the sensitive asset without PMP/ePMPs check and store it to its own legal space.IOPMP is the tool to mitigate the such a threat.The IOPMP task group under RISC-V international is w

5、orking on the architecture spec.A platform with IOPMPsInterconnect-1 w/RRIDCPUDMA,or Other I/O AgentDSP/GPUinterconnect-2 w/o RRIDdevicesdevicesdevicesIOPMP-2FlashIOPMP-1SRAM/DRAMIOPMP-3entriesentries entries Crypto EngineAddr,Len,R/W/X RRID Addr,Len,R/W/X RRID Addr,Len,R/W RRID Addr,Len,R/W RRIDRRI

6、DRRID RRIDregionregionregionregionregionregionCTRL CTRLCTRLPMP6Taking RISC-V MainstreamIOPMPs Implementation and Scalability7Taking RISC-V MainstreamIOPMP block diagramaddress matching,permission checkrule arrayreaction,record,and/or forwardAPCUincoming trans.buff(or queue)IOPMPoutgoing transaction