1. Field of the Invention
The present invention generally relates to data encryption and, more particularly, to methods and apparatus for identifying and storing parameters to be used when securely accessing data through the use of encryption.
2. Description of the Related Art
A system on a chip (SOC) generally includes one or more integrated processor cores, some type of embedded memory, such as a cache shared between the processors cores, and peripheral interfaces, such as memory control components and external bus interfaces, on a single chip to form a complete (or nearly complete) system. The use of cache memory hierarchies is well established to improve a processor performance by reducing and/or eliminating read access requests to external memory.
As part of an enhanced security feature, some SOCs encrypt some portions of data prior to storing it in external memory. Adding such encryption to an SOC may add valuable benefits, such as preventing a hacker from obtaining instructions of a copyrighted program, such as a video game, or data that may be used to determine such instructions through reverse engineering. When the encrypted data is subsequently retrieved from external memory, it must first be decrypted before it can be used by the processor cores.
A set of security parameters (stored on or off chip) may contain information about the type of security to be applied to different portions of memory. For example, these security parameters may identify which portions of memory are protected as well as, for those identified portions of memory that are protected, exactly how encryption is applied (e.g., an encryption block size, a set of encryption keys, and the like). Unfortunately, according to some implementations, some amount of latency may be suffered as a set of security parameters is located and retrieved, for example, based on the address of data targeted in a memory access request.
In virtual memory systems, real (or “physical”) addresses of the targeted data are often translated from virtual addresses utilizing a data table commonly referred to as a translation look aside buffer (TLB). In some cases, possibly due to scalability reasons, the number of external address lines (actually leaving the SOC) may be less than the total number of bits of the translated real address. As a result, the translated real address may have a number of “excess” bits that are not utilized. Further, TLB entries often have some collection of attribute bits that contain information about corresponding data (e.g., valid and dirty bits). The collection of attribute bits may also include unutilized excess bits.
In conventional SOCs, such excess address and/or attribute bits in TLB entries constitute a waste of resources. It would be desirable to utilize these excess bits in a TLB entry, for example, to identify a set of security parameters to be applied to corresponding data.