Data communication networks provide various services like internet access, media conferencing, file access, user messaging, and content delivery. Data communication networks use Network Interface Cards (NICs) to exchange user data. Within communication network elements, the NICs interact with Central Processing Units (CPUs) and Data Memory Buffers (DMBs) to perform Direct Memory Access (DMA) transfers. The DMA transfers move the user data between the NICs and the DMBs without using the CPUs to handle the user data. The NICs, CPUs, and DMBs exchange DMA buffer descriptors to initiate and control these DMA transfers.
Hardware-trust of data communication networks is required for many data applications. Hardware-trust is established between data network components by using hardware-trust keys that are physically-embedded in the data network components. A control system transfers trust challenge data (random numbers) to the data network components. The data network components hash the random numbers with their secret hardware-trust keys and return the hardware trust results. A hardware-trust validation system also has the trust challenge data and the secret keys to generate independent versions of the results for comparison and hardware trust validation.
Data communication networks are implementing Network Function Virtualization (NFV) to execute their networking software. NFV distributes the execution of the networking software across various CPU cores, DMB memories, and NIC ports. The networking software comprises Virtual Network Functions (VNFs) like virtual switches and the like. NFV server systems may efficiently host several data communication networks at the same time.
Unfortunately, DMA systems have not been optimized to efficiently handle hardware-trust data. In particular, NFV servers that use DMA for user data transfers have not been optimized to efficiently verify and report network-wide hardware trust.