1. Field
Management of cache resources in a protected computing environment.
2. Background
Various security techniques have been developed to protect sensitive data stored on a computer. For example, the LaGrande Technology developed by the Intel™ Corporation in Santa Clara, Calif., provides a secure computing environment by protecting data storage, software execution, and input/output devices against malicious software attacks. The LaGrande Technology defines hardware modifications to a computing system to ensure data security on the system.
One form of software attacks may aim towards the main memory of a computing system. To protect the main memory from unauthorized access, a request for direct memory access may be checked for permission before the access is granted. Typically, a direct memory access (DMA) controller moves data in and out of the main memory without requiring a central processing unit (CPU) to perform tasks for the memory access. However, a software attacker may take advantage of the direct access to copy or even alter the contents of the main memory. Thus, in some systems, sensitive data is often stored in an area of the memory that can only be accessed by the CPU. A DMA request is granted if the target memory address does not contain sensitive information to be protected.
In some systems, a NODMA (No Direct Memory Access) table in the main memory is checked before any DMA request is granted. The NODMA table uses one bit to represent protection information for each 4K-byte pages of the main memory. The value of the bit indicates whether the corresponding memory pages can be directly accessed. Thus, based on the target address of a DMA request, a hardware module prefetches the bit corresponding to the target address from the NODMA table. Depending on the value of the bit, DMA may proceed or may be denied.
DMA is generally initiated by one of a plurality of I/O devices, or equivalently, bus masters. As each request of the bus masters is checked with the NODMA table in the main memory, a severe bottleneck is formed at the memory interface.