It may be desirable for some graphics systems to provide a layer of protection that goes beyond that available with traditional software techniques, something that will allow multiple software modules (e.g. users, processes, applications, etc) to run on the same graphics hardware while protecting the imagery produced by one module from being read or overwritten by any other module.
This concept allows developers to create systems that mix building blocks that are designed to high-security standards with others that are not, without compromising the secure elements of the system.
Such protection would normally require custom built hardware that implements the protection at the very lowest level, usually in the memory controller. As modern Graphics Processing Units (GPUs) have become as complex as the Central Processing Units (CPUs) that host them, it has become impractical to build an entire custom GPU of one or two hundred million transistors just to be able to make the relatively modest changes to its memory controller needed to provide such protection.
Furthermore, traditional memory mapper technology cannot provide the needed protection for at least two reasons. First, one dimensional memory mapper schemes are not sufficiently fine grained to allocate memory in the narrow slices needed to assign memory segments that are only a few dozen pixels wide, as would be needed to define a two-dimensional window on a GPUs display screen.
Even if such a scheme were to be expanded, it would have to break each megabyte of the memory into roughly 16K chunks of 16 pixels each in order to provide acceptable granularity. In other words, memory required to store the map would likely need to be comparable in size and faster than the memory that it was mapping, if it were to provide acceptable performance.
Second, GPUs typically do not have memory mappers between their rendering pipelines and their memory interfaces. Only the host processors typically have such mappers and while they might be used to restrict access by the hosts various tasks to GPU memory in a coarse way, control of the GPU's rendering logic is assigned as a whole. Once any task has control of it, it can be used to read any part of the GPU's memory, even if the host's memory mapper has blocked direct access of that region by the host itself.
What is needed is a relatively simple device that can be installed between a GPU and display memory that will allow definition of multiple two-dimensional regions in the display buffers that can only be read or written by the task that ‘owns’ them. The device may also provide protection in coarser one-dimensional blocks to the rest of GPU memory for use as scratch pad space.