The present invention concerns memory management in a computer system designs and pertains particularly to a secure memory management unit which uses multiple cryptographic algorithms.
In order to protect against theft or misuse, secure information within a computing system can be encrypted before being stored in the memory for the computing system. When a secure integrated circuit uses the secure information, the secure information is transferred to the integrated circuit and decrypted before being used. Secure information returned to the memory for the computing system is encrypted before being stored.
Typically, decryption and encryption is handled by a secure memory management unit (SMMU) on the integrated circuit. When a processor requires the use of a page of secure information, the secure memory management unit on the integrated circuit obtains the page of secure information, decrypts the page of secure information and places the data in a cache memory for access by the processor. The cache is typically implemented using static random access memory (SRAM).
If, in order to bring in the page of secure information, a “dirty” page of information needs to be swapped out to memory, the SMMU performs the swap out of the “dirty” page of information before the new page is placed in the cache. A “dirty” page of information is a page of information which has been written to while in the cache where the changes made have not been written out to the system memory. If the “dirty” page of information contains secure information, the SMMU first encrypts the page before swapping the page out to system memory. While performing page swapping the SMMU holds off the processor while pages are being swapped to and from the processor cache.
The SMMU handles all secure information for a computing system. The secure information can include both executable code (typically stored in a read-only memory (ROM)) and data (typically stored in random access memory (RAM)).