After the significant CHI Issue F update that introduced a number of important new features, Arm pushed forward with yet another significant update. The two salient features – Memory Encryption Contexts (MEC) and Device Assignment (DA) – further enhance the security of the Arm architecture.
Memory Encryption Contexts (MEC) is a security enhancement to the Arm Realm Management Extension introduced in CHI Issue F. This capability allows each Realm to have a unique encryption context, which provides another level of hardware-level access protection. Data in each Realm in the memory is encrypted with a different encryption key. All memory accesses to Realms will now be accompanied by a unique-per-realm MECID 16-bit wide signal. Even if malicious software manages to access and decipher data located in one memory Realm, it will not be able to do so with another Realm because of the different encryption method. In other words, the MEC feature adds unique encryption protection for each Realm in the memory.
The Device Assignment (DA) and Coherent Device Assignment (CDA) enhancements were mainly developed for multi-die applications but can be used in single-chip systems as well. The enhancement introduces hardware provisions to support fully coherent caches in partially trusted remote coherent devices. It enables the system host (which is responsible for enforcing the system-wide security policy) to coherently access caches in the remote devices. Similarly, there are strict rules that allow the remote devices to securely access coherent memories associated with the system host. The DA/CDA enhancement introduces two new transaction fields – StreamID and SecSID1 – which are used to control requests initiated by remote devices to the system host.
In addition to the two major features mentioned above, CHI Issue G delivers a significant expansion of the Data flit’s DataSource field encoding, enabling improved telemetry across a wide spectrum of systems, including multi-die and multi-socket ones.
Additionally, CHI Issue G introduces a very important performance enhancement feature called Limited Data Elision. This feature enables a potential reduction in the number of data packets transferred on the DAT channel when some or all of the data field values are zero or when subsequent data packets contain replicated data field values. Fewer packets transferred result in reduced substrate noise and power consumption.
All CHI Issue G features are already fully supported in the Cadence Verification IP for CHI. Early adopters can start verification of CHI Issue G-compliant systems immediately, ensuring compliance with the standard and achieving the fastest path to IP and SoC verification closure.
To get more details on Cadence CHI Verification IP, please visit the Cadence website or simply reach out to discuss with Cadence Verification IP experts.