Intel Corporation
MEMORY ENCRYPTION ENGINE INTERFACE IN COMPUTE EXPRESS LINK (CXL) ATTACHED MEMORY CONTROLLERS

Abstract:

Securing communications over a compute express link (CXL) is performed by receiving allocation of memory in a memory device and a key identifier (ID) to a trusted execution environment virtual machine (TEE VM); configuring a random key for the key ID by sending a random key configuration request to instruct a device security manager (DSM) of the memory device to configure a memory encryption engine (MEE) of the memory device with the random key and the memory allocation; initializing the allocated memory using the random key; and enabling secure access by the TEE VM to the allocated memory over the CXL by encrypting data transfers from the TEE VM to the memory device using the random key or decrypting data transfers from the memory device to the TEE VM using the random key.