Intel Corporation
Prevention of trust domain access using memory ownership bits in relation to cache lines

Abstract:

A processor includes a processor core and a memory controller coupled to the processor core. The memory controller comprising a cryptographic engine to: detect, in a write request for a cache line, a key identifier (ID) within a physical address of a location in memory; determine that the key ID is a trust domain key ID of a plurality of key IDs; responsive to a determination that the key ID is the trust domain key ID, set an ownership bit of the cache line to indicate the cache line belongs to a trust domain; encrypt the cache line to generate encrypted data; determine a message authentication code (MAC) associated with the cache line; and write the encrypted data, the ownership bit, and the MAC of the cache line to the memory.