CPC G06F 21/602 (2013.01) [G06F 1/163 (2013.01); G06F 3/012 (2013.01); G06F 15/7807 (2013.01); G06F 21/64 (2013.01); G06F 21/79 (2013.01); G06T 19/006 (2013.01); G06F 21/107 (2023.08)] | 18 Claims |
1. A method for execution on a system on a chip (SoC) having a plurality of subsystems, the method comprising:
configuring a storage controller to operate in a direct memory access mode;
receiving, by the storage controller of the SoC and from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address;
obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data, wherein obtaining the command includes snooping for the command on a read address channel of the storage controller;
determining, by the encryption engine and based on an access rule, whether the subsystem has sufficient privilege to access the storage device address;
in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, by the encryption engine, data in the local memory using an encryption key associated with the subsystem; and
outputting, by the encryption engine, the encrypted data to the storage controller for writing to the storage device at the storage device address.
|