US 12,010,242 B2
Memory protection using cached partial hash values
Roberto Avanzi, Munich (DE); Andreas Lars Sandberg, Cambridge (GB); Michael Andrew Campbell, Cambridge (GB); Matthias Lothar Boettcher, Cambridge (GB); and Prakash S. Ramrakhyani, Austin, TX (US)
Assigned to Arm Limited, Cambridge (GB)
Filed by Arm Limited, Cambridge (GB)
Filed on Jul. 10, 2020, as Appl. No. 16/925,723.
Prior Publication US 2022/0014379 A1, Jan. 13, 2022
Int. Cl. H04L 9/32 (2006.01); G06F 21/57 (2013.01); G06F 21/64 (2013.01); H04W 12/06 (2021.01); G06F 12/0875 (2016.01); G06F 12/14 (2006.01); G06F 21/79 (2013.01)
CPC H04L 9/3242 (2013.01) [G06F 21/57 (2013.01); G06F 21/64 (2013.01); H04W 12/06 (2013.01); G06F 12/0875 (2013.01); G06F 12/1408 (2013.01); G06F 21/79 (2013.01)] 17 Claims
OG exemplary drawing
 
1. Apparatus comprising:
a memory protection circuitry to verify integrity of memory granules in a protected area of a memory;
a hash value cache to store hash values determined from data blocks retrieved from the protected area of the memory, wherein:
when retrieval from the memory of a first data block and an authentication code associated with a memory granule contiguously comprising the first data block and a second data block occurs, the memory protection circuitry is responsive to the retrieval to calculate a verification authentication code for the memory granule, wherein integrity of the first data block is contingent on the verification authentication code matching the authentication code,
calculation of the verification authentication code comprises a cryptographic calculation based on a first hash value determined from the first data block and a second hash value determined from the second data block, and
the memory protection circuitry is arranged to lookup the second hash value in the hash value cache when the calculation of the verification authentication code is required;
a data block cache to store copies of data blocks retrieved from the memory, wherein the copies of data blocks are cache lines of the data block cache; and
a cache content coordination control circuitry configured to:
control storage of the copies of data blocks in the data block cache dependent on content of the hash value cache,
control storage of the hash values in the hash value cache dependent on content of the data block cache,
administer a victim selection policy for the data block cache and/or the hash value cache, and
impose an exclusive storage policy on the data block cache and the hash value cache, such that for a data block and an associated hash value exclusively either the data block is stored in the data block cache or the associated hash value is stored in the hash value cache.