Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Chapter 18 Support for Memory Encryption Contexts

The Memory Encryption Contexts feature, FEAT_MEC, provides finer-grained memory encryption contexts, within the Realm physical address space, to be assigned to Realms, with policy controlled by Realm EL2 [2].

This section introduces a comparable feature for the SMMU architecture for interoperability with the MEC PE extension.

In the SMMU, support for Memory Encryption Contexts (MEC) is indicated as follows:

  • For Realm state: SMMU_R_IDR3.MEC.

  • For Non-secure state in the Non-secure Protected (NSP) PA space: SMMU_ROOT_IDR0.GDI. See 3.25.10 Granular Data Isolation .

If the MEC feature is supported for Realm state, the supported MECID width is indicated in SMMU_R_MECIDR.

SMMU- and client-originated accesses to memory are associated with a MECID, that identifies the Memory Encryption Context of the access.

Accesses made by the SMMU or client devices for Secure, Non-secure, and Root PA spaces are issued with the default MECID of zero.

Accesses made by the SMMU or client devices to Realm PA space are associated with a MECID. If SMMU_R_IDR3.MEC is 0 then this is the default MECID of zero. The choice of MECID depends on the type of access, as described in the descriptions of SMMU_R_GMECID and STE.MECID.

The MECID width for Non-secure accesses with PM = 1 is defined by SMMU_MECIDR.

If an SMMU without the Realm programming interface is integrated in a system that supports MEC, all client- and SMMU-originated Realm accesses for that SMMU are treated as having the default MECID of zero.

Note: This revision of the SMMU architecture does not support Alternative MECID values and use of a descriptor with the AMEC bit set to 1 causes F_TRANSLATION.

Note: The MEC feature introduces a translation table descriptor bit, AMEC, in both:

  • Bit[63] in stage 2 Page and Block descriptors for the Realm EL1&0 translation regime.

  • Bit[63] in stage 1 Page and Block descriptors for the Realm EL2 and EL2&0 translation regimes.

If SMMU_R_IDR3.MEC == 1 and a Realm translation requires use of a descriptor with the AMEC field set to 1, it is treated as F_TRANSLATION at the stage of translation that had AMEC set to 1.

Note: For both descriptor formats, the AMEC field is RES0 and treated as 0 if the NS field in the descriptor is 1. In this case it does not trigger F_TRANSLATION.

If SMMU_R_IDR3.MEC == 0, the AMEC field is RES0 and does not trigger F_TRANSLATION.

The SMMU tags transactions to the NSP PA space with a MECID supplied by a Non-secure client as follows:

  • If a Non-secure client access with PM = 1 specifies a MECID and the access is to the NSP PA space, then it is issued with the supplied MECID.

  • Otherwise, an access to the NSP PA space is issued with the default MECID of zero.

Note: This behavior is supported if SMMU_ROOT_IDR0.GDI is 1, and is not affected by any SMMU register field or descriptor field. For example, it is not affected by the value of SMMU_R_IDR3.MEC.

Accesses made by NoStreamID client devices to Realm, SA or NSP PA space are associated with a MECID provided by the NoStreamID device in an IMPLEMENTATION DEFINED manner.