

# IDE Security IP Module for CXL 2.0

#### Highlights

- Compliant with the CXL 2.0 IDE specifications for CXL.cache/mem
- Compliant with PCI Express IDE specification for CXL.io
- High-performance AES-GCM based packet encryption, decryption, authentication
- Seamless integration with Synopsys DesignWare controller IP
  - FLIT interfacing for CXL.cache/mem
  - TLP packet-based interfacing for CXL.io
  - Sync/fail/status messaging
- Supports CXL 2.0 data rates
- · Customer configurable
  - Aligns with DesignWare CXL 2.0 controller configuration options
  - Data bus width: 512
  - Lanes: x8, x16
  - Support for all protocols CXL.cache/ mem/io or only CXL.cache/mem
- · CXL.cache/mem
  - Containment & skid modes
  - Early MAC termination
- Optimized for area, performance & latency
- Multi-stream support
- · PCRC calculation & validation
- Efficient key control & refresh
- · Bypass mode

### **Target Applications**

- Cloud computing: data centers, enterprise, networking switches, routers
- · Artificial intelligence / deep learning
- · Media / graphics
- · Memory expansion
- · General purpose acceleration

#### Overview

The Compute Express Link (CXL) interface protocol enables low-latency data communication between system-on-chip (SoC) and general-purpose accelerators, memory expanders, and smart I/O devices requiting high performance, heterogeneous computing for data-intensive workloads.

The Synopsys DesignWare® CXL 2.0 Integrity and Data Encryption (IDE) Security IP Module provides confidentiality, integrity and replay protection for FLITs in the case of CXL.cache and CXL.mem protocols and for Transaction Layer Packets (TLP) in the case of CXL.io. The Security Module is compliant with the IDE specification as defined for CXL 2.0 which also references PCI Express IDE specification for the CXL.io protocol. The DesignWare CXL 2.0 IDE Security Module integrates seamlessly with the Synopsys DesignWare CXL controllers to accelerate SoC integration.

#### DesignWare CXL 2.0 IDE Security Module

The DesignWare CXL 2.0 IDE Security Module (Figure 1) supports full-duplex for .cache/.mem and .io Rx and Tx directions. It provides efficient encryption/ decryption and authentication of FLITs and TLPs, based on optimized low latency AES-GCM cryptographic cores, that are specially developed to meet an optimal area vs. performance implementation.



Figure 1: DesignWare CXL 2.0 IDE Security Module block diagram

The DesignWare CXL 2.0 IDE Security Module deploys full-duplex encryption/decryption and authentication for both .io and .cache/.mem protocols:

- · Matching data widths for DesignWare CXL 2.0 Controller
- · CXL.io and .cache/.mem in-flight key refresh
- CXL.io and .cache/mem optimized crypto engines for low latency and area
- CXL.io and .cache/.mem integrity and ECC protection for internal configuration data
- CXL.cache/.mem skid support for skid and containment modes
- CXL.io and .cache/.mem low latency bypass mode
- · CXL.io backward compatibility for PCle 4.0 and 3.0 generations

#### Security Solution Integrates Seamlessly with Controllers

The DesignWare CXL 2.0 IDE Security Module offers plug-and-play connectivity to the DesignWare CXL 2.0 Controller via TLP and FLIT packet based interfaces, for .io and .cache/.mem respectively. The data interfaces matches the data width used by the controller, e.g. 512-bit. For the .io, the number of used TLP prefixes can also be configured to deploy an area-optimized cryptographic core.

The extended capability registers are accessible from the DesignWare CXL 2.0 Controller, offering a clear view of the link capabilities during discovery and configuration timeframes.

The interoperability between the DesignWare CXL 2.0 IDE Security Module and the DesignWare CXL 2.0 Controller is part of the development process, offering customers version compatibility and reference integration templates.



Figure 2: Plug-and-Play DesignWare CXL 2.0 IDE Security Module with DesignWare CXL 2.0 Controller

#### **Deliverables**

- Synthesizable RTL developed in compliance with the IEEE1364 Verilog-2005 standard
- · Verilog integration testbench
- · Sample synthesis script and constraints
- · Sample simulation script
- Databook
- Hardware user guide
- · Hardware installation guide

## Related DesignWare IP

The **DesignWare Compute Express Link (CXL) Controller IP** implements the port logic required to build a CXL device or host and can be configured for dual mode applications. The configurable and scalable IP supports all key required features of the CXL 2.0 specification and full backwards compatibility with CXL 1.0 and 1.1 specifications. The IP also supports PCI Express 5.0, 4.0, and 3.1 specifications, and can be easily connected to a DesignWare 32GT/s PHY through the built-in PIPE 5.2 interface.

Synopsys' highly configurable security IP solutions include hardware secure modules with Root of Trust, content protection, cryptography, and security protocol accelerators for integration into system-on-chips (SoCs). These integrated solutions enable the heart of many security standards, supporting confidentiality, data integrity, user/system authentication, non-repudiation, and positive authorization.

## About DesignWare IP

Synopsys is a leading provider of high-quality, silicon-proven IP solutions for SoC designs. The broad DesignWare IP portfolio includes logic libraries, embedded memories, embedded test, analog IP, wired and wireless interface IP, security IP, embedded processors, and subsystems. To accelerate prototyping, software development and integration of IP into SoCs, Synopsys' IP Accelerated initiative offers IP prototyping kits, IP software development kits, and IP subsystems. Synopsys' extensive investment in IP quality, comprehensive technical support and robust IP development methodology enable designers to reduce integration risk and accelerate time-to-market.

For more information on DesignWare IP, visit synopsys.com/designware.

