CXL: Secured Network Traffic Specification

Go Back

�� Cloud

Cloud native EDA tools & pre-optimized hardware platforms

Request a Free Trial →

Multi-Die Solution

A comprehensive and scalable solution for fast heterogeneous integration

Discover Multi-Die →

Explore Silicon Design, Verification & Manufacturing

�� is a leading provider of electronic design automation solutions and services.

Simpleware Software

Virtual Prototyping

�� Cloud

Unlimited access to EDA software licenses on-demand

Request a Free Trial →

Explore Silicon IP

�� is a leading provider of high-quality, silicon-proven semiconductor IP solutions for SoC designs.

�� IP Portfolio

Download Brochure →

�� IP Technical Bulletin

Read Latest Issue →

Explore Systems Verification and Validation

�� is a leading provider of hardware-assisted verification and virtualization solutions.

System Test Generation

Company Overview

Success Stories

Explore our success stories.

Learn More →

CXL: Secured Network Traffic Specification

VIP Expert

Nov 12, 2020 / 1 min read

Welcome to the wonderful and cryptic world of secured traffic with CXL being the latest specification to adopt it. CXL2.0 specification introduces integrity & data encryption (IDE) schematics for both CXL.io & CXL.cachemem protocols. CXL.io pathway uses PCIe specification defined IDE, while CXL.cachemem related updates are introduced in CXL2.0 specifications. In this blog we��ll provide a broad overview of what a secure setup looks like and the strategies adopted by CXL for the same.

CXL IDE can be used to secure traffic via the AES-GCM algorithm (more on this in upcoming blogs) within a TTE (Trusted Execution Environment). In a nutshell, TTE is an isolated and secure environment that runs parallel to OS, where sensitive data is stored and processed.

When running over a TTE, CXL IDE protects the transactions, both data and metadata, exchanged between the two devices on the physical link by using symmetric crypto keys (CXL chooses 256-bit key length for AES-GCM).

Each secure component in a TTE implements a TCB (Trusted Computing Base) which has protection mechanisms for hardware, firmware, software and any other combination to enforce a security policy. For CXL, TCB includes:

Hardware blocks that implement encryption algorithms
Modules that configure crypto engines (AES-GCM for CXL)
Any other block that directly or indirectly communicates with the above two blocks

For verification of interoperability of IDE features, �� VIP supports CXL.cache-mem IDE out-of-the-box as laid out in Chapter 11 of the (this would tentatively be named as Compute Express Link Specification Revision 2.0). VIP has various controls to allow user to tweak VIP behavior for features like:

TX and RX key programming, which in turn refers to SPDM (Security Protocol and Data Model) specification)
TX and RX Truncation Delay
Aggregation Mode
Key Refresh time

CXL VIP supports IDE to help validate DUT (Design Under Test) compliance with the CXL IDE specification and debug hooks to enable speedy and efficient debugging.

Stay tuned, in our next blog we��ll discuss in detail the intricacies of AES-GCM for CXL.

�� continues to provide the industry��s first and most comprehensive Verification IP solutions. For more information on �� VIP, visit /verification/verification-ip.html