CN116155642A - PCIE-based encryption and decryption data transmission method, host and storage medium - Google Patents

PCIE-based encryption and decryption data transmission method, host and storage medium Download PDF

Info

Publication number
CN116155642A
CN116155642A CN202310120147.3A CN202310120147A CN116155642A CN 116155642 A CN116155642 A CN 116155642A CN 202310120147 A CN202310120147 A CN 202310120147A CN 116155642 A CN116155642 A CN 116155642A
Authority
CN
China
Prior art keywords
solid state
data
state disk
pcie
tlp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310120147.3A
Other languages
Chinese (zh)
Inventor
王逵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Datang Storage Technology Co ltd
Original Assignee
Hefei Datang Storage Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Datang Storage Technology Co ltd filed Critical Hefei Datang Storage Technology Co ltd
Priority to CN202310120147.3A priority Critical patent/CN116155642A/en
Publication of CN116155642A publication Critical patent/CN116155642A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • H04L12/40013Details regarding a bus controller
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • H04L12/40019Details regarding a bus master
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/4013Management of data rate on the bus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

An encryption and decryption data transmission method, a host and a storage medium based on PCIE are applied to the host, and the method comprises the following steps: initializing a configuration space and a Base Address Register (BAR) space of a solid state disk, and establishing a mapping relation between PCIE bus domain addresses and storage domain addresses; and accessing the solid state disk through the PCIE link layer according to the mapping relation, and realizing encryption and decryption of data. By the method, encryption and decryption transmission channels can be optimized, encryption and decryption speeds are improved, PCIE physical transmission bandwidth can be fully utilized, data transmission delay is reduced, and user experience is greatly improved.

Description

PCIE-based encryption and decryption data transmission method, host and storage medium
Technical Field
The disclosure relates to the field of solid-state storage devices, and in particular relates to an encryption and decryption data transmission method, a host and a storage medium based on PCIE.
Background
PCIE (Peripheral Component Interconnect Express) solid state storage hard disk transmission protocol is based on NVME (Non-Volatile Memory Express, or Non-volatile memory host controller interface specification) protocol specification for data transmission, and is a high-performance and extensible host control interface.
In the encryption and decryption data transmission, an NVME protocol transmission mode is adopted, a host submits command data through SQ (Submission Queue), an NVME controller indicates that the command is completed through a reply CQ (Completion Queue), after one data transmission is completed according to the NVME protocol specification requirement, a solid state disk is necessarily filled with a CQ Doorbell register to indicate that the data is processed, and then an equipment disk is required to inform the host to take out CQ values through MSI-X interruption, so that the whole data transmission process is completed, and single-pass data transmission delay is increased. And in some scenes, the encryption and decryption data transmission only needs to inform the host computer, and does not need to inform whether the command is completed or not.
On the other hand, an NVME protocol transmission mode is adopted in encryption and decryption data transmission, and because the packets are transmitted in the SQ and CQ modes in the NVME transmission process, the occupied bandwidth is large, and the encryption and decryption speed is also influenced.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
An embodiment of the present disclosure provides an encryption and decryption data transmission method based on peripheral component interconnect express PCIE, which is applied to a host, and the method includes:
initializing a configuration space and a base register BAR (Base Address Register) space of a solid state disk, and establishing a mapping relation between a storage domain address and a BAR space address of the solid state disk, wherein the solid state disk is a solid state disk with encryption and decryption storage functions;
and accessing the solid state disk through a PCIE link layer according to the mapping relation, and realizing encryption and decryption of data.
An embodiment of the present disclosure further provides a host, including a processor, an RC, and a memory storing a computer program, where the processor is configured to execute the computer program to initialize a configuration space of a solid state disk and a base address register BAR space, where the RC is configured to establish a mapping relationship between a PCIE bus domain address and a storage domain address according to the method of any embodiment of the present disclosure, and access the solid state disk through a PCIE link layer according to the mapping relationship, so as to implement encryption and decryption of data.
An embodiment of the present disclosure further provides a non-transitory computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program, when executed by a processor, can implement the PCIE-based encryption and decryption data transmission method according to any one embodiment of the present disclosure.
According to the encryption and decryption data transmission method based on peripheral component interconnect transfer PCIE, encryption and decryption transmission channels can be optimized, encryption and decryption speeds are improved, PCIE physical transmission bandwidth can be fully utilized, data transmission delay is reduced, and user experience is greatly improved.
Other aspects will become apparent upon reading and understanding the accompanying drawings and detailed description.
Drawings
FIG. 1 is a flow chart of a method for encrypting and decrypting data according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of writing data by an encryption and decryption data transmission method according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of reading data by the encryption and decryption data transmission method according to an embodiment of the disclosure;
FIG. 4 is a schematic diagram illustrating encryption and decryption data transmission according to an embodiment of the present disclosure;
FIG. 5 is a hardware block diagram of a host according to an embodiment of the present disclosure.
Detailed Description
The present disclosure describes several embodiments, but the description is illustrative and not limiting, and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the embodiments described in the present disclosure. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or in place of any other feature or element of any other embodiment unless specifically limited.
The present disclosure includes and contemplates combinations of features and elements known to those of ordinary skill in the art. The embodiments, features and elements of the present disclosure that have been disclosed may also be combined with any conventional features or elements to form a unique inventive arrangement as defined by the claims. Any feature or element of any embodiment may also be combined with features or elements from other inventive arrangements to form another unique inventive arrangement as defined in the claims. Thus, it should be understood that any of the features shown and/or discussed in this disclosure may be implemented alone or in any suitable combination. Accordingly, the embodiments are not to be restricted except in light of the attached claims and their equivalents. Further, various modifications and changes may be made within the scope of the appended claims.
Furthermore, in describing representative embodiments, the specification may have presented the method and/or process as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. Other sequences of steps are possible as will be appreciated by those of ordinary skill in the art. Accordingly, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. Furthermore, the claims directed to the method and/or process should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the embodiments of the present disclosure.
In the encryption and decryption data transmission, an NVME protocol transmission mode is adopted, after one data transmission is completed, a solid state disk is necessarily filled with a CQ Doorbell register to indicate that the data is processed, and then a device disk is required to inform a host to take out the CQ value through MSI-X interruption, so that the whole data transmission process is completed. Because each piece of data needs to be informed to the host by an interrupt to complete the result, a single pass of data delay is added.
For this reason, an embodiment of the present disclosure provides an encryption and decryption data transmission method based on peripheral component interconnect express PCIE, which is applied to a host, as shown in fig. 1, and the encryption and decryption data transmission method may be executed according to the following steps:
step S110, initializing a configuration space and a base address register BAR space of a solid state disk, and establishing a mapping relation between PCIE bus domain addresses and storage domain addresses;
and step S120, accessing the solid state disk through a PCIE link layer according to the mapping relation, and realizing encryption and decryption of data.
The solid state disk is provided with encryption, decryption and storage functions.
According to the encryption and decryption data transmission method based on PCIE transmission through peripheral component interconnect, only data are required to be transmitted, CQ does not need to be replied, and the number of times of data transmission is not required to be increased through the modes of SQ and CQ, so that the purpose that the desired encryption and decryption data can be completed through one-time transmission is achieved, the influence of NVME protocol overhead on encryption and decryption data transmission is solved, encryption and decryption transmission channels can be optimized, encryption and decryption speed is improved, and transmission time is greatly saved.
On the other hand, by matching with the characteristics of high bandwidth and low delay of PCIE, the PCIE physical transmission bandwidth is fully utilized, the data transmission delay is reduced, and the user experience can be greatly improved through the encryption and decryption data transmission method based on peripheral component interconnect transmission PCIE.
In an example of this embodiment, after initializing the configuration space and the base address register BAR space of the solid state disk and establishing the mapping relationship between the PCIE bus domain address and the storage domain address, the method further includes: the address range accessible to PCIE equipment is obtained by mapping BAR1-BAR 2 space addresses through MMIO (Memory mapping I/O).
The configuration space and the base address register BAR space of the solid state disk after initialization in the embodiment are stored in the memory, and peripheral equipment is mapped to the memory space by matching with MMIO, so that the CPU can conveniently access the solid state disk.
In an exemplary embodiment of the present disclosure, according to the mapping relationship, the accessing the solid state disk through the PCIE link layer, as shown in fig. 2, the writing data may be performed according to the following steps:
step S210, obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
step S220, packaging the first encrypted data to be decrypted into a transaction layer packet TLP of the write data, carrying the first encrypted data and PCIE bus domain address;
in step S230, the TLP is transmitted to the solid state disk through a PCIE link layer, and the solid state disk decrypts the first encrypted data to obtain first plaintext data and stores the first plaintext data.
Wherein, the transaction layer packet TLP of the write data is set to be 1 for byte 0 of payload of MemWR (Memory Write) TLP.
In an example of this embodiment, according to the mapping relationship, the solid state disk is accessed through a PCIE link layer, as shown in fig. 3, the reading data may be performed as follows:
step S310, obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
step S320, sending a TLP of the read data to the solid state disk through a PCIE link layer, where the TLP carries the PCIE bus domain address;
step S330, receiving a Completion TLP returned by the solid state disk, where the Completion TLP carries the first plaintext data;
step S340, parse the Completion TLP to obtain the first plaintext data.
The type of the TLP for reading data may be MemRD (Memory Read) TLP.
In an exemplary embodiment of the present disclosure, the accessing, according to the mapping relationship, the solid state disk through a PCIE link layer further includes:
obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
packaging second plaintext data to be encrypted into a transaction layer packet TLP of write-in data, wherein the transaction layer packet TLP carries the second plaintext data and a PCIE bus domain address;
and transmitting the TLP to the solid state disk through a PCIE link layer, and encrypting the second plaintext data by the solid state disk to obtain second ciphertext data and storing the second ciphertext data.
Wherein the transaction layer packet TLP of the write data is MemWR (Memory Write) TLP, and byte 0 of the payload of the TLP is set to 0.
In an example of this embodiment, according to the mapping relationship, accessing the solid state disk through a PCIE link layer further includes:
obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
sending a TLP of read data to the solid state disk through a PCIE link layer, wherein the TLP carries the PCIE bus domain address;
receiving a Completion TLP returned by the solid state disk, wherein the Completion TLP carries the second ciphertext data;
analyzing the Completion TLP to obtain the second ciphertext data.
The type of the TLP for reading data may be MemRD (Memory Read) TLP.
In the above embodiment, when the data to be written is encrypted data, the solid state disk performs decryption operation on the written data, and when the data to be written is plaintext data, the solid state disk performs encryption operation on the written data. The solid state disk judges whether the data is encrypted or decrypted by identifying whether a payload field in the received MemRD TLP data packet is 0 or 1, when the payload field in the received MemRD TLP data packet is 0, the data is encrypted, and when the payload field in the received MemRD TLP data packet is 1, the data is decrypted.
After the first plaintext data and the second ciphertext data are obtained, the obtained data are subjected to CRC (cyclic redundancy check) so as to ensure the accuracy of the read data; in the process of writing data, the consistency of data transmission can be ensured through a software algorithm, and meanwhile, the PCIE physical layer also performs corresponding CRC (cyclic redundancy check) processing so as to ensure the accuracy of the written data.
In an exemplary embodiment of the present disclosure, the obtaining, according to the mapping relationship, a PCIE bus domain address of accessing a solid state disk includes:
acquiring a BAR space address of the read solid state disk through the mapped configuration space of the PCIE;
and acquiring the PCIE bus domain address through the BAR space address according to the mapping relation.
In an exemplary embodiment of the present disclosure, after the mapping relationship between the storage domain address and the BAR space address of the solid state disk is established, the method further includes:
the mapping relationship is stored in a volatile memory.
In an exemplary embodiment of the present disclosure, the accessing the solid state hard disk through the PCIE link layer implements encryption and decryption of data, where a size of the data is smaller than 4KB.
In an exemplary embodiment of the present disclosure, the accessing the solid state disk through the PCIE link layer implements encryption and decryption of data, where a data transmission mode adopted by the accessing is a single queue load mode.
According to the embodiment, the solid state disk is accessed through the PCIE link layer to realize encryption and decryption of data, wherein the size of the data is smaller than 4KB, and a data transmission mode adopted by the access is a single queue load mode which at least meets one condition.
In the embodiment, the mapping relation between the PCIE bus domain address and the storage domain address is established by initializing the configuration space and the base address register BAR space of the solid state disk, so that the conversion from the PCIE storage domain address to the CPU bus domain is realized, and the corresponding BAR space address can be accessed through the TLP, thereby realizing the read-write operation of the solid state disk.
In addition, in the encryption and decryption process, the storage requirement of the data in the BAR space cannot exceed the size range of the mapped BAR space, otherwise, the correctness of the encrypted and decrypted data is affected, so that the encryption and decryption data transmission method based on the peripheral component interconnect transfer PCIE also solves the technical problems of overlapping of the addresses of the BAR address space ranges and limitation of the space size.
In an exemplary embodiment of the present disclosure, as shown in fig. 4, an encryption and decryption data transmission manner based on PCIE includes a host 603 and an encryption and decryption storage solid state disk 605. However, the exemplary embodiments are not limited thereto.
Referring to fig. 4, a host 603 includes two components including computing processing units CPU 600 and RC (Root Complex) 601. The RC may assist the CPU in issuing and acquiring instructions, process the data flow of the TLP, and also take the related information of the BAR space address 606 and the configuration space Register 607 from the volatile Memory 602.
In general, RC 601 may enumerate PCIE device configuration space to a volatile storage unit through MMIO mapping, and CPU 600 may further obtain a BAR space address required by a solid state hard disk through the mapped PCIE configuration space, where an address space pointed to by the BAR space address is a data space stored by encrypting and decrypting storage solid state hard disk 605.
The main function of RC 601 is to convert the storage domain address space into PCIE domain address space, and at the same time, it is also necessary to convert the access transaction of the CPU into an access transaction that accesses the PCIE bus. The PCIE bus always performs data exchange and transmission in the form of TLPs.
Referring to fig. 4, the type of TLP 604 and the data payload of the TLP are generated by RC 601, and are communicated with a solid state disk 605 having an encryption and decryption storage function through a PCIE link layer.
The host 603 and the encrypted and decrypted storage solid state disk 605 perform end-to-end data transmission through RX and TX of the PCIE physical layer, and the data path consists of 4 signal lines in total of two groups of differential signals. The anti-interference capability of using differential signals RX and TX is stronger because the differential signals are superimposed on both the D+ and D-signals at the same time as the physical wiring and related interference, thereby having less impact on the logic values of the signals.
Referring to fig. 4, the encrypted and decrypted storage solid state disk 605 includes an encryption and decryption module AES module 608, an rsa module 609, and a cryptographic SM1, SM2, SM3, SM4 module 610.
The disclosure further provides a host, as shown in fig. 5, including a processor, an RC, and a memory storing a computer program, where the processor is configured to execute the computer program to initialize a configuration space and a base address register BAR space of a solid state disk, where the RC is configured to establish a mapping relationship between a PCIE bus domain address and a storage domain address according to a method according to any embodiment of the disclosure, and access the solid state disk through a PCIE link layer according to the mapping relationship, so as to implement encryption and decryption of data.
The processor of the above embodiment of the present disclosure may be a general-purpose processor, including a Central Processing Unit (CPU), a network processor (Network Processor, NP for short), a microprocessor, etc., or may be other conventional processors, etc.; the processor may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA), a discrete logic or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or other equivalent integrated or discrete logic circuit, or a combination thereof. That is, the processor of the above-described embodiments may be any processing device or combination of devices that implements the methods, steps, and logic blocks disclosed in embodiments of the invention. If the disclosed embodiments are implemented, in part, in software, the instructions for the software may be stored in a suitable non-volatile computer-readable storage medium and executed in hardware using one or more processors to implement the methods of the disclosed embodiments. The term "processor" as used herein may refer to the above-described structure or any other structure suitable for implementation of the techniques described herein.
An embodiment of the present disclosure further provides a non-transitory computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program, when executed by a processor, can implement the PCIE-based encryption and decryption data transmission method according to any one embodiment of the present disclosure.
In one or more of the exemplary embodiments above, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium, and executed by a hardware-based processing unit. The computer-readable medium may comprise a computer-readable storage medium corresponding to a tangible medium, such as a data storage medium, or a communication medium that facilitates transfer of a computer program from one place to another, such as according to a communication protocol. In this manner, a computer-readable medium may generally correspond to a non-transitory tangible computer-readable storage medium or a communication medium such as a signal or carrier wave. Data storage media may be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for implementing the techniques described in this disclosure. The computer program product may include a computer-readable medium.
By way of example, and not limitation, such computer-readable storage media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, flash memory, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Moreover, any connection may also be termed a computer-readable medium, for example, if the instructions are transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. It should be appreciated, however, that computer-readable storage media and data storage media do not include connection, carrier wave, signal, or other transitory (transient) media, but are instead directed to non-transitory tangible storage media. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, digital Versatile Disc (DVD), floppy disk or blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media. While the embodiments disclosed in the present disclosure are described above, the embodiments are only employed for facilitating understanding of the present disclosure, and are not intended to limit the present disclosure. Any person skilled in the art to which this disclosure pertains will appreciate that numerous modifications and changes in form and details of implementation can be made without departing from the spirit and scope of the disclosure, but the scope of the disclosure is to be determined by the appended claims.

Claims (10)

1. An encryption and decryption data transmission method based on peripheral component interconnect express PCIE is applied to a host, and comprises the following steps:
initializing a configuration space and a Base Address Register (BAR) space of a solid state disk, and establishing a mapping relation between PCIE bus domain addresses and storage domain addresses;
and accessing the solid state disk through a PCIE link layer according to the mapping relation to realize encryption and decryption of data, wherein the solid state disk is a solid state disk with encryption, decryption and storage functions.
2. The method according to claim 1, characterized in that:
the accessing the solid state disk through the PCIE link layer according to the mapping relationship includes:
obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
encapsulating first encrypted data to be decrypted into a transaction layer packet TLP of write data, carrying the first encrypted data and a PCIE bus domain address
Transmitting the TLP to the solid state disk through a PCIE link layer, decrypting the first encrypted data by the solid state disk to obtain first plaintext data, and storing the first plaintext data.
3. The method according to claim 2, characterized in that:
the accessing the solid state disk through the PCIE link layer according to the mapping relationship further includes:
obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
sending a TLP of read data to the solid state disk through a PCIE link layer, wherein the TLP carries the PCIE bus domain address;
receiving a Completion TLP returned by the solid state disk, wherein the Completion TLP carries the first plaintext data;
analyzing the Completion TLP to obtain the first plaintext data.
4. The method according to claim 1, characterized in that:
the accessing the solid state disk through the PCIE link layer according to the mapping relationship further includes:
obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
packaging second plaintext data to be encrypted into a transaction layer packet TLP of write-in data, wherein the transaction layer packet TLP carries the second plaintext data and a PCIE bus domain address;
and transmitting the TLP to the solid state disk through a PCIE link layer, and encrypting the second plaintext data by the solid state disk to obtain second ciphertext data and storing the second ciphertext data.
5. The method according to claim 4, wherein:
the accessing the solid state disk through the PCIE link layer according to the mapping relationship further includes:
obtaining PCIE bus domain addresses for accessing the solid state disk according to the mapping relation;
sending a TLP of read data to the solid state disk through a PCIE link layer, wherein the TLP carries the PCIE bus domain address;
receiving a Completion TLP returned by the solid state disk, wherein the Completion TLP carries the second ciphertext data;
analyzing the Completion TLP to obtain the second ciphertext data.
6. The method according to any one of claims 2-4, wherein:
the obtaining the PCIE bus domain address of the accessing solid state hard disk according to the mapping relationship includes:
acquiring a BAR space address of the read solid state disk through the mapped configuration space of the PCIE;
and acquiring the PCIE bus domain address through the BAR space address according to the mapping relation.
7. The method according to claim 1, characterized in that:
and accessing the solid state disk through the PCIE link layer to realize encryption and decryption of data, wherein the size of the data is smaller than 4KB.
8. The method according to claim 1, characterized in that:
and accessing the solid state disk through the PCIE link layer to realize encryption and decryption of data, wherein a data transmission mode adopted by the access is a single queue load mode.
9. A host computer comprising a processor, an RC and a memory storing a computer program, wherein the processor is configured to execute the computer program to initialize a configuration space and a base address register BAR space of a solid state disk, the RC is configured to establish a mapping relationship between a PCIE bus domain address and a storage domain address according to the method of any one of claims 1 to 8, and access the solid state disk through a PCIE link layer according to the mapping relationship, so as to implement encryption and decryption of data.
10. A non-transitory computer readable storage medium storing a computer program, wherein the computer program, when executed by a processor, is capable of implementing the PCIE-based encryption and decryption data transmission method according to any one of claims 1 to 8.
CN202310120147.3A 2023-02-03 2023-02-03 PCIE-based encryption and decryption data transmission method, host and storage medium Pending CN116155642A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310120147.3A CN116155642A (en) 2023-02-03 2023-02-03 PCIE-based encryption and decryption data transmission method, host and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310120147.3A CN116155642A (en) 2023-02-03 2023-02-03 PCIE-based encryption and decryption data transmission method, host and storage medium

Publications (1)

Publication Number Publication Date
CN116155642A true CN116155642A (en) 2023-05-23

Family

ID=86338677

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310120147.3A Pending CN116155642A (en) 2023-02-03 2023-02-03 PCIE-based encryption and decryption data transmission method, host and storage medium

Country Status (1)

Country Link
CN (1) CN116155642A (en)

Similar Documents

Publication Publication Date Title
EP3614253B1 (en) Data processing method and storage system
EP3706005B1 (en) Secure stream protocol for serial interconnect
US10192062B2 (en) Encryption for XIP and MMIO external memories
EP3783517A1 (en) Integrity and data encryption (ide) over computer buses
US20220197825A1 (en) System, method and apparatus for total storage encryption
US10691838B2 (en) Encryption for XIP and MMIO external memories
KR20210005871A (en) Encryption card, electronic device and encryption service method
EP3678026A1 (en) Data check method, device and network card
US9021169B2 (en) Bus system including ID converter and converting method thereof
US8467534B2 (en) Method and system for secure access and processing of an encryption/decryption key
US20200089645A1 (en) Security techniques for a peripheral component interconnect (pci) express (pcie) system
CN101286358A (en) System and device with error detection/correction process and method outputting data
NL2029742B1 (en) Stream routing and ide enhancements for pcie
KR20170133236A (en) STORAGE SYSTEM, METHOD, AND APPARATUS FOR FAST IO ON PCIe DEVICES
KR20220013898A (en) Systems, methods, and devices for key per input/output security
US8832499B2 (en) Methods and structure for trapping requests directed to hardware registers of an electronic circuit
CN109784104A (en) SATA hard disc crypto module and its working method, system and its working method
US11080409B2 (en) SSD content encryption and authentication
CN116155642A (en) PCIE-based encryption and decryption data transmission method, host and storage medium
CN116610623A (en) Data reading method and device, electronic equipment and storage medium
US20210067348A1 (en) Security descriptor generation
CN114553411B (en) Distributed memory encryption device and distributed memory decryption device
US20160291987A1 (en) Programmable cable and programming method thereof
WO2023040330A1 (en) Data processing method, device, and system
TWI850571B (en) Device, method and computer readable storage device for key per input/output security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination