Memory redirect primitive for a secure graphics processing unit

Abstract

In one embodiment of the present invention, a GPU contains an authentication module at the front end, and a memory security engine and graphic memory interface at the backend. In one embodiment of the present invention, the memory security engine provides a privilege table. The programmable privilege table maps memory address ranges, and user IDs to privileges for accessing the memory address ranges. In one embodiment of the present invention, the memory security engine receives a memory access command along with an associated authenticated user ID. In one embodiment of the present invention, the memory security engine checks the authenticated user ID and address range against the privilege table. In one embodiment of the present invention, if the table indicates that the user has authorization for the particular read or write transaction to the graphic memory, the instruction is executed by the graphic memory interface. If the accessed address is not in the table, no special privileges are needed to access that address. If the table indicates that the user does not have authorization for the particular read or write transaction, the memory security engine provides a memory redirect.