1. 5

  2. 2

    The first couple paragraphs are pretty much just “new, shiny technology press release” material, but scroll down a little further to “Error Model with PAM4 Signaling” and start reading from there. The latter half of the article is a really nice write up about the forward error correction & error detection required to make the new higher bandwidth, higher error rate signalling (PAM4) usable without too much latency.

    1. 2

      It’s a shame it focuses only on the performance bits of PCIe. There’s also been a load of interesting security-related stuff. With currently deployed PCIe, everything is unencrypted over the bus and endpoints are identified by a number. A malicious endpoint can impersonate another by simply writing a different endpoint’s ID in its packet headers. This ID is the key used to identify IOMMU permissions, so if you’ve permitted the disk controller (for example) to DMA to / from some memory then any malicious device can do so.

      With the newer standards (I forget the current name, because they change it every few months), each device can have a key pair that uniquely identifies it and allows the host to validate that it’s really talking to a device from a specific manufacturer (and a specific kind of device, if the manufacturer doesn’t lie about that). This can then be used to establish an end-to-end encrypted channel with the device so that an attacker snooping on the bus can’t see messages and no other entity can fake messages from that device. The device also gets an attestation from the CPU and so can clear state when connected to a different instance (including the same machine after a soft reset, preventing cold-boot attacks) and identify which VM it’s talking to (and so prevent information leak between two VMs via the device). This will let you do direct device assignment to confidential VMs without requiring bounce buffering and also makes it possible to do things like integrity-protected DRAM over CXL without needing to maintain Merkel trees (offload the crypto to the RAM device and ensure that the keys are regenerated each time a new host is connected).