Delivering data from a secure execution environment to a display controller

We claim: 1. A computer implemented method comprising: establishing a secure path between a secure element and a display in response to a secure output mode request, wherein the secure path includes a display controller; preventing a decryption module of the display controller from being bypassed; and transmitting encrypted data from the secure element to the display via the secure path; wherein establishing the secure path includes: writing a key to a hardware buffer, wherein the hardware buffer is invisible to one or more host applications; writing a key program command to the hardware buffer, wherein the key program command includes an instruction to program the key into a hardware register of the display controller; and issuing an interrupt. 2. The method of claim 1 , wherein preventing the decryption module from being bypassed includes setting a hardware flag in the display controller in response to the secure output mode request, wherein the hardware flag is inaccessible to one or more host applications. 3. The method of claim 2 , wherein the hardware flag instructs decision logic of the display controller to ignore a host application input and force data destined for the display to pass through the decryption module. 4. The method of claim 2 , wherein setting the hardware flag includes: writing a flag set command to a hardware buffer, wherein the hardware buffer is inaccessible to one or more host applications; and issuing an interrupt. 5. The method of claim 4 , wherein issuing the interrupt includes invoking a doorbell generator that issues the interrupt to a system controller unit. 6. The method of claim 1 , wherein issuing the interrupt includes invoking a doorbell generator that issues the interrupt to a system controller unit. 7. The method of claim 1 , wherein establishing the secure path includes writing a key directly from the secure element to the display controller, wherein preventing the decryption module from being bypassed includes directly setting a hardware flag in the display controller in response to the secure output mode request, and wherein the hardware flag is inaccessible to one or more host applications. 8. The method of claim 1 , wherein transmitting the encrypted data from the secure element to the display includes: using a key to convert output data to the encrypted data; writing the encrypted data to a memory store; and instructing a host application to transfer the encrypted data from the memory store to the display via the display controller. 9. The method of claim 1 , further including receiving the secure output mode request via a trusted service application programming interface. 10. A system comprising: a display; a display controller including a decryption module; a secure element including security logic to, establish a secure path between the secure element and the display in response to a secure output mode request, wherein the secure path is to include the display controller, prevent the decryption module from being bypassed, and transmit encrypted data from the secure element to the display via the secure path; and a hardware buffer that is to be inaccessible to one or more host applications, wherein the display controller further includes a hardware register, and wherein the security logic is to, write a key to the hardware buffer, write a key program command to the hardware buffer, wherein the key program command is to include an instruction to program the key into the hardware register, and issue an interrupt. 11. The system of claim 10 , wherein the display controller further includes a hardware flag that is to be inaccessible to one or more host applications, and wherein the security logic is to set the hardware flag in response to the secure output mode request. 12. The system of claim 11 , wherein the display controller further includes a host application input and decision logic, and wherein the hardware flag is to instruct the decision logic to ignore the host application input and force data destined for the display to pass through the decryption module. 13. The system of claim 11 , further including a hardware buffer that is to be inaccessible to one or more host applications, and wherein the security logic is to, write a flag set command to the hardware buffer, and issue an interrupt. 14. The system of claim 13 , further including a system controller unit, wherein the security logic is to invoke a doorbell generator that issues the interrupt to the system control unit. 15. The system of claim 10 , further including a system controller unit, wherein the security logic is to invoke a doorbell generator that issues the interrupt to the system control unit. 16. The system of claim 10 , wherein the display controller further includes a hardware flag that is to be inaccessible to one or more host applications, wherein the security logic is to, write a key directly from the secure element to the display controller, and directly set the hardware flag. 17. The system of claim 10 , further including a memory store, wherein the security logic is to, use a key to convert output data into the encrypted data write the encrypted data to the memory store, and instruct a host application to transfer the encrypted data from the memory store to the display via the display controller. 18. The system of claim 10 , wherein the security logic is to receive the secure output mode request via a trusted service application programming interface. 19. A non-transitory computer readable storage medium comprising a set of instructions, which, if executed by a processor, cause a computer to: establish a secure path between a secure element and a display in response to a secure output mode request, wherein the secure path is to include a display controller; prevent a decryption module of the display controller from being bypassed; and transmit encrypted data from the secure element to the display via the secure path, wherein establishing the secure path includes: writing a key to a hardware buffer, wherein the hardware buffer is to be inaccessible to one or more host applications; writing a key program command to the hardware buffer, wherein the key program command is to include an instruction to program the key into a hardware register of the display controller; and writing an interrupt. 20. The medium of claim 19 , wherein the instructions, if executed, cause a computer to set a hardware flag in the display controller in response to the secure output mode request, wherein the hardware flag is to be inaccessible to one or more host applications. 21. The medium of claim 20 , wherein the hardware flag is to instruct decision logic of the display controller to ignore a host application input and force data destined for the display to pass through the decryption module. 22. The medium of claim 20 , wherein the instructions, if executed, cause a computer to: write a flag set command to a hardware buffer, wherein the hardware buffer is to be inaccessible to one or more host applications; and issue an interrupt. 23. The medium of claim 22 , wherein the instructions, if executed, cause a computer to invoke a doorbell generator that issues the interrupt to a system controller unit. 24. The medium of claim 19 , wherein the instructions, if executed, cause a computer to invoke a doorbell generator that issues the interrupt to a system controller unit.