A method for use in a computing system, comprising: storing, in a random-access memory, a working copy of a data item, the working copy of the data item being stored in the random-access memory by a first processor; registering, with a second processor, a respective address in the random-access memory where the working copy of the data item is stored; and correcting, by the second processor, any modifications to the working copy of the data item that are made after the working copy of the data item is stored in the random-access memory, the modifications being corrected in parallel with the first processor executing software based on the working copy of the data item.

Techniques performed by a data processing system for caching data herein include initializing a single instance of a persisted cache service on the data processing system, receiving data requests from a plurality of single page applications (SPAs) on the data processing system, processing the data requests using the persisted cache service to obtain requested data from a cache implemented on the data processing system or from one or more remote data sources via a network connection, and providing the requested data obtained from the cache or the one or more remote data sources to an SPA of the plurality of SPAs from which each data request originated.

A method includes receiving a command, from a host, to an address of a memory device, the command comprising a different address. The method also includes determining based on the address whether to perform a hash operation and, responsive to determining to perform the hash operation, accessing data stored in memory cells having the different address. The method further includes performing the hash operation using the data to generate a signature for the data and providing the host access to the signature to determine whether the data is duplicate data.

An embodiment is directed to a hardware circuit for encrypting and/or decrypting data transmitted between a processor and a memory. The circuit is situated between the processor and memory. The circuit includes a first interface communicatively coupled to the processor via a set of buses. The circuit also includes a second interface communicatively coupled to the memory. The circuit further includes hardware logic capable of executing an encryption operation on data transmitted between the processor and memory, without adding latency to data transmission speed between the processor and the memory. The hardware logic is configured to encrypt data received at the first interface from the processor, and transmit the encrypted data to the memory via the second interface. The hardware logic is also configured to decrypt data received at the second interface from the memory, and transmit the decrypted data to the processor via the first interface.

As part of a compute instance migration, a compute instance which was executing at a first server begins execution at a second server before at least some state information of the compute instance has reached the second server. In response to a determination that a particular page of state information is not present at the second server, a migration manager running at one or more offload cards of the second server causes the particular page to be transferred to the second server via a network channel set up between the offload cards of both servers, and stores the page into main memory of the second server.

Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

An integrated circuit includes a safety processor and a secure computing module including a secure processor, first and second cryptographic units for encrypting and decrypting data, and first and second data transfer units for transferring data between a memory and the first and second cryptographic units respectively. The first cryptographic unit and the first data transfer unit provide a first cryptographic data handling system and the second cryptographic unit and the second data transfer unit provide a second cryptographic data handling system. The secure computing module includes selector circuitry for selectively coupling and uncoupling the first and second cryptographic units in response to control signals from a switch. In a first mode, the first and second cryptographic data handling systems are uncoupled and operable independently of each other. In a second mode, the first and second cryptographic data handling system are coupled and operable together to provide hardware redundancy.

A microprocessor includes a cryptographic engine, M buffer units, and a controller. The cryptographic engine is configured to execute cryptographic algorithms. The M buffer units are configured to cache data required by an access request of a corresponding execution environment. M is an integer greater than or equal to 1. The controller is connected to the cryptographic engine and the M buffer units. The controller is configured to receive the access request from a first execution environment and instruct the cryptographic engine to execute the cryptographic algorithm requested by the access request using the required data cached by the buffer unit corresponding to the first execution environment from which the access request comes. The access request is used to access the cryptographic engine to execute a cryptographic algorithm. The first execution environment is one execution environment among N execution environments. N is an integer greater than or equal to 1.

The present disclosure relates to secure storage, in a non-volatile memory, of initial data encrypted using a second data, including selecting a pointer aimed at an initial address of a memory cell of an initial part of the non-volatile memory, and encrypting the pointer using the second data; and-storing the encrypted pointer in the non-volatile memory.

The disclosed computer-implemented method may include (1) receiving, from an external host processor via a cache-coherent interconnect, a request to access a host address of a coherent memory space of the external host processor, (2) when the request is to read data from the host address, (a) performing an in-line transformation on the data to generate second data and (b) writing the second data to the physical address of the device-attached physical memory mapped to the host address, and (3) when the request is to read data from the host address, (a) reading the data from the physical address of the device-attached physical memory mapped to the host address, (b) performing a reversing in-line transformation on the data to generate second data, and (c) returning the second data to the external host processor via the cache-coherent interconnect. Various other methods, systems, and computer-readable media are also disclosed.