Devices and techniques for on-demand programmable atomic kernel loading are described herein. A programmable atomic unit (PAU) of a memory controller can receive an invocation of a programmable atomic operator by the memory controller. The PAU can then perform a verification on a programmable atomic operator partition for the programmable atomic operator. Here, the programmable atomic operator partition is located in a memory of the PAU. The PAU can then signal a trap in response to the verification indicating that the programmable atomic operator partition is not prepared.

The subject application relates to computing an authentication tag for partial transfers scheduled across multiple direct memory access (DMA) engines. Apparatuses, systems, and techniques are described for computing an authentication tag for a data transfer when the data transfer is scheduled as partial transfers across a specified number of direct memory access (DMA) engines. An orchestration circuit stores partial authentication tags, computed by the DMA engines, and corresponding adjustment exponents during one or more rounds in which the partial transfers are scheduled and processed by the specified number of DMA engines. During a last round, a combined authentication tag can be computed based on the partial authentication tags and the corresponding adjustment exponents stored by the orchestration circuit during the rounds.

A memory controller includes a memory interface and a processor. The processor is coupled to the memory interface and controls access operation of a memory device via the memory interface. The processor maintains a predetermined table according to write operation of a first memory block of the memory device and performs data protection in response to the write operation. When performing the data protection, the processor determines whether memory space damage has occurred in the first memory block. When it is determined that memory space damage has occurred in the first memory block, the processor traces back one or more data sources of data written in the first memory block according to the predetermined table to obtain address information of one or more source memory blocks and performs a data recovery operation according to the address information of the one or more source memory blocks.

Apparatuses, systems and methods for routing requests and responses targeting a shared resource. A queue in a communication fabric is located in a path between the requesters and a shared resource. In some embodiments, the shared resource is a shared address translation cache stored in an endpoint. The physical channel between the queue and the shared resource supports multiple virtual channels. The queue assigns at least one entry to each virtual channel of a group of virtual channels where the group includes a virtual channel for each address translation request type from a single requester of the multiple requesters. When the at least one entry for a given requester is de-allocated, the queue allocates this entry only with requests from the assigned virtual channel even if the empty entry is the only available entry of the queue.

In an embodiment, an apparatus includes a memory access controller to be coupled to a memory and a memory management unit (MMU) coupled to the memory access controller. The MMU is to receive a memory transaction comprising an original transaction security attribute from a first device; responsive to the memory transaction comprising a first physical address of the memory, transmit the memory transaction to the memory access controller; and responsive to the memory transaction comprising a virtual address, generate a translated memory transaction comprising a translated physical address of the memory based on the virtual address and a translated transaction security attribute and transmit the translated memory transaction to the memory access controller, the translated physical address and the translated transaction security attribute associated with an operating system (OS) memory region of the memory associated with an OS. Other embodiments are described and claimed.

An embodiment of an integrated circuit comprises circuitry to store memory protection information for a non-host memory in a memory protection cache, and perform one or more memory protection checks on a translated access request for the non-host memory based on the stored memory protection information. Other embodiments are disclosed and claimed.

An example authentication device disclosed herein is to access a message received via a wireless interface from an adapter, the message to indicate that a host device has connected to the adapter, the host device different from the authentication device. The disclosed example authentication device is also to determine whether to allow the host device to access a storage device. The disclosed example authentication device is further to transmit authentication data to the adapter via the wireless interface, the authentication data to specify whether the host device is allowed to access the storage device.

An example method for restricting read access to content in the component circuitry and securing data in the supply item is disclosed. The method identifies the status of a read command, and depending upon whether the status disabled or enabled, either blocks the accessing of encrypted data stored in the supply chip, or allows the accessing of the encrypted data stored in the supply chip.

An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.

Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.