Aspects disclosed in the detailed description include configuring a configurable combined private and shared cache in a processor. Related processor-based systems and methods are also disclosed. A combined private and shared cache structure is configurable to select a private cache portion and a shared cache portion.

An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes executable instructions for when a custom BMC firmware stack is executed on the BMC, monitoring a parameter of one or more of the hardware devices of the IHS. The instructions that monitor the parameter are separate and distinct from the instructions of the custom BMC firmware stack. The instructions also controls the BMC to perform one or more operations to remediate an excessive parameter when the parameter exceeds a specified threshold.

To provide a memory protection circuit and a memory protection method suitable for quick data transfer between a plurality of virtual machines via a common memory, according to an embodiment, a memory protection circuit includes a first ID storing register that stores therein an ID of any of a plurality of virtual machines managed by a hypervisor, an access determination circuit that permits the virtual machine having the ID stored in the first ID storing register to access a memory, a second ID storing register that stores therein an ID of any of the virtual machines, and an ID update control circuit that permits the virtual machine having the ID stored in the second ID storing register to rewrite the ID stored in the first ID storing register.

Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table.

According to a first aspect, execution logic is configured to perform a linear capability transfer operation which transfers a physical capability from a partition of a first software modules to a partition of a second of software module without retaining it in the partition of the first. According to a second, alternative or additional aspect, the execution logic is configured to perform a sharding operation whereby a physical capability is divided into at least two instances, which may later be combined.

Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes executable instructions for when a custom BMC firmware stack is executed on the BMC, monitoring a parameter of one or more of the hardware devices of the IHS. The instructions that monitor the parameter are separate and distinct from the instructions of the custom BMC firmware stack. The instructions also controls the BMC to perform one or more operations to remediate an excessive parameter when the parameter exceeds a specified threshold.

Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.

Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.

Provided is a control method of controlling locking or unlocking of storage using a blockchain. The control method includes: determining, when first request information indicating a lock/unlock request, that is a lock request or an unlock request, is received from a terminal, whether a keyholder identified by reading keyholder information stored in the blockchain matches an owner of the terminal that has transmitted the first request information, the keyholder information indicating a person having the authority to lock or unlock the storage; performing lock/unlock processing when the keyholder is determined to match the owner, the lock/unlock processing being processing for causing the storage to lock or unlock in accordance with the first request information; and performing first storage processing after the lock/unlock processing is performed, the first storage processing being processing of storing, in the blockchain, transaction data indicating that the lock/unlock processing has been performed.