A multi-rank memory system in which calibration operations are performed between a memory controller and one rank of memory while data is transferred between the controller and other ranks of memory. A memory controller performs a calibration operation that calibrates parameters pertaining to transmission of data via a first data bus between the memory controller and a memory device in a first rank of memory. While the controller performs the calibration operation, the controller also transfers data with a memory device in a second rank of memory via a second data bus.

An example operation includes one or more of determining a portion of memory in a transport for storing sensitive temporary data, setting a hardware threshold of a maximum number of reads of the data from the portion of memory, and clearing the data from the portion of memory with a hardware-enabled trigger in response to the maximum number of reads is reached.

A method includes receiving, for metadata processing, a current instruction with associated metadata tags. The metadata processing is performed in a metadata processing domain isolated from a code execution domain including the current instruction. Each respective associated metadata tag represents a respective policy of the composite policy. For each respective metadata tag, the method includes determining, in the metadata processing domain and in accordance with the metadata tag and the current instruction, whether a rule exists for the current instruction in a rules cache. The rules cache may include rules on metadata used by the metadata processing to define allowed instructions. The determination of whether a rule exists results in a respective output, which may include generating a new rule and inserting the new rule in the rules cache. Control Status Registers, and associated tags, may be used to accomplish the metadata processing.

Embodiments are directed to memory protection with hidden inline metadata. An embodiment of an apparatus includes processor cores; a computer memory for the storage of data; and cache memory communicatively coupled with one or more of the processor cores, wherein one or more processor cores of the plurality of processor cores are to implant hidden inline metadata in one or more cachelines for the cache memory, the hidden inline metadata being hidden at a linear address level.

Various embodiments may include methods and systems for providing secure in-memory device access of a memory device by a system-on-a-chip (SOC). Various methods may include receiving a configuration message from the SOC for configuring a memory access control of the memory device, and configuring the memory access control based on the configuration message. Various embodiments may include receiving an access request message from the SOC requesting access to a memory base address and a memory access range of a memory cell array of the memory device, wherein the access request message includes a read/write operation. Various embodiments may include comparing the access request message with the configured memory access control to determine whether the access request message is allowable. Various embodiments may further include performing the read/write operation in response to determining that the access request message is allowable.

Provided herein may be a storage device and a method of operating the same. The method of operating a storage device including a replay protected memory block (RPMB) may include receiving a write request for the RPMB from an external host, selectively storing data in the RPMB based on an authentication operation, receiving a read request from the external host, and providing result data to the external host in response to the read request, wherein the read request includes a message indicating that a read command to be subsequently received from the external host is a command related to the result data.

Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with a type of access. For example, when an application with specific memory access needs is initiated, the memory access profile that is designed for that particular access need may be utilized to configure access to the memory device. The configuration may apply to a portion of the memory device, a partition of the memory device, a single access location on the memory device, or any combination thereof.

Apparatus comprises a processor to execute program instructions stored at respective memory addresses, processing of the program instructions being constrained by a prevailing capability defining at least access permissions to a set of one or more memory addresses; the processor comprising: control flow change handling circuitry to perform a control flow change operation, the control flow change operation defining a control flow change target address indicating the address of a program instruction for execution after the control flow change operation; and capability generating circuitry to determine, in dependence on the control flow change target address, an address at which capability access permissions data is stored; the capability generating circuitry being configured to retrieve the capability access permissions data and to generate a capability for use as a next prevailing capability in dependence upon at least the capability access permissions data.

The present disclosure relates to secure storage, in a non-volatile memory, of initial data encrypted using a second data, including selecting a pointer aimed at an initial address of a memory cell of an initial part of the non-volatile memory, and encrypting the pointer using the second data; and-storing the encrypted pointer in the non-volatile memory.