Various embodiments may include methods and systems for providing secure in-memory device access of a memory device by a system-on-a-chip (SOC). Various methods may include receiving a configuration message from the SOC for configuring a memory access control of the memory device, and configuring the memory access control based on the configuration message. Various embodiments may include receiving an access request message from the SOC requesting access to a memory base address and a memory access range of a memory cell array of the memory device, wherein the access request message includes a read/write operation. Various embodiments may include comparing the access request message with the configured memory access control to determine whether the access request message is allowable. Various embodiments may further include performing the read/write operation in response to determining that the access request message is allowable.

A method includes receiving a command, from a host, to an address of a memory device, the command comprising a different address. The method also includes determining based on the address whether to perform a hash operation and, responsive to determining to perform the hash operation, accessing data stored in memory cells having the different address. The method further includes performing the hash operation using the data to generate a signature for the data and providing the host access to the signature to determine whether the data is duplicate data.

A method includes receiving a command, from a host, to an address of a memory device, the command comprising a different address. The method also includes determining based on the address whether to perform a hash operation and, responsive to determining to perform the hash operation, accessing data stored in memory cells having the different address. The method further includes performing the hash operation using the data to generate a signature for the data and providing the host access to the signature to determine whether the data is duplicate data.

Various embodiments relate to an inline encryption engine in a memory controller configured to process data read from a memory, including: a first data pipeline configured to receive data that is plaintext data and a first validity flag; a second data pipeline having the same length as the first data pipeline configured to: receive data that is encrypted data and a second validity flag; decrypt the encrypted data from the memory and output decrypted plaintext data; an output multiplexer configured to select and output data from either the first pipeline or the second pipeline; and control logic configured to control the output multiplexer, wherein the control logic is configured to output valid data from the first pipeline when the second pipeline does not have valid output decrypted plaintext data available.

The present application discloses a method and a system for transmitting data. A method embodiment comprises: acquiring a most recent shared memory block index of a shared memory segment by a data receiver, the shared memory segment being used by a data transmitter and the data receiver to transmit data; deciding whether the most recent shared memory block index is consistent with a shared memory block index corresponding to data recently read by the data receiver; and determining, according to the decision, whether to read the data in the shared memory block corresponding to the most recent shared memory block index. According to the present application, when the frequency at which the data receiving process processes data is lower than the frequency at which the data transmitting process processes data, the data receiving process directly reads the most recent data and abandons the outdated data which is not processed in time, without influencing other data receiving processes that process data in a higher frequency. Accordingly, the extremely high demand for instantaneity for processing data by a process in the control system of an autonomous vehicle, for example, is satisfied. Therefore, the security and stability of the system are improved.

Encryption of a BIOS using a programmable logic device (PLD) is described. A PLD may include a static random-access memory area including programmable logic in a Lookup Table to receive a request to authenticate a basic input/output system (BIOS) executing on a processor coupled to the PLD. The PLD may calculate a hash value of a message associated with the BIOS using a Secure Hash Algorithm (SHA). The PLD may also include a random-access memory area including a first embedded random access memory block (EBR) to store a first portion of a 256-bit message digest associated with the message, a fifth portion of the 256-bit message digest, and second, third, fourth, sixth, seventh, and eighth EBRs to store second, third, fourth, sixth, seventh, and eighth portions of the 256-bit message digest, respectively.

System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.

A system, method, and apparatus for operating system integrated application isolation. A snapshot manager creates a snapshot table including one or more pointers to a file system storage. Then an application is installed on an operating system and mapped to a snapshot table. The snapshot manager receives a request by the application to access a memory block. The snapshot manager determines whether the application has permission to access the memory block. Responsive to a determination that the application has permission to access the memory block, the snapshot manager permits access to the memory block.

Address translation circuitry translates a target virtual address (VA) specified by a memory access request into a target physical address (PA) associated with a selected physical address space (PAS) selected from among a plurality of PASs. A granule protection data block is loaded from memory comprising at least one granule protection entry (GPE), each GPE corresponding to a respective granule of PAs and specifying granule protection information (GPI) indicating which of the PASs is an allowed PAS. Filtering circuitry determines whether the memory access request should be allowed to access the target PA, based on whether the selected PAS is indicated as an allowed PAS by the GPI in a target granule protection entry (GPE). Integrity checking circuitry performs a data integrity check on the granule protection data block loaded from memory, and signals a fault when the data integrity check fails.

A method for performing access management of a memory device with aid of a Universal Asynchronous Receiver-Transmitter (UART) connection and associated apparatus are provided. The method may include: utilizing a UART of a memory controller within the memory device to receive a set of intermediate commands corresponding to a set of operating commands through the UART connection between the memory device and a host device, wherein before sending the set of intermediate commands to the controller through the UART connection, the host device converts the set of operating commands into the set of intermediate commands; converting the set of intermediate commands into the set of operating commands according to a command mapping table; and accessing a non-volatile (NV) memory within the memory device with the set of operating commands for the host device, and sending a response to the host device through the UART connection.