Aspects disclosed in the detailed description include inline cryptographic engine (ICE) for peripheral component interconnect express (PCIe). In this regard, in one aspect, an ICE is provided in a PCIe root complex (RC) in a host system. The PCIe RC is configured to receive at least one transport layer packet (TLP), which includes a TLP prefix, from a storage device. In a non-limiting example, the TLP prefix includes transaction-specific information that may be used by the ICE to provide data encryption and decryption. By providing the ICE in the PCIe RC and receiving the transaction-specific information in the TLP prefix, it is possible to encrypt and decrypt data in the PCIe RC in compliance with established standards, thus ensuring adequate protection during data exchange between the PCIe RC and the storage device.

An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

Methods, systems, and machine readable medium for multi-thread safe system level modeling simulation (SLMS) of a target system on a host system. An example of a SLMS is a SYSTEMC simulation. During the SLMS, SLMS processes are executed in parallel via a plurality of threads. SLMS processes represent functional behaviors of components within the target system, such as functional behaviors of processor cores. Deferred execution may be used to defer execution of operations of SLMS processes that access a shared resource. Multi-thread safe direct memory interface (DMI) access may be used by a SLMS process to access a region of the memory in a multi-thread safe manner. Access to regions of the memory may also be guarded if they are at risk of being in a transient state when being accessed by more than one SLMS process.

A system and method for distributing data over a plurality of remote storage nodes. Data are split into segments and each segment is encoded into a number of codeword chunks. None of the codeword chunks contains any of the segments. Each codeword chunk is packaged with at least one encoding parameter and identifier, and metadata are generated for at least one file and for related segments of the at least one file. The metadata contains information to reconstruct from the segments, and information for reconstructing from corresponding packages. Further, metadata are encoded into package(s), and correspond to a respective security level and a protection against storage node failure. A plurality of packages are assigned to remote storage nodes to optimize workload distribution. Each package is transmitted to at least one respective storage node as a function iteratively accessing and retrieving the packages of metadata and file data.

A Lock register can be associated with a mailbox. The Lock register can store a claim ID of a process that has allocated the mailbox. The Lock register can include a Lock port and a Lock Clear port, used to claim and release the Lock register. The Lock register only permits data to be written to the Lock Register when the Lock register is not currently allocated, and the Lock Clear port only permits the process that has allocated the Lock register to write a value.

Embodiments relate to address probing for a transaction. An aspect includes determining, before starting execution of a transaction, a plurality of addresses that will be used by the transaction during execution. Another aspect includes probing each address of the plurality of addresses to determine whether any of the plurality of addresses has an address conflict. Yet another aspect includes, based on determining that none of the plurality of addresses has an address conflict, starting execution of the transaction.

An apparatus comprises memory access circuitry to perform a tag-guarded memory access in response to a target address, the tag-guarded memory access comprising a guard-tag check of comparing an address tag associated with the target address with a guard tag stored in association with a block of one or more memory locations comprising an addressed location identified by the target address. The memory access circuitry is responsive to a sequence of received target addresses specifying a sequence of addressed locations to perform a non-tag-guarded memory access that does not perform the guard-tag check to a subset of the sequence of addressed locations.

A system and method of processing instructions may comprise an application processing domain (APD) and a metadata processing domain (MTD). The APD may comprise an application processor executing instructions and providing related information to the MTD. The MTD may comprise a tag processing unit (TPU) having a cache of policy-based rules enforced by the MTD. The TPU may determine, based on policies being enforced and metadata tags and operands associated with the instructions, that the instructions are allowed to execute (i.e., are valid). The TPU may write, if the instructions are valid, the metadata tags to a queue. The queue may (i) receive operation output information from the application processing domain, (ii) receive, from the TPU, the metadata tags, (iii) output, responsive to receiving the metadata tags, resulting information indicative of the operation output information and the metadata tags; and (iv) permit the resulting information to be written to memory.

A memory device includes: a memory cell array including a security region configured to store security data; and a security management circuit configured to store a guard key and, responsive to receiving a data operation command for the security region, limit a data operation for the security region by comparing the guard key with an input password that is received by the memory device.

A system is described to provide protection key access control in a system whose operating system and processor were not designed to provide a protection key memory access control mechanism. Such a system can be applied to an emulator or to enable a system that executes native applications to be interoperable with a legacy system that employs protection key memory access control.