A system includes a memory-mapped register (MMR) associated with a claim logic circuit, a claim field for the MMR, a first firewall for a first address region, and a second firewall for a second address region. The MMR is associated with an address in the first address region and an address in the second address region. The first firewall is configured to pass a first write request for an address in the first address region to the claim logic circuit associated with the MMR. The claim logic circuit associated with the MMR is configured to grant or deny the first write request based on the claim field for the MMR. Further, the second firewall is configured to receive a second write request for an address in the second address region and grant or deny the second write request based on a permission level associated with the second write request.

A system includes a memory-mapped register (MMR) associated with a claim logic circuit, a claim field for the MMR, a first firewall for a first address region, and a second firewall for a second address region. The MMR is associated with an address in the first address region and an address in the second address region. The first firewall is configured to pass a first write request for an address in the first address region to the claim logic circuit associated with the MMR. The claim logic circuit associated with the MMR is configured to grant or deny the first write request based on the claim field for the MMR. Further, the second firewall is configured to receive a second write request for an address in the second address region and grant or deny the second write request based on a permission level associated with the second write request.

A processing device sets a first flag that indicates whether a first critical security parameter (CSP) file exists. The first CSP file includes a first set of CSPs for a memory device. The processing device sets a second flag that indicates whether the first CSP file is valid. The processing device sets a third flag that indicates whether a second CSP file exists. The second CSP file includes a second set of CSPs for the memory device. The processing device sets a fourth flag that indicates whether the second critical security parameter file is valid. The processing device selects one of the first or second CSP file as an active CSP file based on an evaluation of the first, second, third, and fourth flags.

A processing device sets a first flag that indicates whether a first critical security parameter (CSP) file exists. The first CSP file includes a first set of CSPs for a memory device. The processing device sets a second flag that indicates whether the first CSP file is valid. The processing device sets a third flag that indicates whether a second CSP file exists. The second CSP file includes a second set of CSPs for the memory device. The processing device sets a fourth flag that indicates whether the second critical security parameter file is valid. The processing device selects one of the first or second CSP file as an active CSP file based on an evaluation of the first, second, third, and fourth flags.

An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.

An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.

An access request is received. The access request comprises a physical page address corresponding to a primary memory block of a memory device, an input security key, and a logical page address corresponding to the physical page address. The input security key is provided as input to a (CAM) block that stores a plurality of security keys to verify that the input security key matches a stored security key. A location of the stored security key is checked to verify that it corresponds to the logical page address included in the access request based a predetermined mapping. Based on verifying that the stored security key corresponds to the logical page address included in the access request, the physical page address corresponding to the primary memory block is accessed.

Devices, systems and methods for improving reliability and security of a memory system are described. An example method includes receiving a seed value and a data stream, generating, based on the seed and using a physical unclonable function (PUF) generator, a PUF data pattern, generating, based on the seed, a pseudo-random data pattern, performing a first logic operation on the PUF data pattern and the data stream to generate a result of the first logic operation as a first data sequence, and performing a second logic operation on the pseudo-random data pattern and a second data sequence that is based on the first data sequence to generate a result of the second logic operation as a third data sequence for storage on the memory system, wherein the PUF generator is selected at least in-part based on one or more physical characteristics of the memory system.

Devices, systems and methods for improving reliability and security of a memory system are described. An example method includes receiving a seed value and a data stream, generating, based on the seed and using a physical unclonable function (PUF) generator, a PUF data pattern, generating, based on the seed, a pseudo-random data pattern, performing a first logic operation on the PUF data pattern and the data stream to generate a result of the first logic operation as a first data sequence, and performing a second logic operation on the pseudo-random data pattern and a second data sequence that is based on the first data sequence to generate a result of the second logic operation as a third data sequence for storage on the memory system, wherein the PUF generator is selected at least in-part based on one or more physical characteristics of the memory system.

A method of encrypting data in a nonvolatile memory device (NVM) includes; programming data in selected memory cells, sensing the selected memory cells at a first time during a develop period to provide random data, sensing the selected memory cells at a second time during the develop period to provide main data, encrypting the main data using the random data to generate encrypted main data, and outputting the encrypted main data to an external circuit, wherein the randomness of the random data is based on a threshold voltage distribution of the selected memory cells.