In an embodiment a method for managing access rights of software tasks executed by a processing unit (CPU) using a cache memory containing execution data of the tasks in memory locations, each execution data having an attribute representative of a level of access right of the respective task, includes changing the attributes of the locations of the cache memory when the access rights of at least one task changes and retaining the execution data contained in the locations of the cache memory.

An apparatus includes a cache controller circuit and a cache memory circuit that further includes cache memory having a plurality of cache lines. The cache controller circuit may be configured to receive a request to reallocate a portion of the cache memory circuit that is currently in use. This request may identify an address region corresponding to one or more of the cache lines. The cache controller circuit may be further configured, in response to the request, to convert the one or more cache lines to directly-addressable, random-access memory (RAM) by excluding the one or more cache lines from cache operations.

Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Data of a computer system can be secured from malware. During a Primary Operating System (PrimaryOS) run-time, the system determines if the computer system has been compromised and, if so, a Trusted Operating System (TrustedOS) is launched and assumes control of the hardware resources and the software resources of the computer system. The TrustedOS obtains a cryptographic key that is inaccessible to the PrimaryOS. The TrustedOS uses the cryptographic key to disable writing to a first portion of the storage media that includes the first set of logical block addresses. The PrimaryOS can incrementally back-up files to a second set of logical block addresses on a second portion of the storage media. Control of the hardware resources and the software resources is returned to the PrimaryOS.

The subject application relates to computing an authentication tag for partial transfers scheduled across multiple direct memory access (DMA) engines. Apparatuses, systems, and techniques are described for computing an authentication tag for a data transfer when the data transfer is scheduled as partial transfers across a specified number of direct memory access (DMA) engines. An orchestration circuit stores partial authentication tags, computed by the DMA engines, and corresponding adjustment exponents during one or more rounds in which the partial transfers are scheduled and processed by the specified number of DMA engines. During a last round, a combined authentication tag can be computed based on the partial authentication tags and the corresponding adjustment exponents stored by the orchestration circuit during the rounds.

Methods, systems, and devices associated with techniques for secure writes by non-privileged users are described. A memory device may be configured with one or more blocks of memory operating in a secure write mode. The memory device may receive an append command from a non-privileged user. The append command may indicate data to write to the block of memory at an address determined by the memory device. The memory device may identify a pointer to the address for storing the data within the block of memory. The memory device may write the data to a portion of the block of memory based on identifying the pointer and may update the pointer associated with the block of memory based on writing the data.

An apparatus and method for tagged memory management. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data, at least one instruction to generate a system memory access request having a first address pointer; and address translation circuitry to determine whether to translate the first address pointer with or without metadata processing, wherein if the first address pointer is to be translated with metadata processing, the address translation circuitry to: perform a lookup in a memory metadata table to identify a memory metadata value, determine a pointer metadata value associated with the first address pointer, and compare the memory metadata value with the pointer metadata value, the comparison to generate a validation of the memory access request or a fault condition, wherein if the comparison results in a validation of the memory access request, then accessing a set of one or more address translation tables to translate the first address pointer to a first physical address and to return the first physical address responsive to the memory access request.

A semiconductor device includes first and second CPUs, first and second SPUs for controlling a snoop operation, a controller supporting ASIL D of a functional safety standard and a memory. The controller sets permission of the snoop operation to the first and second SPUs when a software lock-step is not performed. The controller sets prohibition of the snoop operation to the first and second SPUs when the software lock-step is performed. The first CPU executes a first software for the software lock-step, and writes an execution result in a first area for the memory. The second CPU executes a second software for the software lock-step, and writes an execution result in a second area of the memory. The execution result written in the first area is compared with the execution result written in the second area.

A system, method and apparatus to facilitate data exchange via pointers. For example, in a computing system having a first processor and a second processor that is separate and independent from the first processor, the first processor can run a program configured to use a pointer identifying a virtual memory address having an ID of an object and an offset within the object. The first processor can use the virtual memory address to store data at a memory location in the computing system and/or identify a routine at the memory location for execution by the second processor. After the pointer is communicated from the first processor to the second processor, the second processor can access the same memory location identified by the virtual memory address. The second processor may operate on the data stored at the memory location or load the routine from the memory location for execution.

This disclosure is directed to generating a set of data elements for more secure encryption or more resilient decryption associated with generating a target set of conditional data elements. The target set of conditional data elements may fulfill a condition. Public keys associated with an encrypted message may be associated with conditional data elements of the target set of conditional data elements. By performing at least one cycle of decryption associated with the public keys, an encrypted message may be decrypted.