A processing circuitry having a secure domain and a less secure domain. A control storage location stores a domain transition disable configuration parameter specifying whether domain transitions between the secure domain and the less secure domain are enabled or disabled in at least one mode of the process-ing circuitry. In the at least one mode of the processing circuitry, when the domain transition disable configuration parameter specifies that said domain transitions are disabled in said at least one mode, a disabled domain transition fault is signalled in response to an attempt to transition between domains in either direction. This can help support lazy configuration of resources for the secure domain or less secure domain for a thread expected only to need the other domain.

A control device includes a first controller, a second controller and a storage. The first controller performs safety control for a drive device. The second controller performs standard control for the drive device. The storage is accessible by both the first and second controllers and includes a first storage area and a second storage area. The first storage area stores data involved with the safety control, and the second storage area stores data involved with the standard control. The first controller accesses both the first storage area and the second storage area, and the second controller accesses the second storage area but is restricted from accessing the first storage area.

Methods, systems, and devices for command block management are described. A memory device may receive a command (e.g., from a host device). The memory device may determine whether the command is defined by determining if the command is included within a set of defined commands. In the case that a received command is absent from the set of defined commands (e.g., the command is undefined), the memory device may block the command from being decoded for execution by the memory device. In some cases, the memory device may switch from a first operation mode to a second operation mode based on receiving an undefined command. The second operation mode may restrict an operation of the memory device, while the first mode may be less restrictive, in some cases. Additionally or alternatively, the memory device may indicate the undefined command to another device (e.g., the host device).

Provided is a control method of controlling locking or unlocking of storage using a blockchain. The control method includes: determining, when first request information indicating a lock/unlock request, that is a lock request or an unlock request, is received from a terminal, whether a keyholder identified by reading keyholder information stored in the blockchain matches an owner of the terminal that has transmitted the first request information, the keyholder information indicating a person having the authority to lock or unlock the storage; performing lock/unlock processing when the keyholder is determined to match the owner, the lock/unlock processing being processing for causing the storage to lock or unlock in accordance with the first request information; and performing first storage processing after the lock/unlock processing is performed, the first storage processing being processing of storing, in the blockchain, transaction data indicating that the lock/unlock processing has been performed.

One or more kernel-modifying procedures are stored in a trusted computing base (TCB) when bringing up a guest operating system (OS) on a virtual machine (VM) on a virtualization platform. When the guest OS invokes an OS-level kernel-modifying procedure, a call is made to the hypervisor. If the hypervisor determines the TCB to be valid, the kernel-modifying procedure in the TCB that corresponds to the OS-level kernel-modifying procedure is invoked so that the kernel code can be modified.

An illustrative method includes a data protection system detecting a request provided by a source to perform an operation with respect to a storage system, the request including a logical address that comprises a logical element representative of a storage location within the storage system, determining whether the logical address further comprises an authorization element indicating that the source is authorized to initiate operations with respect to the storage system, and performing, based on the determining whether the logical address includes the authorization element, an action with respect to the operation.

A microcontroller includes a memory, direct memory access (DMA) controllers and a microprocessor. The microprocessor maintains one or more memory protection (MP) configurations to control access to protected memory areas of the microcontroller. In response to a secure service call of an unsecure user-application, the microprocessor executes a state machine which disables interrupt requests, determining whether DMA controller configurations and MP configurations satisfy secure-service criteria. When the secure-service criteria are satisfied, at least one secure operation associated with the secure service call is performed, and memory areas accessed during the execution of the at least one secure operation are cleaned. The interrupt requests are re-enabled and a response to the secure service call is generated.

Generally discussed herein are devices, systems, and methods for software memory tagging that provides buffer overflow protection. A method can include responsive to a memory write operation to write data to a heap of a memory, identifying a first tag value associated with a first address of the memory write operation in the bit map, comparing, for each address after the first address affected by the memory write operation, respective tag values in a bit map of the memory to the identified first tag value, and halting execution of the application if any of the respective tag values do not match the first tag value.

Systems and methods for memory management for virtual machines. An example method may include receiving, by a host computing system, a memory access request initiated by a peripheral component interconnect (PCI) device, wherein the memory access request comprises a memory address and an address translation flag specifying an address space associated with the memory address; and responsive to determining that the address translation flag is set to a first value indicating a host address space, causing a host system input/output memory management unit (IOMMU) to pass-through the memory access request.

A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.