Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with a type of access. For example, when an application with specific memory access needs is initiated, the memory access profile that is designed for that particular access need may be utilized to configure access to the memory device. The configuration may apply to a portion of the memory device, a partition of the memory device, a single access location on the memory device, or any combination thereof.

In one embodiment, one or more control units may store a position tracker associated with a first window of memory blocks and allow a first processing unit to write data within the first window. The control units may receive, from a second processing unit, a request for reading data with a memory-reading address, compare the memory-reading address to a first starting address of the first window, and prevent the second processing unit from reading the data when the memory-reading address is greater than or equal to the first starting address of the first window. The control units may store, when the data writing process is complete, an updated position tracker of a second window of memory blocks and allow the second processing unit to read the data based on a determination that the memory-reading address is less than a second starting address of the second window.

An apparatus and method for efficient process-based compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data; memory management circuitry coupled to the execution circuitry, the memory management circuitry to manage access to a system memory by a plurality of related processes using one or more process-specific translation structures and one or more shared translation structures to be shared by the related processes; and one or more control registers to store a process-specific base address pointer associated with a first process of the plurality of related processes and to store a shared base address pointer to identify the shared translation structures; wherein the memory management circuitry is to use the process-specific base address pointer in combination with a first linear address provided by the first process to walk the process-specific translation structures to identify any permissions and/or physical address associated with the first linear address, wherein if permissions are identified, the memory management circuitry is to use the permissions in place of any permissions specified in the shared translation structures.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.

An apparatus of a computing system, a computer-readable medium, a method and a system. The apparatus comprises processing circuitry including a core, and a communication controller coupled to the core to communicate with a memory of the computing system, wherein the memory is to define a leak zone corresponding to a plurality of memory addresses including data therein, the leak zone having an identifier; and the processing circuitry is to: decode instructions including a starting leak barrier, an ending leak barrier, and a sequence of code between the starting and ending leak barriers, the sequence of code including the identifier for the leak zone, the identifier to indicate the sequence of code is to be executed only on the data within the leak zone; and execute the sequence of code only on the data within the leak zone based on the leak barriers and on the identifier.

Accessing protected data in a flash memory device of a computing device may include determining a location of a block in the flash memory device using dummy bad block indicator information. The block also may have a bad block marker stored in it. Data stored in data portions of pages of the block may then be read.