Methods and apparatus of Exclusive OR (XOR) engine in a random access memory device to accelerate cryptographical operations in processors. For example, an integrated circuit memory device enclosed within a single integrated circuit package can include an XOR engine that is coupled with memory units in the random access memory device (e.g., having dynamic random access memory (DRAM) or non-volatile random access memory (NVRAM)). A processor (e.g., System-on-Chip (SoC) or Central Processing Unit (CPU)) can have encryption logic that performs cryptographical operations using XOR operations that are performed by the XOR engine in the random access memory device using the data in the random access memory device.

The disclosed technology relates to a mobile terminal adapted to receive a memory card comprising a processing unit, an input interface and a card locking actuator configured to lock the memory card into the mobile terminal. The card locking actuator is controlled by the processing unit. In one aspect, the card locking actuator is configured to be locked when the mobile terminal is switched on. In another aspect, the processing unit is configured to lock the screen until a screen unlocking authentication procedure is performed by a user at the input interface and is configured to command unlocking of the card locking actuator after detecting that a predetermined authentication procedure is performed by a user at the input interface.

A system is provided to perform secure operations. The system includes an I/O subsystem, a memory subsystem and processors. The processors are operative to execute processes in trusted execution environments (TEEs) and rich execution environments (REEs). Each of the TEEs and the REEs is identified by a corresponding access identifier (AID) and protected by a corresponding system resource protection unit (SRPU). The corresponding SRPU of a TEE includes instructions, when executed by a corresponding processor, cause the corresponding processor to control access to the TEE using a data structure including allowed AIDs and pointers to memory locations accessible by the allowed AIDs.

A system is provided to perform secure operations. The system includes an I/O subsystem, a memory subsystem and processors. The processors are operative to execute processes in trusted execution environments (TEEs) and rich execution environments (REEs). Each of the TEEs and the REEs is identified by a corresponding access identifier (AID) and protected by a corresponding system resource protection unit (SRPU). The corresponding SRPU of a TEE includes instructions, when executed by a corresponding processor, cause the corresponding processor to control access to the TEE using a data structure including allowed AIDs and pointers to memory locations accessible by the allowed AIDs.

Methods, systems, and apparatuses for unlocking a persistent region in memory are disclosed. An information handling apparatus includes a controller, a memory coupled to the controller, the memory having a persistent region that can either be locked or unlocked, and a firmware configured to determine whether the persistent region of the memory is locked, obtain a stored passphrase from a storage device if the persistent region is locked, and use the passphrase to unlock the persistent region of the memory.

Methods, systems, and apparatuses for unlocking a persistent region in memory are disclosed. An information handling apparatus includes a controller, a memory coupled to the controller, the memory having a persistent region that can either be locked or unlocked, and a firmware configured to determine whether the persistent region of the memory is locked, obtain a stored passphrase from a storage device if the persistent region is locked, and use the passphrase to unlock the persistent region of the memory.

An Information Handling System (IHS) includes at least one hardware device in communication with a Baseboard Management Controller (BMC). The hardware device includes executable instructions for establishing a secure communication channel with the BMC, and subsequently receiving a list of allowed commands from the BMC. When a command is received by the hardware device, it determines whether the command is included in the list such that when the command is in the list and the command is received within the secure communication channel, the hardware device performs the command. However, when the command is in the list and the command is received outside of the secure communication channel, the hardware device ignores the command.

Methods, computer readable media, and devices for identifying and preventing invalid memory access. A method may include defining a dynamic scope for an operation, receiving a request to allocate a portion of the range of shared memory, allocating a monotonically increasing portion of the range of shared memory such that a subsequent request to allocate memory is allocated a different portion of the range of shared memory, receiving a request to deallocate the allocated portion of the range of shared memory, deallocating the allocated portion of the range of shared memory by protecting the deallocated portion of the range of shared memory from any subsequent access, and in response to an access of the protected deallocated portion of the range of shared memory by one of the one or more threads or processes of the operation, trapping and terminating the one thread or process.

Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.