An integrated circuit device including processing circuitry, communications circuitry configured to provide a communication link with a communication apparatus external to the integrated circuit device, and a memory accessible by the processing circuitry and by the communications circuitry, the memory comprising a memory region to which the processing circuitry has write access and to which the communications circuitry has read access, in which the processing circuitry is configured to write information to the memory region indicative of one or more use conditions of the integrated circuit device, and in which the communications circuitry is configured to access the memory region and to provide the information indicative of the one or more use conditions of the integrated circuit device via the communication link.

In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.

A method for authorizing I/O (input/output) commands in a storage cluster is provided. The method includes generating a token responsive to an authority initiating an I/O command, wherein the token is specific to assignment of the authority and a storage node of the storage cluster. The method includes verifying the I/O command using the token, wherein the token includes a signature confirming validity of the token and wherein the token is revocable.

A computer storage device having a host interface, a controller, non-volatile storage media, and firmware. The firmware instructs the controller to: limit a crypto key to be used in data access requests made in a first namespace allocated on the non-volatile storage media of the computer storage device; store data in the first namespace in an encrypted form that is to be decrypted using the crypto key; free a portion of the non-volatile storage media from the first namespace, the portion storing the data; and make the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.

A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.

A single input/output (I/O) controller for both secure partitionable endpoints (PEs) and non-secure PEs is enabled in a trusted execution environment (TEE) where secure memory portions are isolated from non-secure PEs. Security attributes for certain endpoints indicate secure memory access privilege of owning entities of the certain endpoints. A security monitor has exclusive access to the address translation control tables (TCE) stored in secure memory associated with a secure endpoint. When owning entity reassignment occurs, the endpoints are reinitialized to support a change in ownership from an outgoing owning entity having secure memory access and an incoming owning entity not having secure memory access.

A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

A system is provided to perform secure operations. The system includes an I/O subsystem, a memory subsystem and processors. The processors are operative to execute processes in trusted execution environments (TEEs) and rich execution environments (REEs). Each of the TEEs and the REEs is identified by a corresponding access identifier (AID) and protected by a corresponding system resource protection unit (SRPU). The corresponding SRPU of a TEE includes instructions, when executed by a corresponding processor, cause the corresponding processor to control access to the TEE using a data structure including allowed AIDs and pointers to memory locations accessible by the allowed AIDs.

Described are methods, systems and computer readable media for dynamic updating of query result displays.

Memory access control circuitry controls handling of a memory access request based on at least one memory access control attribute associated with a region of address space including the target address. The memory access control circuitry comprises: lookup circuitry comprising a plurality of sets of comparison circuitry, each set of comparison circuitry to detect, based on at least one address-region-indicating parameter associated with a corresponding region of address space, whether the target address is within the corresponding region of address space; region mismatch prediction circuitry to provide a region mismatch prediction indicative of which of the sets of comparison circuitry is predicted to detect a region mismatch condition; and comparison disabling circuitry to disable at least one of the sets of comparison circuitry that is predicted by the region mismatch prediction circuitry to detect the region mismatch condition for the target address.