Abstract: A soft post package repair (sPPR) request is detected. Data stored in a target row of a memory array associated with the sPPR request is written to a buffer. Execution of non-maintenance requests on the target row is suspended. Responsive to suspension of execution of non-maintenance requests on the target row, the sPPR request is executed on the target row. Subsequent to completion of the sPPR request, execution of non-maintenance requests on the target row is resumed and the data stored in the buffer is written to the repaired target row.

Abstract: In some implementations, a system includes a set of servers configured to establish a set of virtual machines to provide a computing environment; a set of compute express link (CXL) interface components configured to communicate with the set of servers via a set of CXL interconnects; and a controller configured to at least one of: encrypt protocol data against a CXL interposer security threat associated with the set of CXL interconnects or a malicious extension security threat, provide a secure handshake verification of an identity of the set of CXL interface components, enforce a chain of trust rooted in hardware of the set of CXL interface components; restrict access to an area of memory of the set of CXL interface components that stores security data for verified or secured processes; or perform a security check and set up a set of security features of the set of CXL interface components.

Abstract: Implementations described herein relate to a device identifier composition engine (DICE) 3-layer architecture. In some implementations, a device may include a secure computing environment including a hardware root of trust (HRoT) DICE component. The secure computing environment may include a DICE layer 0 component configured to derive a DICE identity key. The secure computing environment may include a DICE layer 1 component configured to derive a DICE alias key based on the DICE identity key. The secure computing environment may include a controller configured to receive an update to firmware of a component. The controller may be configured to update the firmware of the component based on receiving the update. The controller may be configured to update one or more keys of the component or one or more keys of one or more components above the component in a layer stack.

Abstract: Systems, methods, and apparatus for memory device security and row hammer mitigation are described. A control mechanism may be implemented in a front-end and/or a back-end of a memory sub-system to refresh rows of the memory. A row activation command having a row address at control circuitry of a memory sub-system and incrementing a first count of a row counter corresponding to the row address stored in a content addressable memory (CAM) of the memory sub-system may be received. Control circuitry may determine whether the first count is greater than a row hammer threshold (RHT) minus a second count of a CAM decrease counter (CDC); the second count may be incremented each time the CAM is full. A refresh command to the row address may be issued when a determination is made that the first count is greater than the RHT minus the second count.

Abstract: Methods, systems, and devices related to field firmware update (FFU). A first memory of a memory module may receive an encrypted segment of a FW package associated with FFU. A decrypted segment of the FW package may be stored by the first memory. A re-encrypted segment of the FW package may be stored by the first memory. The re-encrypted segment of the FW package may be communicated to a second memory of the memory module.

Abstract: The present disclosure includes apparatuses and methods related to a hybrid memory system interface. An example computing system includes a processing resource and a storage system coupled to the processing resource via a hybrid interface. The hybrid interface can provide an input/output (I/O) access path to the storage system that supports both block level storage I/O access requests and sub-block level storage I/O access requests.

Abstract: Methods, systems, and devices for detecting page fault traffic are described. A memory device may execute a self-learning algorithm to determine a priority size for read requests, such as a maximum readahead window size or other size related to page faults in a memory system. The memory device may determine the priority size based at least in part on by tracking how many read requests are received for different sizes of sets of data. Once the priority size is determined, the memory device may detect subsequent read requests for sets of data having the priority size, and the memory device may prioritize or other optimize the execution of such read requests.

Abstract: Methods, systems, and devices for techniques for managing offline identity upgrades are described. A memory system may receive a command to update a device identifier for a device identifier composition engine (DICE) associated with the memory system. The memory system may generate an updated device identifier, at a first software layer of a set of software layers of the DICE, based on receiving the command. The memory system may decrypt a device specific key (DSK) stored at a read-only memory device of the memory system based on the received command, and sign the updated device identifier using the DSK based on decrypting the DSK. The memory system may execute one or more operations associated with the first software layer of the set of software layers of the DICE based on the signed updated device identifier.

Abstract: A device includes a memory. The device also includes a controller. The controller includes a register configured to store an indication of whether an ability of a received command to alter an access protection scheme of the memory is enabled. The received command may alter the access an access protection scheme of the memory responsive to the indication.

Abstract: The present disclosure relates to apparatuses and methods for memory management. The disclosure further relates to an interface protocol for flash memory devices including at least a memory array and a memory controller coupled to the memory array. A host device is coupled to the memory device through a communication channel and a hardware and/or software full encryption-decryption scheme is adopted in the communication channel for data, addresses and commands exchanged between the host device and the memory array.

Abstract: An apparatus can include a number of memory devices and a memory controller coupled to one or more of the number of memory devices. The memory controller can include a row hammer detector. The memory controller can be configured increment for a first time period a row counter in a first data structure and a refresh counter. The memory controller can be configured to increment for a second time period a row counter in a second data structure and the refresh counter. The memory controller can be configured to determine that a value of the refresh counter exceeds a refresh threshold and responsive to the determination that the value of the refresh counter exceeds the refresh threshold, issue a notification.

Abstract: A controller can be configured to enable a host to control media testing on a memory device. The interface between the host and the memory can be abstract, such that the host does not have direct control over the memory. Instead, the controller can provide translation between a host protocol, such as compute express link (CXL), and a memory protocol, such as a protocol to control a dual data rate (DDR) interface. The controller can enable media test capability discovery, configuration, and/or control for the host. The controller can enable media test result reporting from the memory to the host.

Abstract: An electronic device can be configured to enable a host to indirectly control testing associated with the electronic device. The interface between the host and the electronic device can be abstract, such that the host does not have direct control over the electronic device. Examples of the electronic device include a memory device and a power management integrated circuit. The electronic device can allow the host to discover a quantity of tests supported by the electronic device and corresponding test descriptors. The electronic device can interact with the host to configure tests and/or reporting of test results.

Abstract: Systems and methods for finite time counting period counting of infinite data streams is presented. In particular example systems and methods enable counting row accesses to a memory media device over predetermined time intervals in order to deterministically detect row hammer attacks on the memory media device. Example embodiments use two identical tables that are reset at times offset in relation to each other in a ping-pong manner in order to ensure that there exists no false negative detections. The counting techniques described in this disclosure can be used in various types of row hammer mitigation techniques and can be implemented in content addressable memory or another type of memory. The mitigation may be implemented on a per-bank basis, per-channel basis or per-memory media device basis. The memory media device may be a dynamic random access memory type device.

Abstract: Disclosed in some examples are methods, systems, and devices for authenticating a firmware object on a device and in some examples to safeguard the attestation process from the execution of malicious firmware. In some examples, a firmware update process may, in addition to updating the firmware on the device, write a hash of the authentic firmware code in a secure storage device (e.g., a register). This may be done in some examples in a protected environment (e.g., a trusted execution environment or a protected firmware update process). Upon first boot after the update, a firmware update checker compares the firmware object that is booted with the value of the secure storage device. If the values match, the alias certificate may be regenerated, and the boot continues. If the values do not match, then the alias certificate may not be regenerated, and the system may have an authenticity failure because the key and the certificate do not match.

Abstract: A processing device of a memory sub-system can monitor a plurality of received commands to identify a forced unit access command. The processing device can identify a metadata area of the memory device based on the forced unit access command. The processing device can also perform an action responsive to identifying a subsequent forced unit access command to the metadata area.

Abstract: The present disclosure includes apparatuses and methods for providing energy information to memory. An embodiment includes determining, by a host, that a charge level of an energy source coupled to the host has reached or exceeded a threshold value, and transmitting, from the host to a memory device coupled to the host, signaling indicative of an energy mode for the memory device, wherein the signaling is transmitted based at least in part on determining that the charge level of the energy source has reached or exceeded the threshold.

Abstract: Systems and methods for area-efficient mitigation of errors that are caused by row hammer attacks and the like in a memory media device are described. The counters for counting row accesses are maintained in a content addressable memory (CAM) the provides fast access times. The detection of errors is deterministically performed while maintaining a number of row access counters that is smaller than the total number of rows protected in the memory media device. The circuitry for the detection and mitigation may be in the memory media device or in a memory controller to which the memory media device attaches. The memory media device may be dynamic random access memory (DRAM).

Abstract: An energy-efficient and area-efficient, mitigation of errors in a memory media device that are caused by row hammer attacks and the like is described. The detection of errors is deterministically performed while maintaining, in an SRAM, a number of row access counters that is smaller than the total number of rows protected in the memory media device. The reduction of the number of required counters is achieved by aliasing a plurality of rows that are being protected to each counter. The mitigation may be implemented on a per-bank basis, per-channel basis or per-memory media device basis. The memory media device may be DRAM.

Abstract: There are provided methods and systems for correcting an error from a memory. For example, there is provided a system for mitigating an error in a memory. The system can include a memory controller communicatively coupled to a host. The memory controller may be configured to receive information associated with a memory location. The information can indicate the error at the memory location. The controller may be configured to perform, upon receiving the information, certain operations. The operations can include copying data around the memory location, placing the copied data in a reserved area. And the operations can further include outputting, to a central controller, a set of physical addresses associated with the reserved area, wherein the central controller is configured to modify the set of physical address to conduct a data recovery off-line.