Abstract: Protection for a secure boot procedure can be provided in addition to cryptographic verification of boot firmware associated with the boot procedure. While the boot firmware is being verified and executed at a secure sub-system, an open sub-system can be put into a halt state, during which the open sub-system is prevented from performing the boot procedure. The open sub-system is still prevented from performing the boot procedure even if the boot firmware is verified and/or executed unless the open sub-system is put into the resume state again.

Abstract: Protection for a secure boot procedure can be provided in addition to cryptographic verification of boot firmware associated with the boot procedure. While the boot firmware is being verified, an open sub-system can be placed into a halt state, during which the open sub-system is prevented from performing the boot procedure. The open sub-system can be subsequently placed into a resume state to further perform the boot procedure when the boot firmware is verified. The open sub-system is still prevented from performing the boot procedure even if the boot firmware is verified unless the open sub-system is placed into the resume state again.

Abstract: Methods, systems, and devices for managed memory systems with multiple priority queues are described. Memory access commands may be received from a host and stored in a command queue. First and second subsets of the commands, respectively associated with first and second priorities, may be determined. The first and second subsets may be routed from the command queue to first and second queues, respectively. The first and second subsets may be processed from the first and second queues to third and fourth queues, respectively, at a storage controller, according to first and second processes that may be run concurrently according to parameters for prioritization between the first and second priorities. Data associated with the commands may be received from the host, temporarily stored in a buffer, then moved to a storage memory (for write commands) or retrieved from the storage memory, temporarily stored in the buffer, then transmitted to the host (for read commands).

Abstract: A method can include detecting, by a glitch detector coupled via a connection matrix to a first processing unit, an indication of a glitch on a memory system. The method can include notifying, via the connection matrix, at least a second processing unit of the detected indication of the glitch. The method can include subsequent to notifying at least the second processing unit, transmitting via the at least the second processing unit a glitch confirmation signal.

Abstract: In some implementations, a system includes a set of servers configured to establish a set of virtual machines to provide a computing environment; a set of compute express link (CXL) interface components configured to communicate with the set of servers via a set of CXL interconnects; and a controller configured to at least one of: encrypt protocol data against a CXL interposer security threat associated with the set of CXL interconnects or a malicious extension security threat, provide a secure handshake verification of an identity of the set of CXL interface components, enforce a chain of trust rooted in hardware of the set of CXL interface components; restrict access to an area of memory of the set of CXL interface components that stores security data for verified or secured processes; or perform a security check and set up a set of security features of the set of CXL interface components.

Abstract: Methods, systems, and devices related to field firmware update (FFU). A first memory of a memory module may receive an encrypted segment of a FW package associated with FFU. A decrypted segment of the FW package may be stored by the first memory. A re-encrypted segment of the FW package may be stored by the first memory. The re-encrypted segment of the FW package may be communicated to a second memory of the memory module.

Abstract: Systems, apparatuses, and methods related to a controller for managing sideband communications are described. A controller includes a front end portion, a central controller portion, a back end portion, and a management unit can manage a first type of memory device that operates according to a first set of timing characteristics and a second type of memory device that operates according to a second set of timing characteristics. The controller can provide an additional layer of encryption or decryption for sideband communications between the host and the memory devices connected to the controller. The front end portion receives sideband communications through an interface and is stored by a cache memory within the central controller portion which also comprises an auxiliary security component to encrypt the sideband communications. The back end portion provides a route to the memory devices and the management unit applies the encryption or decryption to the sideband communication.

Abstract: Systems, apparatuses, and methods related to memory tracing in an emulated computing system are described. Static tracepoints can be inserted into a particular function as part of operating the emulated computing system. By executing the function including the static tracepoints as part of a memory access request, the emulated computing system can receive information corresponding to both a virtual address and a physical address in a real computing system in which data corresponding to the memory access request is stored.

Abstract: Systems, apparatuses, and methods related to a controller for managing sideband communications are described. A controller includes a front end portion, a central controller portion, a back end portion, and a management unit can manage a first type of memory device that operates according to a first set of timing characteristics and a second type of memory device that operates according to a second set of timing characteristics. The controller can provide an additional layer of encryption or decryption for sideband communications between the host and the memory devices connected to the controller. The front end portion receives sideband communications through an interface and is stored by a cache memory within the central controller portion which also comprises an auxiliary security component to encrypt the sideband communications. The back end portion provides a route to the memory devices and the management unit applies the encryption or decryption to the sideband communication.

Abstract: Systems, apparatuses, and methods related to memory tracing in an emulated computing system are described. Static tracepoints can be inserted into a particular function as part of operating the emulated computing system. By executing the function including the static tracepoints as part of a memory access request, the emulated computing system can receive information corresponding to both a virtual address and a physical address in a real computing system in which data corresponding to the memory access request is stored.

Abstract: Systems, apparatuses, and methods related to security management for a ferroelectric memory device are described. An example method can include receiving, at a memory controller and from a host, a command and firmware data. The memory controller can manage a non-volatile memory device, such as a ferroelectric memory device, and the host and the memory controller can communicate using a compute express link (CXL) protocol. The command can be executed to update firmware stored on the non-volatile memory device. The method can further include accessing a first public key from the non-volatile memory device. The method can further include validating the first public key with a second public key within the firmware data. The method can further include validating the firmware data. The method can further include verifying a security version of the firmware data. The method can further include updating the non-volatile memory device with the firmware data.

Abstract: Methods, systems, and devices for managed memory systems with multiple priority queues are described. Memory access commands may be received from a host and stored in a command queue. First and second subsets of the commands, respectively associated with first and second priorities, may be determined. The first and second subsets may be routed from the command queue to first and second queues, respectively. The first and second subsets may be processed from the first and second queues to third and fourth queues, respectively, at a storage controller, according to first and second processes that may be run concurrently according to parameters for prioritization between the first and second priorities. Data associated with the commands may be received from the host, temporarily stored in a buffer, then moved to a storage memory (for write commands) or retrieved from the storage memory, temporarily stored in the buffer, then transmitted to the host (for read commands).