Abstract: A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.

Abstract: A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.

Abstract: Methods, systems, and devices for detecting information modification in a memory system are described. A system may generate a first value, such as a first hash value, from information stored in storage component. The system may then generate a second value, such as a second hash value, from content stored in the storage component. After generating the second value, the system may compare the second value to the first value. The system may then determine the modification status of the information based on the comparison, and implement one or more operations based on the modification status.

Abstract: A request for password generation is received from a host system. In response to receiving the request, a password derivation key is generated based on a key derivation seed. A password is derived from the password derivation key, and a wrapping key is derived from the password. The wrapping key is used to wrap an authorization state indication, which is stored in local memory. Encrypted data is generated based on an encryption of the key derivation seed using an asymmetric encryption key. The encrypted data is provided in response to the request.

Abstract: A key delegation request is received from a host system. The key delegation request includes a new public key. A challenge is generated based on the new public key and a root public key, and the challenge is provided to the host system responsive to the request. A first and second digital signature are received from the host system. The first digital signature is generated by cryptographically signing the challenge using a new private key corresponding to the new public key and the second digital signature is generated by cryptographically signing the challenge using a root private key corresponding to the root public key. The first digital signature is validated using the new public key and the second digital signature is validated using the root public key. Based on successful validation of both signatures, the new public key is utilized in one or more cryptographic operations.

Abstract: A request for password generation is received from a host system. In response to receiving the request, a password derivation key is generated based on a key derivation seed. A password is derived from the password derivation key, and a wrapping key is derived from the password. The wrapping key is used to wrap an authorization state indication, which is stored in local memory. Encrypted data is generated based on an encryption of the key derivation seed using an asymmetric encryption key. The encrypted data is provided in response to the request.

Abstract: Methods, systems, and devices for double wrapping for verification are described. In some cases, a memory subsystem can receive a firmware image for the memory subsystem where the firmware image is signed with a first signature according to a first signing procedure. The memory subsystem can then verify an integrity of the firmware image based on the first signing procedure. After verifying the integrity of the firmware image, the memory subsystem can then generate a second signature for the firmware image based on a second signing procedure different from the first signing procedure. The memory subsystem can then write the second signature to the firmware image. The memory subsystem can then perform a verification process to verify the integrity of the firmware image based on one or both of the first signing procedure or the second signing procedure.

Abstract: A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.

Abstract: A processing device receives, from a host system, a key manifest and a digital signature generated based on the key manifest using a private key corresponding to a public/private key pair. The key manifest comprises one or more verification keys. The digital signature is verified using the public key and the processing device stores the key manifest in a persistent storage component in response to successful verification of the digital signature. The one or more verification keys are utilized in one or more verification operations based on the key manifest being stored in the persistent memory component.

Abstract: A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.

Abstract: A processing device receives, from a host system, a key manifest and a digital signature generated based on the key manifest using a private key corresponding to a public/private key pair. The key manifest comprises one or more verification keys. The digital signature is verified using the public key and the processing device stores the key manifest in a persistent storage component in response to successful verification of the digital signature. The one or more verification keys are utilized in one or more verification operations based on the key manifest being stored in the persistent memory component.

Abstract: Methods, systems, and devices for double wrapping for verification are described. In some cases, a memory subsystem can receive a firmware image for the memory subsystem where the firmware image is signed with a first signature according to a first signing procedure. The memory subsystem can then verify an integrity of the firmware image based on the first signing procedure. After verifying the integrity of the firmware image, the memory subsystem can then generate a second signature for the firmware image based on a second signing procedure different from the first signing procedure. The memory subsystem can then write the second signature to the firmware image. The memory subsystem can then perform a verification process to verify the integrity of the firmware image based on one or both of the first signing procedure or the second signing procedure.

Abstract: A key delegation request is received from a host system. The key delegation request includes a new public key. A challenge is generated based on the new public key and a root public key, and the challenge is provided to the host system responsive to the request. A first and second digital signature are received from the host system. The first digital signature is generated by cryptographically signing the challenge using a new private key corresponding to the new public key and the second digital signature is generated by cryptographically signing the challenge using a root private key corresponding to the root public key. The first digital signature is validated using the new public key and the second digital signature is validated using the root public key. Based on successful validation of both signatures, the new public key is utilized in one or more cryptographic operations.

Abstract: A request for password generation is received from a host system. In response to receiving the request, a password derivation key is generated based on a key derivation seed. A password is derived from the password derivation key, and a wrapping key is derived from the password. The wrapping key is used to wrap an authorization state indication, which is stored in local memory. Encrypted data is generated based on an encryption of the key derivation seed using an asymmetric encryption key. The encrypted data is provided in response to the request.

Abstract: A key delegation request is received from a host system. The key delegation request includes a new public key. A challenge is generated based on the new public key and a root public key, and the challenge is provided to the host system responsive to the request. A first and second digital signature are received from the host system. The first digital signature is generated by cryptographically signing the challenge using a new private key corresponding to the new public key and the second digital signature is generated by cryptographically signing the challenge using a root private key corresponding to the root public key. The first digital signature is validated using the new public key and the second digital signature is validated using the root public key. Based on successful validation of both signatures, the new public key is utilized in one or more cryptographic operations.

Abstract: A request for password generation is received from a host system. In response to receiving the request, a password derivation key is generated based on a key derivation seed. A password is derived from the password derivation key, and a wrapping key is derived from the password. The wrapping key is used to wrap an authorization state indication, which is stored in local memory. Encrypted data is generated based on an encryption of the key derivation seed using an asymmetric encryption key. The encrypted data is provided in response to the request.

Abstract: Methods, systems, and devices for double wrapping for verification are described. In some cases, a memory subsystem can receive a firmware image for the memory subsystem where the firmware image is signed with a first signature according to a first signing procedure. The memory subsystem can then verify an integrity of the firmware image based on the first signing procedure. After verifying the integrity of the firmware image, the memory subsystem can then generate a second signature for the firmware image based on a second signing procedure different from the first signing procedure. The memory subsystem can then write the second signature to the firmware image. The memory subsystem can then perform a verification process to verify the integrity of the firmware image based on one or both of the first signing procedure or the second signing procedure.

Abstract: A request is received from a host system to initiate an authentication session. Challenge data is generated based on the request and provided to the host system in response to the request. Authentication data is received from the host system. The authentication data comprises a digital signature and enablement data. The digital signature is generated by cryptographically signing the enablement data using a private key, and the enablement data comprises at least the challenge data. The digital signature is validated based on the challenge data and using a public key corresponding to the private key. Access to at least a portion of the data stored in a memory component is provided based at least in part on validating the digital signature.

Abstract: A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.

Abstract: Methods, systems, and devices for double wrapping for verification are described. In some cases, a memory subsystem can receive a firmware image for the memory subsystem where the firmware image is signed with a first signature according to a first signing procedure. The memory subsystem can then verify an integrity of the firmware image based on the first signing procedure. After verifying the integrity of the firmware image, the memory subsystem can then generate a second signature for the firmware image based on a second signing procedure different from the first signing procedure. The memory subsystem can then write the second signature to the firmware image. The memory subsystem can then perform a verification process to verify the integrity of the firmware image based on one or both of the first signing procedure or the second signing procedure.