Abstract: Techniques for quality of service (QoS) support for input/output devices and other agents are described. In embodiments, a processing device includes execution circuitry to execute a plurality of software threads; hardware to control monitoring or allocating, among the plurality of software threads, one or more shared resources; and configuration storage to enable the monitoring or allocating of the one or more shared resources among the plurality of software threads and one or more channels through which one or more devices are to be connected to the one or more shared resources.

Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.

Abstract: Systems, methods, and apparatuses to implement spatially unique and location independent persistent memory encryption are described. In one embodiment, a system on a chip (SoC) includes at least one persistent range register to indicate a persistent range of memory, an address modifying circuit to check if an address for a memory store request is within the persistent range indicated by the at least one persistent range register, and append a unique identifier value, for a component corresponding to the memory store request for the address, to the address to generate a modified address and output the modified address as an output address when the address is within the persistent range, and output the address as the output address when the address is not within the persistent range, and an encryption engine circuit to generate a ciphertext based on the output address.

Abstract: A write request causes controller circuitry to write an encrypted data line and First Tier metadata portion including MAC data and a first portion of ECC data to a first memory circuitry portion and a second portion of ECC data to a sequestered, second memory circuitry portion. A read request causes the controller circuitry to read the encrypted data line and the First Tier metadata portion from the first memory circuitry portion. Using the first portion of the ECC data included in the First Tier metadata portion, the controller circuitry determines if an error exists in the encrypted data line. If no error is detected, the controller circuitry decrypts and verifies the data line using the MAC data included in the First Tier metadata portion. If an error in the data line is detected by the controller circuitry, the Second Tier metadata portion, containing the second portion of the ECC data is fetched from the sequestered, second memory circuitry portion and the error corrected.

Abstract: A write request causes controller circuitry to write an encrypted data line and First Tier metadata portion including MAC data and a first portion of ECC data to a first memory circuitry portion and a second portion of ECC data to a sequestered, second memory circuitry portion. A read request causes the controller circuitry to read the encrypted data line and the First Tier metadata portion from the first memory circuitry portion. Using the first portion of the ECC data in the First Tier metadata portion, the controller circuitry determines if an error exists in the encrypted data line. If no error is detected, the controller circuitry decrypts and verifies the data line using the MAC data in the First Tier metadata portion. If an error in the data line is detected, the Second Tier metadata portion, is fetched from the sequestered, second memory circuitry portion and the error corrected.

Abstract: A write request causes controller circuitry to write an encrypted data line and First Tier metadata portion including MAC data and a first portion of ECC data to a first memory circuitry portion and a second portion of ECC data to a sequestered, second memory circuitry portion. A read request causes the controller circuitry to read the encrypted data line and the First Tier metadata portion from the first memory circuitry portion. Using the first portion of the ECC data included in the First Tier metadata portion, the controller circuitry determines if an error exists in the encrypted data line. If no error is detected, the controller circuitry decrypts and verifies the data line using the MAC data included in the First Tier metadata portion. If an error in the data line is detected by the controller circuitry, the Second Tier metadata portion, containing the second portion of the ECC data is fetched from the sequestered, second memory circuitry portion and the error corrected.

Abstract: A processor includes a processor core to execute an application; a key attribute table (KAT) register to store a plurality of key identifiers (KeyIDs) associated with the application, wherein a KeyID identifies an encryption key; a selection circuit coupled to the KAT register to select the KeyID from the KAT register based on a KeyID selector (KSEL), wherein the KSEL is associated with a page of memory to which access is performed; a cache coupled to the processor core, the cache to store a physical address, data, and the KeyID of the page of memory, wherein the KeyID is an attribute associated with the page of memory; and a memory controller coupled to the cache to encrypt, based on the encryption key identified by the KeyID, the data of the page of memory stored in the cache as it is evicted from the cache to main memory.