Abstract: An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations, An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

Abstract: A method includes receiving an indication of an operational mode for a memory system including a set of memory devices. A first memory device of the set of memory devices includes a first media having a first media type and a second memory device of the et of memory devices includes a second media having a second media type that is different than the first media type. The method also includes allocating, by a processing device, a first portion and a second portion of the first memory device based on the operational mode for the memory system. The method also includes storing data at the first portion of the first memory device, the second portion of the first memory device, or the second memory device based on the operational mode for the memory system.

Abstract: A first set of characteristics corresponding to a first memory device and a second set of characteristics corresponding to a second memory device are received. A first usage threshold for the first memory device based on the first set of characteristics and a second usage threshold for the second memory device based on the second set of characteristics are determined. Data is stored at the first memory device or the second memory device based on the first usage threshold for the first memory device and the second usage threshold for the second memory device.

Abstract: The present disclosure includes apparatuses and methods for directed sanitization of memory. One example method comprises, responsive to receiving a sanitization command, performing a deterministic garbage collection operation on a memory, wherein performing the deterministic garbage collection operation results in physical erasure of all invalid data stored on the memory without losing valid data stored on the memory.

Abstract: The present disclosure includes apparatuses and methods for directed sanitization of memory. One example method comprises, responsive to receiving a sanitization command, performing a deterministic garbage collection operation on a memory, wherein performing the deterministic garbage collection operation results in physical erasure of all invalid data stored on the memory without losing valid data stored on the memory.

Abstract: An example method of determining storage operation parameters based on data stream attributes may include: receiving, by a controller, a write command specifying a data item and an identifier of a data stream comprising the data item, wherein a part of the identifier of the data stream encodes a data attribute shared by data items comprised by the data stream; determining, using the data attribute, a storage operation parameter; and transmitting, to a memory device, an instruction specifying the data item and the storage operation parameter.

Abstract: A data storage device is provided. The data storage device includes a storage medium having a first subset configured to store user data and a second subset configured to store snapshot data. The data storage device further includes a controller configured to (i) receive, from a host operably coupled to the data storage device, a command to configure the second subset, to (ii) verify an authenticity of the command, and to (iii) execute the command in response to the verification of the authenticity of the command.

Abstract: An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations, An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

Abstract: An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations. An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

Abstract: The present disclosure includes apparatuses and methods for directed sanitization of memory. One example method comprises, responsive to receiving a sanitization command, performing a deterministic garbage collection operation on a memory, wherein performing the deterministic garbage collection operation results in physical erasure of all invalid data stored on the memory without losing valid data stored on the memory.

Abstract: An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations. An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

Abstract: An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations. An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

Abstract: An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations. An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

Abstract: A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security).

Abstract: A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security).