Abstract: A system for providing forensic tracing of memory device content erasure and tampering is disclosed. The system uses a special command that enables forensic tracing in a secure memory device. Once the forensic tracing is enabled, firmware of the memory device tracks the data stored on the memory device. The command specifies whether the tracking and tracing is for the entire memory device or for a region of the memory device. The firmware confirms that the forensic tracing is enabled, and a target protection region is defined. Once an authenticated command for an operation to access, modify, or erase data of the memory device is received from a host, the system enables the operation to proceed. The system creates a trace of the operation and the metadata of the target region that is modified within a secure memory region of the memory device that is not addressable by the host device.

Abstract: A system for providing usage model context aware power management in secure systems with embedded hardware security modules is disclosed. The system determines a context associated with a transaction with a memory device that is initiated by a host device. Based on the context, the system sets conditions within its internal data structures and state machines. The context may indicate that the transaction is a secure transaction requiring cryptographic services of the memory device. Flags are set in firmware of the memory device indicating a need for context aware power management and for cryptographic services. If a power management function to reduce power to the memory device is to be executed, the firmware rejects the transaction until the memory device reenters a functional mode. If the function is not to be executed, the firmware provides the host with a notification of an impending power state change for the memory device.

Abstract: In some implementations, a host processor associated with a vehicle may select, from a plurality of devices that are configured to communicate with the host processor for performing security functions, a first device to serve as a primary device and a second device to serve as a secondary device. The first device may include a first memory with an embedded hardware security module and may be associated with a first set of nodes of the vehicle. The second device may include a second memory with an embedded hardware security module and may be associated with a second set of nodes of the vehicle. The host processor may determine, based on a signal, a failure associated with the first device or the second device. The host processor may initiate a remediation process based on the failure associated with the first device or the second device. Numerous other implementations are described.

Abstract: In some aspects, the techniques described herein relate to a method including: receiving a radio signal by a wireless transceiver installed in a vehicle; determining that the radio signal was generated by and received from a legitimate user based on a biometric data of the legitimate user and a unique device identifier (UDI) included in the radio signal; enabling access to the vehicle; and enabling ignition of the vehicle based on the biometric data and the UDI.

Abstract: Implementations described herein relate to establishing a chain of ownership of a device. In some implementations, the device may determine first ownership metadata based on first ownership data associated with the device. The device may split the first ownership metadata into a first portion of first ownership metadata and a second portion of first ownership metadata. The device may store, in the memory of the device, the first portion of first ownership metadata. The device may transmit, to a server, the second portion of first ownership metadata for storage in a blockchain ledger of a blockchain node. A chain of ownership associated with the device may be established based on a combination of the first portion of first ownership metadata stored in the memory of the device and the second portion of first ownership metadata stored in the blockchain ledger.

Abstract: Implementations described herein relate to protection against invalid memory commands. In some implementations, a memory device may include one or more components that may receive, from a host device, a pilot command that includes an indication of a sequence of upcoming memory commands to be transmitted from the host device to the memory device, receive a memory command from the host device after receiving the pilot command, determine that the memory command is invalid based on the indication of the sequence of upcoming memory commands, and transmit, to the host device and based on determining that the memory command is invalid, a message indicating that the memory command is invalid. Numerous other implementations are described.

Abstract: In some aspects, the techniques described herein relate to a method including: receiving, by an electronic voting machine (EVM), user data from a user device, the user data including a unique code; presenting, by the EVM, an interface, the interface capable of receiving a vote; generating, by the EVM, a command based on the user data and the vote; determining, by the EVM, that the command is valid; encrypting, by the EVM, the vote and the user data; and writing, by the EVM, the vote to a secure memory.

Abstract: Implementations described herein relate to boot processes for memory devices. In some implementations, a controller of a storage system receives a command for enabling a fast bootup process for the storage system. The fast bootup process may exclude a measurement of information retrieved from a memory device of the storage system during the fast bootup process. The controller may enable the fast bootup process based on the command. The controller may disable a normal bootup process for the storage system based on the fast bootup process being enabled. The normal bootup process may include a measurement of information retrieved from the memory device during the normal bootup process.

Abstract: In some implementations, a memory device may generate a physical unclonable function (PUF) value. The memory device may access a PUF protection key stored in a non-host-addressable memory region. The memory device may encrypt the PUF value, using the PUF protection key, to generate an encrypted PUF value. The memory device may store the encrypted PUF value in scattered memory locations in the non-host-addressable memory region.

Abstract: In some implementations, a device of an Internet of Things (IoT) network may receive, from a host associated with the IoT network, information associated with the IoT network. The device may store, via a memory controller of the device, the information in a memory with an embedded hardware security module of the device, wherein the device serves as a root of trust for the host using the information stored in the memory. The device may receive, from the host, a request to perform a security function. The device may perform, based on the request, the security function using the information stored in the memory. The device may generate an alert based on an outcome of the security function. Numerous other implementations are described.

Abstract: Methods and devices are provided for determining compliance with standards for at least one of Serial Attached SCSI and Serial Advanced Technology Attachment (SAS/SATA). The device comprises PHY layer logic operable to couple the device with another device, and a control unit. The control unit is operable to direct operations of the PHY layer logic, and to determine that the other device is a SAS/SATA device. The control unit is further operable to perform SAS/SATA protocol compliance testing on the other device to determine a degree of compliance of the other device with SAS/SATA protocol standards, and to alter subsequent communications with the other device responsive to determining that the other device is not fully compliant with SAS/SATA protocol standards.

Abstract: A set of storage capacity data points may be obtained. A regression may be determined from the set. A set of coefficients of determination for a subset of the set may be obtained. A breakpoint for a subsequent regression may be determined from a point of the subset having a maximal coefficient of determination.

Abstract: Methods and structure for improved configuration management of a storage system. A storage system comprises one or more storage controllers coupled with a plurality of storage components (e.g., storage devices and switching components). The coupling often comprises a switched fabric communication structure. Configuration changes normally propagated throughout the components of the networked storage system are prevented by detecting temporary changes in the configuration that are restored to the original configuration within a predetermined period of time. In a Serial Attached SCSI (SAS) storage system, SAS expanders and initiators of the network may be enhanced in accordance with features and aspects hereof to prevent propagation of BROADCAST(CHANGE) primitives when a temporary configuration change is restored within the timeout period. Configuration changes may include temporary loss of link communications for a link of the expander and/or removal and insertion of a storage device coupled with the expander.

Abstract: Methods and systems for advanced interrupt processing and scheduling are provided. The system comprises a memory operable to store interrupt priorities, an interface, and a processor operable to acquire incoming interrupts and to handle the incoming interrupts according to the interrupt priorities. The processor is also operable to receive interrupt processing criteria from the interface (sent, for example, from a device not directly coupled with the system), and to modify the interrupt priorities of the memory based upon the interrupt processing criteria without losing incoming processing requests for the system. Additionally, the processor is operable to process the incoming interrupts according to the modified interrupt priorities responsive to modifying the interrupt priorities.

Abstract: Methods and structure are provided for managing Protection Information (PI) in a Serial Attached SCSI (SAS) expander. The Serial Attached SCSI (SAS) expander comprises a Serial Management Protocol (SMP) target. The SMP target is operable to receive, from a Redundant Array of Inexpensive Disks (RAID) controller, an SMP command for managing Protection Information (PI) for a RAID volume at the SAS expander. The expander further comprises a control unit operable to generate PI for the RAID volume in response to receiving the SMP command from the controller, and a Serial SCSI Protocol (SSP) initiator operable to generate SSP commands for writing the PI to a storage device that provisions the RAID volume based upon input from the control unit.

Abstract: Methods and structure are provided for managing Protection Information (PI) in a Serial Attached SCSI (SAS) expander. The Serial Attached SCSI (SAS) expander comprises a Serial Management Protocol (SMP) target. The SMP target is operable to receive, from a Redundant Array of Inexpensive Disks (RAID) controller, an SMP command for managing Protection Information (PI) for a RAID volume at the SAS expander. The expander further comprises a control unit operable to generate PI for the RAID volume in response to receiving the SMP command from the controller, and a Serial SCSI Protocol (SSP) initiator operable to generate SSP commands for writing the PI to a storage device that provisions the RAID volume based upon input from the control unit.

Abstract: Methods and systems for advanced interrupt processing and scheduling are provided. The system comprises a memory operable to store interrupt priorities, an interface, and a processor operable to acquire incoming interrupts and to handle the incoming interrupts according to the interrupt priorities. The processor is also operable to receive interrupt processing criteria from the interface (sent, for example, from a device not directly coupled with the system), and to modify the interrupt priorities of the memory based upon the interrupt processing criteria without losing incoming processing requests for the system. Additionally, the processor is operable to process the incoming interrupts according to the modified interrupt priorities responsive to modifying the interrupt priorities.

Abstract: Methods and systems for advanced interrupt processing and scheduling are provided. The system comprises a memory operable to store interrupt priorities, an interface, and a processor operable to acquire incoming interrupts and to handle the incoming interrupts according to the interrupt priorities. The processor is also operable to receive interrupt processing criteria from the interface (sent, for example, from a device not directly coupled with the system), and to modify the interrupt priorities of the memory based upon the interrupt processing criteria without losing incoming processing requests for the system. Additionally, the processor is operable to process the incoming interrupts according to the modified interrupt priorities responsive to modifying the interrupt priorities.

Abstract: Methods and devices are provided for determining compliance with standards for at least one of Serial Attached SCSI and Serial Advanced Technology Attachment (SAS/SATA). The device comprises PHY layer logic operable to couple the device with another device, and a control unit. The control unit is operable to direct operations of the PHY layer logic, and to determine that the other device is a SAS/SATA device. The control unit is further operable to perform SAS/SATA protocol compliance testing on the other device to determine a degree of compliance of the other device with SAS/SATA protocol standards, and to alter subsequent communications with the other device responsive to determining that the other device is not fully compliant with SAS/SATA protocol standards.

Abstract: Methods and structure for improved configuration management of a storage system. A storage system comprises one or more storage controllers coupled with a plurality of storage components (e.g., storage devices and switching components). The coupling often comprises a switched fabric communication structure. Configuration changes normally propagated throughout the components of the networked storage system are prevented by detecting temporary changes in the configuration that are restored to the original configuration within a predetermined period of time. In a Serial Attached SCSI (SAS) storage system, SAS expanders and initiators of the network may be enhanced in accordance with features and aspects hereof to prevent propagation of BROADCAST(CHANGE) primitives when a temporary configuration change is restored within the timeout period. Configuration changes may include temporary loss of link communications for a link of the expander and/or removal and insertion of a storage device coupled with the expander.