阅读说明：本技术 多模式受保护存储器 (Multi-mode protected memory ) 是由 A·皮尔逊 朱冰 E·阿格拉诺夫斯基 T·温克勒 黄洋 于 2019-04-19 设计创作，主要内容包括：根据本描述的多模式受保护存储器包括操作的永久模式和瞬态模式。在永久模式的一个实施例中,认证密钥可编程一次,并且写入计数器不可递减或重置。在瞬态模式的一个实施例中,认证密钥可被编程多次,并且写入计数器可被重置多次。取决于特定应用,可实现其它特征和优点。(The multi-mode protected memory according to the present description includes a permanent mode of operation and a transient mode. In one embodiment of the persistent mode, the authentication key may be programmed once and the write counter may not be decremented or reset. In one embodiment of the transient mode, the authentication key may be programmed multiple times and the write counter may be reset multiple times. Other features and advantages may be realized, depending upon the particular application.)

1. An apparatus, comprising:

a protected memory; and

a protected memory controller configured to control access to the protected memory, the protected memory controller comprising mode logic configured to control access to the protected memory in a selected mode comprising a transient mode and a persistent mode, wherein the protected memory controller is further configured to authenticate memory operations directed to the protected memory according to a reprogrammable authentication key in the transient mode and according to a one-time programmable authentication key in the persistent mode.

2. The device of claim 1 wherein the protected memory controller has a register configured to be settable to indicate that the protected memory controller supports the transient mode.

3. The device of claim 1, wherein the mode logic has a fuse and is configured to set the fuse to inhibit entry into the transient mode upon entry into the permanent mode.

4. The device of claim 1, wherein the protected memory controller has a reprogrammable register configured to store the reprogrammable authentication key in the transient mode and a write-once register configured to store the one-time programmable authentication key in the persistent mode.

5. The device of claim 1 wherein the protected memory controller has a resettable write counter configured to count write operations to the protected memory in the transient mode and a non-resettable write counter configured to count write operations to the protected memory in the persistent mode.

6. The device of any of claims 1-5, wherein the protected memory controller is configured to respond to a transient mode set of request messages in the transient mode and to respond to a persistent mode set of request messages in the persistent mode, wherein an error response message is returned in response to receiving a request message of the transient mode set of request messages when the protected memory controller is in the persistent mode.

7. A method, comprising:

controlling access to protected memory in selected modes including a transient mode in which memory operations directed to the protected memory are authenticated according to a reprogrammable authentication key and a persistent mode in which memory operations directed to the protected memory are authenticated according to a one-time programmable authentication key.

8. The method of claim 7, further comprising: setting a register to indicate that the protected memory controller supports the transient mode.

9. The method of claim 7, further comprising: a fuse is set to inhibit entry into the transient mode upon entry into the permanent mode.

10. The method of claim 7, further comprising: storing the reprogrammable authentication key in a reprogrammable register in the transient mode and storing the one-time programmable authentication key in a write-once register in the persistent mode.

11. The method of claim 7, further comprising: resetting a resettable write counter configured to count write operations to the protected memory in the transient mode and to count write operations to the protected memory in the persistent mode in a non-resettable write counter.

12. The method of any of claims 7-11, further comprising: the protected memory controller responds to a set of transient modes of request messages in the transient mode, responds to a set of persistent modes of request messages in the persistent mode, and returns an error response message in response to receiving a request message of the set of transient modes of request messages while the protected memory controller is in the persistent mode.

13. A system, comprising:

a protected memory configured to store data;

a protected memory controller configured to control access to the protected memory, the protected memory controller comprising mode logic configured to control access to the protected memory in a selected mode comprising a transient mode and a persistent mode, wherein the protected memory controller is further configured to authenticate memory operations directed to the protected memory according to a reprogrammable authentication key in the transient mode and according to a one-time programmable authentication key in the persistent mode; and

a display configured to display information according to memory operations directed to the protected memory.

14. The system of claim 13 wherein the protected memory controller has a register configured to be settable to indicate that the protected memory controller supports the transient mode.

15. The system of claim 13, wherein the mode logic has a fuse and is configured to set the fuse to inhibit entry into the transient mode upon entry into the permanent mode.

16. The system of claim 13, wherein the protected memory controller has a reprogrammable register configured to store the reprogrammable authentication key in the transient mode and a write-once register configured to store the one-time programmable authentication key in the persistent mode.

17. The system of claim 13 wherein the protected memory controller has a resettable write counter configured to count write operations to the protected memory in the transient mode and a non-resettable write counter configured to count write operations to the protected memory in the persistent mode.

18. The system of any of claims 13-17, wherein the protected memory controller is configured to respond to a set of transient modes of request messages in the transient mode and to respond to a set of persistent modes of request messages in the persistent mode, wherein an error response message is returned in response to receiving a request message of the set of transient modes of request messages when the protected memory controller is in the persistent mode.

Background

Memory or storage devices such as non-volatile Memory (Nonvolatile Memory) express (NVMe) Solid State Drives (SSDs) described in NVMe standard https:// nvmexpress.org/may have protected blocks or other portions of Memory that allow access to the protected portions to be authenticated. For example, a storage device employing a known RPMB as described in the playback Protected Memory Block (RPMB) portion of the published NVMe standard uses a Message Authentication Code (MAC) to authenticate read and write access (read and write access) to the Protected RPMB data area of the storage device. The published RPMB specification describes the structure and operation of protected memory devices that conform to the RPMB standard.

In one known design, the host stores the authentication key in the RPMB controller of the RPMB-enabled storage device (here "RPMB storage device"). Thus, the authentication key is a secret shared by the host and the RPMB storage. The host uses the data write message to request a data write operation directed to a protected data area of the memory. The host has a Message Authentication Code (MAC) engine that calculates a MAC authentication code from the shared authentication key, a write counter value previously received from the RPMB storage, and a portion of the data write request message that includes the MAC authentication code when sent. Thus, the write operation requested by the data write request message is referred to as an "authenticated data write".

Drawings

Referring now to the drawings in which like reference numbers represent corresponding parts throughout:

FIG. 1 illustrates a block diagram of a computing environment employing multi-mode protected memory, in accordance with certain embodiments;

FIG. 2 illustrates an example of a protected memory enabled storage device employing a multi-mode protected memory in accordance with the present description;

FIG. 3 illustrates an example of a host employing multi-mode protected memory in accordance with the present description;

FIG. 4 depicts an example of the operation of the protected memory enabled storage device of FIG. 2 employing a multi-mode protected memory in accordance with the present description;

FIG. 5 depicts another example of the operation of the protected memory enabled storage device of FIG. 2 employing a multi-mode protected memory in accordance with the present description; and

FIG. 6 depicts yet another example of the operation of the protected memory enabled storage device of FIG. 2 employing a multi-mode protected memory in accordance with the present description.

Detailed Description

In the following description, reference is made to the accompanying drawings, which form a part hereof and which illustrate several embodiments. It is understood that other embodiments may be utilized and structural and operational changes may be made.

In a known design, the RPMB controller of the RPMB storage device receiving the data write request message authenticates the received message by calculating its own MAC authentication code using the shared authentication key in a similar manner as the host and comparing it with the MAC authentication code forwarded by the host with the data write request. If the MAC authentication code computed by the RPMB controller matches the MAC authentication code forwarded by the host and the request message, the received data write request message passes through the authentication process of the RPMB storage device and the message is considered authentic, i.e. sent by an authorized sender. The data write operation requested by the data write request message may be subjected to the additional security tests described in the RPMB standard. If the data write request message fails authentication or other security tests, the requested write operation to the protected memory will be blocked.

A read response message generated by the RPMB controller in response to a read request message generated by the host and directed to the protected memory may be authenticated by the RPMB controller and the host in a manner similar to that of the data write request message. If the data read response message received by the host fails the authentication or other security test, the read response message and its data may be considered to be from an unauthenticated source and therefore untrustworthy.

As a security feature in known RPMB designs against malicious attacks, an authentication key is stored in a write-once register by the RPMB controller. As a result, once the authentication key is stored by the RPMB controller, it is permanently fixed and thus cannot be changed, i.e. overwritten, erased or even read, in known RPMB controller designs.

As another security feature against malicious attacks in known RPMB designs, the write counter maintained by the RPMB controller cannot be decremented or reset. As a result, malicious attacks, which may include recording write data request messages and replaying recorded messages, are prevented from being performed because the recorded messages being replayed will not contain the write counter value expected by the RPMB controller, i.e., the current write counter value.

Thus, known RPMB storage devices provide tamper-resistant secure storage for secure applications. However, the security features of RPMB storage devices may result in inefficiencies in third party developers developing products incorporating known RPMB storage devices. For example, if an authentication key programmed into an RPMB device for product development purposes is lost due to a programming error or other software error, access to the RPMB data region is permanently lost, and the RPMB device is typically discarded and replaced to continue product development. Furthermore, for some third party developers, the RPMB keys used during the development phase are frequently different from the RPMB keys that will be used in the production phase for security reasons.

As a result, if a third party developer uses the RPMB storage device in the development phase, that particular device cannot be subsequently used in the production phase because the RPMB authentication key has been programmed with the non-production authentication key and cannot be changed. As another example, if the write counter reaches a maximum write count value during product testing (such as in stress or regression testing), no further writes to the protected data region will be permitted, and again, the RPMB device is typically discarded and replaced to continue product development.

To facilitate development of products incorporating finished RPMB storage, it is known for third party developers to emulate finished RPMB storage in software emulation where the RPMB emulated data regions are a common part of the memory or storage device that lacks the protection normally provided by the data regions of known RPMB storage available on the market. However, these software simulations of RPMB devices tend to be complex to develop and complex to operate. For example, the system software, firmware, and hardware of the product under development may each have multiple components, each component requiring access to one or more RPMB targets. Thus, developing and debugging RPMB emulation software for each component of system software and hardware can be difficult and expensive. Further, once the authentication key is programmed into the RPMB apparatus after the development is completed, data such as a special key or certificate stored in the ordinary portion of the memory may need to be copied to the protected data area and then deleted from the ordinary portion.

It is known for an Original Equipment Manufacturer (OEM) of RPMB storage to employ default authentication keys in engineering samples of RPMB storage to facilitate development and testing of RPMB firmware implementations. However, the default authentication key is disabled in the finished product version of the RPMB device prior to shipment to a customer, such as a third party product developer. Therefore, third party product developers cannot use the default authentication key disabled by the manufacturer when developing their own third party products with the completed RPMB storage device, and as a result, frequently employ software emulation of the RPMB storage device.

The multi-mode protected memory according to the present description provides a significant improvement in computer technology. For example, the need for third party developers to use software emulation of RPMB-enabled devices in developing products incorporating RPMB-enabled devices may be reduced or eliminated. In one aspect, a multi-mode protected memory according to the present description has both a transient mode of operation and a persistent mode of operation. In the permanent mode, the RPMB enabled device operates in a similar manner as known RPMB devices. For example, the authentication key may be programmed only once in the permanent mode in a similar manner to known RPMB devices.

In contrast, in one aspect of the transient mode of the multi-mode protected memory in accordance with the present description, in one embodiment, the authentication key may be reprogrammed an unlimited number of times while the device remains in the transient mode to facilitate development of third party products. Thus, if the authentication key is accidentally lost during the development of a third party product, the same or a new authentication key can be easily reprogrammed into the RPMB-enabled device while it remains in the transient mode. As a result, the need to discard the RPMB device due to loss of the authentication key is avoided.

As another example, in the persistent mode, in a similar manner to known RPMB devices, a write counter for a write operation to a protected memory user data area may not be decremented or reset once it reaches a maximum count value. Thus, once the write counter reaches a maximum value in the persistent mode, additional write operations to the protected memory are no longer permitted.

In contrast, in one aspect of the transient mode of the multi-mode protected memory in accordance with the present description, in one embodiment, the write counter may be reset an infinite number of times while the device is operating in the transient mode. Thus, if the write counter of an RPMB-enabled device reaches a maximum count value during third party product development as a result of stress testing or other testing involving a large number of write operations, the write counter may be easily reset while the device remains in the transient mode to allow additional write operations to the protected memory in the transient mode. As a result, the multi-mode protected memory device according to the present description need not be discarded once the write counter reaches a maximum value in the transient mode.

In another aspect of the multi-mode protected memory according to the present description, a set of operations such as authenticated key operations, write counter read requests, authenticated data writes, and authenticated data read operations may be provided in a persistent mode, which are the same or substantially the same as those of known RPMB devices described in the RPMB standard, to facilitate backward compatibility with known RPMB devices. The permanent mode set of operation may be modified to be suitable for permanent mode operation. For example, in one embodiment of a multi-mode protected memory according to the present description, an authentication key is programmed using an authentication key programming operation of a permanent set of operations, causing the multi-mode device to enter a permanent mode of operation permanently, and inhibiting re-entry back into a transient mode of operation.

In yet another aspect of the multi-mode protected memory according to the present description, another set of operations such as authenticated key operations, write counter read requests, authenticated data writes, and authenticated data read operations may be provided in the transient mode, substantially similar to those of the persistent mode herein or similar to those of known RPMB devices described in the RPMB standard, to facilitate development of third party devices for use with RPMB devices. The transient mode of operation set may be modified to be suitable for transient mode operation. For example, in one embodiment of a multi-mode protected memory in accordance with the present description, the transient mode set of operation may be separable from the permanent mode set of operation by utilizing, for example, a different set of command codes.

Further, authentication key programming using an authentication key programming operation using a transient operation set may be repeatedly performed in the transient mode, as described above. Further, the reset of the write counter of the transient mode may be repeatedly performed in the transient mode, as described above. Other features and advantages may be realized, depending upon the particular application.

Components employing multi-mode protected memory according to the present description can be used in stand-alone components or can be embedded in a microprocessor and/or Digital Signal Processor (DSP). Further, note that while the systems and processes are described herein primarily with reference to microprocessor-based systems in illustrative examples, it will be appreciated that certain aspects, architectures, and principles of the disclosure are equally applicable to other types of device memory and logic devices in view of the disclosure herein.

Implementations of the described technology may include hardware, methods, or processes, or computer software such as an application on a computer accessible medium, an operating system, a BIOS, or a component driver. Thus, embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform method acts.

The operations described herein are performed by logic that is configured to automatically or substantially automatically perform the operations with little or no intervention by a system operator, unless indicated therein as being performed manually, such as by user selection. Thus, as used herein, the term "automated" includes both fully automated, i.e., operations performed by a machine controlled by one or more pieces of hardware or software without human intervention, such as user input to a graphical user selection interface. As used herein, the term "automated" further includes primarily automated, that is, most operations (such as, for example, greater than 50%) are performed by one or more hardware or software controlled machines without human intervention (such as user input to a graphical user selection interface), while the remaining operations (e.g., less than 50%) are performed manually, that is, manual operations are performed by one or more hardware or software controlled machines with human intervention (such as user input to a graphical user selection interface) to direct the performance of the operations.

Many of the functional elements described in this specification have been labeled as "logic" in order to more particularly emphasize their implementation independence. For example, logic elements may be implemented as hardware circuits comprising custom Very Large Scale Integration (VLSI) circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. Logic elements may also be implemented in firmware or programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.

The logic elements may also be implemented in software for execution by various types of processors. A logical element comprising executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified logic element need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the logic element and achieve the stated purpose for the logic element.

Indeed, the executable code for the logic elements may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, among different processors, and across several non-volatile memory devices. Similarly, operational data may be identified and illustrated herein within logical elements, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations, including over different memory devices.

Turning to the drawings, FIG. 1 is a high-level block diagram illustrating selected aspects of a system implemented according to an embodiment of the disclosure. System 10 may represent any of a number of electronic and/or computing devices, which may include a memory device, such as a memory device, that enables protected memory. Such electronic and/or computing devices may include computing devices such as mainframes (mainframes), servers, personal computers, workstations, telephony devices, network appliances, virtualization devices, storage controllers, portable or mobile devices (e.g., laptops, netbooks, tablets, Personal Digital Assistants (PDAs), portable media players, portable gaming devices, digital cameras, mobile phones, smart phones, feature phones, etc.) or components (e.g., systems on a chip, processors, bridges, memory controllers, I/O controllers, root complexes, memory, etc.). In alternative embodiments, system 10 may include more elements, fewer elements, and/or different elements. Also, while system 10 may be depicted as including separate elements, it will be appreciated that such elements may be integrated onto one platform, such as a system on a chip (SoC). In the illustrative example, system 10 includes a central processing unit or microprocessor 20, a memory controller 30, memory 40, storage drives 44, and peripheral components 50, which peripheral components 50 may include, for example, endpoint devices such as video controllers, additional storage devices, network interfaces, and other devices such as a system clock, input devices, output devices, batteries, and the like. System 10 also includes one or more buses 60, where buses 60 may include serial buses, parallel buses, and fabrics that may include links and switches.

Microprocessor 20 includes a cache 25, cache 25 may be part of a memory hierarchy that stores instructions and data, and system memory may include both volatile memory and the depicted memory 40, which may include non-volatile memory. The system memory may also be part of a memory hierarchy. For example, logic 27 of microprocessor 20 may include one or more cores. In some embodiments, logic 27 may also include a system clock. Communication between microprocessor 20 and memory 40 may be facilitated by a memory controller (or chipset) 30, which memory controller 30 may also facilitate communication with storage drives 44 and peripheral components 50. The system may include an offload data transfer engine for direct memory data transfer.

The storage drive 44 may be a protected memory enabled device and include non-volatile storage, and may be implemented, for example, as a solid state drive, a magnetic disk drive, an optical disk drive, a Storage Area Network (SAN), a Network Access Server (NAS), a tape drive, flash memory, a persistent storage domain, and other storage devices employing volatile cache memory and non-volatile storage memory. The storage device may comprise an internal storage or an attached or network accessible storage. Microprocessor 20 is configured to write data to and read data from memory 40 and storage device 44. The program in the storage device is loaded into the memory 40 and executed by the microprocessor 20. A network controller or adapter can enable communication with a network, such as an ethernet network, a fibre channel arbitrated loop, etc. Additionally, in some embodiments, the architecture may include a video controller configured to render information on a display monitor, where the video controller may be embodied on a video card or integrated on an integrated circuit component mounted on a motherboard or other substrate. In one embodiment, a display is configured to display information according to memory operations directed to protected memory. An input device is used to provide user input to microprocessor 20 and may include a keyboard, mouse, stylus, microphone, touch-sensitive display screen, input pins (input pins), socket, or any other activation or input mechanism known in the art. An output device is capable of rendering information communicated from microprocessor 20 or other components, such as a display monitor, printer, storage device, output pin, socket, etc. The network adapter may be embodied on a network card, such as a Peripheral Component Interconnect (PCI) card, a PCI-express, or some other input/output (I/O) card, or an integrated circuit component mounted on a motherboard or other substrate. In one embodiment, a network adapter is configured to transfer information according to memory operations directed to protected memory.

One or more of the components of the apparatus 10 may be omitted, depending on the particular application. For example, a network router may lack, for example, a video controller. Any one or more of the devices of fig. 1, including cache 25, memory 40, storage drives 44, system 10, memory controller 30, and peripheral components 50, may include components to implement multi-mode protected memory according to the present description.

One example of a non-volatile storage memory according to the non-volatile storage memory components of the present description is a three-dimensional (3D) cross-point memory, as well as other types of byte-addressable, write-in-place (write-in-place) non-volatile memory. In some embodiments, the 3D cross-point memory may comprise a transistor-less stackable cross-point architecture, wherein the memory cells are located at the intersections of word lines and bit lines and are individually addressable, and wherein the bit storage is based on a change in the body resistance.

In one embodiment, the memory devices are block addressable memory devices, such as those based on NAND or NOR technology. The memory devices may also include future generations of non-volatile devices, such as three-dimensional cross-point memory devices or other byte-addressable write-in-place non-volatile memory devices. In one embodiment, the memory device may be or may include: memory devices using chalcogenide glass, multi-threshold level (multi-threshold level) NAND flash memory, NOR flash memory, single or multi-level Phase Change Memory (PCM), resistive memory, nanowire memory, ferroelectric transistor random access memory (FeTRAM), antiferroelectric memory, magnetoresistive Random Access Memory (MRAM) memory incorporating memristor technology, resistive memory including metal oxide based, oxygen vacancy based, and conductive bridge random access memory (CB-RAM) or Spin Transfer Torque (STT) -MRAM, spin electron magnetic junction memory based devices, Magnetic Tunneling Junction (MTJ) based devices, DW (domain wall) and SOT (spin orbit transfer) based devices, thyristor based memory devices, or a combination of any of the above or other memory. Memory devices may refer to the die itself and/or packaged memory products.

Volatile memory may be a storage medium that requires power to maintain the state of data stored by the medium. Non-limiting examples of volatile memory may include various types of Random Access Memory (RAM), such as Dynamic Random Access Memory (DRAM) or Static Random Access Memory (SRAM). One particular type of DRAM that may be used in memory modules is Synchronous Dynamic Random Access Memory (SDRAM). In a particular embodiment, the DRAM of the memory component may conform to standards promulgated by JEDEC, such as JESD79F for DDR SDRAM, JESD79-2F for DDR2 SDRAM, JESD79-3F for DDR3 SDRAM, JESD79-4A for DDR4 SDRAM, JESD209 for low power DDR (LPDDR), JESD209-2 for LPDDR2, JESD209-3 for LPDDR3, and JESD209-4 for LPDDR4 (these standards are available at www.jedec.org). Such standards (and similar standards) may be referred to as DDR-based standards, and the communication interface of a memory device implementing such standards may be referred to as DDR-based interfaces.

FIG. 2 illustrates one example of a protected memory enabled storage device 102 in accordance with the present description. In this example, the protected memory enabled storage 102 is a non-volatile storage memory component, such as a solid state drive of the storage 44 (FIG. 1) of the system 10. It is appreciated that protected memory enabled storage devices employing multi-mode protected memory according to the present description may be used in other types of devices, such as, for example, Central Processing Units (CPUs), systems on a chip (socs), Graphics Processing Units (GPUs), and network adapters.

The protected memory enabled storage device 102 has a drive shell (housing) 102a that connects the protected memory enabled storage device 102 to a bus 60 (fig. 1), which bus 60 may be, for example, a PCIe serial bus. The drive enclosure 102a encloses a memory or storage device 103 having an array 105 of non-volatile bit cells (bitcells), such as an array of NAND bit cells, configured to store data in a persistent manner and a memory controller 107 configured to control memory read and memory write operations directed to the array of bit cells 105. In one embodiment, the memory controller 107 and the bit cell array 105 are packaged within a single package. It is appreciated that in other embodiments, some or all of the components of the memory controller 107 and the bit cell array 105 may be disposed on different dies or within different packages or devices. For example, some or all of the components of memory 107 may be part of a system on a chip (SoC), while some or all of the components of bit cell array 105 may be disposed within a protected-memory-enabled storage device coupled to the SoC by a bus.

In one embodiment, the bit cell array 105 is partitioned into various partitions including a user data area partition 112 and a protected memory user data area partition 114. Each region or partition of array 105 may include single-layer cell (SLC), three-layer cell (TLC), four-layer cell (QLC), or other multi-layer cell (MLC) wordline type cells. In a QLC memory embodiment, for example, the bit cell array 105 may be organized in blocks and planes. It is appreciated that the bit cell array 105 may be organized in other sizes and types of cells and sub-cells depending on the particular application.

In accordance with one aspect of the multi-mode protected memory according to the present description, the memory controller 107 further includes a multi-mode protected memory access controller or logic, hereinafter primarily referred to as protected memory controller 134, configured to control access to the protected memory user data area partition 114. In one embodiment, such accesses include, for example, authenticated data write operations and authenticated data read operations that conform to corresponding Replay Protected Memory Block (RPMB) operations described in the RPMB standard, and the multi-mode protected memory according to the present description is suitably modified. Although the illustrated embodiment of a multi-mode protected memory is described in connection with RPMB-compatible structures and operations, it is appreciated that a multi-mode protected memory in accordance with the present description may be used in computer systems employing other types of protected memory, depending on the particular application. One or more of hardware, software, and firmware may be used, alone or in combination, to configure the protected memory controller 134 of the device 102.

In one aspect of a multi-mode protected memory according to the present description, protected memory controller 134 includes mode logic 138, the mode logic 138 configured to operate protected memory controller 134 and thereby control access to protected memory user data area partition 114 in selected modes including a transient mode and a persistent mode. Authentication logic, such as Message Authentication Code (MAC) engine 142 of protected memory controller 134, is configured to authenticate protected memory operations, including those directed to protected memory user data area partition 114, in accordance with a reprogrammable authentication key in the transient mode and in accordance with a one-time programmable authentication key in the persistent mode. In the illustrated embodiment, multi-mode protected memory access controller 134 includes a reprogrammable register field 146 of register fields 160 that is configured to store a reprogrammable authentication key for the transient mode. In this embodiment, protected memory user data area partition 114 cannot be accessed in transient mode until transient mode authentication key register field 146 is programmed. Similarly, in this embodiment, protected memory user data area partition 114 cannot be accessed in the permanent mode until permanent mode authentication key field 150 is programmed and the transient mode is exited. Thus, in this embodiment, if neither authentication key field 146, 150 has been programmed, the protected memory user data area partition 114 cannot be accessed.

The reprogrammable register field 146 for storing the reprogrammable authentication key for transient mode may be, for example, a volatile write-only register, such that the transient mode key register field 146 may be reprogrammed after each power cycle. Alternatively, the reprogrammable register for storing the reprogrammable authentication key for the transient mode may be, for example, a non-volatile write-only register, such that in one embodiment, the transient mode key will be persistent after each power cycle, but can be reprogrammed an unlimited number of times.

As mentioned above, in one embodiment, the reprogrammable register for storing the transient mode reprogrammable authentication key may be a write-only register, such that the transient mode authentication key cannot be read by an external host after being programmed. However, it is appreciated that in some embodiments it may be useful to have the ability to read the transient mode authentication key after being programmed. In such embodiments, a suitable transient mode authentication key request message may be added to the transient mode request message set to which the protected memory controller is configured to respond. In such embodiments, such a transient mode authentication key request message may be utilized to read the transient mode authentication key from the appropriate read/write register storing the transient mode authentication key.

In contrast to the transient mode authentication key, in one embodiment, write-once register field 150 of register field 160 is configured to store a one-time programmable authentication key for the permanent mode. The one-time programmable register field 150 for storing the one-time programmable authentication key for the permanent mode is preferably a non-volatile write-only register field, for example, so that the permanent mode key will be persistent after each power cycle, but in one embodiment may be programmed only once in a manner similar to known RPMB devices as a security feature. Thus, the write-once, write-only register field may be used to store a permanent mode authentication key, such that the permanent mode authentication key cannot be read or reprogrammed after being programmed. However, it is appreciated that in some embodiments, in embodiments where fewer security features may be appropriate, it may be useful to enable an external host to read the permanent mode authentication key after being programmed.

Having the ability to reprogram the transient mode authentication key register field 146 an unlimited number of times in transient mode facilitates the development of third party products incorporating protected memory enabled devices and thereby avoids the use of complex protected memory emulation software. For example, if the transient mode authentication key being used by the host is lost, e.g., due to a software error, the transient mode authentication key may be easily reprogrammed as a new transient mode authentication key in transient mode. In this manner, development of third party products incorporating protected memory enabled devices is facilitated.

In contrast, after product development is complete, restricting programming of the persistent mode authentication key 150 to one-time programming in persistent mode maintains the security elements provided by the RPMB protected memory against malicious attacks in persistent mode. As a result, once the authentication code is stored by the protected memory controller in the permanent mode, it is permanently fixed and thus cannot be changed, i.e. overwritten, erased or even read in the permanent mode in a similar manner to known RPMB controllers.

Protected memory controller 134 is further configured to respond to the transient mode set of protected memory access request messages in the transient mode and to respond to the persistent mode set of protected memory access request messages in the persistent mode. For example, in one embodiment, the set of persistent patterns of protected memory access request messages includes request message types, such as authentication key programming requests, authenticated data write requests, and authenticated data read requests. Depending on the particular application, additional request message types may be included in the permanent pattern set of protected memory access request messages. For example, depending on the particular application, the RPMB standard specifies additional request message types that may be considered suitable for inclusion in the permanent mode set of protected memory access request messages.

In one embodiment, the protected memory access request messages of the transient mode set may be substantially the same as those of the protected memory access request messages of the persistent mode set, differing only in command code values to distinguish request messages of the persistent mode set of the protected memory access request messages from request messages of the transient mode set of the protected memory access request messages. For example, in one embodiment, the authentication key programming request of the permanent mode set may have the same command code 0x0001 specified in the RPMB standard for the authentication key programming request message. In contrast, in one embodiment, the authentication key programming request of the transient mode set may have a different command code, such as, for example, 0x0081, which is different from the command code specified for the authentication key programming request message in the RPMB standard. In this manner, the multi-mode protected memory controller may be configured to easily distinguish request messages of the permanent mode set from those of the transient mode set. In one embodiment, the protected memory controller may be configured to return an error response message generated by response message generation logic 164 in response to receiving a request message for the transient mode set of request messages when the RPMB-enabled device is in the permanent mode rather than the transient mode.

Conversely, the protected memory controller may be configured to return an error response message generated by response message generation logic 164 in response to receiving a request message for a permanent mode set of request messages when the RPMB-enabled device is in a transient mode other than a transient mode having at least one anomaly. For example, if the protected memory controller of the RPMB-enabled device receives a permanent mode authentication key programming request message while in the transient mode, the protected memory controller may be configured to continue programming the permanent mode authentication key and permanently exit the transient mode, as described in more detail below.

FIG. 3 depicts one embodiment of a host 204, the host 204 including a processor 20 that may be similar to the microprocessor 20 of FIG. 1. The host further includes memory 40 (fig. 1, 3) in which resides (stride) a basic input/output system (BIOS) 210, an operating system 212, device drivers 214, and applications 216, which are executed by the processor 20 to perform various logical functions.

The protected memory interface logic 220 of the host 204 has request message generation logic 224 configured to generate request messages for a transient mode set of protected memory access request messages for use in the transient mode and to generate request messages for a persistent mode set of protected memory access request messages for use in the persistent mode. One or more of hardware, software, and firmware may be used, alone or in combination, to configure the protected memory interface logic 220 of the host 204.

In one embodiment, protected memory controller 134 (FIG. 2) of protected memory enabled storage 102 includes read only register field 230 of register field 160 to store a transient mode support flag indicating whether protected memory controller 134 supports the transient mode of operation. Thus, prior to issuing a request message for a transient mode set to a storage device, host 204 causes request message generation logic 224 to generate and send a support flag register read request to the storage device. In response, protected memory controller 134 of storage device 102 reads transient mode support flag 230 and causes response message generation logic 164 to generate a response indicating whether protected memory controller 134 supports transient mode based on transient mode support flag 230 read by controller 134. For example, if transient mode support flag 230 is set, protected memory controller 134 can respond in an appropriate response message that supports transient mode. Conversely, if transient mode support flag 230 is not set, protected memory controller 134 can respond in an appropriate response message that does not support transient mode.

The appropriate location of the transient mode support flag 230 may depend on the particular application. For example, in an RPMB-enabled storage device that conforms to the Universal Flash Storage (UFS) specification, a read-only register field for the transient mode support flag 230 may be added in the UFS descriptor (such as, for example, the RPMB unit descriptor). As another example, in an RPMB-enabled storage device that conforms to the non-volatile memory express (nvme) specification, a read-only register field for the transient mode support flag 230 may be added in the identification command/data structure (in the field of playback Protected Memory Block Support (RPMBs)).

Note that in some embodiments, the register field for the transient mode support flag 230 may be available only when protected memory is supported (such as, for example, RPMB), for example, because RPMB itself is an optional feature in the NVMe specification. Thus, for example, if a host issues a transient mode flag request message to a storage device lacking playback protected memory block support (RPMBS), a request message to read the transient mode support flag field of playback protected memory block support (RPMBS) may cause the storage device to generate and send an error message. Thus, the host can interpret the error message as indicating that the target storage device lacks the transient mode support flag 230 because it lacks Replay Protected Memory Block Support (RPMBS)).

It is appreciated that different specification standards (e.g., eMMC, UFS, NVMe) may have different register terminology and layout. Thus, the specific location of the register field of the transient mode support flag 230 may vary depending on the particular application.

Having determined that protected memory enabled storage device 102 supports the transient mode of operation of protected memory controller 134 (transient mode support flag 230 determined to be set), host 204 (fig. 3) may selectively initiate further protected memory operations in the persistent mode directly, or first in the transient mode, and then at an appropriate time, switch protected memory operations to the persistent mode, in one aspect of multi-mode protected memory according to the present description. For example, if the protected memory enabled storage device 102 is being used in a development environment, such development would be facilitated by first operating the protected memory of the device 102 in a transient mode. Once development is complete, the protected memory storage device may be permanently switched to a permanent mode for shipment to consumers of the developed product.

Alternatively, in one aspect of multi-mode protected memory in accordance with the present description, host 204 (FIG. 3) may initiate further protected memory operations directly in the persistent mode, permanently bypassing the operation of the protected memory in the transient mode. For example, if development of a product incorporating the protected memory enabled storage device 102 has been completed, the protected memory of the storage device may be directly and permanently switched to a persistent mode for shipment to a consumer of the developed product.

Fig. 4, 5, and 6 depict examples of operations that a protected memory controller 134 of a protected memory enabled storage device 102 is configured to perform. In the example of fig. 4, the operating mode of protected memory controller 134 is selected and initiated by host 204 (fig. 3) requesting programming of an authentication key in device 102 by an authentication key programming request using a transient mode set of protected memory access request messages or an authentication key programming request using a permanent mode set of protected memory access request messages. Host 204 may generate or otherwise obtain both the transient mode authentication key and the permanent mode authentication key using suitable logic, such as Message Authentication Code (MAC) engine 234 of protected memory interface logic 220. The authentication key is obtained in a manner similar to that of known RPMB systems, modified to be suitable for multi-mode protected memory according to the present description. If the authentication key is to be used in conjunction with the transient mode, a copy of the authentication key is stored in data structure 238 of data structure 242 for the transient mode authentication key. Alternatively, if the authentication key is to be used in conjunction with the permanent mode, a copy of the authentication key is stored in the data structure 246 of the data structure 242 for the permanent mode authentication key.

The host's request message generation logic 224 generates an authentication key programming request message that forwards the generated authentication key to the storage device 102 in a manner similar to that of known RPMB systems, modified to be suitable for multi-mode protected memory according to the present description. In this embodiment, the authentication key programming request message is sent by the protected memory interface logic 220 to the storage device 102. An authentication key programming request message is selected from a transient mode set of protected memory access request messages if operation of the protected memory in the transient mode is appropriate. Conversely, if operation of the protected memory in the persistent mode is appropriate, then the authentication key programming request message is selected from the persistent mode set of protected memory access request messages.

The protected memory controller 134 (fig. 2) of the storage device 102 is configured to determine (fig. 4, block 254) whether the received request message is an authentication key programming request message in a manner similar to that of known RPMB systems, modified to be suitable for multi-mode protected memory according to the present description. If the received request message is an authentication key programming request message, in one aspect of the present description, protected memory controller 134 (FIG. 2) is further configured to determine (FIG. 4, block 260) whether the received authentication key programming request message belongs to a permanent pattern set of protected memory access request messages.

If it is determined that the received authentication key programming request message does not belong to the permanent mode set of protected memory access request messages, i.e., it is determined that the received authentication key programming request message belongs to the transient mode set of protected memory access request messages, then protected memory controller 134 (FIG. 2) is further configured to determine (FIG. 4, block 264) whether protected memory controller 134 is already in the permanent mode of protected memory operation. In the illustrated embodiment, register field 160 of protected memory controller 134 includes a transient mode disable register field 270 (FIG. 2) that, in one embodiment, is not visible to the host. By default, this register field 270 is initially cleared (e.g., bit value "0") after the memory device is manufactured by the memory vendor. The clear state of the transient mode disable register field indicates that the transient mode of the protected memory controller has not been disabled. Thus, the clear status of the transient mode disable register field indicates that the protected memory is not in the persistent mode and that the transient mode remains available.

In one embodiment, the transient mode disable register may be implemented with a fuse device such that when transient mode disable register 270 is set or blown by protected memory controller 134, the transient mode is permanently disabled. Thus, the transient mode register that is set or blown indicates that the protected memory controller is in a persistent mode and that the transient mode is no longer available.

In this manner, protected memory controller 134 can determine (block 264, fig. 4) whether protected memory controller 134 is already in the persistent mode of protected memory operation by reading transient mode disable register 270 (fig. 2). If it is determined that protected memory controller 134 is not already in the persistent mode, then protected memory controller 134 can enter (block 274) the transient mode (or re-enter the transient mode if it is already in the transient mode) by programming the transient mode authentication key forwarded by the authentication key programming request message received by protected memory controller 134 into register field 146 (FIG. 2). Once the transient mode authentication key has been programmed into the register field 146 of the transient mode authentication key, the device 102 enters transient mode and can access the protected memory user data area partition 114 (fig. 2) through suitable access operations, such as authenticated data writes and authenticated data reads of the transient mode set of access request messages generated and sent by the host. As mentioned above, in one embodiment, the authentication key register field 146 may be programmed an unlimited number of times in the transient mode to facilitate development of third party products, for example, in connection with enabling protected memory devices.

As a security feature against malicious attacks, known protected memory controllers, such as RPMB controllers, have read-only write counters whose output values represent the total number of successfully authenticated data write requests made by the host. For example, the initial value of this register may be 00000000h after manufacture of the storage drive, and with each successful write access to the protected memory data area, the output value is automatically incremented by 1 by the RPMB controller. As a result, malicious attacks, which may include recording write data request messages and replaying recorded messages, are prevented from being performed because the recorded messages being replayed will not contain the write counter value expected by the RPMB controller, i.e., the current write counter value.

In known RPMB controllers, the write counter value is not resettable. After the counter has reached a maximum count value (e.g., FFFFFFh), the write counter is no longer incremented to prevent overflow. In one aspect of the multi-mode protected memory according to the present description, protected memory controller 134 has a write counter register field 280 (FIG. 2) that is resettable in transient mode. It is appreciated that during the development or verification phase of a third party product incorporating a protected memory enabled device, the write counter may reach its maximum value and overflow during, for example, stress testing. Having the ability to reset the write counter register field 280 in the transient mode permits the protected memory enabled device 102 to be reused for development or validation of third party products in the transient mode. As a result, the protected memory enabled device 102 need not be discarded simply because the write counter register field 280 has reached its maximum count value in the transient mode.

Thus, in connection with the protected memory controller 134 entering (fig. 4, block 274) or re-entering the transient mode by programming the transient mode authentication key into the register field 146 (fig. 2), the protected memory controller 134 is also configured to reset (fig. 4, block 284) the write counter register field 280 in the transient mode. In addition, the response message generation logic 164 (fig. 2) of the protected memory controller 134 generates (fig. 4, block 288) and returns to the requesting host an appropriate response message confirming successful programming of the transient mode authentication key requested by the host, completing (fig. 4, block 290) programming or reprogramming of the transient mode authentication key in the transient mode of operation of the protected memory controller 134. A response message confirming successful programming of the transient mode authentication key is generated and transmitted in a manner similar to known response messages confirming successful programming of authentication keys, modified to be suitable for multi-mode protected memory according to the present description.

In one embodiment, the transient mode authentication key may be programmed and reprogrammed an unlimited number of times in transient mode. However, it is appreciated that in some embodiments it may be appropriate to set a limit on the number of reprogramming times of the transient mode authentication key.

In another aspect of a multi-mode protected memory according to the present description, in one embodiment, if protected memory controller 134 enters a persistent mode, then the transient mode may not be entered or re-entered. Thus, entry into the permanent mode is permanent and may not exit as a security feature. In the example of fig. 4, if it is determined (fig. 2, block 260) that the received authentication key programming request message belongs to the transient mode set of protected memory access request messages and protected memory controller 134 (fig. 2) determines (fig. 4, block 264) that protected memory controller 134 is already in a permanent mode of protected memory operation, then response message generation logic 164 (fig. 2) of protected memory controller 134 generates (fig. 4, block 292) and returns to the requesting host an appropriate response message indicating an error condition as a security measure against malicious attacks and in preparation for backwards compatibility.

As mentioned above, in one embodiment, register field 150 of register field 160 is a write-once register field configured to store a one-time programmable authentication key for persistent mode. In known RPMB controllers, the authentication key as well as the security features may be programmed only once. Thus, in the example of fig. 4, if the protected memory controller 134 (fig. 2) determines (fig. 4, block 260) that the received authentication key programming request message belongs to the set of persistent modes of the protected memory access request message, and the protected memory controller 134 (fig. 2) further determines (fig. 4, block 296) that the protected memory controller 134 is already in the persistent mode of protected memory operation, the response message generation logic 164 (fig. 2) of the protected memory controller 134 generates (fig. 4, block 292) and returns to the requesting host an appropriate response message indicating an error condition because reprogramming of the persistent mode authentication key is not permitted as a security feature in the embodiment of fig. 4 and backward compatibility is facilitated. However, it is appreciated that in some embodiments it may be appropriate to permit reprogramming of the permanent mode authentication key. In contrast, in the transient mode of the embodiment of fig. 4, the programming and reprogramming of the transient mode authentication key as described above in connection with operation 254 and 290 may be repeated an infinite number of times as described above.

Conversely, if it is determined (fig. 4, block 260) that the received authentication key programming request message belongs to the permanent mode set of protected memory access request messages and it is determined (fig. 4, block 296) by reading the transient mode disable register 270 (fig. 2) (in this example, the transient mode disable register field 270 is clear) that the protected memory controller 134 is not already in the permanent mode of protected memory operation, then the protected memory controller 134 can enter (fig. 4, block 304) the permanent mode by programming into the register field 150 (fig. 2) the permanent mode authentication key forwarded by the authentication key programming request message received by the protected memory controller 134. Once the permanent mode authentication key has been programmed into the write-once register field 150 of the permanent mode authentication key, the protected memory user data area partition 114 (fig. 2) may be accessed by appropriate access operations, such as authenticated data writes and authenticated data reads of the permanent mode set of access request messages to be generated and sent by the host. As mentioned above, in one embodiment, the authentication key register field 150 may be programmed only once in the permanent mode, since in the previous transient mode, development and verification of third party products incorporating the protected memory-enabled device may have been completed using the same or similar protected memory-enabled device 102.

In the illustrated embodiment, entering the permanent mode is permanent, such that the transient mode may not be entered after entering the permanent mode as a security measure against malicious attacks. Thus, in conjunction with the persistent mode authentication key being programmed into the write-once register field 150 to enter the persistent mode, in the embodiment of fig. 4, the mode logic 138 (fig. 2) of the protected memory controller 134 sets or blows the transient mode disable register field 270 (fig. 2) to disable (fig. 4, block 308) the transient mode of operation of the protected memory controller 134. Thus, when transient mode disable register 270 is set or blown, the transient mode is permanently disabled, and the set or blown transient mode register indicates that the protected memory controller is in the permanent mode and that the transient mode is no longer available. It is appreciated that in some embodiments, after the permanent mode has been entered, it may be appropriate to grant permission to enter the transient mode.

In addition, response message generation logic 164 (fig. 2) of protected memory controller 134 generates (fig. 4, block 312) and returns to the requesting host a response message confirming successful programming of the permanent mode authentication key requested by the host, completing (fig. 4, block 290) programming of the permanent mode authentication key in the permanent mode of operation of protected memory controller 134. A response message confirming successful programming of the permanent mode authentication key may be generated and transmitted in a manner similar to that of known RPMB device response messages confirming successful programming of authentication keys, modified to be suitable for the multi-mode protected memory according to the present description. In one embodiment, as a security feature, the permanent mode authentication key may be programmed only once for the permanent mode. However, it is appreciated that in some embodiments it may be appropriate to allow additional reprogramming of the permanent mode authentication key.

In one aspect of a multi-mode protected memory in accordance with the present description, it is appreciated that after permanently exiting the transient mode and permanently entering the persistent mode, there may already be some data in the protected memory user data area partition 114 that was generated or written when the device 102 was in the transient mode. In one embodiment, data left in partition 114 may be retained so that it is retained when device 102 transitions to persistent mode. For example, data left over from the transient mode may be critical or other important data that is securely provided in the device 102 in the permanent mode. Thus, as described below, data may not be overwritten without a permanent mode authentication key.

Alternatively, data from the transient mode may be purged from the partition 114 when the device permanently enters the persistent mode. In one embodiment, the data may be completely cleared, and the clearing is performed automatically by protected memory controller 134, which protected memory controller 134 triggers an internal "clear command" to erase or protect the erased data in partition 114 after the device permanently exits the transient mode. Such automatic erasure can provide a security feature against malicious data that may have been stored in partition 114 during the transient mode. For example, purging can prevent malicious data left from transient modes from corrupting the security software in permanent mode. However, in one embodiment, as a further security measure, it may be appropriate for security software in persistent mode to initially view partition 114 as a blank storage device in persistent mode.

As mentioned previously, known protected memory controllers (such as RPMB controllers) have read-only write counters whose output values represent the total number of successfully authenticated data write requests generated by the host and are not resettable, as a security feature against malicious attacks. Here, protected memory controller 134 also has a write counter register field 320 (fig. 2) for the persistent mode, where the write counter is not resettable in the persistent mode. It is appreciated that the development or validation phase of a third party product incorporating a protected memory enabled device may be completed prior to entering the persistent mode of the protected memory controller 134. Thus, the write counter may reach its maximum and the fear of overflowing during stress testing, for example, may be eliminated in the permanent mode.

As mentioned above, once the transient mode authentication key has been programmed into the register field 146 of the transient mode authentication key, the protected memory user data area partition 114 (fig. 2) may be accessed in the transient mode by suitable access operations, such as authenticated data writes and authenticated data reads of the transient mode set of access request messages generated and sent by the host. Once device 102 enters persistent mode by programming a persistent mode authentication key into register field 150, protected memory user data area partition 114 (fig. 2) may be accessed by appropriate access operations, such as authenticated data writes and authenticated data reads of a persistent mode set of access request messages generated and sent by a host. FIG. 5 depicts one example of the operation of protected memory controller 134, which is configured to handle authenticated data write operations in accordance with the multi-mode protected memory of the present description.

In this example, authenticated data writes to the protected memory user data area partition 114 are requested using authenticated data write requests of the transient mode set of the protected memory access request message or authenticated data write requests of the persistent mode set of the protected memory access request message, depending on which mode of operation the protected memory controller 134 is in. The protected memory controller 134 (fig. 2) of the storage device 102 is configured to determine (fig. 5, block 324) whether the received request message is an authenticated data write request message. If so, the protected memory controller 134 (FIG. 2) is further configured to determine (FIG. 5, block 332) whether the received authenticated data write request message belongs to the permanent pattern set of protected memory access request messages. As previously described, one set of command codes may be used in conjunction with the transient mode set of the request message, while a different set of command codes may be used in conjunction with the persistent mode set of the request message to facilitate distinguishing the transient mode set and the persistent mode set from one another.

If it is determined that the received authenticated data write request message does not belong to the set of persistent modes of protected memory access request messages, i.e., it is determined that the received authenticated data write request message belongs to the set of transient modes of protected memory access request messages, then protected memory controller 134 (fig. 2) is further configured to determine (fig. 5, block 336) whether protected memory controller 134 is already in a persistent mode of protected memory operation. As noted above, the register field 160 of the protected memory controller 134 includes a transient mode disable register field 270 (fig. 2) that either remains clear indicating that the protected memory controller 134 remains in the transient mode or has been set or blown indicating that the protected memory controller is in the persistent mode. Accordingly, protected memory controller 134 can determine (block 336, fig. 5) whether protected memory controller 134 is already in the persistent mode of protected memory operation by reading transient mode disable register 270 (fig. 2).

If it is determined that protected memory controller 134 has been in the persistent mode after receiving the transient mode authenticated data write request message, protected memory controller 134 considers the received transient mode data write request message invalid and execution of the requested write operation is prevented. In addition, protected memory controller 134 generates (FIG. 5, block 340) and returns an error message to the requesting host. In one embodiment, once the protected memory enters the persistent mode, execution of operations of the transient mode set is not permitted as a security feature against malicious attacks and in preparation for backwards compatibility. It is appreciated that in some embodiments, such security features may be omitted.

Conversely, if it is determined that the protected memory controller 134 is not already in the persistent mode, i.e., the protected memory controller 134 is still operating within the transient mode after receiving the transient mode authenticated data write request message, the protected memory controller 134 is configured to perform (fig. 5, block 344) authentication and other security tests in conjunction with the received transient mode authenticated data write request message before permitting performance of a data write operation directed to the protected memory user data area partition 114 (fig. 2) transient mode request.

In one embodiment, the authentication and other tests performed in connection with a received transient mode authenticated data write request message may be similar to those performed by known RPMB controllers (such as those described in the published RPMB standard), modified to be suitable for multi-mode protected memory operation of the present description. For example, in known RPMB systems, using a Message Authentication Code (MAC) engine of the host, the host computes a MAC authentication code from a shared authentication key and a portion of the data write request message. In some known systems, the MAC authentication code may also be calculated by the host from the current write counter value of the RPMB device. In one embodiment of a multi-mode protected memory system in accordance with the present disclosure, the transient mode authentication key has been stored in both the data structure 238 (fig. 3) of the host and the reprogrammable register field 146 (fig. 2) of the protected memory controller 134 such that the transient mode authentication key is a secret shared by the host and the protected memory controller 134 of the device 102. Using the host's Message Authentication Code (MAC) engine 234, the host computes a MAC authentication code from the shared transient mode authentication key and a portion of the data write request message. In some embodiments, the MAC authentication code may also be calculated by the host from the current write counter value of the device 102. The MAC authentication code computed by the host is included in the transient mode authenticated data write request message sent to the device 102 and received by the device 102 (fig. 5, block 324). Thus, the write operation requested by the data write request message is referred to as an "authenticated data write.

The protected memory controller 134 performs authentication testing in a manner similar to that of known RPMB controllers described in the RPMB standard, but modified to be suitable for the transient mode of multi-mode protected memory operation of the present description. In this embodiment, protected memory controller 134 receiving the transient mode authenticated data write request message authenticates the received message using the shared transient mode authentication key. For example, using Message Authentication Code (MAC) engine 142 of controller 134, protected memory controller 134 calculates a MAC authentication code from the shared transient mode authentication key stored in register field 146 (fig. 2) and the same portion of the data write request message included in the write request that was used by the host to calculate the MAC authentication code, in a manner similar to that described above in connection with the host. In some embodiments, the MAC authentication code may also be calculated from the current write counter value of the device 102. The MAC authentication code calculated by protected memory controller 134 is compared to the MAC authentication code included in the transient mode authenticated data write request message sent to device 102. If the two MAC authentication codes match, the received message passes through the authentication process of protected memory controller 134 and the received data write request message is deemed authentic, i.e., sent by an authorized sender.

However, in some embodiments, the data write operation requested by the data write request message may be subjected to additional security tests, such as address range tests and write counter tests or other tests, in a manner similar to that of known RPMB controllers (such as those described in the RPMB standard), but modified to be suitable for the transient mode of multi-mode protected memory operation of the present description.

For example, the address range test may be performed by the protected memory controller 134 in a manner similar to that of known RPMB controllers, modified to be suitable for the transient mode of multi-mode protected memory operation of the present description. In the illustrated embodiment, the address range test determines whether the target address of the data write operation is within an expected range.

As mentioned previously, another security feature of known RPMB devices is a write counter maintained by the RPMB controller of the RPMB storage device. In one embodiment, the register field 280 (fig. 2) of the transient mode write counter is incremented (fig. 4, block 350) upon successful execution (fig. 5, block 350) of a transient mode data write operation to the protected memory user data area partition 114 requested by a transient mode data write message that has been authenticated (fig. 5, block 344) and other security tests pass.

When generating the transient mode data write request message, the requesting host's MAC engine 234 (fig. 3) may include the current incremented write count value of the device 102 in the data write request message along with the calculated MAC authentication code, as described above. In the write counter test embodiment, if the received protected memory controller 134 determines that the write count value included in the data write request message does not match the current count value of the register field 280 of the write counter of the protected memory controller, the received data write request message is deemed invalid and execution of the requested write operation is prevented. In addition, protected memory controller 134 generates (FIG. 5, block 340) and returns an error message to the requesting host.

If the data write request message is authenticated and the other security tests pass, then the requested data write operation is performed (FIG. 5, block 350), writing the requested data to the protected memory user data area partition 114 (FIG. 2) of the device 102. In addition, the register field 280 (fig. 2) for the transient mode write counter is incremented and the response message generation logic 164 (fig. 2) of the protected memory controller 134 generates (fig. 5, block 354) and returns to the requesting host a response message acknowledging the successful data write requested by the transient mode authenticated data write request message. In one embodiment, the protected memory controller 134 returns a zero error code response to indicate a successful write in a manner similar to that of known RPMB controllers described in the RPMB standard. In response to a successful write acknowledgement, the host-protected memory interface logic 220 increments the write count value stored in the data structure 356 to indicate the current transient mode write counter value that will be transmitted to the device 102 with the next authenticated write message, as described above.

In known RPMB systems, there is a write counter read request command that the host may issue in a request message to read the initial write counter value of the RPMB controller at each boot (boot) prior to any write access to the RPMB storage. The host can cache this initial write counter value in memory and as long as the host detects that the authenticated write is successful, the host software can increment the cached write counter value to keep the write counter value synchronized between the host and the RPMB controller as described above.

In a multi-mode protected memory according to the present description, the host 204 issues a write counter read request message to initialize the write counter value in the cache to the current write counter value of the device 102 in a similar manner as known RPMB hosts. In response to each successful write acknowledgement (fig. 5, block 354), the host protected memory interface logic 220 increments the write count value stored in the data structure 356 to indicate the current transient mode write counter value to be transmitted to the device 102 with the next authenticated write message, as described above. Alternatively and in one embodiment, it is appreciated that the incremented write count value of the register field 280 (fig. 2) of the device 102 may be reported back to the requesting host in a response message (fig. 5, block 354). Upon transmission (fig. 5, block 354) of the response message, the authenticated data write to the protected memory user data area partition 114 is complete (fig. 5, block 360) in the transient mode.

Authenticated data writes as described herein may be performed an unlimited number of times in transient mode. If the incremented write count value of register field 280 (fig. 2) reaches a maximum value in transient mode, the incremented write count value of register field 280 (fig. 2) may be easily reset by programming the same or another authentication key in register field 160 for transient mode, as described above in connection with fig. 4.

In contrast, in the persistent mode, once the incremented write count value of register field 320 (fig. 2) reaches the maximum value in the persistent mode, the incremented write count value of register field 320 (fig. 2) may not be reset, preventing further authenticated data writes in the persistent mode, as described below.

If it is determined (fig. 5, block 332) that the received authenticated data write request message belongs to the set of persistent modes of protected memory access request messages, then protected memory controller 134 (fig. 2) is further configured to determine (fig. 5, block 370) whether protected memory controller 134 is in a persistent mode of protected memory operation. As mentioned above, the transient mode disable register field 270 (fig. 2) may be set or blown to disable entry into the transient mode and thereby indicate that the protected memory controller is in the persistent mode. In this manner, protected memory controller 134 can determine (block 370, fig. 5) whether protected memory controller 134 is already in the persistent mode of protected memory operation by reading transient mode disable register 270 (fig. 2).

If, after receiving the persistent mode authenticated data write request message, it is determined that protected memory controller 134 is in the transient mode, protected memory controller 134 considers the received persistent mode data write request message to be invalid and execution of the requested write operation is prevented. In addition, protected memory controller 134 generates (FIG. 5, block 340) and returns an error message to the requesting host. In one embodiment, if the protected memory is in the transient persistent mode, data write and data read operations of the persistent mode set are not permitted to be performed as a security feature against malicious attacks and in preparation for backwards compatibility. It is appreciated that in some embodiments, such security features may be omitted.

Conversely, if it is determined that protected memory controller 134 is in the persistent mode after receiving the persistent mode authenticated data write request message, then protected memory controller 134 is configured to perform (fig. 5, block 374) authentication and other security tests in conjunction with the received persistent mode authenticated data write request message before granting execution of a data write operation directed to the persistent mode request of protected memory user data area partition 114 (fig. 2).

In one embodiment, the authentication and other tests performed in connection with a received permanent mode authenticated data write request message may be similar to those performed by known RPMB controllers, modified to be suitable for multi-mode protected memory operation of the present description. In one embodiment, as described above in connection with fig. 4, in this example, the permanent mode authentication key has been stored in both the data structure 246 (fig. 3) of the host and the write-once register field 150 (fig. 2) of the protected memory controller 134, such that the permanent mode authentication key is a secret shared by the host and the protected memory controller 134 of the device 102. Using the host's Message Authentication Code (MAC) engine 234, the host computes a MAC authentication code from the shared permanent mode authentication key and a portion of the data write request message. In some embodiments, the MAC authentication code may also be calculated by the host from the current write counter value of the device 102. The calculated MAC authentication code is included in the permanent mode authenticated data write request message received by the device 102 (fig. 5, block 324). Thus, the write operation requested by the data write request message is referred to as an "authenticated data write.

The protected memory controller 134 performs authentication testing in a manner similar to that of known RPMB controllers described in the RPMB standard, but modified to be suitable for the permanent mode of multi-mode protected memory operation of the present description. In this embodiment, protected memory controller 134 receiving the persistent mode authenticated data write request message authenticates the received message using the shared persistent mode authentication key. For example, using Message Authentication Code (MAC) engine 142 of controller 134, protected memory controller 134 calculates a MAC authentication code from the shared persistent mode authentication key stored in register field 146 (fig. 2) and the same portion of the data write request message included in the write request that was used by the host to calculate the MAC authentication code, in a manner similar to that described above in connection with the host. In some embodiments, the MAC authentication code may also be calculated from the current write counter value of the device 102. The MAC authentication code calculated by protected memory controller 134 is compared to the MAC authentication code included in the permanent mode authenticated data write request message sent to device 102. If the two MAC authentication codes match, the received message passes through the authentication process of protected memory controller 134 and the received data write request message is deemed authentic, i.e., sent by an authorized sender.

However, in this embodiment, the data write operation requested by the data write request message may be subjected to additional security tests in the persistent mode, such as address range tests and write counters, among other tests, in a manner similar to that of known RPMB controllers described in the RPMB standard, but modified to be suitable for the persistent mode of multi-mode protected memory operation of the present description.

The address range test may be performed by the protected memory controller 134 in a manner similar to that of known RPMB controllers, modified to be suitable for the permanent mode of multi-mode protected memory operation of the present description. In the illustrated embodiment, the address range test determines whether the target address of the data write operation is within an expected range.

As previously mentioned, another security feature of known RPMB devices is a write counter maintained by the RPMB controller of the RPMB storage device. In this embodiment, upon successful execution (FIG. 5, block 380) of a permanent mode data write operation to the protected memory user data area partition 114 requested by a permanent mode data write message that has been authenticated as valid (FIG. 5, block 374) and other security tests pass, the register field 320 (FIG. 2) of the permanent mode write counter is incremented (FIG. 5, block 380). The requesting host synchronizes the write count value in the data structure 390 for the permanent mode write counter value with the current write counter value of the protected memory controller 134 in a manner similar to that described above in connection with the transient mode in response to an authentication response message as described below. In some embodiments, the MAC authentication code computed by the host may be computed from a write count value synchronized by the host with the current write counter value of protected memory controller 134 and stored in data structure 390 of the host for a persistent mode write counter value.

When the next persistent mode data write request message is generated, in some embodiments, the requesting host's MAC engine 234 (fig. 3) includes the last reported incremented write count value stored in the data structure 390 (fig. 2), along with the calculated MAC authentication code in the data write request message as described above. In the write counter test embodiment, if the received protected memory controller 134 determines that the write count value included in the data write request message does not match the permanent mode current count value of the register field 320 of the protected memory controller's permanent mode write counter, the received data write request message is deemed invalid and execution of the requested write operation is prevented. In addition, protected memory controller 134 generates (FIG. 5, block 340) and returns an error message to the requesting host.

If the data write request message is authenticated and the other security tests pass, the requested data write operation is performed (FIG. 5, block 380), writing the requested data to the protected memory user data area partition 114 (FIG. 2) of the device 102. In addition, the register field 320 (FIG. 2) for the persistent mode write counter is incremented and the response message generation logic 164 (FIG. 2) of the protected memory controller 134 generates (FIG. 5, block 384) and returns to the requesting host a response message acknowledging the successful data write requested by the persistent mode authenticated data write request message. The host synchronizes the write count value stored in the data structure 390 with the incremented write count value of the register field 320 (fig. 2) of the device 102, as described above. In the persistent mode, authenticated data writes to the protected memory user data area partition 114 are completed accordingly (FIG. 5, block 360).

Authenticated data writes as described herein may be performed a limited number of times in persistent mode. If the incremented write count value of register field 320 (FIG. 2) reaches a maximum value in the persistent mode, the incremented write count value of register field 320 (FIG. 2) may not be reset as a security feature to prevent further authenticated data writes in the persistent mode.

In contrast, the incremented write count value of the register field for transient mode 280 (fig. 2) can be easily reset by programming the same or another authentication key in the register field for transient mode 160, as described above in connection with fig. 4. Thus, as long as the device 102 remains in the transient mode, an unlimited number of authenticated data writes are permitted. However, in one embodiment, once the device enters the permanent mode, the device may not re-enter the transient mode as a safety precaution.

As mentioned above, once the transient mode authentication key has been programmed into the register field 146 for the transient mode authentication key or the permanent mode authentication key has been programmed into the register field 150 for the permanent mode authentication key, as described above in connection with fig. 4, the protected memory user data area partition 114 (fig. 2) may be accessed by suitable access operations, such as authenticated data writing as described above in connection with fig. 5 and authenticated data reading of the transient mode set or the permanent mode set of the access request message generated and sent by the host. However, in some embodiments, the protected memory user data area partition 114 (FIG. 2) may also be accessed in a read operation without an authenticated read result.

FIG. 6 depicts one example of the operation of protected memory controller 134, which is configured to handle authenticated data read operations in accordance with the multi-mode protected memory of the present description. In this example, an authenticated data read to the protected memory user data area partition 114 is requested using an authenticated data read request of the transient mode set of the protected memory access request message or using a persistent mode set of the protected memory access request message, depending on which mode of operation the protected memory controller 134 is in. The protected memory controller 134 (fig. 2) of the storage device 102 is configured to determine (fig. 6, block 424) whether the received request message is an authenticated data read request message. If so, the protected memory controller 134 (FIG. 2) is further configured to determine (FIG. 6, block 432) whether the received authenticated data read request message belongs to a permanent pattern set of protected memory access request messages. As previously described, one set of command codes may be used in conjunction with the transient mode set of the request message, while a different set of command codes may be used in conjunction with the persistent mode set of the request message to facilitate distinguishing the transient mode set and the persistent mode set from one another.

If it is determined that the received authenticated data read request message does not belong to the permanent mode set of protected memory access request messages, i.e., it is determined that the received authenticated data read request message belongs to the transient mode set of protected memory access request messages, then protected memory controller 134 (fig. 2) is further configured to determine (fig. 6, block 436) whether protected memory controller 134 is already in the permanent mode of protected memory operation. As noted above, the register field 160 of the protected memory controller 134 includes a transient mode disable register field 270 (fig. 2) that either remains clear indicating that the protected memory controller 134 remains in the transient mode or has been set or blown indicating that the protected memory controller is in the persistent mode. Thus, protected memory controller 134 can determine (block 436, fig. 6) whether protected memory controller 134 is already in the persistent mode of protected memory operation by reading transient mode disable register 270 (fig. 2).

If it is determined that protected memory controller 134 has been in the persistent mode after receiving the transient mode authenticated data read request message, protected memory controller 134 considers the received transient mode data read request message invalid and execution of the requested read operation is prevented. In addition, protected memory controller 134 generates (FIG. 6, block 440) and returns an error message to the requesting host. In one embodiment, once the protected memory enters the persistent mode, execution of operations of the transient mode set is not permitted, as a security feature against malicious attacks and in preparation for backwards compatibility. It is appreciated that in some embodiments, such security features may be omitted.

Conversely, if it is determined that the protected memory controller 134 is not already in the persistent mode, i.e., the protected memory controller 134 is still operating within the transient mode after receiving the transient mode authenticated data write request message, the protected memory controller 134 is configured to perform (fig. 6, block 450) the requested data read operation by reading the requested data from the protected memory user data area partition 114 (fig. 2) of the device 102. In addition, protected memory controller 134 generates (fig. 6, block 454) and returns an authenticated read response message that includes the requested read data. Accordingly, the read operation requested by the data read request message is referred to as an "authenticated data read".

In one embodiment, transient mode authenticated data read response messages may be the same as or similar to those generated by known RPMB controllers, modified to be suitable for multi-mode protected memory operation of the present description. As mentioned above, in this embodiment, the transient mode authentication key has been stored both in the data structure 238 (fig. 3) of the host and in the reprogrammable register field 146 (fig. 2) of the protected memory controller 134, such that the transient mode authentication key is a secret shared by the host and the protected memory controller 134 of the device 102. Using Message Authentication Code (MAC) engine 142 of device 102, protected memory controller 134 calculates a MAC authentication code from the shared transient mode authentication key and a portion of the data read response message.

The MAC authentication code computed by the protected memory controller 134 is included in the transient mode authenticated data read response message returned by the device 102 (block 454 of fig. 6). In one embodiment, the MAC authentication code computed by the protected memory controller 134 may also be computed from a random number supplied by the host and a data read request message transmitted by the host to the device 102. In the embodiment of FIG. 3, the host-protected memory interface logic 220 includes a Random Number Generator (RNG) 456. The generated random number is sent to the device 102 along with a transient mode authenticated data read request message received by the device 102 (fig. 6, block 424). In one embodiment, as an additional security measure, the transient mode authenticated data read response message following a successful read operation of the protected memory user data area partition 114 (FIG. 2) may include a copy of the random number originally sent by the host to the device 102 with the data read request message. Upon transmission of the authenticated data read response message, the role of protected memory controller 134 in the authenticated read operation is completed (block 460).

Upon receiving the authenticated data read response message from device 102, the host performs the authentication process in a manner similar to that of known RPMB-enabled hosts described in RPMB, but modified to be suitable for the transient mode of multi-mode protected memory operation of the present description. In this embodiment, a host receiving the transient mode authenticated data read response message authenticates the data read response message using the shared transient mode authentication key. For example, using Message Authentication Code (MAC) engine 234, host protected memory interface logic 220 calculates a MAC authentication code from the shared transient mode authentication key stored in data structure 238 (fig. 3) and the same portion of the data read response message included in the read response that is used by protected memory controller 134 (fig. 3) to calculate the MAC authentication code, in a manner similar to that described above in connection with protected memory controller 134. The MAC authentication code calculated by the host 204 is compared with the MAC authentication code included in the transient mode authenticated data read response message sent to the host 204. If the two MAC authentication codes match, the received read response message passes the authentication process of the host 204 and the received data read response message is deemed authentic, i.e., sent by an authorized sender.

However, in this embodiment, the data read operation requested by the data read request message may be subjected to additional security tests, such as random number tests, in a manner similar to that of known RPMB-enabled hosts and controllers described in RPMBs, but modified to be suitable for the transient mode of multi-mode protected memory operation of the present description. For example, the host 204 may compare a nonce included in the transient mode authenticated data read response message sent to the host 204 with a nonce generated by the host 204 and included in the transient mode authenticated data read request message sent to the device 102. If the two random numbers match, the received read response message passes the authentication process of the host 204, and the received data read response message forwarding the read data is considered authentic, i.e., sent by the authorized sender.

In one embodiment, authenticated data reads described herein may be performed an unlimited number of times in a transient mode or in a permanent mode once the transient mode is permanently exited. However, it is appreciated that in some embodiments, a limit may be imposed on the number of authenticated read operations in the transient mode, the permanent mode, or both, depending on the particular application.

If it is determined (fig. 6, block 432) that the received authenticated data read request message belongs to a set of persistent modes of protected memory access request messages, then protected memory controller 134 (fig. 2) is further configured to determine (fig. 6, block 470) whether protected memory controller 134 is in a persistent mode of protected memory operation. As mentioned above, the transient mode disable register field 270 (fig. 2) may be set or blown to disable entry into the transient mode and thereby indicate that the protected memory controller is in the persistent mode. In this manner, protected memory controller 134 can determine (block 470, fig. 6) whether protected memory controller 134 is already in the persistent mode of protected memory operation by reading transient mode disable register 270 (fig. 2).

If, after receiving the persistent mode authenticated data read request message, it is determined that protected memory controller 134 is in the transient mode, protected memory controller 134 considers the received persistent mode data read request message to be invalid and execution of the requested read operation is prevented. In addition, protected memory controller 134 generates (FIG. 6, block 472) an error message and returns it to the requesting host. In one embodiment, if the protected memory is in the transient persistent mode, authenticated read operations of the set of persistent modes are not permitted to be performed as a security feature against malicious attacks and in preparation for backwards compatibility. It is appreciated that in some embodiments, such security features may be omitted.

Conversely, if it is determined that the protected memory controller 134 is in the persistent mode after receiving the persistent mode authenticated data read request message, the protected memory controller 134 is configured to perform (fig. 6, block 450) the requested data read operation by reading the requested data from the protected memory user data area partition 114 (fig. 2) of the device 102. Further, protected memory controller 134 generates (fig. 6, block 454) and returns an authenticated read response message including the requested read data in a manner similar to that described in connection with the authenticated read response in the transient mode.

Upon receiving the authenticated data read response message from device 102, the host performs the authentication process in a manner similar to that described above in connection with the transient mode authenticated data read response message, but modified to be suitable for the permanent mode of multi-mode protected memory operation of the present description. In this embodiment, a host receiving a persistent mode authenticated data read request message authenticates the data read response message using the shared persistent mode authentication key. For example, using Message Authentication Code (MAC) engine 234, host protected memory interface logic 220 calculates a MAC authentication code based on the shared persistent mode authentication key stored in data structure 238 (fig. 3) and the same portion of the data read response message included in the read response that is used by protected memory controller 134 (fig. 3) to calculate the MAC authentication code, in a manner similar to that described above in connection with protected memory controller 134. The MAC authentication code computed by the host 204 is compared with the MAC authentication code included in the permanent mode authenticated data read response message sent to the host 204. If the two MAC authentication codes match, the received read response message passes the authentication process of the host 204 and the received data read response message is deemed authentic, i.e., sent by an authorized sender. In some embodiments, the host and device 102 may also calculate their respective MAC authentication codes from the random numbers generated by the host and sent to the device 102 in the authenticated data read request message, as described above.

However, in this embodiment, the data read response requested by the data read request message may be subjected to additional security tests, such as random number tests, in a manner similar to that of known RPMB controllers described in the RPMB standard, but modified to be suitable for the permanent mode of multi-mode protected memory operation of the present description. For example, the host 204 may compare a random number included in the permanent mode authenticated data read response message sent to the host 204 with a random number generated by the host 204 and included in the permanent mode authenticated data read request message sent to the device 102. If the two random numbers match, the received read response message passes the authentication process of the host 204, and the received data read response message forwarding the read data is considered authentic, i.e., sent by the authorized sender.

Other request message types of the RPMB standard may be handled by an RPMB-enabled storage device having a multi-mode protected memory according to the present description in a selected transient mode or in a persistent mode in a manner similar to that described above. Thus, other request messages may be handled, for example, in a manner similar to that of known RPMB controllers, modified to be suitable for multi-mode protected memory operation of the present description.

For example, another known request message type of the RPMB standard is a read counter value request message generated by the RPMB host and sent to the RPMB-enabled storage device, which returns the current write counter value in a response message. Like the data read request message, the read counter value request message includes a random number generated by the host. In addition to the write counter value, the read counter value response message from the RPMB-enabled device also includes a copy of the MAC authentication code computed by the RPMB-enabled device along with the random number received with the request message. The host authenticates the read counter value response message in a manner similar to that of the authenticated data read response message.

In one embodiment of the present description, the host protected memory interface logic 220 (FIG. 3) of the host 204 generates and sends a read counter value request message to the storage device 102 in a manner similar to that of known RPMB systems, modified to be suitable for multi-mode protected memory according to the present description. For example, the read counter value request message may be modified for the transient mode in a manner similar to modifying the data read request message for the transient mode described above in connection with fig. 6. Similarly, the read counter value request message may be modified for persistent mode in a manner similar to modifying a data read request message for persistent mode described above in connection with FIG. 6.

The protected memory controller 134 (fig. 2) of the device 102 generates and sends a read counter value response message to the host 204 in a manner similar to that of known RPMB systems, modified to be suitable for multi-mode protected memory according to the present description. For example, the read counter value response message may be modified for the transient mode in a manner similar to modifying the data read response message for the transient mode described above in connection with fig. 6. Similarly, the read counter value response message may be modified for the permanent mode in a manner similar to the modification of the data read response message for the permanent mode described above in connection with FIG. 6.

The described operations may be implemented as a method, apparatus or computer program product using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof. The described operations may be implemented as code maintained in a "computer readable storage medium", where a processor may read and execute the code from the computer readable storage medium. The computer-readable storage medium includes at least one of electronic circuitry, memory material, inorganic material, organic material, biological material, casing (casting), housing, coatings, and hardware. The computer-readable storage medium may include, but is not limited to, magnetic storage media (e.g., hard disk drives, floppy disks, tape, etc.), optical storage (CD-ROMs, DVDs, optical disks, etc.), volatile and non-volatile memory devices (e.g., EEPROMs, ROMs, PROMs, RAMs, DRAMs, SRAMs, flash memory, firmware, programmable logic, etc.), Solid State Drives (SSDs), and the like. The code implementing the described operations may further be implemented in hardware logic implemented in a hardware device, such as an integrated circuit chip, Programmable Gate Array (PGA), Application Specific Integrated Circuit (ASIC), etc. Further, code implementing the described operations may be implemented in "transmission signals," which may propagate through space or through a transmission medium, such as an optical fiber, copper wire, etc. The transmission signal in which the code or logic is encoded may further comprise a wireless signal, satellite transmission, radio waves, infrared signals, bluetooth, etc. Program code embodied on a computer readable storage medium may be transmitted as a transmission signal from a transmitting station or computer to a receiving station or computer. The computer-readable storage medium is not composed of only transmission signals. Those skilled in the art will recognize that many modifications may be made to this configuration, and that the article of manufacture may comprise suitable information bearing medium known in the art.

Computer program code for carrying out operations for aspects of certain embodiments may be written in any combination of one or more programming languages. Blocks of the flowchart and block diagrams may be implemented by computer program instructions.

Certain embodiments may be directed to a method for automated processing by a human deploying computing instruction or integrating computer-readable code into a computing system, wherein the code in combination with the computing system is enabled to perform the operations of the described embodiments.

The terms "embodiment(s)", "one or more embodiments", "some embodiments", and "one embodiment" mean "one or more (but not all) embodiments", unless expressly specified otherwise.

The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.

The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise.

The terms "a", "an" and "the" mean "one or more" unless expressly specified otherwise.

Devices that are in communication with each other need not be in continuous communication with each other, unless expressly specified otherwise. Further, devices that are in communication with each other may communicate directly or indirectly through one or more intermediaries.

The description of an embodiment with several components in communication with each other is not meant to require all such components. On the contrary, various optional components are described to illustrate the wide variety of possible embodiments.

Additionally, although process steps, method steps, algorithms or the like may be described in a sequential order, such processes, methods and algorithms may be configured to work in alternate orders. In other words, any order or sequence of steps that may be described does not necessarily indicate a requirement that the steps be performed in that order. The process steps described herein may be performed in any practical order. Additionally, some steps may be performed simultaneously.

When a single device or article is described herein, it will be readily apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be apparent that a single device/article may be used in place of the more than one device or article or a different number of devices/articles may be used in place of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments need not include the device itself.

At least some of the operations that may have been illustrated in the figures show certain events occurring in a certain order. In alternative embodiments, certain operations may be performed in a different order, modified or removed. Moreover, steps may be added to the above described logic and still conform to the described embodiments. Further, operations described herein may occur sequentially or certain operations may be processed in parallel. Still further, operations may be performed by a single processing unit or by distributed processing units.

The foregoing description of various embodiments has been presented for the purposes of illustration and description. It is not intended to be exhaustive or to be limited to the precise form disclosed. Many modifications and variations are possible in light of the above teaching.

Examples of the invention

The following examples relate to further embodiments.

Example 1 is an apparatus, comprising: a protected memory; and a protected memory controller configured to control access to the protected memory, the protected memory controller comprising mode logic configured to control access to the protected memory in a selected mode comprising a transient mode and a persistent mode, wherein the protected memory controller is further configured to authenticate memory operations directed to the protected memory according to a reprogrammable authentication key in the transient mode and according to a one-time programmable authentication key in the persistent mode.

In example 2, the subject matter of examples 1-7 (except this example) can optionally include: wherein the protected memory controller has a register configured to be settable to indicate that the protected memory controller supports the transient mode.

In example 3, the subject matter of examples 1-7 (except this example) can optionally include: wherein the mode logic has a fuse and is configured to set the fuse to inhibit entry into the transient mode upon entry into the permanent mode.

In example 4, the subject matter of examples 1-7 (except this example) can optionally include: wherein the protected memory controller has a reprogrammable register configured to store the reprogrammable authentication key in the transient mode and a write-once register configured to store the one-time programmable authentication key in the persistent mode.

In example 5, the subject matter of examples 1-7 (except this example) can optionally include: wherein the protected memory controller has a resettable write counter configured to count write operations to the protected memory in the transient mode and a non-resettable write counter configured to count write operations to the protected memory in the persistent mode.

In example 6, the subject matter of examples 1-7 (except this example) can optionally include: wherein the protected memory controller is configured to respond to a transient mode set of request messages in the transient mode and to respond to a persistent mode set of request messages in the persistent mode, wherein an error response message is returned in response to receiving a request message of the transient mode set of request messages when the protected memory controller is in the persistent mode.

In example 7, the subject matter of examples 1-7 (except for this example) can optionally include a system comprising: the protected memory and a protected memory controller, and at least one of the following coupled to the protected memory controller and the protected memory: a display configured to display information according to memory operations directed to the protected memory; a network interface configured to communicate information in accordance with memory operations directed to the protected memory; and a battery configured to provide power to the system.

Example 8 is a method, comprising: controlling access to protected memory in selected modes including a transient mode in which memory operations directed to the protected memory are authenticated according to a reprogrammable authentication key and a persistent mode in which memory operations directed to the protected memory are authenticated according to a one-time programmable authentication key.

In example 9, the subject matter of examples 8-13 (other than this example) can optionally include: setting a register to indicate that the protected memory controller supports the transient mode.

In example 10, the subject matter of examples 8-13 (other than this example) can optionally include: a fuse is set to inhibit entry into the transient mode upon entry into the permanent mode.

In example 11, the subject matter of examples 8-13 (other than this example) can optionally include: storing the reprogrammable authentication key in a reprogrammable register in the transient mode and storing the one-time programmable authentication key in a write-once register in the persistent mode.

In example 12, the subject matter of examples 8-13 (other than this example) can optionally include: resetting a resettable write counter configured to count write operations to the protected memory in the transient mode and to count write operations to the protected memory in the persistent mode in a non-resettable write counter.

In example 13, the subject matter of examples 8-13 (other than this example) can optionally include: the protected memory controller responds to a set of transient modes of request messages in the transient mode, responds to a set of persistent modes of request messages in the persistent mode, and returns an error response message in response to receiving a request message of the set of transient modes of request messages while the protected memory controller is in the persistent mode.

Example 14 is an apparatus comprising means to perform a method as claimed in any preceding example.

Example 15 is an apparatus, comprising: a protected memory; and a protected memory controller component configured to control access to the protected memory, the protected memory controller component comprising mode logic configured to control access to the protected memory in a selected mode comprising a transient mode and a persistent mode, wherein the protected memory controller component is further configured to authenticate memory operations directed to the protected memory according to a reprogrammable authentication key in the transient mode and according to a one-time programmable authentication key in the persistent mode.

Example 16 is a computer program product for a computing system having protected memory and a protected memory controller, wherein the computer program product comprises a computer-readable storage medium having program instructions embodied therein, the program instructions executable by a processor of the computing system to cause operations comprising: controlling access to protected memory in selected modes including a transient mode in which memory operations directed to the protected memory are authenticated according to a reprogrammable authentication key and a persistent mode in which memory operations directed to the protected memory are authenticated according to a one-time programmable authentication key.

All optional features of any of the above systems and/or devices may also be implemented with respect to the above methods or processes, and the details of the examples may be used anywhere in one or more embodiments. Moreover, all optional features of the methods or processes described above may also be implemented with respect to any of the systems and/or devices described above, and the details of the examples may be used anywhere in one or more embodiments.