US20130024637A1

US20130024637A1 - Memory access unlock

Info

Publication number: US20130024637A1
Application number: US13/459,523
Authority: US
Inventors: Ted A. Hadley
Original assignee: Hewlett Packard Development Co LP
Current assignee: Hewlett Packard Enterprise Development LP
Priority date: 2011-07-18
Filing date: 2012-04-30
Publication date: 2013-01-24
Also published as: WO2013012444A1; US20140165206A1; US9418027B2; CN103890852A; US20140164793A1; CN103733204A; WO2012177295A1; US9483422B2; US8930154B2; EP2734903A1; US20140223113A1; US20140156961A1; WO2013012447A1; EP2734951A4; WO2013012461A1; CN103688269A; EP2734903B1; US20130024716A1; EP2734951A1; US20130024143A1

Abstract

In one implementation, a controller is provided such that when an operation is performed at a first memory location, the controller unlocks access to a second memory location.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. provisional patent application no. 61/509,078, filed on Jul. 18, 2011, which is hereby incorporated by reference herein in its entirety.

BACKGROUND

Memories are used within computing devices to store data. For example, data are stored and accessed within computing devices such as personal computers, notebook and laptop computers, smartphones, personal digital assistants (“PDAs”), tablet and slate devices, personal entertainment devices such as MP3 players and media players, set-top boxes, gaming consoles, appliances, embedded devices, smart meters, and other computing devices at memories such as random-access memories (“RAMs”).
Typically, data stored at RAMs or other memories of a computing device are accessed by a processor and some operation is performed by the processor based on the data. For example, an encryption key may be stored at a memory and a processor may access the encryption key to encrypt or decrypt a document.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1-4 are example schematic block diagrams of computing devices including memory control modules and a selector, according to one or more implementations.

FIG. 5 is an example illustration of address decode logic, memory cell and access lock, according to an implementation.

FIG. 6 is an example illustration of address decode logic, memory cell and access lock, according to an implementation.

FIG. 7 is an example illustration of a memory having a plurality of memory map spaces, according to an implementation.

FIG. 8 is an example illustration of address decode logic, memory cell and access lock, according to an implementation.

FIG. 9 is an example flowchart of a process to unlock access to memory based on an operation at a control register, according to an implementation.

FIG. 10 is an example flowchart of a process to unlock access to memory based on an operation at a control register, according to an implementation.

DETAILED DESCRIPTION

In a microprocessor-based system, which performs cryptography or manages cryptographic keys, steps may be taken to protect one or more keys stored in memory. However, due to software bugs, malware, etc., data stored in a memory region which holds the key(s) may be accidentally transmitted out of a computing device, for example, via an Ethernet port, and thus, may completely invalidate all of the system security features.
This may occur where, for example, an I/O port, for example, Ethernet port, is configured to transmit a packet of data. In order to transmit the packet of data, a source address of the data and a length are configured into the hardware of the Ethernet port on the microprocessor, and the port is instructed to transmit. If either the address is wrong and points to the key storage memory, or nearby instead, or if the length is too long and the transmit packet is adjacent to the keys in memory, then the key(s) may be transmitted out of the computing device.
As discussed herein, a memory access lock is provided which protects memory access. Software may manipulate a control register, and/or its contents, via an operation to the control register, to unlock access to memory or registers for read and/or write access. This access may be limited access, for example, limited to one read or write access or multiple read and/or write accesses.
In one implementation, a memory location, for example, a control register, or unlock register, that is located in a different memory map space than the memory location of the memory or registers being protected may be used. The term “control register” as used herein may be interpreted as a memory location.
Unlocked access may be automatically re-locked following the access. Alternatively, or in addition, a timeout may also be applied to automatically re-lock access to the memory.
When used, for example, in a microprocessor, a lock protects memory or register accesses which may be unlocked by software in accordance with expected operation of the software, but is difficult to defeat by such things as malware, software bugs and DMA-like hardware including DMA, ethernet controllers, etc.
Examples provided herein describe a memory access lock with respect to a secure key stored in memory. However, the memory access lock may be implemented for any type of data stored in memory.
Further, as discussed herein, unlocking memory means providing access to memory which was initially locked, i.e., access to the memory is not permitted.
FIGS. 1-4 are schematic block diagrams of computing devices including a memory access lock, according to one or more implementations. Although various implementations of computing devices and memory control modules are illustrated at FIGS. 1-4, these examples are not exhaustive and memory access locks, systems, and processes discussed herein are applicable to other computing devices or systems not illustrated in FIGS. 1-4.
FIG. 1 illustrates a computing device that includes a memory control module with an integrated memory. Computing device 100 includes processor 110, communication interface 120, memory 130, and memory control module 140. Processor 110 is any of a variety of processors. For example, processor 110 may be a general-purpose processor or an application-specific processor implemented as a hardware module and/or a software module hosted at a hardware module. A hardware module may be, for example, a microprocessor, a microcontroller, an application-specific integrated circuit (“ASIC”), a programmable logic device (“PLD”) such as a field programmable gate array (“FPGA”), and/or other electronic circuits that perform operations. A software module may be, for example, instructions, commands, and/or codes stored at a memory and executed at another processor. Such a software module may be defined using one or more programming languages such as Java™, C++, C, an assembly language, a hardware description language, and/or another suitable programming language. For example, a processor may be a virtual machine hosted at a computer server including a microprocessor and a memory.
In some implementations, processor 110 may include multiple processors. For example, processor 110 may be a microprocessor including multiple processing engines (e.g., computation, algorithmic or thread cores). As another example, processor 110 may be a computing device including multiple processors with a shared clock, memory bus, input/output bus, and/or other shared resources. Furthermore, processor 110 may be a distributed processor. For example, processor 110 may include multiple computing devices, each including a processor, in communication one with another via a communications link such as a computer network.
Processor 110 is operatively coupled to communications interface 120, memory 130, and memory control module 140. Typically, as illustrated in FIG. 1, memory 130 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 110 during operation of computing device 100. For example, memory 130 includes instructions that define operating system 131, device drivers 132, and applications 133 (e.g., software application programs). In other words, operating system 131, device drivers 132, applications 133, and other software modules stored as instructions (not shown) at memory 130 and executed at processor 110 are hosted at computing device 100. Applications 133 may include, for example, an application software module, a hypervisor, a virtual machine module, or an environment such as a runtime environment or virtual machine instance. As a specific example, applications 133 may include a cryptographic service such as a file encryption application.
In some embodiments, memory 130 is a volatile memory and computing device 100 includes a non-volatile (or non-transient) memory or processor-readable medium (not shown) such as a hard disk drive (“HDD”), a solid-state drive (“SSD”), a FLASH drive, or is in communication with a data storage service (e.g., via communications interface 120 and a communications link such as a communications network) at which software applications (e.g., computer codes or instructions that implement software applications when executed at a processor), data, or combinations thereof may be stored and accessed by processor 110. Such software applications, data, or combinations thereof may be moved or copied to memory 130 by processor 110 and accessed by processor 110 at memory 130 during operation of computing device 100.
Examples of processor-readable media include, but are not limited to: magnetic storage media such as a hard disk, a floppy disk, and/or magnetic tape; optical storage media such as a compact disc (“CD”), a digital video disc (“DVDs”), a compact disc read-only memory (“CD-ROM”), and/or a holographic device; magneto-optical storage media; non-volatile memory such as read-only memory (“ROM”), programmable read-only memory (“PROM”), erasable programmable read-only memory (“EPROM”), electronically erasable read-only memory (“EEPROM”), and/or FLASH memory; and random-access memory (“RAM”). Examples of computer code include, but are not limited to, micro-code or micro-instructions, machine instructions, such as produced by a compiler, and files containing higher-level instructions that are executed by a computer using an interpreter. For example, an implementation may be implemented using Java™, C++, or other object-oriented programming language and development tools. Additional examples of computer code include, but are not limited to, control signals, encrypted code, and compressed code.
Communications interface 120 is an interface accessible to processor 110 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link. In other words, communications interface 120 may receive data from processor 110 and transmit symbols representing those data via a communications link. Moreover, communications interface 120 may receive symbols from other communications interfaces via a communications link and send data represented by those symbols to processor 110. For example, communications interface 120 may be a telephone network interface, a twisted-pair network interface, a coaxial network interface, a fiber-optic network interface, a wireless network interface such as a wireless local area network (“WLAN”) or a cellular network, or some other network or communications interface.
Memory control module 140 includes memory controller 144 and memory 141 at which key 145 is stored. Memory controller 144 includes circuitry, software hosted at that circuitry, or a combination thereof to provide an access lock 150 for key 145 in memory 141, as discussed more fully below. Access to key 145 may be unlocked based on an operation to a control register, or unlock register, in memory.
Key 145 is a data set such as a cryptographic key that is accessed by processor 110 for use within one or more of applications 133 such as a cryptographic service hosted at computing device 100. In other words, processor 110 may request key 145 at memory control module 140, the memory control module 140 providing access to key 145 in accordance with lock 150, use key 145 to perform a cryptographic process based on instructions or codes stored at memory 130, and discard key 145.
FIG. 2 illustrates a computing device and a memory control module with an integrated memory in communication with the computing device. Computing device 200 includes processor 210, communication interface 220, and memory 230.
Processor 210 is operatively coupled to communications interface 220, and memory 230. Typically, as illustrated in FIG. 2, memory 230 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 210 during operation of computing device 210 similar to those discussed above in relation to FIG. 1. Moreover, communications interface 220 is an interface accessible to processor 210 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link as discussed above in relation to FIG. 1.
Memory control module 240 is separate (or separable) from computing device 200 and includes memory controller 244 and memory 241 at which key 245 is stored. Memory controller 244 includes circuitry, software hosted at that circuitry, or a combination thereof to provide an access lock 250 to key 245 in memory 241. Access to key 245 may be unlocked based on an operation to a control register, or unlock register, in memory. For example, memory controller 244 may be a processor at memory control module 240.
Key 245 is a data set such as a cryptographic key that is accessed by computing device 200 for use within one or more of applications 233 such as a cryptographic service hosted at computing device 200. For example, computing device 200 may be in communication with memory control module 240 via an interface (not shown) such as a USB interface, a network (e.g., Ethernet) interface, or some other interface. In other words, processor 210 may request key 245 at memory control module 240, the memory control module 240 providing access to key 245 in accordance with lock 250, use key 245 to perform a cryptographic process based on instructions or codes stored at memory 230, and discard key 245.
FIG. 3 illustrates a computing device hosting a memory control module. Computing device 300 includes processor 310, communication interface 320, and memory 330. Processor 310 is operatively coupled to communications interface 320, and memory 330. Communications interface 320 is an interface accessible to processor 310 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link as discussed above in relation to FIG. 1. Moreover, as illustrated in FIG. 3, memory 330 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 310 during operation of computing device 310 similar to those discussed above in relation to FIG. 1.
Memory 330 also includes memory control module 340, and key 345. That is, memory control module 340 is hosted at processor 310. In other words, instructions or codes that define memory control module 340 are accessed at memory 330 by processor 310 and executed or interpreted by processor 310 to provide an access lock 350 to key 345 at memory 330. Access to key 345 may be unlocked based on an operation to a control register, or unlock register, in memory.
FIG. 4 illustrates a computing device including a memory control module. Computing device 400 includes processor 410, communication interface 420, memory 430, and memory control module 440. Processor 410 is operatively coupled to communications interface 420 and memory control module 440. Communications interface 420 is an interface accessible to processor 410 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link as discussed above in relation to FIG. 1. Moreover, as illustrated in FIG. 4, memory 430 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 410 during operation of computing device 410 similar to those discussed above in relation to FIG. 1.
Memory control module 440 includes circuitry, software hosted at that circuitry, or a combination thereof to implement a memory access lock 450 to key 445 in memory 430. Access to key 445 may be unlocked based on an operation to a control register, or unlock register, in memory.
Processor 410 accesses memory 430 via memory control module 440. More specifically, processor 410 requests access to data values at memory 430 from (or at) memory control module 440. That is, processor 410 provides a request for data values to memory control module 440, memory control module 440 accesses those data values at memory 430, and provides the requested data values to processor 410.
FIG. 5 is an example illustration of address decode logic, a memory cell, and an access lock according to an implementation. As show in FIG. 5, address decode logic 502 provides the microprocessor access to locations in memory. The microprocessor produces an address on address bus 504, the address corresponding to memory cell 506. The /Memory 520 output from the address decode logic 502 produces an active-low signal. The active-low /Memory decode signal is gated through OR gates 508 to allow the active/Read or /Write signal to control the memory cell. /Read and /Write in this example are mutually exclusive, and controlled by the microprocessor core. If the access is a memory write, then /Write will go low; otherwise for a memory read, /Read will go low.
OR gates 508 have three inputs each. A /Read signal or a /Write signal, a /Memory decode signal, and an inhibit signal controlled by flip-flop 510. The inhibit signal controlled by flip-flop 510 may disallow the progression of /Read and /Write to the memory cell. In this example, flip-flop 510 has two defined inputs, an active-high Unlock 512 and a rising-edge Relock 514.
When an active-high level occurs at the unlock input 512, flip-flop 510 sets, and /Read and /Write are allowed to access memory 506. Memory 506 may access the data in the memory cell via bus 507. As the unlock input 512 is controlled by a flip-flop (not shown), the unlock state is retained until relocked.
If flip-flop 510 is not set, /Read and /Write are inhibited and access to memory cell 506 is locked in a disabled state.
When a rising edge appears at the relock input 514, the flip-flop 510 resets and /Read and /Write are again inhibited. As the relock 514 is controlled by a flip-flop (not shown), the locked state is retained until unlocked.
When the memory access is complete, the /Memory signal returns to logic 1, which in turn forces the outputs of the OR gate to their inactive logic-1 states.
It may be appreciated that different controls may be input into unlock active high 512. For example, Unlock is controlled by any address decode circuit connected to the address bus (not shown). Thus, whenever code in the microprocessor addresses the location in the memory map which decodes to assert Unlock, then the inhibit output from flip-flop 510 is released and the memory cell can be addressed. The source of the Re-lock signal may be anything that is guaranteed to follow the /Memory access to the memory cell, including /Memory itself (the de-assertion at the end of the access cycle), timers, etc., as shown in later figures.
In this example, relocking of the memory access is not automatic. FIG. 6 depicts an example illustration where access to the memory is automatically relocked after access is made to the memory. Components in FIG. 6 are similar to those discussed with respect to those in FIG. 5, except as discussed herein. As shown in FIG. 6, address decode logic 602 provides the microprocessor access to locations in memory. The microprocessor produces an address on address bus 604, the address corresponding to memory cell 606. The /Memory output from the address decode logic 602 produces an active-low signal. The active-low /Memory decode signal is gated through OR gates 608 to allow the active /Read or /Write signal to control the memory cell. /Read and /Write in this example are mutually exclusive, and controlled by the microprocessor core. If the access is a memory write, then /Write will go low; otherwise for a memory read, /Read will go low.
OR gates 608 have three inputs each. A /Read signal or a /Write signal, a /Memory decode signal, and an inhibit signal controlled by flip-flop 610. The inhibit signal controlled by flip-flop 610 may disallow the progression of /Read and /Write to the memory cell.
Address decode logic 602 includes logic to decode a signal from address bus 604 corresponding to /UnlockReg 614. UnlockReg may be implemented as a control register or memory location that is used to trigger the unlocking of access to a memory location.
NOR gate 612 receives two inputs, /UnlockReg 614 from address decode logic 602 and /Write 616. NOR gate 612 logically combines the address decode for /UnlockReg with the /Write 616 control. The output of NOR gate 612 provides the input to flip-flop 610 and is used to set the lock control of flip-flop 610.
Flip-flop 610 receives the output from NOR gate 612. Thus, when a write operation is made to the UnlockReg register in memory, the flip-flop 612 may be set to unlock access to memory cell 606. In other words, the output of flip-flop 610 is input to OR gates 608 thereby unlocking access to memory cell 608. A read or write operation may then be made to memory cell 606 where the memory location is accessed through memory bus 607.
As shown in FIG. 6, an additional input to flip-flop 612 is /Memory signal 620. After access to the memory cell 608 completes and the decode returns to its quiescent active-high state, a rising edge is produced at the relock control and flip-flop 610 resets. Access to the memory cell 608 is relocked.
Thus, in this example, when there is a write operation to UnlockReg register in memory, this unlocks access to the memory cell for a single access. Once access is made, access to the memory cell is locked.
It may be appreciated that access may be granted for one or more accesses.
It may be appreciated an alternative to this example may be a read operation instead of a write operation, where the input to NOR gate 612 is /Read, instead of /Write 616.
It may further be appreciated that the operation may be a write operation of a predetermined value in the unlock register.
It may further be appreciated that there may be different unlock registers to memory locations having odd and even addresses. For example, an unlock register in a first location may be used to unlock a memory location having an odd number address. An unlock register in a second location may be used to unlock a memory location having an even number address.
It may be further appreciated that the unlock register may be located in a memory map space that is separate, or different, from the memory map space where the memory cell is located. FIG. 7 depicts an example memory as discussed herein. As shown in FIG. 7, memory 700 includes a first memory map space 702 and a second memory map space 704. As can be seen from FIG. 7, memory map space 702 is physically spaced away from memory map space 704. Alternatively, memory map space 702 may be adjacent to memory map space 704. Memory map space 702 includes a plurality of memory locations, including memory location 706. Memory location 706 may be implemented as, for example, a memory location, for example, an unlock register, a control register, etc. Memory map space 704 includes a plurality of memory locations, including memory location 708. Memory location 708 may be implemented as a location in memory to be locked. It may be appreciated that memory locations 706 and 708 may be located anywhere in memory map spaces 702 and 704 respectively.
Thus, when an operation, for example, a read operation, write operation, etc., is made to memory location 706, access to memory location 708 may be unlocked.
In another implementation, multiple memory locations, for example, unlock registers may be utilized for different types of memory access. For example, an unlock register, i.e., a first memory location, may trigger unlocking for access to the memory cell for a write operation. An unlock register, i.e., another memory location, may trigger unlocking access to the memory cell for a read operation.
In another implementation, more than one access to the memory cell may be permitted for an unlock cycle. For example, a predetermined number of operations may be permitted to the unlocked memory location when an operation is performed at the unlock register.
FIG. 8 depicts an example illustration where access to the memory is automatically relocked after a period of time. Components in FIG. 8 are similar to those discussed with respect to those in FIG. 6, except as discussed herein. As shown in FIG. 8, address decode logic 802 provides the microprocessor access to locations in memory. The microprocessor produces an address on address bus 804, the address corresponding to memory cell 806. The /Memory 820 output from the address decode logic 802 produces an active-low signal. The active-low /Memory decode signal is gated through OR gates 808 to allow the active /Read or /Write signal to control the memory cell. /Read and /Write in this example are mutually exclusive, and controlled by the microprocessor core. If the access is a memory write, then /Write will go low; otherwise for a memory read, /Read will go low.
OR gates 808 have three inputs each. A /Read signal or a /Write signal, a /Memory decode signal, and an inhibit signal controlled by flip-flop 810. The inhibit signal controlled by flip-flop 810 may disallow the progression of /Read and /Write to the memory cell.
Address decode logic 802 includes logic to decode a signal from address bus 804 corresponding to /UnlockReg 814. UnlockReg may be implemented as a control register or memory location that is used to trigger the unlocking of access to another memory location.
NOR gate 812 receives two inputs, /UnlockReg 814 from address decode logic 802 and /Write 816. NOR gate 812 logically combines the address decode for /UnlockReg 814 with the /Write 816 control. The output of NOR gate 812 provides an input to delay counter 822. In addition, delay clock signal 824 is input to delay counter 822. Delay counter 822 may be implemented as a standard 2ⁿ-type, which products a short negative pulse when it overflows, for example, 2 ⁿcounts from reset. The overflow is combined with the memory address decode /Memory 820 for the relock. Thus, when the write to the unlock register takes place, the /UnlockReg 814 signal is input into NOR gate 812, thus resetting the counter. When the counter overflows, the overflow output is input to AND gate 826 and input to flip-flop 810, thus locking access.
In this example, a write to the unlock register unlocks the memory similar to the other examples set forth above. In addition, completion of the memory access relocks the memory access similar to the other examples set forth above, as the /Memory signal 820 is input to AND gate 826 thereby relocking the flip-flop.
By selecting a choice of counter size and delay clock frequency, any delay, in addition to direct access can be used to automatically relock access to the memory.
Choices of delay clock 824 may include, for example, real time input, central processing unit (CPU) clock, and an instruction fetch control signal. When a real-time input is used, it may be derived from a source other than the CPU's clock, and may allow a fixed time delay, e.g., 10 μs, which may remain constant regardless of the microprocessor speed, thus permitting a lock after an absolute time period.
When the CPU clock is used for the delay clock source, the delay is directly proportional to the operating speed of the microprocessor, e.g., 128 cycles, which would remain constant regardless of the clock frequency, but whose actual time would vary with the CPU clock, thus permitting locking after a processor-relative time period.
Another clock source may be the CPU instruction fetch signal. In this example, the delay may be operational, e.g., 128 instructions. In this way, the amount of code between unlock and re-lock is constant, thus permitting locking after a work time period.
As in the above examples, the output of flip-flop 810 is input to OR gates 808 thereby unlocking access to memory cell 806. A read or write operation may then be made to memory cell 806 where the memory location is accessed through memory bus 807.
Thus, in this example, when there is a write operation to UnlockReg register in memory, this unlocks access to the memory cell for a single access. Once access is made, access to the memory cell is locked. In addition, access to the memory cell is locked after a predetermined number of clock cycles.
It may be appreciated an alternative to this example may be a read operation instead of a write operation, where the input to NOR gate 812 is /Read, instead of /Write 816.
FIG. 9 is a flowchart of a process to unlock access to a memory region, for example a memory location, according to an implementation. Process 900 may be implemented as a hardware module, as a software module hosted at a computing device, or as a combination thereof. For example, process 900 may be implemented as application-specific circuitry or as a software module including instructions stored at a memory and executed at a processor in communication with the memory. More specifically, for example, process 900 may be implemented at a memory control module.
As shown in FIG. 9, a signal may be received indicating an operation has been performed at a control register (902). This signal may be received at a controller, the controller controlling access to one or more memory locations. Access to a memory region may be unlocked based on the operation that was performed at the control register (904).
Access to the memory region may be unlocked for one or more accesses to the memory region.
Access to the memory region may be automatically relocked, for example, after the one or more accesses to the memory region, after a predetermined period of time, the predetermined period of time based on one of a processor-relative time period, an absolute time period, a work time period, etc.
FIG. 10 is a flowchart of a process to unlock access to a memory region, for example a memory location, and to relock access to a memory region, according to an implementation. Process 1000 may be implemented as a hardware module, as a software module hosted at a computing device, or as a combination thereof. For example, process 1000 may be implemented as application-specific circuitry or as a software module including instructions stored at a memory and executed at a processor in communication with the memory. More specifically, for example, process 1000 may be implemented at a memory control module.
As shown in FIG. 10, a signal may be received indicating an operation has been performed at a control register (1002). This signal may be received at a controller, the controller controlling access to one or more memory locations. Access to a memory region may be unlocked based on the operation that was performed at the control register (1004).
An indication may be received to relock access to the memory region (1006). This indication may be based on, for example, an indication that one or more predetermined number of operations have been performed at the unlocked memory region, that a predetermined time period has elapsed, the predetermined time period being one of absolute time, work time, or a process-relative time period, etc.
After receipt of the indication to lock access to the memory region, access to the memory region may be relocked (1008). Thus, any further operations to the locked memory region are inhibited.
Although process 100 is discussed above with reference to an example environment within a memory control module, process 100 is applicable within other environments.

Claims

1. An apparatus, comprising:

a memory having a first and second memory location, the first memory location being in a first memory map space and the second memory location being in a second memory map space; and

a controller operatively coupled to the memory to unlock access to the second memory location based on an operation to the first memory location.

2. The apparatus of claim 1, wherein the controller is further to:

automatically lock access to the second memory location a predetermined period of time after access has been unlocked, wherein the predetermined period of time is one of a processor-relative time period, an absolute time period, and a work time period.

3. The apparatus of claim 1, where the controller is further to:

automatically lock access to the second memory location after completion of an operation to the second memory location.

4. The apparatus of claim 1, further comprising:

a third memory location, wherein

the controller unlocks access to the second memory location for a write operation based on the operation to the first memory location; and

the controller unlocks access to the second memory location for read operation based on an operation to the third memory location.

5. The apparatus of claim 1, wherein the controller is to permit a predetermined number of operations to the second memory location after the access to the second memory location is unlocked.

6. An apparatus, comprising:

a controller to unlock access to a first memory location in a first memory map space based on an operation to a second memory location in a second memory map space.

7. The apparatus of claim 6, further comprising:

a clock; and

a counter to count clock cycles;

wherein the controller is to automatically lock access to the first memory location after a predetermined number of counted clock cycles.

8. The apparatus of claim 6, wherein the operation is a write operation to the second memory location.

9. The apparatus of claim 6, wherein the operation is a read operation to the second memory location.

10. The apparatus of claim 6, wherein the write operation includes writing a predetermined value to the second memory location.

11. The apparatus of claim 6, the apparatus further including:

a third memory location, wherein

if the first memory location is an odd number address, the controller is to unlock access to the first memory location based on an operation to the second memory location; and

if the first memory location is an even number address, the controller is to unlock access to the first memory location based on an operation to the third memory location.

12. The apparatus of claim 6, the controller to:

automatically lock access to the unlocked first memory location.

13. A method, comprising:

receiving a signal indicating an operation has been performed at a control register; and

unlocking access to a memory region based on the operation that has been performed at the control register.

14. The method of claim 13, further comprising:

automatically locking access to the memory region after one of an operation to the memory region and a predetermined time period after unlocking access to the memory region.

15. The method of claim 13, further comprising:

unlocking access to the second memory location for a write operation based on the operation to the first memory location; and