An apparatus including (i) a processor including a plurality of main buffer on board (BOB) memory controllers (MCs) and a secure engine, (ii) a plurality of simple BOB MCs, (iii) a secure delegator, and (iv) a plurality of memory modules. The secure delegator coupled to a first main BOB MC and a first simple BOB MC creates a secure channel. A second main BOB MC coupled to a second simple BOB MC creates a non-secure channel. The plurality of main BOB MCs, the secure engine and the secure delegator are provided within a trusted computing base (TCB) of the apparatus and the plurality of simple BOB MCs and the plurality of memory modules are provided outside the TCB. The secure delegator is configured to: (i) secure communication between the first main BOB MC and the secure delegator, and (ii) perform Path ORAM accesses to the plurality of memory modules.