公开(公告)号：US20170075717A1

公开(公告)日：2017-03-16

申请号：US15360012

申请日：2016-11-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dan Chen ,  Wei Wang ,  Kangkang Shen

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/455 ,  G06F2009/4557

Abstract: A virtual trusted platform module function implementation method is provided, the method is executed at an exception level EL3 of a processor that uses an ARM V8 architecture, and the method includes: generating, according to requirements of one or more VMs, one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, where each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and interacting with a VMM and the VM, so that the VM acquires a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance, and the VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address.

Abstract translation: 提供了一种虚拟可信平台模块功能实现方法，该方法在使用ARM V8架构的处理器的异常级EL3上执行，该方法包括：根据一个或多个VM的要求，生成一个或多个vTPM 与每个VM对应的实例，并将所生成的一个或多个vTPM实例存储在预设的安全空间中，其中每个vTPM实例具有用于与其自身对应的VM使用的专用实例通信队列，并且物理地址被分配给每个实例通信队列 ; 并且与VMM和VM进行交互，使得VM在VM虚拟地址空间中获取对应于vTPM实例的通信队列物理地址的VM通信队列虚拟地址，并且VM通过vTPM实例通信队列通信 使用VM通信队列虚拟地址。

公开(公告)号：US10338949B2

公开(公告)日：2019-07-02

申请号：US15360012

申请日：2016-11-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dan Chen ,  Wei Wang ,  Kangkang Shen

IPC: G06F9/46 ,  G06F9/455

Abstract: A virtual trusted platform module function implementation method is provided, the method is executed at an exception level EL3 of a processor that uses an ARM V8 architecture, and the method includes: generating, according to requirements of one or more VMs, one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, where each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and interacting with a VMM and the VM, so that the VM acquires a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance, and the VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address.