公开(公告)号：US11741234B2

公开(公告)日：2023-08-29

申请号：US17321764

申请日：2021-05-17

申请人： Intel Corporation

发明人： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC分类号： G06F21/57 ,  H04L29/06 ,  G06F21/60 ,  G06F9/455 ,  G06F21/74

CPC分类号： G06F21/575 ,  G06F9/45558 ,  G06F21/602 ,  G06F21/74 ,  G06F2009/45562 ,  G06F2009/45587

摘要： Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US10901772B2

公开(公告)日：2021-01-26

申请号：US16380717

申请日：2019-04-10

申请人： Intel Corporation

发明人： Gilbert Neiger ,  Mayank Bomb ,  Manohar Castelino ,  Robert Chappell ,  David Durham ,  Barry Huntley ,  Anton Ivanov ,  Madhavan Parthasarathy ,  Scott Rodgers ,  Ravi Sahita ,  Vedvyas Shanbhogue

IPC分类号： G06F9/455 ,  G06F9/30 ,  G06F9/48 ,  G06F11/07

摘要： Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.

公开(公告)号：US20210390186A1

公开(公告)日：2021-12-16

申请号：US17321764

申请日：2021-05-17

申请人： Intel Corporation

发明人： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC分类号： G06F21/57 ,  G06F21/60 ,  G06F9/455 ,  G06F21/74

摘要： Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US11017092B2

公开(公告)日：2021-05-25

申请号：US16144325

申请日：2018-09-27

申请人： Intel Corporation

发明人： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC分类号： G06F21/57 ,  H04L29/06 ,  G06F21/60 ,  G06F9/455 ,  G06F21/74

摘要： Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US10963281B2

公开(公告)日：2021-03-30

申请号：US16148245

申请日：2018-10-01

申请人： Intel Corporation

发明人： Kai Wang ,  Bing Zhu ,  Peng Zou ,  Manohar Castelino

IPC分类号： G06F9/455 ,  G06F9/50

摘要： Memory security technologies are described. An example processing device includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can determine that an exit condition to transfer control of a resource for a processor core from a first virtual machine monitor (VMM) to a second VMM has occurred. The processor core can also determine whether a control virtual machine control structure (VMCS) link pointer is valid. The processor core can also determine whether a reason value corresponding to the control VMCS link pointer is set. The processor core can also determine whether the reason value is set to zero. The processor core can also determining whether an exception bit corresponding to a specific exception type of a reason value is set. The processor core can also transfer a control of the resource from the first VMM to the second VMM.

公开(公告)号：US10146570B2

公开(公告)日：2018-12-04

申请号：US15118844

申请日：2015-09-25

申请人： INTEL CORPORATION ,  Kai Wang ,  Bing Zhu ,  Peng Zou ,  Manohar Castelino

发明人： Kai Wang ,  Bing Zhu ,  Peng Zou ,  Manohar Castelino

IPC分类号： G06F9/455 ,  G06F9/50

摘要： Memory security technologies are described. An example processing device includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can determine that an exit condition to transfer control of a resource for a processor core from a first virtual machine monitor (VMM) to a second VMM has occurred. The processor core can also determine whether a control virtual machine control structure (VMCS) link pointer is valid. The processor core can also determine whether a reason value corresponding to the control VMCS link pointer is set. The processor core can also determine whether the reason value is set to zero. The processor core can also determining whether an exception bit corresponding to a specific exception type of a reason value is set. The processor core can also transfer a control of the resource from the first VMM to the second VMM.

公开(公告)号：US20170109192A1

公开(公告)日：2017-04-20

申请号：US15391576

申请日：2016-12-27

申请人： Intel Corporation

发明人： Gilbert Neiger ,  Mayank Bomb ,  Manohar Castelino ,  Robert Chappell ,  David Durham ,  Barry Huntley ,  Anton Ivanov ,  Madhavan Parthasarathy ,  Scott Rodgers ,  Ravi Sahita ,  Vedvyas Shanbhogue

IPC分类号： G06F9/455 ,  G06F9/48

CPC分类号： G06F9/45558 ,  G06F9/30076 ,  G06F9/45533 ,  G06F9/4555 ,  G06F9/4812 ,  G06F11/07 ,  G06F2009/45583

摘要： Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.

公开(公告)号：US10296366B2

公开(公告)日：2019-05-21

申请号：US15391576

申请日：2016-12-27

申请人： Intel Corporation

发明人： Gilbert Neiger ,  Mayank Bomb ,  Manohar Castelino ,  Robert Chappell ,  David Durham ,  Barry Huntley ,  Anton Ivanov ,  Madhavan Parthasarathy ,  Scott Rodgers ,  Ravi Sahita ,  Vedvyas Shanbhogue

IPC分类号： G06F9/455 ,  G06F9/48 ,  G06F11/07

摘要： Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.

公开(公告)号：US20190042759A1

公开(公告)日：2019-02-07

申请号：US16144325

申请日：2018-09-27

申请人： Intel Corporation

发明人： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC分类号： G06F21/57 ,  G06F21/60 ,  G06F9/455

摘要： Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US09563455B2

公开(公告)日：2017-02-07

申请号：US14064759

申请日：2013-10-28

申请人： Intel Corporation

发明人： Gilbert Neiger ,  Mayank Bomb ,  Manohar Castelino ,  Robert Chappell ,  David Durham ,  Barry Huntley ,  Anton Ivanov ,  Madhavan Parthasarathy ,  Scott Rodgers ,  Ravi Sahita ,  Vedvyas Shanbhogue

IPC分类号： G06F9/455 ,  G06F11/07

CPC分类号： G06F9/45558 ,  G06F9/30076 ,  G06F9/45533 ,  G06F9/4555 ,  G06F9/4812 ,  G06F11/07 ,  G06F2009/45583

摘要： Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.

摘要翻译： 公开了用于虚拟化异常的发明的实施例。 在一个实施例中，处理器包括指令硬件，控制逻辑和执行硬件。 指令硬件是接收多个指令，包括进入虚拟机的指令。 控制逻辑是为了响应在虚拟机内发生的特权事件来确定是否生成虚拟化异常。 执行硬件是响应于控制逻辑确定生成虚拟化异常来生成虚拟化异常。