WO2012148255A1 - An apparatus and method for determining level of integrity in a virtual trusted platform module - Google Patents
An apparatus and method for determining level of integrity in a virtual trusted platform module Download PDFInfo
- Publication number
- WO2012148255A1 WO2012148255A1 PCT/MY2012/000088 MY2012000088W WO2012148255A1 WO 2012148255 A1 WO2012148255 A1 WO 2012148255A1 MY 2012000088 W MY2012000088 W MY 2012000088W WO 2012148255 A1 WO2012148255 A1 WO 2012148255A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virtual
- components
- pcr
- trusted
- vmm
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Definitions
- the present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
- VMM virtual machine monitor
- vTPM virtual Trusted Platform Module
- VPCR virtual PCR
- TPM Trusted Platform Module
- the VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in 15 number and may be given general names (UUIDs) that are less likely to collide.
- UUIDs general names
- the VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. However, integrity of virtual machine monitors from point to point is not addressed in this document.
- a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module includes the steps of measuring the plurality of VMM components, loading all related components to run; selecting a virtual core root of trusted measurement (vCRTM), executing vCRTM measuring module, measuring all other VMM components and extending measurements into platform configuration register (PCR).
- vCRTM virtual core root of trusted measurement
- PCR platform configuration register
- an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) the apparatus includes a Virtual Machine Monitor (VMM) which further includes a manager, wherein the manager includes a plurality of virtual modules.
- VMM Virtual Machine Monitor
- Figure 1 illustrates an architectural block diagram of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention
- FIG. 2 illustrates a flowchart of a method of determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention.
- vTPM virtual Trusted Platform Module
- the present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
- VMM virtual machine monitor
- vTPM virtual Trusted Platform Module
- FIG. 2 illustrates a flow chart showing a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
- the method includes the steps of measuring the plurality of VMM components (201), loading all related components to run (202), selecting a virtual core root of trusted measurement (vCRTM) (203), executing vCRTM measuring module (204, 205), measuring all other VMM components and extending measurements into platform configuration register (PCR) (210).
- the step of extending measurements into platform configuration register (PCR) (210) further includes hashing integrity measurement and storing measurements into PCR.
- the method includes the steps of selecting trusted manager measure (206) upon loading components to run (202), executing measuring virtual modules (207), measuring all other VMM components and extending measurements into PCR (210).
- the method includes the steps of selecting external measure (208) upon loading components to run (202), executing measuring external measure virtual modules (209), measuring all other VMM components and extending measurements into PCR (210).
- the step of extending measurements into PCR (210) further includes the steps of hashing integrity measurement and storing measurements into PCR.
- Measuring the plurality of VMM is a step to measure all the components in the VMM.
- a virtual machine Manager loads all related components to run including configurations. If vCRTM measure is selected, Trusted Manager measure vCRTM Modules steps are executed to load vCRTM module, measure vCRTM and pass control to the vCRTM.
- vCRTM Measure Virtual Modules is a step to initialize the core root of trust measurement (CRTM), measuring the CRTM and then measure other VMM components. If Trusted Manager Measure is selected, Trusted Manager Measure Virtual Modules steps are executed to measure virtual modules and then measure other VMM components.
- the Trusted Manager is an internal entity that has been subjected with trusted codes which can be verified by other parties such as privacy CA or a producer of source codes. If external measure is selected, external measure virtual modules steps are executed to measure virtual modules and then measure other VMM components.
- the external measure is a trusted external entity such as third parties or Host OS services that perform integrity measurement.
- Extending Measurement into PCRs is a step to hash such as SHA1 the integrity measurement and then store (TPM_Extend) these measurements into PCRs. These integrity measurements in the PCRs represent state of the VMM and are used by upper layer services such as OS, application to run at trusted states.
- FIG 1 shows architecture of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM).
- the apparatus includes a Virtual Machine Monitor (VMM) (101) which further includes a manager (103), wherein the manager (103) includes a plurality of virtual modules (104).
- the plurality of virtual modules (104) includes a virtual Trusted Platform Module (vTPM) and virtual core root of trusted measurement (vCRTM).
- FIG. 1 shows a diagram showing general components of the VMM that can be extracted as integrity measurement.
- This apparatus uses these measurements as a value (digest) to be stored (TPM_Extend) in PCR.
- TPM_Extend a value
- the VMM (101 ) is a virtualization tool with the purpose of providing virtual environment to run operating system (OS) and application.
- the Virtual Machine (VM) (102) executes programs like a real machine and this environment is isolated from other VM or Host OS.
- the manager (103) includes, but not restricted to, VM, Trusted, Storage and Translator manager modules to manage the VM and VM components.
- the Virtual Modules (104) components run within VM and provide virtual hardware such as BIOS, Display Card and Sound Card.
- Table 1 shows PCR usage for the vTPM in the virtual machine (VM). Usage of the PCR depends on PCR index as specified in TPM specification. These PCR index and usage represent the VM integrity measurement that is similar to the real hardware TPM.
- this method and apparatus provides virtual measurement for the vTPM by replacing hardware measurement to virtual modules (VM components) measurement. This method and apparatus pursues the TPM specification and deploys that specification to the virtual device.
- These virtual measurements can be generated via binary hash and properties base measurement of the virtual machine components and modules.
- Binary hash is a result of hashing process to the source codes, executable files, library files or object files and these result become a static measurement for mapping into PCRs.
- Properties base measurement is a result of hashing process of logic, semantic and properties of the source codes, executable files, library files or object files and these result become a dynamic measurement for mapping into PCRs.
- Formulas to generate and extend PCR value are:
- StaticJM HASH (Virtual Module X);
- DynamicJM HASH (PROPERTIES (Virtual Module X));
- HASH can be hashing algorithm
- PROPERTIES can be logic; semantic; behavior before, during, and after runtime; and properties of VMM Components and Modules
- IM can be StaticJM or DynamicJM integrity measurement and Y could be PCR Index.
- This invention is adapted for use in Virtual Trusted Platform Module (vTPM), virtualization technology and cloud computing to provide secured and trusted services to the client that runs on virtual machine.
- vTPM Virtual Trusted Platform Module
- the disclosed invention is suitable, but not restricted to, for use in measuring integrity and mapping data into PCRs.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Testing Or Calibration Of Command Recording Devices (AREA)
Abstract
A method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM), the method includes the steps of measuring the plurality of VMM components (201), loading all related components to run (202), selecting a virtual core root of trusted measurement (vCRTM) (203), executing vCRTM measuring module (204, 205), measuring all other VMM components and extending measurements into platform configuration register (PCR) (210).
Description
AN APPARATUS AND METHOD FOR DETERMINING A LEVEL OF INTEGRITY IN A
VIRTUAL TRUSTED PLATFORM MODULE
FIELD OF INVENTION
5 The present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
BACKGROUND OF INVENTION
10
US 20060212939 A1 describes a virtual PCR (VPCR) construct that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform Module (TPM). The VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in 15 number and may be given general names (UUIDs) that are less likely to collide. The VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. However, integrity of virtual machine monitors from point to point is not addressed in this document.
20 US 2007230504 A1 describes a method of generating a chain of trust for a virtual endpoint. The method performs a measurement of the virtual machine monitor and uses the measurement of the virtual machine monitor that is part of the chain of trust. However, this invention is restricted to only hardware TPM. The document is also silent after generation of chain of trust and no information is given on maintaining the chain of trust to
25 endpoint.
Therefore, a more holistic method of ensuring integrity of TPMs is required, which is not restricted to only hardware.
SUMMARY OF INVENTION
Accordingly, there is provided a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM), the method includes the steps of measuring the plurality of VMM components, loading all related components to run; selecting a virtual core root of trusted measurement (vCRTM), executing vCRTM measuring module, measuring all other VMM components and extending measurements into platform configuration register (PCR). There is further provided an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM), the apparatus includes a Virtual Machine Monitor (VMM) which further includes a manager, wherein the manager includes a plurality of virtual modules. The present invention consists of several novel features and a combination of parts hereinafter fully described and illustrated in the accompanying description and drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be fully understood from the detailed description given herein below and the accompanying drawings which are given by way of illustration only, and thus are not limitative of the present invention, wherein:
Figure 1 illustrates an architectural block diagram of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention; and
Figure 2 illustrates a flowchart of a method of determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM). Hereinafter, this specification will describe the present invention according to the preferred embodiment of the present invention. However, it is to be understood that limiting the description to the preferred embodiment of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.
The following detailed description of the preferred embodiment will now be described in accordance with the attached drawings, either individually or in combination. Figure 2 illustrates a flow chart showing a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM). The method includes the steps of measuring the plurality of VMM components (201), loading all related components to run (202), selecting a virtual core root of trusted measurement (vCRTM) (203), executing vCRTM measuring module (204, 205), measuring all other VMM components and extending measurements into platform configuration register (PCR) (210). The step of extending measurements into platform configuration register (PCR) (210) further includes hashing integrity measurement and storing measurements into PCR. As seen in Figure 2, the method includes the steps of selecting trusted manager measure (206) upon loading components to run (202), executing measuring virtual modules (207), measuring all other VMM components and extending measurements into PCR (210). In
another possibility, the method includes the steps of selecting external measure (208) upon loading components to run (202), executing measuring external measure virtual modules (209), measuring all other VMM components and extending measurements into PCR (210). The step of extending measurements into PCR (210) further includes the steps of hashing integrity measurement and storing measurements into PCR.
Measuring the plurality of VMM (201 ) is a step to measure all the components in the VMM. A virtual machine Manager loads all related components to run including configurations. If vCRTM measure is selected, Trusted Manager measure vCRTM Modules steps are executed to load vCRTM module, measure vCRTM and pass control to the vCRTM. vCRTM Measure Virtual Modules is a step to initialize the core root of trust measurement (CRTM), measuring the CRTM and then measure other VMM components. If Trusted Manager Measure is selected, Trusted Manager Measure Virtual Modules steps are executed to measure virtual modules and then measure other VMM components. The Trusted Manager is an internal entity that has been subjected with trusted codes which can be verified by other parties such as privacy CA or a producer of source codes. If external measure is selected, external measure virtual modules steps are executed to measure virtual modules and then measure other VMM components. The external measure is a trusted external entity such as third parties or Host OS services that perform integrity measurement. Extending Measurement into PCRs is a step to hash such as SHA1 the integrity measurement and then store (TPM_Extend) these measurements into PCRs. These integrity measurements in the PCRs represent state of the VMM and are used by upper layer services such as OS, application to run at trusted states.
Figure 1 shows architecture of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM). The apparatus
includes a Virtual Machine Monitor (VMM) (101) which further includes a manager (103), wherein the manager (103) includes a plurality of virtual modules (104). The plurality of virtual modules (104) includes a virtual Trusted Platform Module (vTPM) and virtual core root of trusted measurement (vCRTM).
Figure 1 shows a diagram showing general components of the VMM that can be extracted as integrity measurement. This apparatus uses these measurements as a value (digest) to be stored (TPM_Extend) in PCR. These PCR values represent the integrity of the VMM which is similar to hardware TPM measurement. The VMM (101 ) is a virtualization tool with the purpose of providing virtual environment to run operating system (OS) and application. The Virtual Machine (VM) (102) executes programs like a real machine and this environment is isolated from other VM or Host OS. The manager (103) includes, but not restricted to, VM, Trusted, Storage and Translator manager modules to manage the VM and VM components. The Virtual Modules (104) components run within VM and provide virtual hardware such as BIOS, Display Card and Sound Card.
Table 1
Table 1 shows PCR usage for the vTPM in the virtual machine (VM). Usage of the PCR depends on PCR index as specified in TPM specification. These PCR index and usage represent the VM integrity measurement that is similar to the real hardware TPM. In virtualization environment, this method and apparatus provides virtual measurement for
the vTPM by replacing hardware measurement to virtual modules (VM components) measurement. This method and apparatus pursues the TPM specification and deploys that specification to the virtual device. These virtual measurements can be generated via binary hash and properties base measurement of the virtual machine components and modules. Binary hash is a result of hashing process to the source codes, executable files, library files or object files and these result become a static measurement for mapping into PCRs. Properties base measurement is a result of hashing process of logic, semantic and properties of the source codes, executable files, library files or object files and these result become a dynamic measurement for mapping into PCRs. Formulas to generate and extend PCR value are:
Generate Integrity Measurement (IM)
X - VMM Component;
StaticJM = HASH (Virtual Module X);
DynamicJM = HASH (PROPERTIES (Virtual Module X));
Extend Integrity Measurement (IM)
PCR Y «- Extend (HASH (IM | PCR Y));
It is to be noted that HASH can be hashing algorithm, PROPERTIES can be logic; semantic; behavior before, during, and after runtime; and properties of VMM Components and Modules, IM can be StaticJM or DynamicJM integrity measurement and Y could be PCR Index.
This invention is adapted for use in Virtual Trusted Platform Module (vTPM), virtualization technology and cloud computing to provide secured and trusted services to the client that runs on virtual machine. The disclosed invention is suitable, but not restricted to, for use in measuring integrity and mapping data into PCRs.
Claims
1. A method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM), the method includes the steps of:
i. measuring the plurality of VMM components (201);
ii. loading all related components to run (202);
iii. selecting a virtual core root of trusted measurement (vCRTM) (203);
iv. executing vCRTM measuring module (204, 205);
v. measuring all other VMM components; and
vi. extending measurements into platform configuration register (PCR) (210).
2. The method as claimed in claim 1 , wherein extending measurements into platform configuration register (PCR) (210) further includes the steps of:
i. hashing integrity measurement; and
ii. storing measurements into PCR.
3. The method as claimed in claim 1 , wherein the method includes the steps of:
i. selecting trusted manager measure (206) upon loading components to run (202); ii. executing measuring virtual modules (207);
iii. measuring all other VMM components; and
iv. extending measurements into PCR (210).
4. The method as claimed in claim 3, wherein extending measurements into PCR (210) further includes the steps of:
i. hashing integrity measurement; and
ii. storing measurements into PCR.
5. The method as claimed in claim 1 , wherein the method includes the steps of:
i. selecting external measure (208) upon loading components to run (202);
ii. executing measuring external measure virtual modules (209);
iii. measuring all other VMM components; and
iv. extending measurements into PCR (210).
6. The method as claimed in claim 5, wherein extending measurements into PCR (210) further includes the steps of:
i. hashing integrity measurement; and
ii. storing measurements into PCR.
7. An apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM), the apparatus includes:
a Virtual Machine Monitor (VMM) (101) which further include a manager (103), wherein the manager (103) includes a plurality of virtual modules (104).
8. The apparatus as claimed in claim 7, wherein the plurality of virtual modules (104) include a virtual Trusted Platform Module (vTPM) and virtual core root of trusted measurement (vCRTM).
9. The apparatus as claimed in claim 7, wherein a manager (103) is a Trusted Manager which is an internal entity that has been subjected with trusted codes which can be verified by other parties.
10. The apparatus as claimed in claim 7, wherein a plurality of virtual modules (104) include an external measure module which is a trusted external entity that performs integrity measurement.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2011700062A MY176908A (en) | 2011-04-26 | 2011-04-26 | An apparatus and method for determining level of integrity |
MYPI2011700062 | 2011-04-26 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012148255A1 true WO2012148255A1 (en) | 2012-11-01 |
Family
ID=47072570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/MY2012/000088 WO2012148255A1 (en) | 2011-04-26 | 2012-04-25 | An apparatus and method for determining level of integrity in a virtual trusted platform module |
Country Status (2)
Country | Link |
---|---|
MY (1) | MY176908A (en) |
WO (1) | WO2012148255A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014137338A1 (en) * | 2013-03-06 | 2014-09-12 | Intel Corporation | Roots-of-trust for measurement of virtual machines |
US10528739B2 (en) | 2016-04-20 | 2020-01-07 | Sophos Limited | Boot security |
CN112256392A (en) * | 2020-10-22 | 2021-01-22 | 海光信息技术股份有限公司 | Measurement method, measurement device and related equipment |
CN113448682A (en) * | 2020-03-27 | 2021-09-28 | 支付宝(杭州)信息技术有限公司 | Virtual machine monitor loading method and device and electronic equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060256107A1 (en) * | 2005-05-13 | 2006-11-16 | Scarlata Vincent R | Methods and apparatus for generating endorsement credentials for software-based security coprocessors |
US20070230504A1 (en) * | 2006-03-29 | 2007-10-04 | Smith Ned M | Generating a chain of trust for a virtual endpoint |
US20080148064A1 (en) * | 2006-12-18 | 2008-06-19 | David Carroll Challener | Apparatus, system, and method for authentication of a core root of trust measurement chain |
US20080163209A1 (en) * | 2006-12-29 | 2008-07-03 | Rozas Carlos V | Methods and apparatus for remeasuring a virtual machine monitor |
US20090086979A1 (en) * | 2007-09-28 | 2009-04-02 | Tasneem Brutch | Virtual tpm keys rooted in a hardware tpm |
US20090169017A1 (en) * | 2007-12-31 | 2009-07-02 | Ned Smith | Configuration of virtual trusted platform module |
US7840801B2 (en) * | 2007-01-19 | 2010-11-23 | International Business Machines Corporation | Architecture for supporting attestation of a virtual machine in a single step |
EP2261832A1 (en) * | 2008-02-25 | 2010-12-15 | Panasonic Corporation | Information processing device |
US20110040957A1 (en) * | 2009-08-12 | 2011-02-17 | International Business Machines Corporation | Method and apparatus for scalable integrity attestation in virtualization environments |
-
2011
- 2011-04-26 MY MYPI2011700062A patent/MY176908A/en unknown
-
2012
- 2012-04-25 WO PCT/MY2012/000088 patent/WO2012148255A1/en active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060256107A1 (en) * | 2005-05-13 | 2006-11-16 | Scarlata Vincent R | Methods and apparatus for generating endorsement credentials for software-based security coprocessors |
US20070230504A1 (en) * | 2006-03-29 | 2007-10-04 | Smith Ned M | Generating a chain of trust for a virtual endpoint |
US20080148064A1 (en) * | 2006-12-18 | 2008-06-19 | David Carroll Challener | Apparatus, system, and method for authentication of a core root of trust measurement chain |
US20080163209A1 (en) * | 2006-12-29 | 2008-07-03 | Rozas Carlos V | Methods and apparatus for remeasuring a virtual machine monitor |
US7840801B2 (en) * | 2007-01-19 | 2010-11-23 | International Business Machines Corporation | Architecture for supporting attestation of a virtual machine in a single step |
US20090086979A1 (en) * | 2007-09-28 | 2009-04-02 | Tasneem Brutch | Virtual tpm keys rooted in a hardware tpm |
US20090169017A1 (en) * | 2007-12-31 | 2009-07-02 | Ned Smith | Configuration of virtual trusted platform module |
EP2261832A1 (en) * | 2008-02-25 | 2010-12-15 | Panasonic Corporation | Information processing device |
US20110040957A1 (en) * | 2009-08-12 | 2011-02-17 | International Business Machines Corporation | Method and apparatus for scalable integrity attestation in virtualization environments |
Non-Patent Citations (1)
Title |
---|
BUTLER, K. ET AL.: "Firma: Disk-Based Foundations for Trusted Operating Systems", TECHNICAL REPORT NAS-TR-0114-2009, NETWORKING AND SECURITY RESEARCH CENTER, DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING, 20 April 2009 (2009-04-20), PENNSYLVANIA STATE UNIVERSITY, UNIVERSITY PARK, PA, USA, pages 1 - 11 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014137338A1 (en) * | 2013-03-06 | 2014-09-12 | Intel Corporation | Roots-of-trust for measurement of virtual machines |
US9053059B2 (en) | 2013-03-06 | 2015-06-09 | Intel Corporation | Roots-of-trust for measurement of virtual machines |
US9678895B2 (en) | 2013-03-06 | 2017-06-13 | Intel Corporation | Roots-of-trust for measurement of virtual machines |
US10528739B2 (en) | 2016-04-20 | 2020-01-07 | Sophos Limited | Boot security |
US10762209B2 (en) | 2016-04-20 | 2020-09-01 | Sophos Limited | Boot security |
CN113448682A (en) * | 2020-03-27 | 2021-09-28 | 支付宝(杭州)信息技术有限公司 | Virtual machine monitor loading method and device and electronic equipment |
CN113448682B (en) * | 2020-03-27 | 2024-04-19 | 支付宝(杭州)信息技术有限公司 | Virtual machine monitor loading method and device and electronic equipment |
CN112256392A (en) * | 2020-10-22 | 2021-01-22 | 海光信息技术股份有限公司 | Measurement method, measurement device and related equipment |
CN112256392B (en) * | 2020-10-22 | 2022-09-20 | 海光信息技术股份有限公司 | Measurement method, measurement device and related equipment |
Also Published As
Publication number | Publication date |
---|---|
MY176908A (en) | 2020-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8151262B2 (en) | System and method for reporting the trusted state of a virtual machine | |
US9372984B2 (en) | Authenticated launch of virtual machines and nested virtual machine managers | |
US10242196B2 (en) | Secure booting of computer system | |
US11442841B2 (en) | Computer-implemented methods and systems for determining application matching status | |
US10826904B2 (en) | Local verification of code authentication | |
JP5957004B2 (en) | System, method, computer program product, and computer program for providing validation that a trusted host environment is compliant with virtual machine (VM) requirements | |
US9098300B2 (en) | Providing silicon integrated code for a system | |
US20150135311A1 (en) | Virtual machine validation | |
US9697035B2 (en) | Selecting a virtual basic input output system based on information about a software stack | |
US10592669B2 (en) | Secure booting of computer system | |
WO2014143588A1 (en) | Dynamically loaded measured environment for secure code launch | |
US9870472B2 (en) | Detecting malign code in unused firmware memory | |
US20120131334A1 (en) | Method for Attesting a Plurality of Data Processing Systems | |
US20180276387A1 (en) | System and Method for Secure Boot of an Information Handling System Using Verification Signature and Including Verifying Applications | |
WO2012148255A1 (en) | An apparatus and method for determining level of integrity in a virtual trusted platform module | |
US20170372073A1 (en) | Secure booting of computer system | |
US10268822B2 (en) | Firmware module execution privilege | |
CN109766702A (en) | The credible starting method of inspection of overall process based on virtual machine state data | |
US20190004788A1 (en) | Secure microcode update | |
US11726922B2 (en) | Memory protection in hypervisor environments | |
WO2015073029A1 (en) | Determining trustworthiness of a virtual machine operating system prior to boot up | |
Chang et al. | Research on dynamic integrity measurement model based on memory paging mechanism | |
WO2012067486A1 (en) | Apparatus and method to manage inter-communication between compartments using trusted hypervisor/visualization tunnel controller |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12776583 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12776583 Country of ref document: EP Kind code of ref document: A1 |