WO2012148255A1 - An apparatus and method for determining level of integrity in a virtual trusted platform module - Google Patents

An apparatus and method for determining level of integrity in a virtual trusted platform module Download PDF

Info

Publication number
WO2012148255A1
WO2012148255A1 PCT/MY2012/000088 MY2012000088W WO2012148255A1 WO 2012148255 A1 WO2012148255 A1 WO 2012148255A1 MY 2012000088 W MY2012000088 W MY 2012000088W WO 2012148255 A1 WO2012148255 A1 WO 2012148255A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
components
pcr
trusted
vmm
Prior art date
Application number
PCT/MY2012/000088
Other languages
French (fr)
Inventor
Ramlan Mahmod
Mohd Anuar Mat Isa
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2012148255A1 publication Critical patent/WO2012148255A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Definitions

  • the present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
  • VMM virtual machine monitor
  • vTPM virtual Trusted Platform Module
  • VPCR virtual PCR
  • TPM Trusted Platform Module
  • the VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in 15 number and may be given general names (UUIDs) that are less likely to collide.
  • UUIDs general names
  • the VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. However, integrity of virtual machine monitors from point to point is not addressed in this document.
  • a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module includes the steps of measuring the plurality of VMM components, loading all related components to run; selecting a virtual core root of trusted measurement (vCRTM), executing vCRTM measuring module, measuring all other VMM components and extending measurements into platform configuration register (PCR).
  • vCRTM virtual core root of trusted measurement
  • PCR platform configuration register
  • an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) the apparatus includes a Virtual Machine Monitor (VMM) which further includes a manager, wherein the manager includes a plurality of virtual modules.
  • VMM Virtual Machine Monitor
  • Figure 1 illustrates an architectural block diagram of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention
  • FIG. 2 illustrates a flowchart of a method of determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention.
  • vTPM virtual Trusted Platform Module
  • the present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
  • VMM virtual machine monitor
  • vTPM virtual Trusted Platform Module
  • FIG. 2 illustrates a flow chart showing a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
  • the method includes the steps of measuring the plurality of VMM components (201), loading all related components to run (202), selecting a virtual core root of trusted measurement (vCRTM) (203), executing vCRTM measuring module (204, 205), measuring all other VMM components and extending measurements into platform configuration register (PCR) (210).
  • the step of extending measurements into platform configuration register (PCR) (210) further includes hashing integrity measurement and storing measurements into PCR.
  • the method includes the steps of selecting trusted manager measure (206) upon loading components to run (202), executing measuring virtual modules (207), measuring all other VMM components and extending measurements into PCR (210).
  • the method includes the steps of selecting external measure (208) upon loading components to run (202), executing measuring external measure virtual modules (209), measuring all other VMM components and extending measurements into PCR (210).
  • the step of extending measurements into PCR (210) further includes the steps of hashing integrity measurement and storing measurements into PCR.
  • Measuring the plurality of VMM is a step to measure all the components in the VMM.
  • a virtual machine Manager loads all related components to run including configurations. If vCRTM measure is selected, Trusted Manager measure vCRTM Modules steps are executed to load vCRTM module, measure vCRTM and pass control to the vCRTM.
  • vCRTM Measure Virtual Modules is a step to initialize the core root of trust measurement (CRTM), measuring the CRTM and then measure other VMM components. If Trusted Manager Measure is selected, Trusted Manager Measure Virtual Modules steps are executed to measure virtual modules and then measure other VMM components.
  • the Trusted Manager is an internal entity that has been subjected with trusted codes which can be verified by other parties such as privacy CA or a producer of source codes. If external measure is selected, external measure virtual modules steps are executed to measure virtual modules and then measure other VMM components.
  • the external measure is a trusted external entity such as third parties or Host OS services that perform integrity measurement.
  • Extending Measurement into PCRs is a step to hash such as SHA1 the integrity measurement and then store (TPM_Extend) these measurements into PCRs. These integrity measurements in the PCRs represent state of the VMM and are used by upper layer services such as OS, application to run at trusted states.
  • FIG 1 shows architecture of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM).
  • the apparatus includes a Virtual Machine Monitor (VMM) (101) which further includes a manager (103), wherein the manager (103) includes a plurality of virtual modules (104).
  • the plurality of virtual modules (104) includes a virtual Trusted Platform Module (vTPM) and virtual core root of trusted measurement (vCRTM).
  • FIG. 1 shows a diagram showing general components of the VMM that can be extracted as integrity measurement.
  • This apparatus uses these measurements as a value (digest) to be stored (TPM_Extend) in PCR.
  • TPM_Extend a value
  • the VMM (101 ) is a virtualization tool with the purpose of providing virtual environment to run operating system (OS) and application.
  • the Virtual Machine (VM) (102) executes programs like a real machine and this environment is isolated from other VM or Host OS.
  • the manager (103) includes, but not restricted to, VM, Trusted, Storage and Translator manager modules to manage the VM and VM components.
  • the Virtual Modules (104) components run within VM and provide virtual hardware such as BIOS, Display Card and Sound Card.
  • Table 1 shows PCR usage for the vTPM in the virtual machine (VM). Usage of the PCR depends on PCR index as specified in TPM specification. These PCR index and usage represent the VM integrity measurement that is similar to the real hardware TPM.
  • this method and apparatus provides virtual measurement for the vTPM by replacing hardware measurement to virtual modules (VM components) measurement. This method and apparatus pursues the TPM specification and deploys that specification to the virtual device.
  • These virtual measurements can be generated via binary hash and properties base measurement of the virtual machine components and modules.
  • Binary hash is a result of hashing process to the source codes, executable files, library files or object files and these result become a static measurement for mapping into PCRs.
  • Properties base measurement is a result of hashing process of logic, semantic and properties of the source codes, executable files, library files or object files and these result become a dynamic measurement for mapping into PCRs.
  • Formulas to generate and extend PCR value are:
  • StaticJM HASH (Virtual Module X);
  • DynamicJM HASH (PROPERTIES (Virtual Module X));
  • HASH can be hashing algorithm
  • PROPERTIES can be logic; semantic; behavior before, during, and after runtime; and properties of VMM Components and Modules
  • IM can be StaticJM or DynamicJM integrity measurement and Y could be PCR Index.
  • This invention is adapted for use in Virtual Trusted Platform Module (vTPM), virtualization technology and cloud computing to provide secured and trusted services to the client that runs on virtual machine.
  • vTPM Virtual Trusted Platform Module
  • the disclosed invention is suitable, but not restricted to, for use in measuring integrity and mapping data into PCRs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Testing Or Calibration Of Command Recording Devices (AREA)

Abstract

A method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM), the method includes the steps of measuring the plurality of VMM components (201), loading all related components to run (202), selecting a virtual core root of trusted measurement (vCRTM) (203), executing vCRTM measuring module (204, 205), measuring all other VMM components and extending measurements into platform configuration register (PCR) (210).

Description

AN APPARATUS AND METHOD FOR DETERMINING A LEVEL OF INTEGRITY IN A
VIRTUAL TRUSTED PLATFORM MODULE
FIELD OF INVENTION
5 The present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM).
BACKGROUND OF INVENTION
10
US 20060212939 A1 describes a virtual PCR (VPCR) construct that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform Module (TPM). The VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in 15 number and may be given general names (UUIDs) that are less likely to collide. The VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. However, integrity of virtual machine monitors from point to point is not addressed in this document.
20 US 2007230504 A1 describes a method of generating a chain of trust for a virtual endpoint. The method performs a measurement of the virtual machine monitor and uses the measurement of the virtual machine monitor that is part of the chain of trust. However, this invention is restricted to only hardware TPM. The document is also silent after generation of chain of trust and no information is given on maintaining the chain of trust to
25 endpoint. Therefore, a more holistic method of ensuring integrity of TPMs is required, which is not restricted to only hardware.
SUMMARY OF INVENTION
Accordingly, there is provided a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM), the method includes the steps of measuring the plurality of VMM components, loading all related components to run; selecting a virtual core root of trusted measurement (vCRTM), executing vCRTM measuring module, measuring all other VMM components and extending measurements into platform configuration register (PCR). There is further provided an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM), the apparatus includes a Virtual Machine Monitor (VMM) which further includes a manager, wherein the manager includes a plurality of virtual modules. The present invention consists of several novel features and a combination of parts hereinafter fully described and illustrated in the accompanying description and drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be fully understood from the detailed description given herein below and the accompanying drawings which are given by way of illustration only, and thus are not limitative of the present invention, wherein:
Figure 1 illustrates an architectural block diagram of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention; and
Figure 2 illustrates a flowchart of a method of determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM) in the preferred embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention relates to an apparatus and method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM). Hereinafter, this specification will describe the present invention according to the preferred embodiment of the present invention. However, it is to be understood that limiting the description to the preferred embodiment of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.
The following detailed description of the preferred embodiment will now be described in accordance with the attached drawings, either individually or in combination. Figure 2 illustrates a flow chart showing a method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM). The method includes the steps of measuring the plurality of VMM components (201), loading all related components to run (202), selecting a virtual core root of trusted measurement (vCRTM) (203), executing vCRTM measuring module (204, 205), measuring all other VMM components and extending measurements into platform configuration register (PCR) (210). The step of extending measurements into platform configuration register (PCR) (210) further includes hashing integrity measurement and storing measurements into PCR. As seen in Figure 2, the method includes the steps of selecting trusted manager measure (206) upon loading components to run (202), executing measuring virtual modules (207), measuring all other VMM components and extending measurements into PCR (210). In another possibility, the method includes the steps of selecting external measure (208) upon loading components to run (202), executing measuring external measure virtual modules (209), measuring all other VMM components and extending measurements into PCR (210). The step of extending measurements into PCR (210) further includes the steps of hashing integrity measurement and storing measurements into PCR.
Measuring the plurality of VMM (201 ) is a step to measure all the components in the VMM. A virtual machine Manager loads all related components to run including configurations. If vCRTM measure is selected, Trusted Manager measure vCRTM Modules steps are executed to load vCRTM module, measure vCRTM and pass control to the vCRTM. vCRTM Measure Virtual Modules is a step to initialize the core root of trust measurement (CRTM), measuring the CRTM and then measure other VMM components. If Trusted Manager Measure is selected, Trusted Manager Measure Virtual Modules steps are executed to measure virtual modules and then measure other VMM components. The Trusted Manager is an internal entity that has been subjected with trusted codes which can be verified by other parties such as privacy CA or a producer of source codes. If external measure is selected, external measure virtual modules steps are executed to measure virtual modules and then measure other VMM components. The external measure is a trusted external entity such as third parties or Host OS services that perform integrity measurement. Extending Measurement into PCRs is a step to hash such as SHA1 the integrity measurement and then store (TPM_Extend) these measurements into PCRs. These integrity measurements in the PCRs represent state of the VMM and are used by upper layer services such as OS, application to run at trusted states.
Figure 1 shows architecture of an apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM). The apparatus includes a Virtual Machine Monitor (VMM) (101) which further includes a manager (103), wherein the manager (103) includes a plurality of virtual modules (104). The plurality of virtual modules (104) includes a virtual Trusted Platform Module (vTPM) and virtual core root of trusted measurement (vCRTM).
Figure 1 shows a diagram showing general components of the VMM that can be extracted as integrity measurement. This apparatus uses these measurements as a value (digest) to be stored (TPM_Extend) in PCR. These PCR values represent the integrity of the VMM which is similar to hardware TPM measurement. The VMM (101 ) is a virtualization tool with the purpose of providing virtual environment to run operating system (OS) and application. The Virtual Machine (VM) (102) executes programs like a real machine and this environment is isolated from other VM or Host OS. The manager (103) includes, but not restricted to, VM, Trusted, Storage and Translator manager modules to manage the VM and VM components. The Virtual Modules (104) components run within VM and provide virtual hardware such as BIOS, Display Card and Sound Card.
Figure imgf000009_0001
Table 1
Table 1 shows PCR usage for the vTPM in the virtual machine (VM). Usage of the PCR depends on PCR index as specified in TPM specification. These PCR index and usage represent the VM integrity measurement that is similar to the real hardware TPM. In virtualization environment, this method and apparatus provides virtual measurement for the vTPM by replacing hardware measurement to virtual modules (VM components) measurement. This method and apparatus pursues the TPM specification and deploys that specification to the virtual device. These virtual measurements can be generated via binary hash and properties base measurement of the virtual machine components and modules. Binary hash is a result of hashing process to the source codes, executable files, library files or object files and these result become a static measurement for mapping into PCRs. Properties base measurement is a result of hashing process of logic, semantic and properties of the source codes, executable files, library files or object files and these result become a dynamic measurement for mapping into PCRs. Formulas to generate and extend PCR value are:
Generate Integrity Measurement (IM)
X - VMM Component;
StaticJM = HASH (Virtual Module X);
DynamicJM = HASH (PROPERTIES (Virtual Module X));
Extend Integrity Measurement (IM)
PCR Y «- Extend (HASH (IM | PCR Y));
It is to be noted that HASH can be hashing algorithm, PROPERTIES can be logic; semantic; behavior before, during, and after runtime; and properties of VMM Components and Modules, IM can be StaticJM or DynamicJM integrity measurement and Y could be PCR Index.
This invention is adapted for use in Virtual Trusted Platform Module (vTPM), virtualization technology and cloud computing to provide secured and trusted services to the client that runs on virtual machine. The disclosed invention is suitable, but not restricted to, for use in measuring integrity and mapping data into PCRs.

Claims

1. A method of determining level of integrity within a plurality of virtual machine monitor (VMM) components in a virtual Trusted Platform Module (vTPM), the method includes the steps of:
i. measuring the plurality of VMM components (201);
ii. loading all related components to run (202);
iii. selecting a virtual core root of trusted measurement (vCRTM) (203);
iv. executing vCRTM measuring module (204, 205);
v. measuring all other VMM components; and
vi. extending measurements into platform configuration register (PCR) (210).
2. The method as claimed in claim 1 , wherein extending measurements into platform configuration register (PCR) (210) further includes the steps of:
i. hashing integrity measurement; and
ii. storing measurements into PCR.
3. The method as claimed in claim 1 , wherein the method includes the steps of:
i. selecting trusted manager measure (206) upon loading components to run (202); ii. executing measuring virtual modules (207);
iii. measuring all other VMM components; and
iv. extending measurements into PCR (210).
4. The method as claimed in claim 3, wherein extending measurements into PCR (210) further includes the steps of:
i. hashing integrity measurement; and
ii. storing measurements into PCR.
5. The method as claimed in claim 1 , wherein the method includes the steps of:
i. selecting external measure (208) upon loading components to run (202);
ii. executing measuring external measure virtual modules (209);
iii. measuring all other VMM components; and
iv. extending measurements into PCR (210).
6. The method as claimed in claim 5, wherein extending measurements into PCR (210) further includes the steps of:
i. hashing integrity measurement; and
ii. storing measurements into PCR.
7. An apparatus for determining level of integrity within a plurality of components in a virtual Trusted Platform Module (vTPM), the apparatus includes:
a Virtual Machine Monitor (VMM) (101) which further include a manager (103), wherein the manager (103) includes a plurality of virtual modules (104).
8. The apparatus as claimed in claim 7, wherein the plurality of virtual modules (104) include a virtual Trusted Platform Module (vTPM) and virtual core root of trusted measurement (vCRTM).
9. The apparatus as claimed in claim 7, wherein a manager (103) is a Trusted Manager which is an internal entity that has been subjected with trusted codes which can be verified by other parties.
10. The apparatus as claimed in claim 7, wherein a plurality of virtual modules (104) include an external measure module which is a trusted external entity that performs integrity measurement.
PCT/MY2012/000088 2011-04-26 2012-04-25 An apparatus and method for determining level of integrity in a virtual trusted platform module WO2012148255A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2011700062A MY176908A (en) 2011-04-26 2011-04-26 An apparatus and method for determining level of integrity
MYPI2011700062 2011-04-26

Publications (1)

Publication Number Publication Date
WO2012148255A1 true WO2012148255A1 (en) 2012-11-01

Family

ID=47072570

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2012/000088 WO2012148255A1 (en) 2011-04-26 2012-04-25 An apparatus and method for determining level of integrity in a virtual trusted platform module

Country Status (2)

Country Link
MY (1) MY176908A (en)
WO (1) WO2012148255A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014137338A1 (en) * 2013-03-06 2014-09-12 Intel Corporation Roots-of-trust for measurement of virtual machines
US10528739B2 (en) 2016-04-20 2020-01-07 Sophos Limited Boot security
CN112256392A (en) * 2020-10-22 2021-01-22 海光信息技术股份有限公司 Measurement method, measurement device and related equipment
CN113448682A (en) * 2020-03-27 2021-09-28 支付宝(杭州)信息技术有限公司 Virtual machine monitor loading method and device and electronic equipment

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060256107A1 (en) * 2005-05-13 2006-11-16 Scarlata Vincent R Methods and apparatus for generating endorsement credentials for software-based security coprocessors
US20070230504A1 (en) * 2006-03-29 2007-10-04 Smith Ned M Generating a chain of trust for a virtual endpoint
US20080148064A1 (en) * 2006-12-18 2008-06-19 David Carroll Challener Apparatus, system, and method for authentication of a core root of trust measurement chain
US20080163209A1 (en) * 2006-12-29 2008-07-03 Rozas Carlos V Methods and apparatus for remeasuring a virtual machine monitor
US20090086979A1 (en) * 2007-09-28 2009-04-02 Tasneem Brutch Virtual tpm keys rooted in a hardware tpm
US20090169017A1 (en) * 2007-12-31 2009-07-02 Ned Smith Configuration of virtual trusted platform module
US7840801B2 (en) * 2007-01-19 2010-11-23 International Business Machines Corporation Architecture for supporting attestation of a virtual machine in a single step
EP2261832A1 (en) * 2008-02-25 2010-12-15 Panasonic Corporation Information processing device
US20110040957A1 (en) * 2009-08-12 2011-02-17 International Business Machines Corporation Method and apparatus for scalable integrity attestation in virtualization environments

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060256107A1 (en) * 2005-05-13 2006-11-16 Scarlata Vincent R Methods and apparatus for generating endorsement credentials for software-based security coprocessors
US20070230504A1 (en) * 2006-03-29 2007-10-04 Smith Ned M Generating a chain of trust for a virtual endpoint
US20080148064A1 (en) * 2006-12-18 2008-06-19 David Carroll Challener Apparatus, system, and method for authentication of a core root of trust measurement chain
US20080163209A1 (en) * 2006-12-29 2008-07-03 Rozas Carlos V Methods and apparatus for remeasuring a virtual machine monitor
US7840801B2 (en) * 2007-01-19 2010-11-23 International Business Machines Corporation Architecture for supporting attestation of a virtual machine in a single step
US20090086979A1 (en) * 2007-09-28 2009-04-02 Tasneem Brutch Virtual tpm keys rooted in a hardware tpm
US20090169017A1 (en) * 2007-12-31 2009-07-02 Ned Smith Configuration of virtual trusted platform module
EP2261832A1 (en) * 2008-02-25 2010-12-15 Panasonic Corporation Information processing device
US20110040957A1 (en) * 2009-08-12 2011-02-17 International Business Machines Corporation Method and apparatus for scalable integrity attestation in virtualization environments

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BUTLER, K. ET AL.: "Firma: Disk-Based Foundations for Trusted Operating Systems", TECHNICAL REPORT NAS-TR-0114-2009, NETWORKING AND SECURITY RESEARCH CENTER, DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING, 20 April 2009 (2009-04-20), PENNSYLVANIA STATE UNIVERSITY, UNIVERSITY PARK, PA, USA, pages 1 - 11 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014137338A1 (en) * 2013-03-06 2014-09-12 Intel Corporation Roots-of-trust for measurement of virtual machines
US9053059B2 (en) 2013-03-06 2015-06-09 Intel Corporation Roots-of-trust for measurement of virtual machines
US9678895B2 (en) 2013-03-06 2017-06-13 Intel Corporation Roots-of-trust for measurement of virtual machines
US10528739B2 (en) 2016-04-20 2020-01-07 Sophos Limited Boot security
US10762209B2 (en) 2016-04-20 2020-09-01 Sophos Limited Boot security
CN113448682A (en) * 2020-03-27 2021-09-28 支付宝(杭州)信息技术有限公司 Virtual machine monitor loading method and device and electronic equipment
CN113448682B (en) * 2020-03-27 2024-04-19 支付宝(杭州)信息技术有限公司 Virtual machine monitor loading method and device and electronic equipment
CN112256392A (en) * 2020-10-22 2021-01-22 海光信息技术股份有限公司 Measurement method, measurement device and related equipment
CN112256392B (en) * 2020-10-22 2022-09-20 海光信息技术股份有限公司 Measurement method, measurement device and related equipment

Also Published As

Publication number Publication date
MY176908A (en) 2020-08-26

Similar Documents

Publication Publication Date Title
US8151262B2 (en) System and method for reporting the trusted state of a virtual machine
US9372984B2 (en) Authenticated launch of virtual machines and nested virtual machine managers
US10242196B2 (en) Secure booting of computer system
US11442841B2 (en) Computer-implemented methods and systems for determining application matching status
US10826904B2 (en) Local verification of code authentication
JP5957004B2 (en) System, method, computer program product, and computer program for providing validation that a trusted host environment is compliant with virtual machine (VM) requirements
US9098300B2 (en) Providing silicon integrated code for a system
US20150135311A1 (en) Virtual machine validation
US9697035B2 (en) Selecting a virtual basic input output system based on information about a software stack
US10592669B2 (en) Secure booting of computer system
WO2014143588A1 (en) Dynamically loaded measured environment for secure code launch
US9870472B2 (en) Detecting malign code in unused firmware memory
US20120131334A1 (en) Method for Attesting a Plurality of Data Processing Systems
US20180276387A1 (en) System and Method for Secure Boot of an Information Handling System Using Verification Signature and Including Verifying Applications
WO2012148255A1 (en) An apparatus and method for determining level of integrity in a virtual trusted platform module
US20170372073A1 (en) Secure booting of computer system
US10268822B2 (en) Firmware module execution privilege
CN109766702A (en) The credible starting method of inspection of overall process based on virtual machine state data
US20190004788A1 (en) Secure microcode update
US11726922B2 (en) Memory protection in hypervisor environments
WO2015073029A1 (en) Determining trustworthiness of a virtual machine operating system prior to boot up
Chang et al. Research on dynamic integrity measurement model based on memory paging mechanism
WO2012067486A1 (en) Apparatus and method to manage inter-communication between compartments using trusted hypervisor/visualization tunnel controller

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12776583

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12776583

Country of ref document: EP

Kind code of ref document: A1