CN112363797B - Virtual machine safe operation method, electronic equipment and storage medium - Google Patents

Virtual machine safe operation method, electronic equipment and storage medium Download PDF

Info

Publication number
CN112363797B
CN112363797B CN202011121813.8A CN202011121813A CN112363797B CN 112363797 B CN112363797 B CN 112363797B CN 202011121813 A CN202011121813 A CN 202011121813A CN 112363797 B CN112363797 B CN 112363797B
Authority
CN
China
Prior art keywords
virtual machine
security
processor
storage area
context
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011121813.8A
Other languages
Chinese (zh)
Other versions
CN112363797A (en
Inventor
刘子行
应志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hygon Information Technology Co Ltd
Original Assignee
Hygon Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hygon Information Technology Co Ltd filed Critical Hygon Information Technology Co Ltd
Priority to CN202011121813.8A priority Critical patent/CN112363797B/en
Publication of CN112363797A publication Critical patent/CN112363797A/en
Application granted granted Critical
Publication of CN112363797B publication Critical patent/CN112363797B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a safe operation method of a virtual machine, electronic equipment and a storage medium, and relates to the technical field of virtual machines. The method comprises the following steps: the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine; the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event; the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event; and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area. The security information to be sent to the security processor by the virtual machine is stored in the current context of the virtual machine and is stored in the security storage area, so that the virtual machine manager is prevented from accessing the context, malicious attacks by the virtual machine manager can be avoided, and the security operation of the virtual machine is guaranteed to a certain extent.

Description

一种虚拟机安全运行方法、电子设备及存储介质A virtual machine safe operation method, electronic device and storage medium

技术领域technical field

本发明涉及虚拟机技术领域,尤其涉及一种虚拟机安全运行方法、电子设备及存储介质。The present invention relates to the technical field of virtual machines, and in particular, to a method for safely running a virtual machine, an electronic device and a storage medium.

背景技术Background technique

可信根(Root of trust,简称ROT,中文也称为信任根)的一种表现形式是独立于通用处理器核心的处理器,该处理器也被称为是安全处理器或信任根处理器,用于提供可信任执行环境(Trusted Execution Environment,简称TEE)。Root of trust (ROT for short, also known as root of trust in Chinese) is a processor independent of the general-purpose processor core, which is also called a security processor or a root of trust processor. , which is used to provide a Trusted Execution Environment (Trusted Execution Environment, TEE for short).

发明人在实现本发明创造的过程中发现:虚拟机与可信根的通信需要借助虚拟机管理器完成,虚拟机管理器在该过程中充当中介角色,其可以利用中介的角色实施恶意攻击,在通信过程中篡改输入与输出数据信息,威胁虚拟机的正常运行。The inventor found in the process of realizing the invention of the present invention that the communication between the virtual machine and the root of trust needs to be completed with the help of the virtual machine manager, and the virtual machine manager acts as an intermediary role in the process, and it can use the role of the intermediary to carry out malicious attacks, The input and output data information is tampered with during the communication process, threatening the normal operation of the virtual machine.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明实施例提供一种虚拟机安全运行方法、电子设备及存储介质,可在一定程度上保障虚拟机的安全运行。In view of this, the embodiments of the present invention provide a method for safely running a virtual machine, an electronic device and a storage medium, which can ensure the safe running of the virtual machine to a certain extent.

为达到上述目的,本发明的实施例采用如下技术方案:To achieve the above object, the embodiments of the present invention adopt the following technical solutions:

一方面,本发明实施例提供一种虚拟机安全运行方法,包括:虚拟机把要发送给安全处理器的安全信息,存入所述虚拟机的当前上下文中;On the one hand, an embodiment of the present invention provides a method for safely running a virtual machine, including: the virtual machine stores the security information to be sent to the security processor in the current context of the virtual machine;

所述虚拟机将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机退出事件;The virtual machine stores the context containing the security information into a secure storage area, and generates a virtual machine exit event;

虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口;The virtual machine manager invokes the interface of the security processor according to the virtual machine exit event;

所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。The security processor obtains the security information from the context stored in the secure storage area in response to a call by the virtual machine manager.

可选地,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,所述方法还包括:Optionally, after the security processor acquires the security information from the context stored in the security storage area in response to the invocation of the virtual machine manager, the method further includes:

所述安全处理器根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;The security processor performs a corresponding operation according to the security information, obtains a corresponding operation result, and stores the operation result in the context stored in the security storage area;

所述虚拟机管理器恢复所述虚拟机的运行;the virtual machine manager resumes the operation of the virtual machine;

所述虚拟机从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine obtains the operation result from the context stored in the secure storage area.

可选地,虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口包括:Optionally, according to the virtual machine exit event, the virtual machine manager invoking the interface of the security processor includes:

所述虚拟机管理器根据所述虚拟机退出事件中的信息指示,确定所要调用的所述安全处理器的接口,并将调用所述安全处理器的接口的调用请求存入待处理列表中,并恢复所述虚拟机运行;The virtual machine manager determines the interface of the security processor to be invoked according to the information indication in the virtual machine exit event, and stores the invocation request for invoking the interface of the security processor in a pending list, and resume the operation of the virtual machine;

在系统空闲或所述安全处理器空闲时,所述虚拟机管理器从所述待处理列表中取出所述调用请求,并根据所述调用请求,调用所述安全处理器的接口。When the system is idle or the security processor is idle, the virtual machine manager takes out the call request from the to-be-processed list, and calls the interface of the security processor according to the call request.

可选地,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,所述方法还包括:Optionally, after the security processor acquires the security information from the context stored in the security storage area in response to the invocation of the virtual machine manager, the method further includes:

所述安全处理器根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;The security processor performs a corresponding operation according to the security information, obtains a corresponding operation result, and stores the operation result in the context stored in the security storage area;

所述虚拟机管理器向所述虚拟机中注入中断,以恢复虚拟机运行;The virtual machine manager injects an interrupt into the virtual machine to resume the operation of the virtual machine;

所述虚拟机根据所述中断,从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine obtains the operation result from the context stored in the secure storage area according to the interrupt.

本发明实施例提供的虚拟机的运行方法,在虚拟机与安全处理器进行通信时,虚拟机把要发送给安全处理器的安全信息,存入所述虚拟机的当前上下文中;所述虚拟机将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机退出事件;虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口;所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。由于将虚拟机要送给安全处理器的安全信息存入虚拟机的当前上下文中,并存入安全存储区域,这样可以防止或避免虚拟机管理器访问存储有安全信息的上下文。而安全处理器则可以访问安全存储区域中的虚拟机上下文,并获取其中的安全信息,实现了虚拟机与安全处理器通信的安全。由此,可以避免被虚拟机管理器实施恶意攻击,从而在一定程度上保障虚拟机的安全运行。In the method for running a virtual machine provided by the embodiment of the present invention, when the virtual machine communicates with the security processor, the virtual machine stores the security information to be sent to the security processor in the current context of the virtual machine; The virtual machine saves the context containing the security information into the security storage area, and generates a virtual machine exit event; the virtual machine manager calls the interface of the security processor according to the virtual machine exit event; the security processor responds The invocation of the virtual machine manager obtains the security information from the context stored in the secure storage area. Since the security information to be sent by the virtual machine to the security processor is stored in the current context of the virtual machine and stored in the security storage area, the virtual machine manager can be prevented or avoided from accessing the context in which the security information is stored. The security processor can access the virtual machine context in the secure storage area, and obtain the security information therein, so as to realize the security of communication between the virtual machine and the security processor. Therefore, malicious attacks by the virtual machine manager can be avoided, thereby ensuring the safe operation of the virtual machine to a certain extent.

第二方面,本发明实施例提供一种电子设备,包括:壳体、处理器、存储器、电路板和电源电路,其中,电路板安置在壳体围成的空间内部,处理器和存储器设置在电路板上;电源电路,用于为上述服务器的各个电路或器件供电;存储器用于存储可执行程序代码;所述处理器包括第一处理器及第二处理器,所述第一处理器为安全处理器,在第二处理器上配置有虚拟机管理器及虚拟机程序;其中,In a second aspect, an embodiment of the present invention provides an electronic device, including: a casing, a processor, a memory, a circuit board, and a power supply circuit, wherein the circuit board is arranged inside the space enclosed by the casing, and the processor and the memory are arranged in the a circuit board; a power supply circuit for supplying power to each circuit or device of the server; a memory for storing executable program codes; the processor includes a first processor and a second processor, and the first processor is a security processor, a virtual machine manager and a virtual machine program are configured on the second processor; wherein,

虚拟机把要发送给安全处理器的安全信息,存入所述虚拟机的当前上下文中;The virtual machine stores the security information to be sent to the security processor in the current context of the virtual machine;

所述虚拟机将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机退出事件;The virtual machine stores the context containing the security information into a secure storage area, and generates a virtual machine exit event;

虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口;The virtual machine manager invokes the interface of the security processor according to the virtual machine exit event;

所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。The security processor obtains the security information from the context stored in the secure storage area in response to a call by the virtual machine manager.

可选地,所述安全处理器,还用于,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;Optionally, the security processor is further configured to, after the security processor acquires the security information from the context stored in the security storage area in response to the invocation of the virtual machine manager, Perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the context stored in the security storage area;

所述虚拟机管理器,还用于恢复所述虚拟机的运行;the virtual machine manager, further configured to restore the running of the virtual machine;

所述虚拟机,还用于从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine is further configured to acquire the operation result from the context stored in the secure storage area.

可选地,虚拟机管理器,具体用于根据所述虚拟机退出事件中的信息指示,确定所要调用的所述安全处理器的接口,并将调用所述安全处理器的接口的调用请求存入待处理列表中,并恢复所述虚拟机运行;Optionally, the virtual machine manager is specifically configured to determine the interface of the security processor to be invoked according to the information indication in the virtual machine exit event, and store the invocation request for invoking the interface of the security processor. into the pending list, and resume the running of the virtual machine;

在系统空闲或所述安全处理器空闲时,还用于从所述待处理列表中取出所述调用请求,并根据所述调用请求,调用所述安全处理器的接口。When the system is idle or the security processor is idle, the method is further used to retrieve the call request from the to-be-processed list, and call the interface of the security processor according to the call request.

可选地,所述安全处理器,还用于根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;Optionally, the security processor is further configured to perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the context stored in the security storage area;

所述虚拟机管理器,还用于向所述虚拟机中注入中断,以恢复虚拟机运行;The virtual machine manager is further configured to inject an interruption into the virtual machine to resume the running of the virtual machine;

所述虚拟机,还用于根据所述中断,从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine is further configured to obtain the operation result from the context stored in the safe storage area according to the interrupt.

第三方面,本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现第一方面任一所述的运行方法。In a third aspect, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors, In order to realize the operation method described in any one of the first aspect.

本发明实施例提供的电子设备及存储介质,在虚拟机与安全处理器进行通信时,由于将虚拟机要送给安全处理器的安全信息存入虚拟机的当前上下文中,并存入安全存储区域,这样可以防止或避免虚拟机管理器访问存储有安全信息的上下文。而安全处理器则可以访问安全存储区域中的虚拟机上下文,并获取其中的安全信息,实现了虚拟机与安全处理器通信的安全。由此,可以避免被虚拟机管理器实施恶意攻击,从而在一定程度上保障虚拟机的安全运行。In the electronic device and storage medium provided by the embodiments of the present invention, when the virtual machine communicates with the security processor, the security information to be sent by the virtual machine to the security processor is stored in the current context of the virtual machine and stored in the security storage. area, which prevents or prevents the hypervisor from accessing contexts where security information is stored. The security processor can access the virtual machine context in the secure storage area, and obtain the security information therein, so as to realize the security of communication between the virtual machine and the security processor. Therefore, malicious attacks by the virtual machine manager can be avoided, thereby ensuring the safe operation of the virtual machine to a certain extent.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative effort.

图1为常见的一种虚拟机系统架构图;Figure 1 is a common architecture diagram of a virtual machine system;

图2为现有技术中虚拟机运行流程示意图;2 is a schematic diagram of a virtual machine running process in the prior art;

图3为本发明一实施例虚拟机安全运行流程示意图;FIG. 3 is a schematic diagram of a safe operation process of a virtual machine according to an embodiment of the present invention;

图4为本发明又一实施例虚拟机安全运行流程示意图;FIG. 4 is a schematic diagram of a safe running process of a virtual machine according to another embodiment of the present invention;

图5为本发明再一实施例虚拟机安全运行流程示意图;FIG. 5 is a schematic diagram of a safe operation process of a virtual machine according to still another embodiment of the present invention;

图6为本发明一实施例虚拟机系统架构示意图;FIG. 6 is a schematic diagram of a virtual machine system architecture according to an embodiment of the present invention;

图7为本发明电子设备一个实施例的结构示意图。FIG. 7 is a schematic structural diagram of an embodiment of an electronic device of the present invention.

具体实施方式Detailed ways

下面结合附图对本发明实施例进行详细描述。The embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

应当明确,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。It should be understood that the described embodiments are only some, but not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

实施例一Example 1

本发明以下实施例描述的方案可运行于图1所示的虚拟机系统架构中,包括物理硬件层、虚拟机管理器(VMM,Virtual Machine Manager,中文也称为虚拟机监视器)及虚拟机(VM,Virtual Machine),其中,物理硬件层为运行于其上的虚拟机管理系统及虚拟机提供硬件支持,在本实施例中,其至少包括一安全处理器,即信任根,也称为可信根,在附图中表述为可信根;该安全处理器运行于较高特权模式,视为安全虚拟化的信任基础,所述安全处理器例如可以为海光处理器类型的SoC(System on Chip)产品集成的安全处理器。The solutions described in the following embodiments of the present invention can run in the virtual machine system architecture shown in FIG. 1 , including a physical hardware layer, a virtual machine manager (VMM, Virtual Machine Manager, also called a virtual machine monitor in Chinese) and a virtual machine (VM, Virtual Machine), wherein the physical hardware layer provides hardware support for the virtual machine management system and virtual machines running on it, and in this embodiment, it at least includes a security processor, that is, a root of trust, also known as The root of trust is expressed as the root of trust in the accompanying drawings; the security processor runs in a higher privilege mode, which is regarded as the trust foundation of security virtualization, and the security processor can be, for example, a SoC (System on Chip) product integrated security processor.

所述虚拟机管理器与所述虚拟机轮流运行于所述物理硬件层上。在安全虚拟技术中,虚拟机管理器提供的执行环境常被视为位于信任边界之外,而在虚拟机与物理硬件层中的安全处理器通信时,例如传递加密密钥、提供验证信息等安全信息(有时也称为敏感信息),必须通过虚拟机管理器转发,虚拟机或可信根无法阻止虚拟机管理器对传递的数据进行篡改。虚拟机与可信根的通信需要借助虚拟机管理器完成,虚拟机管理器在该过程中充当中介角色,其可以利用中介角色实施恶意攻击,在通信过程中篡改输入与输出数据信息,威胁虚拟机及系统的安全运行。The virtual machine manager and the virtual machine alternately run on the physical hardware layer. In secure virtualization technology, the execution environment provided by the virtual machine manager is often considered to be outside the trust boundary, and when the virtual machine communicates with the secure processor in the physical hardware layer, such as passing encryption keys, providing authentication information, etc. Secure information, sometimes referred to as sensitive information, must be forwarded through the hypervisor, and no virtual machine or root of trust can prevent the hypervisor from tampering with the passed data. The communication between the virtual machine and the root of trust needs to be completed with the help of the virtual machine manager. The virtual machine manager acts as an intermediary role in the process. It can use the intermediary role to carry out malicious attacks, tamper with the input and output data information during the communication process, and threaten the virtual machine. Safe operation of machines and systems.

为了解决上述问题,本发明实施例提供了一种虚拟机安全运行方法,参见图1、图3及图4所示,所述方法包括:In order to solve the above problem, an embodiment of the present invention provides a method for safely running a virtual machine, as shown in FIG. 1 , FIG. 3 and FIG. 4 , the method includes:

步骤S110、虚拟机把要发送给安全处理器的安全信息,存入所述虚拟机的当前上下文中。Step S110: The virtual machine stores the security information to be sent to the security processor in the current context of the virtual machine.

所述安全信息包括虚拟机ID、加密密钥、验证信息等;上下文(context)也称为进程上下文,为计算机技术领域中的一个术语,指的是进程执行活动全过程的静态描述,在本实施例中即为当前运行的虚拟机上下文,简单说就是虚拟机运行环境,在安全虚拟机中,虚拟机上下文是加密保护的,虚拟机管理器无法访问,可以做为安全存储使用。其中至少保存了在用户态下,虚拟机要传递给安全处理器的变量、参数的值,而安全处理器运行的时候也要保存虚拟机进程的一些寄存器值、变量等。所谓“进程上下文”,可以看作是至少包括虚拟机传递给安全处理器的这些参数以及内核要保存的一些变量和寄存器值和当时的环境等。The security information includes virtual machine ID, encryption key, verification information, etc.; context (context) is also called process context, which is a term in the field of computer technology, and refers to the static description of the entire process of process execution activities. In the embodiment, it is the currently running virtual machine context, which is simply the virtual machine running environment. In a secure virtual machine, the virtual machine context is encrypted and protected and cannot be accessed by the virtual machine manager, and can be used as a secure storage. Among them, at least the values of variables and parameters to be passed by the virtual machine to the security processor in the user mode are saved, and some register values and variables of the virtual machine process are also saved when the security processor is running. The so-called "process context" can be regarded as including at least these parameters passed by the virtual machine to the secure processor, some variables and register values to be saved by the kernel, and the environment at that time.

步骤S120、所述虚拟机将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机退出事件。Step S120: The virtual machine stores the context containing the security information in a secure storage area, and generates a virtual machine exit event.

内存(主要指主存)是由许多内存地址组成的,每个内存地址都有一个″物理地址″,能供CPU访问。对于物理CPU来说,安全存储区域可以是主存中的一个地址指向的内存空间,其以硬件隔离、加密的形式存储数据,并使该存储内容免于信任边界之外的角色对其(有意义的)访问。像海光安全加密虚拟化技术、ARM TrustZone技术,都可以实现对数据的隔离、加密存储。Memory (mainly main memory) is composed of many memory addresses, and each memory address has a "physical address" that can be accessed by the CPU. For a physical CPU, a secure storage area can be a memory space pointed to by an address in main memory, which stores data in a hardware-isolated, encrypted form, and protects the storage content from roles outside the trust boundary (with meaningful) access. For example, Haiguang secure encryption virtualization technology and ARM TrustZone technology can realize the isolation and encrypted storage of data.

对于现有的硬件虚拟化技术,通常使用由虚拟机管理器提供的一组控制结构,参考图2。典型如AMD-V虚拟化技术定义的VMCB(Virtual Machine Control Block)即为控制指定虚拟机的控制结构,图2中表述为虚拟机控制块,其结构中包含有特定字段用于指定虚拟机上下文存储的内存页面地址。该控制结构用于实现虚拟机管理器对虚拟机的控制,例如拦截特定指令的执行、特定寄存器的访问、特定事件的发生等。当虚拟机执行期间,产生了满足虚拟机管理器设置的拦截条件时,将发生虚拟机退出事件,并切换至虚拟机管理器的执行环境,以便虚拟机管理器对事件进行模拟等处理操作。当虚拟机退出时,处理器执行环境切换回虚拟机管理器上下文(如前所述,上下文简单可以理解成进程的运行环境),此时通常将虚拟机上下文存储于指定区域,例如指定物理存储区域,也称为物理内存页面,英文简称为VMSA(Virtual Machine Save Area),如前所述,虚拟机管理器作为中间人的角色,可以对保存在指定物理存储区域的数据进行修改,这也就导致虚拟机管理器可能会实施恶意攻击,影响虚拟机运行的安全性。For existing hardware virtualization technologies, a set of control structures provided by a virtual machine manager is generally used, referring to FIG. 2 . Typically, VMCB (Virtual Machine Control Block), as defined by AMD-V virtualization technology, is a control structure that controls a specified virtual machine. In Figure 2, it is represented as a virtual machine control block, and its structure contains specific fields for specifying a virtual machine context. The address of the stored memory page. The control structure is used to realize the control of the virtual machine by the virtual machine manager, such as intercepting the execution of a specific instruction, the access of a specific register, the occurrence of a specific event, and the like. During the execution of the virtual machine, when the interception condition set by the virtual machine manager is satisfied, the virtual machine exit event will occur and switch to the execution environment of the virtual machine manager, so that the virtual machine manager can simulate the event and other processing operations. When the virtual machine exits, the processor execution environment switches back to the virtual machine manager context (as mentioned above, the context can simply be understood as the running environment of the process). At this time, the virtual machine context is usually stored in a designated area, such as a designated physical storage The area, also known as the physical memory page, is abbreviated as VMSA (Virtual Machine Save Area). As mentioned above, the virtual machine manager acts as a middleman and can modify the data saved in the specified physical storage area, which is also As a result, the virtual machine manager may implement malicious attacks and affect the security of virtual machine operation.

本实施例中,由于将安全信息存储于安全存储区域,进行了数据的加密,只有作为可信根的、具有特权权限的安全处理器才能进行访问,位于信任边界之外的虚拟机管理器则无法进行访问,从而避免了虚拟机管理器作为中间人角色可能实施的恶意攻击行为。In this embodiment, since the security information is stored in the secure storage area and the data is encrypted, only the security processor that is the root of trust and has privileged authority can access it, and the virtual machine manager outside the trust boundary can access it. Access is inaccessible, thereby avoiding malicious attacks that the hypervisor might perform as a man-in-the-middle role.

步骤S130、虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口。Step S130: The virtual machine manager invokes the interface of the security processor according to the virtual machine exit event.

可以理解的是,虚拟机退出事件发生的原因有很多,鉴于要保护虚拟机与可信根之间通信的数据信息,因此,当检测到当前退出事件为虚拟机与可信根的通信所导致,则根据该退出事件,调用安全处理器提供的接口。It can be understood that there are many reasons for the virtual machine exit event. In view of the need to protect the data information communicated between the virtual machine and the root of trust, when it is detected that the current exit event is caused by the communication between the virtual machine and the root of trust. , the interface provided by the security handler is called according to the exit event.

其中,虚拟机管理器根据虚拟机退出事件指示信息确定是否为虚拟机与可信根的通信所导致。所述退出事件指示信息中包括退出事件码;根据该退出事件码即可确定具体的退出事件的原因。The virtual machine manager determines whether it is caused by the communication between the virtual machine and the root of trust according to the virtual machine exit event indication information. The exit event indication information includes an exit event code; the reason for the specific exit event can be determined according to the exit event code.

步骤S140、所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。Step S140, the security processor acquires the security information from the context stored in the security storage area in response to the invocation of the virtual machine manager.

本发明实施例提供的虚拟机的运行方法,在虚拟机与安全处理器进行通信时,由于将虚拟机要送给安全处理器的安全信息存入虚拟机的当前上下文中,并存入安全存储区域,这样可以防止或避免虚拟机管理器访问存储有安全信息的上下文。而安全处理器则可以访问安全存储区域中的虚拟机上下文,并获取其中的安全信息,实现了虚拟机与安全处理器通信的安全。由此,可以避免被虚拟机管理器实施恶意攻击,从而在一定程度上保障虚拟机的安全运行。In the method for running a virtual machine provided by the embodiment of the present invention, when the virtual machine communicates with the security processor, since the security information to be sent by the virtual machine to the security processor is stored in the current context of the virtual machine and stored in the security storage area, which prevents or prevents the hypervisor from accessing contexts where security information is stored. The security processor can access the virtual machine context in the secure storage area, and obtain the security information therein, so as to realize the security of communication between the virtual machine and the security processor. Therefore, malicious attacks by the virtual machine manager can be avoided, thereby ensuring the safe operation of the virtual machine to a certain extent.

具体地,参看图4所示,在步骤S140、所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,所述方法还包括:Specifically, as shown in FIG. 4 , in step S140, after the security processor acquires the security information from the context stored in the security storage area in response to the invocation of the virtual machine manager, the security processor Methods also include:

所述安全处理器根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中。The security processor performs a corresponding operation according to the security information, obtains a corresponding operation result, and stores the operation result in the context stored in the security storage area.

在安全处理器执行对应的操作完成后,安全处理器发送处理完成的通知给虚拟机管理器。After the security processor completes the execution of the corresponding operation, the security processor sends a processing completion notification to the virtual machine manager.

所述虚拟机管理器恢复所述虚拟机的运行;所述虚拟机从所述安全存储区域中存储的所述上下文中,获取所述操作结果;The virtual machine manager resumes the operation of the virtual machine; the virtual machine obtains the operation result from the context stored in the secure storage area;

进一步地,若虚拟机管理器修改存储在安全存储区域中的虚拟机上下文,将导致虚拟机异常退出,由此保障了虚拟机与可信根的交互信息是安全可靠的。Further, if the virtual machine manager modifies the virtual machine context stored in the secure storage area, it will cause the virtual machine to exit abnormally, thereby ensuring that the interaction information between the virtual machine and the root of trust is safe and reliable.

参看图5所示,出于执行效率的考虑,在一些实施例中,虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口包括:Referring to FIG. 5, for the consideration of execution efficiency, in some embodiments, the virtual machine manager, according to the virtual machine exit event, invokes the interface of the security processor including:

所述虚拟机管理器根据所述虚拟机退出事件中的信息指示,确定所要调用的所述安全处理器的接口,并将调用所述安全处理器的接口的调用请求存入待处理列表中,并恢复所述虚拟机运行,使虚拟机去执行其它任务;这样,不影响虚拟机执行其它任务,从而提高执行效率。The virtual machine manager determines the interface of the security processor to be invoked according to the information indication in the virtual machine exit event, and stores the invocation request for invoking the interface of the security processor in a pending list, And restore the running of the virtual machine, so that the virtual machine can perform other tasks; in this way, the virtual machine is not affected to perform other tasks, thereby improving the execution efficiency.

在系统空闲或所述安全处理器空闲时,所述虚拟机管理器从所述待处理列表中取出所述调用请求,并根据所述调用请求,调用所述安全处理器的接口。When the system is idle or the security processor is idle, the virtual machine manager takes out the call request from the to-be-processed list, and calls the interface of the security processor according to the call request.

本实施例中,在系统或安全处理器空闲时段,调用安全处理器的接口,使安全处理器响应所述请求,从安全存储区域中存储的所述上下文中获取所述安全信息,可以提高执行任务的效率。In this embodiment, during the idle period of the system or the security processor, the interface of the security processor is called, so that the security processor responds to the request and obtains the security information from the context stored in the security storage area, which can improve the execution task efficiency.

继续参看图5所示,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,所述方法还包括:所述安全处理器根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;所述虚拟机管理器向所述虚拟机中注入中断,以恢复虚拟机运行;所述虚拟机根据所述中断,从所述安全存储区域中存储的所述上下文中,获取所述操作结果。Continuing to refer to FIG. 5 , after the security processor obtains the security information from the context stored in the security storage area in response to the invocation of the virtual machine manager, the method further includes: The security processor performs a corresponding operation according to the security information, obtains a corresponding operation result, and stores the operation result in the context stored in the secure storage area; the virtual machine manager reports to the virtual machine An interrupt is injected into the machine to resume the operation of the virtual machine; the virtual machine obtains the operation result from the context stored in the secure storage area according to the interrupt.

图6为本发明一实施例虚拟机系统架构示意图。参见图6所示,该虚拟机系统包括:物理硬件层20、虚拟机管理器21及虚拟机22,所述物理硬件层20包括第一处理器23与第二处理器,所述第一处理器为安全处理器,所述第二处理器为主处理器,即通用处理器,所述主处理器上配置有所述虚拟机管理器21及虚拟机22。FIG. 6 is a schematic diagram of a virtual machine system architecture according to an embodiment of the present invention. Referring to FIG. 6, the virtual machine system includes: a physical hardware layer 20, a virtual machine manager 21 and a virtual machine 22, the physical hardware layer 20 includes a first processor 23 and a second processor, the first processing The second processor is a security processor, the second processor is a main processor, that is, a general-purpose processor, and the virtual machine manager 21 and the virtual machine 22 are configured on the main processor.

前述实施例提供的虚拟机安全运行方法可运行图6所示的虚拟机系统架构上。The method for safely running a virtual machine provided by the foregoing embodiments may run on the virtual machine system architecture shown in FIG. 6 .

为了便于理解本发明实施例的技术方案及其技术效果,以海光安全加密虚拟化为例,虚拟机管理器通过VMCB(位于物理内存中的一组数据结构)设置虚拟机切换上下文时使用的物理内存页面,VMSA在虚拟机初始化时由硬件完成加密,此后虚拟机管理器无法访问VMSA明文。此时VMSA被安全地存储于物理内存中,并在进入虚拟机时由硬件自动完成上下文的切换。In order to facilitate the understanding of the technical solutions and technical effects of the embodiments of the present invention, taking Haiguang secure encryption virtualization as an example, the virtual machine manager uses VMCB (a set of data structures located in physical memory) to set the physical Memory pages, VMSA is encrypted by hardware when the virtual machine is initialized, and the virtual machine manager cannot access the VMSA plaintext after that. At this time, the VMSA is safely stored in the physical memory, and the context switch is automatically completed by the hardware when entering the virtual machine.

安全处理器作为可信根,事先定义一组接口规范供虚拟机调用。当虚拟机需要执行安全调用时,可按接口规范将安全信息及参数保存于上下文,并退出虚拟机模式;虚拟机管理器根据退出原因,通知安全处理器执行安全调用;安全处理器从对应的虚拟机VMSA中获得参数并进行处理,如有需要返回的处理结果需要按照规范保存在安全加密的VMSA中;安全处理器完成处理后通知虚拟机管理器,虚拟机管理器恢复虚拟机的执行。在虚拟机与可信根的通信过程中,由于将包含有安全信息的虚拟机上下文存入安全存储中,可以避免虚拟机管理器修改虚拟机上下文中的安全信息及参数,从而保证了虚拟机的安全运行。As the root of trust, the security processor defines a set of interface specifications in advance for the virtual machine to call. When the virtual machine needs to perform a security call, it can save security information and parameters in the context according to the interface specification, and exit the virtual machine mode; the virtual machine manager notifies the security processor to perform the security call according to the exit reason; the security processor executes the security call from the corresponding The parameters are obtained in the virtual machine VMSA and processed. If the processing result needs to be returned, it needs to be stored in the secure and encrypted VMSA according to the specification. After the security processor completes the processing, it notifies the virtual machine manager, and the virtual machine manager resumes the execution of the virtual machine. During the communication between the virtual machine and the root of trust, since the virtual machine context containing the security information is stored in the secure storage, the virtual machine manager can be prevented from modifying the security information and parameters in the virtual machine context, thus ensuring the virtual machine safe operation.

实施例二Embodiment 2

图7为本发明电子设备一个实施例的结构示意图,如图7所示,上述电子设备可以包括:壳体71、处理器72、存储器73、电路板74和电源电路75,其中,电路板74安置在壳体71围成的空间内部,处理器72和存储器73设置在电路板74上;电源电路75,用于为上述服务器的各个电路或器件供电;存储器73用于存储可执行程序代码;所述处理器包括第一处理器23及第二处理器,所述第一处理器23为安全处理器,第二处理器为主处理器,在第二处理器上配置有虚拟机管理器21与虚拟机22。FIG. 7 is a schematic structural diagram of an embodiment of an electronic device of the present invention. As shown in FIG. 7 , the above-mentioned electronic device may include: a casing 71 , a processor 72 , a memory 73 , a circuit board 74 and a power supply circuit 75 , wherein the circuit board 74 Placed inside the space enclosed by the housing 71, the processor 72 and the memory 73 are arranged on the circuit board 74; the power circuit 75 is used to supply power to each circuit or device of the above-mentioned server; the memory 73 is used to store executable program codes; The processors include a first processor 23 and a second processor, the first processor 23 is a security processor, the second processor is a main processor, and a virtual machine manager 21 is configured on the second processor with virtual machine 22.

其中:虚拟机22把要发送给安全处理器23的安全信息,存入所述虚拟机22的当前上下文中;Wherein: the virtual machine 22 stores the security information to be sent to the security processor 23 in the current context of the virtual machine 22;

所述虚拟机22将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机22退出事件;The virtual machine 22 stores the context containing the security information in a secure storage area, and generates an exit event of the virtual machine 22;

虚拟机管理器21根据所述虚拟机22退出事件,调用所述安全处理器23的接口;The virtual machine manager 21 calls the interface of the security processor 23 according to the exit event of the virtual machine 22;

所述安全处理器23响应所述虚拟机管理器21的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。The security processor 23 acquires the security information from the context stored in the security storage area in response to the call from the virtual machine manager 21 .

本发明实施例提供的电子设备,所述物理硬件层20包括第一处理器23与第二处理器,所述第一处理器为安全处理器,所述第二处理器为主处理器,所述主处理器上配置有所述虚拟机管理器21及虚拟机22。在虚拟机与安全处理器进行通信时,由于将虚拟机要送给安全处理器的安全信息存入虚拟机的当前上下文中,并存入安全存储区域,这样可以防止或避免虚拟机管理器访问存储有安全信息的上下文。而安全处理器则可以访问安全存储区域中的虚拟机上下文,并获取其中的安全信息,实现了虚拟机与安全处理器通信的安全。由此,可以避免被虚拟机管理器实施恶意攻击,从而在一定程度上保障虚拟机的安全运行。In the electronic device provided by the embodiment of the present invention, the physical hardware layer 20 includes a first processor 23 and a second processor, the first processor is a security processor, and the second processor is a main processor, so The virtual machine manager 21 and the virtual machine 22 are configured on the main processor. When the virtual machine communicates with the security processor, since the security information to be sent by the virtual machine to the security processor is stored in the current context of the virtual machine and stored in the security storage area, the access by the virtual machine manager can be prevented or avoided. The context in which security information is stored. The security processor can access the virtual machine context in the secure storage area, and obtain the security information therein, so as to realize the security of communication between the virtual machine and the security processor. Therefore, malicious attacks by the virtual machine manager can be avoided, thereby ensuring the safe operation of the virtual machine to a certain extent.

在本发明的一个实施例中,所述安全处理器23,还用于在所述安全处理器23响应所述虚拟机管理器21的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;In an embodiment of the present invention, the secure processor 23 is further configured to, when the secure processor 23 responds to the call of the virtual machine manager 21, from the context stored in the secure storage area After acquiring the security information, perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the context stored in the security storage area;

所述虚拟机管理器21,还用于恢复所述虚拟机22的运行;The virtual machine manager 21 is further configured to restore the operation of the virtual machine 22;

所述虚拟机22,还用于从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine 22 is further configured to obtain the operation result from the context stored in the secure storage area.

具体地,虚拟机管理器21,具体用于根据所述虚拟机22退出事件中的信息指示,确定所要调用的所述安全处理器23的接口,并将调用所述安全处理器23的接口的调用请求存入待处理列表中,并恢复所述虚拟机22运行;Specifically, the virtual machine manager 21 is specifically configured to determine the interface of the security processor 23 to be called according to the information indication in the exit event of the virtual machine 22, and call the interface of the interface of the security processor 23. The call request is stored in the pending list, and the operation of the virtual machine 22 is resumed;

在系统空闲或所述安全处理器23空闲时,还用于从所述待处理列表中取出所述调用请求,并根据所述调用请求,调用所述安全处理器23的接口。When the system is idle or the security processor 23 is idle, it is also used to retrieve the call request from the to-be-processed list, and call the interface of the security processor 23 according to the call request.

在本发明的又一个实施例中,所述安全处理器23,还用于根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;In yet another embodiment of the present invention, the security processor 23 is further configured to perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the security storage area for storage in said context;

所述虚拟机管理器21,还用于向所述虚拟机22中注入中断,以恢复虚拟机运行;The virtual machine manager 21 is further configured to inject an interruption into the virtual machine 22 to resume the running of the virtual machine;

所述虚拟机22,还用于根据所述中断,从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine 22 is further configured to acquire the operation result from the context stored in the safe storage area according to the interrupt.

本发明实施例提供的电子设备,与前述实施例一虚拟机安全运行方法的基本实现原理及技术效果类似,未在本实施例中提到的可参看实施例一,具体就不再赘述。The electronic device provided by the embodiment of the present invention is similar to the basic implementation principle and technical effect of the method for safely running a virtual machine in the foregoing embodiment 1. For details not mentioned in this embodiment, refer to Embodiment 1, and details will not be repeated.

所述电子设备可以为服务器,服务器的构成包括处理器、硬盘、内存、系统总线等,服务器和通用的计算机架构类似,但是由于需要提供安全虚拟化服务,因此处理器需要支持虚拟化,能够安装虚拟机。The electronic device can be a server, and the composition of the server includes a processor, a hard disk, a memory, a system bus, etc. The server is similar to a general computer architecture, but because it needs to provide a secure virtualization service, the processor needs to support virtualization and be able to install virtual machine.

本发明还实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现实施例一任一所述的虚拟机安全运行方法。Another embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the embodiments A method for safely running a virtual machine described in any one.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(RandomAccessMemory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. During execution, the processes of the embodiments of the above-mentioned methods may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art who is familiar with the technical scope disclosed by the present invention can easily think of changes or substitutions. All should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (9)

1.一种虚拟机安全运行方法,其特征在于,包括步骤:1. a virtual machine safe operation method, is characterized in that, comprises the steps: 虚拟机把要发送给安全处理器的安全信息,存入所述虚拟机的当前上下文中;The virtual machine stores the security information to be sent to the security processor in the current context of the virtual machine; 所述虚拟机将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机退出事件;The virtual machine stores the context containing the security information into a secure storage area, and generates a virtual machine exit event; 虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口;The virtual machine manager invokes the interface of the security processor according to the virtual machine exit event; 所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。The security processor obtains the security information from the context stored in the secure storage area in response to a call by the virtual machine manager. 2.根据权利要求1所述的虚拟机安全运行方法,其特征在于,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,所述方法还包括:2 . The method for safely running a virtual machine according to claim 1 , wherein in response to the call of the virtual machine manager, the security processor obtains the data from the context stored in the secure storage area. 3 . After the security information, the method further includes: 所述安全处理器根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;The security processor performs a corresponding operation according to the security information, obtains a corresponding operation result, and stores the operation result in the context stored in the security storage area; 所述虚拟机管理器恢复所述虚拟机的运行;the virtual machine manager resumes the operation of the virtual machine; 所述虚拟机从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine obtains the operation result from the context stored in the secure storage area. 3.根据权利要求1所述的虚拟机安全运行方法,其特征在于,虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口包括:3. The method for safely running a virtual machine according to claim 1, wherein the virtual machine manager, according to the virtual machine exit event, invokes the interface of the security processor comprising: 所述虚拟机管理器根据所述虚拟机退出事件中的信息指示,确定所要调用的所述安全处理器的接口,并将调用所述安全处理器的接口的调用请求存入待处理列表中,并恢复所述虚拟机运行;The virtual machine manager determines the interface of the security processor to be invoked according to the information indication in the virtual machine exit event, and stores the invocation request for invoking the interface of the security processor in a pending list, and resume the operation of the virtual machine; 在系统空闲或所述安全处理器空闲时,所述虚拟机管理器从所述待处理列表中取出所述调用请求,并根据所述调用请求,调用所述安全处理器的接口。When the system is idle or the security processor is idle, the virtual machine manager takes out the call request from the to-be-processed list, and calls the interface of the security processor according to the call request. 4.根据权利要求3所述的虚拟机安全运行方法,其特征在于,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,所述方法还包括:4 . The method for safely running a virtual machine according to claim 3 , wherein in response to the call of the virtual machine manager, the security processor obtains the data from the context stored in the secure storage area. 5 . After the security information, the method further includes: 所述安全处理器根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;The security processor performs a corresponding operation according to the security information, obtains a corresponding operation result, and stores the operation result in the context stored in the security storage area; 所述虚拟机管理器向所述虚拟机中注入中断,以恢复虚拟机运行;The virtual machine manager injects an interrupt into the virtual machine to resume the operation of the virtual machine; 所述虚拟机根据所述中断,从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine obtains the operation result from the context stored in the secure storage area according to the interrupt. 5.一种电子设备,其特征在于,包括:壳体、处理器、存储器、电路板和电源电路,其中,电路板安置在壳体围成的空间内部,处理器和存储器设置在电路板上;电源电路,用于为上述电子设备 的各个电路或器件供电;存储器用于存储可执行程序代码;所述处理器包括第一处理器及第二处理器,所述第一处理器为安全处理器,在第二处理器上配置有虚拟机管理器及虚拟机程序;其中,5. An electronic device, characterized in that it comprises: a casing, a processor, a memory, a circuit board and a power supply circuit, wherein the circuit board is arranged inside the space enclosed by the casing, and the processor and the memory are arranged on the circuit board a power supply circuit for supplying power to each circuit or device of the above-mentioned electronic equipment; a memory for storing executable program codes; the processor includes a first processor and a second processor, and the first processor is a security processing The second processor is configured with a virtual machine manager and a virtual machine program; wherein, 虚拟机把要发送给安全处理器的安全信息,存入所述虚拟机的当前上下文中;The virtual machine stores the security information to be sent to the security processor in the current context of the virtual machine; 所述虚拟机将含有所述安全信息的上下文,存入安全存储区域,并产生虚拟机退出事件;The virtual machine stores the context containing the security information into a secure storage area, and generates a virtual machine exit event; 虚拟机管理器根据所述虚拟机退出事件,调用所述安全处理器的接口;The virtual machine manager invokes the interface of the security processor according to the virtual machine exit event; 所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息。The security processor obtains the security information from the context stored in the secure storage area in response to a call by the virtual machine manager. 6.根据权利要求5所述的电子设备,其特征在于,所述安全处理器,还用于,在所述安全处理器响应所述虚拟机管理器的调用,从所述安全存储区域中存储的所述上下文中获取所述安全信息之后,根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;6 . The electronic device according to claim 5 , wherein the secure processor is further configured to, when the secure processor responds to the invocation of the virtual machine manager, store data from the secure storage area. 7 . After acquiring the security information in the context of the device, perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the context stored in the security storage area; 所述虚拟机管理器,还用于恢复所述虚拟机的运行;the virtual machine manager, further configured to restore the running of the virtual machine; 所述虚拟机,还用于从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine is further configured to acquire the operation result from the context stored in the secure storage area. 7.根据权利要求5所述的电子设备,其特征在于,虚拟机管理器,具体用于根据所述虚拟机退出事件中的信息指示,确定所要调用的所述安全处理器的接口,并将调用所述安全处理器的接口的调用请求存入待处理列表中,并恢复所述虚拟机运行;7. The electronic device according to claim 5, wherein the virtual machine manager is specifically configured to determine the interface of the security processor to be called according to the information indication in the virtual machine exit event, and to The call request for calling the interface of the security processor is stored in the to-be-processed list, and the operation of the virtual machine is resumed; 在系统空闲或所述安全处理器空闲时,还用于从所述待处理列表中取出所述调用请求,并根据所述调用请求,调用所述安全处理器的接口。When the system is idle or the security processor is idle, the method is further used to retrieve the call request from the to-be-processed list, and call the interface of the security processor according to the call request. 8.根据权利要求7所述的电子设备,其特征在于,所述安全处理器,还用于根据所述安全信息执行相应操作,获得相应的操作结果,并将所述操作结果存入所述安全存储区域中存储的所述上下文中;8. The electronic device according to claim 7, wherein the security processor is further configured to perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the in said context stored in a secure storage area; 所述虚拟机管理器,还用于向所述虚拟机中注入中断,以恢复虚拟机运行;The virtual machine manager is further configured to inject an interruption into the virtual machine to resume the running of the virtual machine; 所述虚拟机,还用于根据所述中断,从所述安全存储区域中存储的所述上下文中,获取所述操作结果。The virtual machine is further configured to obtain the operation result from the context stored in the safe storage area according to the interrupt. 9.一种计算机可读存储介质,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现权利要求1至4任一所述的虚拟机安全运行方法。9. A computer-readable storage medium storing one or more programs executable by one or more processors to implement any of claims 1 to 4. 1. The described virtual machine safe running method.
CN202011121813.8A 2020-10-19 2020-10-19 Virtual machine safe operation method, electronic equipment and storage medium Active CN112363797B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011121813.8A CN112363797B (en) 2020-10-19 2020-10-19 Virtual machine safe operation method, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011121813.8A CN112363797B (en) 2020-10-19 2020-10-19 Virtual machine safe operation method, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112363797A CN112363797A (en) 2021-02-12
CN112363797B true CN112363797B (en) 2022-04-05

Family

ID=74508224

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011121813.8A Active CN112363797B (en) 2020-10-19 2020-10-19 Virtual machine safe operation method, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112363797B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114489941B (en) * 2022-01-19 2024-05-28 上海交通大学 Virtual machine management method and system operating in host mode user mode

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11249777B2 (en) * 2014-07-10 2022-02-15 Red Hat Israel, Ltd. Virtual machine context management
US20170031838A1 (en) * 2015-07-28 2017-02-02 Qualcomm Incorporated Method and apparatus for using context information to protect virtual machine security
CN109800050B (en) * 2018-11-22 2021-11-23 海光信息技术股份有限公司 Memory management method, device, related equipment and system of virtual machine
CN109901911B (en) * 2018-11-22 2023-07-07 海光信息技术股份有限公司 Information setting method, control method, device and related equipment
CN109858288B (en) * 2018-12-26 2021-04-13 中国科学院信息工程研究所 Method and device for realizing safety isolation of virtual machine
CN110825492B (en) * 2019-10-31 2023-05-09 海光信息技术股份有限公司 Method, device, equipment and storage medium for isolating safe data memory

Also Published As

Publication number Publication date
CN112363797A (en) 2021-02-12

Similar Documents

Publication Publication Date Title
US7996836B1 (en) Using a hypervisor to provide computer security
CN103955438B (en) Proceeding internal memory guard method based on hardware auxiliary Intel Virtualization Technology
US8127316B1 (en) System and method for intercepting process creation events
Cho et al. {Hardware-Assisted}{On-Demand} Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices
US9197660B2 (en) Generic privilege escalation prevention
CN108154032B (en) A Root of Trust Construction Method for Computer System with Memory Integrity Guarantee
US11442770B2 (en) Formally verified trusted computing base with active security and policy enforcement
CN108647513A (en) A kind of shared library security isolation method and system based on TrustZone
CN102521531A (en) Password protection system based on hardware virtualization
WO2018214850A1 (en) Method, apparatus and systems for accessing secure world
CN112818327A (en) TrustZone-based user-level code and data security credibility protection method and device
WO2015174512A1 (en) Information-processing device, information-processing monitoring method, program, and recording medium
Jin et al. H-svm: Hardware-assisted secure virtual machines under a vulnerable hypervisor
EP3079057B1 (en) Method and device for realizing virtual machine introspection
Chan et al. Bootjacker: compromising computers using forced restarts
CN112464182A (en) Safety management and control method, device, medium and equipment for mobile equipment management
CN112363797B (en) Virtual machine safe operation method, electronic equipment and storage medium
US11842227B2 (en) Hypervisor secure event handling at a processor
Bousquet et al. Mandatory access control for the android dalvik virtual machine
US20230289204A1 (en) Zero Trust Endpoint Device
US11893107B2 (en) Apparatus and method for preventing security threat to virtual machine
Van Eyck et al. Mr-TEE: Practical Trusted Execution of Mixed-Criticality Code
Zhu et al. Investigating TrustZone: A Comprehensive Analysis
Lie et al. Using hypervisors to secure commodity operating systems
CN114168265A (en) Hypervisor-based safety protection method, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant