CN117194284A - Memory access method, initialization method and related devices thereof - Google Patents
Memory access method, initialization method and related devices thereof Download PDFInfo
- Publication number
- CN117194284A CN117194284A CN202311120519.9A CN202311120519A CN117194284A CN 117194284 A CN117194284 A CN 117194284A CN 202311120519 A CN202311120519 A CN 202311120519A CN 117194284 A CN117194284 A CN 117194284A
- Authority
- CN
- China
- Prior art keywords
- access
- virtual machine
- access request
- address
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000011423 initialization method Methods 0.000 title claims abstract description 13
- 230000006870 function Effects 0.000 claims abstract description 76
- 238000013507 mapping Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 5
- 230000004044 response Effects 0.000 claims 1
- 230000002093 peripheral effect Effects 0.000 description 25
- 238000010586 diagram Methods 0.000 description 7
- 230000001965 increasing effect Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a memory access method, an initialization method and related devices thereof. The memory access method comprises the steps of obtaining an access control table, wherein the access control table comprises an address block of an external memory, a virtual machine identifier and a device function identifier; acquiring an access request; responding to the access request, and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table; if the address block is accessed, judging whether the access request is credible or not according to the virtual machine identification in the access request and the corresponding virtual machine identification in the access control table; and if the external memory is trusted, allowing access to the external memory. By setting the access control table and controlling the access request for accessing the external memory by using the access control table, the security of the external memory can be protected and illegal access to the external memory can be prevented on the premise that encryption and decryption operations are not needed when the external device is accessed by the access request.
Description
Technical Field
The embodiment of the application relates to the technical field of computer security, in particular to a memory access method, an initialization method and related devices thereof.
Background
With the development of Artificial Intelligence (AI), demands on system computing power are increasing, and cloud computing host processors cannot provide high-performance computing services for clients. Cloud service providers begin deploying devices at cloud hosts that provide more computing power and pass through to virtual machines, which can be used efficiently by virtual machine clients to run a variety of computing-intensive services. The existing deployed device generally does not have the function of encrypting and decrypting the memory, so that the information in the memory of the device is easy to steal, and meanwhile, the data in the encrypted virtual machine is stored in the memory of the device, which leads to data leakage of the encrypted virtual machine.
In the prior art, a PCIe (peripheral component interconnect express, a high-speed serial computer expansion bus standard) channel encryption function is required to be added to a processor and a device side, and encryption and decryption operations of the channel can greatly reduce the bandwidth of PCIe. In addition, the existing equipment which does not support PCIe channel encryption is not friendly, namely, a processor which supports PCIe channel encryption and the equipment which does not support PCIe channel encryption cannot realize the function of memory protection.
Therefore, how to protect the data of the external memory while ensuring the operation rate of the device based on the existing device becomes a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of this, the embodiments of the present application provide a memory access method, an initialization method, and related devices, so as to protect data of an encrypted virtual machine in an external memory while ensuring an operation rate of an apparatus based on an existing apparatus.
In order to achieve the above object, the embodiment of the present application provides the following technical solutions:
the embodiment of the application provides a memory access method, which comprises the following steps:
obtaining an access control table, wherein the access control table comprises an address block of an external memory, a virtual machine identifier and a device function identifier corresponding to the address block of the external memory, and a mapping relation between the virtual machine identifier and the device function identifier;
acquiring an access request, wherein the access request comprises an access address and a virtual machine identifier of the access request;
responding to the access request, and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table;
if the address block is accessed, judging whether the access request is credible or not according to the virtual machine identification in the access request and the corresponding virtual machine identification in the access control table;
and if the external memory is trusted, allowing access to the external memory.
Optionally, the method further comprises: if not, generating an exception corresponding to the access request.
Optionally, the step of responding to the access request and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table includes:
checking whether the access address is within the address block;
if the address block is within the range of the address block, the access address accesses the address block;
if not, the access address does not access the address block.
Optionally, if the address block is accessed, determining whether the access request is trusted according to the virtual machine identifier in the access request and the virtual machine identifier corresponding to the access control table includes:
verifying whether the virtual machine identifier of the access request is identical to the virtual machine identifier corresponding to the address block where the access address of the access request is located in the access control table
If the access requests are the same, the access requests are credible;
if not, the access request is not trusted.
Optionally, the virtual machine identifier includes a target virtual machine identifier and a non-target virtual machine identifier, which respectively correspond to the target virtual machine and the non-target virtual machine;
The access request also comprises an encryption identifier, which is used for marking whether the access request is encrypted or not;
after the step of responding to the access request and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table, the method further comprises the following steps:
if the address block is not accessed, judging whether the virtual machine identifier of the access request is a non-target virtual machine identifier or not and whether the encrypted identifier is non-encrypted or not;
if yes, allowing the access request to continue to access the external memory.
Optionally, the method further comprises: if not, generating an exception corresponding to the access request.
The embodiment of the invention also provides a memory access initialization method, which comprises the following steps:
the security processor creates an access control table;
the security processor acquires an address block of the external memory, and writes an equipment function identifier corresponding to the address block of the external memory into the access control table;
the security processor acquires a virtual machine identifier of the target virtual machine and a device function identifier corresponding to a memory address to be accessed by the target virtual machine;
and the secure processor establishes a mapping relation among the address block, the equipment function identifier and the virtual machine identifier, and writes the mapping relation into the access control table.
Optionally, the method further comprises: the BIOS sends the device function identification of the external memory and the corresponding external memory address block to the secure processor.
Optionally, the method further comprises: and the virtual machine manager sends the virtual machine identifier of the target virtual machine and the equipment function identifier corresponding to the memory address to be accessed by the target virtual machine to the security processor.
The embodiment of the invention also provides a memory access device, which comprises:
the control table acquisition module is used for acquiring an access control table, wherein the access control table comprises an address block of an external memory, a virtual machine identifier and a device function identifier corresponding to the address block of the external memory, and a mapping relation between the virtual machine identifier and the device function identifier;
the access request acquisition module is used for acquiring an access request, wherein the access request comprises an access address and a virtual machine identifier of the access request;
the control table checking module is used for responding to the access request and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table;
and the virtual machine identification checking module is used for judging whether the access request is trusted according to the virtual machine identification in the access request and the corresponding virtual machine identification in the access control table if the access request is accessed to the address block, and allowing the access to the external memory if the access request is trusted.
Optionally, the method further comprises: and the exception generation module is used for generating an exception corresponding to the access request if the access request is not trusted.
Optionally, the control table checking module is configured to respond to the access request, determine, according to an access address in the access request and an address block corresponding to the access control table, whether the access request accesses the address block, and include:
checking whether the access address is within the address block;
if the address block is within the range of the address block, the access address accesses the address block;
if not, the access address does not access the address block.
Optionally, the virtual machine identifier checking module is configured to determine whether the access request is trusted according to a virtual machine identifier in the access request and a virtual machine identifier corresponding to the access control table if the access request is to access the address block, and if the access request is trusted, allow access to the external memory, where the virtual machine identifier checking module includes:
verifying whether the virtual machine identifier of the access request is identical to the virtual machine identifier corresponding to the address block where the access address of the access request is located in the access control table
If the access requests are the same, the access requests are credible;
If not, the access request is not trusted.
Optionally, the virtual machine identifier includes a target virtual machine identifier and a non-target virtual machine identifier, which respectively correspond to the target virtual machine and the non-target virtual machine;
the access request also comprises an encryption identifier, which is used for marking whether the access request is encrypted or not;
the memory access device further includes:
and the encryption verification module is used for judging whether the virtual machine identifier of the access request is a non-target virtual machine identifier or not if the address block is not accessed, and whether the encryption identifier is non-encryption or not, if so, allowing the external memory to be accessed continuously.
The embodiment of the invention also provides a memory access initializing device, which is configured in the secure processor and comprises:
the access control table creating module is used for creating an access control table;
the address range acquisition module is used for acquiring an address block of the external memory, corresponding to the device function identifier of the address block of the external memory, and writing the device function identifier into the access control table;
the device comprises an identifier acquisition module, a memory address acquisition module and a memory address acquisition module, wherein the identifier acquisition module is used for acquiring a virtual machine identifier of a target virtual machine and a device function identifier corresponding to a memory address to be accessed by the target virtual machine;
and the control table initializing module is used for establishing a mapping relation among the address block, the equipment function identifier and the virtual machine identifier and writing the mapping relation into the access control table.
Optionally, the address block of the external memory and the device function identifier corresponding to the address block of the external memory are provided by the BIOS.
Optionally, the virtual machine identifier of the target virtual machine and the device function identifier corresponding to the memory address to be accessed by the target virtual machine are provided by a virtual machine manager.
The embodiment of the application also provides a chip comprising the memory access device and the memory access initializing device.
The embodiment of the application also provides electronic equipment comprising the chip.
The memory access method provided by the embodiment of the application comprises the steps of obtaining an access control table, wherein the access control table comprises an address block of an external memory, a virtual machine identifier and a device function identifier corresponding to the address block of the external memory, and a mapping relation between the virtual machine identifier and the device function identifier; acquiring an access request, wherein the access request comprises an access address and a virtual machine identifier of the access request; responding to the access request, and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table; if the address block is accessed, judging whether the access request is credible or not according to the virtual machine identification in the access request and the corresponding virtual machine identification in the access control table; and if the external memory is trusted, allowing access to the external memory. By setting the access control table and controlling the access request for accessing the external memory by using the access control table, the security of the external memory can be protected and illegal access to the external memory can be prevented on the premise that encryption and decryption operations are not needed when the external device is accessed by the access request.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an external memory protection device;
FIG. 2 is a flow chart of a memory access method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a table structure of an access control table according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating another memory access method according to an embodiment of the present application;
FIG. 5 is a schematic diagram illustrating a process of accessing a memory device by a target virtual machine;
FIG. 6 is a flow chart of a memory access initialization method according to an embodiment of the present application;
FIG. 7 is a flowchart illustrating another method for initializing a memory access according to an embodiment of the present application;
FIG. 8 is a schematic flow chart of a memory access initialization method according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a memory access device according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a computer system with external memory according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a memory access initializing device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
With the wide application of cloud technology, more enterprises deploy business systems to the cloud end so as to reduce the operation cost of the enterprises. A plurality of virtual machine systems are usually operated on the cloud host, and the host operating system can easily acquire all memory data in the virtual machine, so that service data leakage is easy to cause.
In order to improve the security of cloud computing, a hardware module such as a cryptographic coprocessor and a secure processor is newly added in a CPU SOC (System-on-a-Chip), so as to encrypt the memory of the virtual machine, provide confidentiality protection for a cloud host user System, and provide a national secure memory encryption function with higher security on the basis of hardware virtualization by using CSV (China Secure Virtualization, national standard secure virtualization technology), so that each running CSV virtual machine runs in an independent encrypted memory.
The encryption device system structure is shown in fig. 1, and includes a non-target virtual machine 111, a target virtual machine 121, a target virtual machine 131, a monitor 12, a host 13, a secure processor 14, an encryption engine 16 and a host memory 17, where the target virtual machine 121 is an encrypted virtual machine, the non-target virtual machine 111 is a normal virtual machine, when the target virtual machine 121 operates, the monitor 12 will set virtual machine device identifiers for all the target virtual machine 121 and the non-target virtual machine 111, the virtual machine device identifiers remain unchanged when the on-chip system operates, and when the target virtual machine 121 writes data into the host memory 17 or reads data from the host memory 17, the encryption engine 16 encrypts or decrypts the data using a key corresponding to the virtual machine device identifier, so that the data is ciphertext and is difficult to be stolen when passing through the monitor 12 and the host 13. When the target virtual machine 121 is started, the target virtual machine can be started after being measured or authenticated by the secure processor 14, and then the secure processor 14 respectively sets a first encryption key 151 to a second encryption key 153 for the target virtual machine; the target virtual machine 121 may set a portion of the memory to be non-encrypted normal memory, and interact with the peripheral or host 13 using the non-encrypted normal memory. The target virtual machine 121 is thus a trusted execution environment, and the software running inside it is safe and trusted.
With the development of Artificial Intelligence (AI), the demands on system computing power are increasing, and at this time, a computing service with high enough performance cannot be provided for users only by relying on a cloud computing host CPU. Cloud service providers have begun deploying peripheral accelerator cards at cloud hosts, which are typically accessed to the host by PCIe buses to provide higher performance computing services. With MMIO (Memory mapped Input Output, memory mapped IO), the peripheral accelerator card can be directly configured for use by the virtual machine, and the client of the virtual machine can efficiently use the peripheral accelerator card to run various computationally intensive services.
After the peripheral accelerator card is deployed, the cloud host and the target virtual machine system comprise a processor, an encryption engine in the processor, a system memory, an operating system, a target virtual machine, a non-target virtual machine, other application programs, equipment (accelerator card) in the computer, the memory of the accelerator card, a first PCIe controller and a second PCIe controller. It is easy to understand that the encryption engine is used for carrying out cryptography processing on the encrypted data between the target virtual machine and the system memory, so that the data confidentiality of the target virtual machine is ensured. However, the communication between the target virtual machine and the memory of the peripheral accelerator card is in plaintext, and the existing peripheral accelerator card is used as a peripheral, and generally does not have the function of encrypting and decrypting the memory of the peripheral accelerator card. The operating system is an untrusted environment, so that the operating system is easy to attack and steal information in the memory of the peripheral accelerator card, and data in the target virtual machine is leaked.
At this point, the key may be added to the PCIe controller. The other computer system comprises a processor, an encryption engine in the processor, a system memory, an operating system, a target virtual machine, a non-target virtual machine, other application programs in the computer, equipment (accelerator card), the memory of the accelerator card, a first PCIe controller and a second PCIe controller, and two key slots configured for the first PCIe controller and the second PCIe controller. When the peripheral accelerator card is directly connected to the target virtual machine, the memory of the peripheral accelerator card must be accessed only by the current target virtual machine, and other non-target virtual machines, application programs and operating systems have no authority to access the memory of the device. The current method is solved by means of PCIe channel encryption. The target virtual machine and the peripheral accelerator card negotiate a channel encryption key through a key exchange protocol and are configured in a key slot of the PCIe controller, wherein the key slot can be written unreadable. After the key is written into the key slot of the PCIe controller in the peripheral accelerator card, the memory of the peripheral accelerator card is in a locked state, and the configuration information cannot be written again until the memory of the peripheral accelerator card is released or reset.
Based on the above description, it is found that the processor and the peripheral accelerator card are required to be added with the PCIe channel encryption function, and the PCIe bandwidth is greatly reduced by the encryption and decryption operation of the channel. In addition, the method is not applicable to the existing accelerator card of the peripheral equipment which does not support PCIe channel encryption, namely, the processor which supports PCIe channel encryption and the equipment which does not support PCIe channel encryption cannot realize the function of memory protection of the equipment of the peripheral equipment. In addition, the peripheral accelerator card is generally used for processing intensive computing service of a large amount of data in the cloud host, and has high requirement on the read-write bandwidth of the data, so that increasing the password engine can reduce the read-write speed of the device memory on the data, seriously reduce the memory bandwidth and influence the data processing performance of the peripheral device.
In order to solve the foregoing problem, an embodiment of the present invention provides a method for protecting a memory device, so that when accessing a memory of an accelerator card of a peripheral, a target virtual machine can only access a memory within a preset address range, and other devices cannot access a memory within a preset address range. The specific steps of the flow are shown in fig. 2, including:
step S10: and obtaining an access control table, wherein the access control table comprises an external memory address block, a virtual machine identifier and a device function identifier corresponding to the external memory address block, and a mapping relation between the virtual machine identifier and the address block.
Step S20: acquiring an access request; the access request includes an access address and a virtual machine identification of the access request.
Step S30: and responding to the access request, judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table, and if so, executing step S40.
Step S40: and judging whether the access request is trusted or not according to the virtual machine identification in the access request and the virtual machine identification corresponding to the access control table, and executing step S50 if the access request is trusted.
Step S50: and allowing the access request to access the external memory.
Therefore, by setting the access control table and controlling the access request for accessing the external memory by using the access control table, the security of the data of the external memory can be protected and illegal access to the external memory can be prevented on the premise that encryption and decryption operations are not needed when the access request accesses the external device.
It is easy to understand that the external memory is the memory in the device (accelerator card) 21, or the memory deployed in the device for enhancing computing power by MMIO. The protection method of the memory device and the address block protected by the access control table can be regarded as being positioned in a trusted execution environment in a computer, PCIe equipment corresponding to the address block is trusted equipment, and the part of the external equipment except the address block is non-trusted equipment.
It should be noted that, the table structure of the access control table is shown in fig. 3, and the external memory address blocks in the access control table are stored in the access control table through the respective start addresses and end addresses of the different address blocks. Each address block corresponds to a determined virtual machine identifier and a determined device function identifier, wherein the virtual machine identifier is repeatable, and the device function identifier is not repeatable.
Specifically, the external memory is the memory in the peripheral accelerator card, and the external memory is composed of a plurality of PCIe devices. The external memory address block is an address range which is determined according to the use requirement and needs to be arranged in a physical address space of a processor in PCIe equipment in a trusted execution environment and mapped in the physical address space of the processor.
The virtual machine identifier is an identifier set to each virtual machine and used for marking and identifying different virtual machine identity information, and may be specifically a VMID (virtual machine identifier). In an alternative implementation, the non-target virtual machine, host operating system, and host application share the same VMID, e.g., the VMIDs of the non-target virtual machine, host operating system, and host application are all set to 0 by default. The target virtual machines each obtain a unique VMID of a non-0 value, such as 1, 2, 3, and so on.
Further, in an alternative implementation, the target virtual machine may include a preset encrypted virtual machine and/or a CSV (China Secure Virtualization, national standard secure virtualization technology) virtual machine.
The Device Function identifier is a BDF number, and comprises a Bus number and a Device number and a module number of an address block, wherein the Bus number, the Device number and the module number are combined together to form the Device Function identifier. Specifically, the PCIe bus structure is a tree structure. The device controller for controlling the PCIe device is a root node, can be directly connected with common devices, and can also be connected with bridge devices such as PCI bridges, PCIe switches and the like; the bridge device may continue to connect the normal device and the bridge device. The common equipment connected with the root node corresponds to the minimum bus number which is 0 or 1, and the bus number is increased by 1 and is increased by 32 at maximum when the common equipment connected with the primary bridge equipment is connected; the device is connected to common equipment under the same bridge equipment, corresponds to different equipment numbers, and starts from 0 to 31 at maximum; one common device can be connected with a plurality of PCIe devices for realizing different functions; the bus number and the device number of the PCIe device are the same as those of the normal device to which the PCIe device is connected, and correspond to different function numbers, starting from 0 and maximizing 7. Through bus number, device number, function number, a PCIe device can be uniquely determined. Referring to FIG. 3, the BDF numbers 02:03.1 and 03:06.0 shown in FIG. 3 are shown. In the embodiment provided by the application, the PCIe device accessed by the virtual machine corresponds to the unique BDF number, and the address block corresponds to the unique BDF number, so that the corresponding relation between the target virtual machine and the address block can be established by using the BDF number as the device function identifier.
And the address blocks of the external memory, the virtual machine identifiers and the device function identifiers are in one-to-one correspondence. By associating the information, the virtual machine and the address block of the external memory can be associated, so that illegal access can be screened out in a subsequent method.
Further, to ensure that the access control table is secure from tampering, in an alternative implementation, the access control table may be read and modified only by a secure processor, or by the module performing steps S30 and/or S40, and may not be read by any device or program other than the secure processor.
It is easy to understand that when a virtual machine or other device needs to access an external memory, an access request needs to be sent to an operating system, where the access request includes an access address that the access request needs to access and a VMID of a source virtual machine of the access request. At this time, in order to protect the external memory and avoid illegal access, all access requests for accessing the external memory can be obtained, and only access requests for accessing the external memory with security risk can be obtained.
After the access request is acquired, responding to the access memory, and judging whether the access request accesses the address block by utilizing an access address in the access request and the access control table in order to protect the external memory. At this time, in one embodiment, as shown in fig. 4, the step S30 includes:
Step S31: checking whether the access address is within the address block;
if the address block is within the range of the address block, the access address accesses the address block;
if not, the access address does not access the address block.
It is easy to understand that the access address of the access request may access a specific address or may be an address range, and the checking whether the access address is within the range of the address block or not, in order to check whether the access address is all included in the range of the address block, the access address may be within the range of a single address block or may be within the range of a set of multiple address blocks at the same time.
If the access address accesses the address block, at this time, it is required to continuously check whether the access request is trusted, and it is required to be noted that the trusted in step S40 means that there is no risk of information leakage after the access request is executed.
Specifically, in one embodiment, as shown in fig. 4, the step S40 includes a step S41:
verifying whether the virtual machine identifier of the access request is the same as the virtual machine identifier corresponding to the address block where the access address of the access request is located in the access control table;
If the access requests are the same, the access requests are credible;
if not, the access request is not trusted.
It is easy to understand that the range of the trusted memory that the target virtual machine needs to access when running is fixed, so in order to protect the external memory, the address block of the external memory can only be accessed by a specific target virtual machine by corresponding the address block to the virtual machine, and then the address block that a certain target virtual machine needs to access can only be accessed by the target virtual machine. Therefore, by comparing whether the VMID of the access request is the same as the VMID corresponding to the address block where the access address of the access request is located in the access control table, it can be checked whether the access request is from the virtual machine corresponding to the address block, if so, the access request is indicated to be from the virtual machine corresponding to the address block, and if not, the access request is a normal trusted access request, and if not, the access request is indicated to be not from the virtual machine corresponding to the address block, so that there is a risk of stealing data after the access request is executed, and further, the access request is determined to be not trusted.
And if the access request is judged to be credible, allowing the access request to continue to execute so as to access the external memory. If the access request is not trusted, in order to protect the computer information security, the access request is prevented from continuing to run, and an exception is also required to be responded to the access request, in one embodiment, as shown in fig. 4, if the step S41 is determined to be not trusted, then step S51 is further included: an exception corresponding to the access request is generated.
It should be noted that the exception includes various error handling manners, such as stopping the target virtual machine, reporting an error to the main operating system, and processing the access request by the main operating system. Thus, by generating an exception, the access request can be prevented from continuing to run, and further the data in the external memory is prevented from being stolen.
Further, in order to protect the computer system from other untrusted access requests or abnormal access requests that cannot be handled by the computer, as shown in fig. 4, in the access request that does not access the address block, step S31 further includes, if the address block is not accessed, executing step S60:
the virtual machine identifier comprises a target virtual machine identifier and a non-target virtual machine identifier, and corresponds to the target virtual machine and the non-target virtual machine respectively;
the access request also comprises an encryption identifier, which is used for marking whether the access request is encrypted or not;
and judging whether the virtual machine identifier of the access request is a non-target virtual machine identifier or not, and whether the encrypted identifier is a non-encrypted identifier or not, if so, allowing the external memory to be accessed continuously.
Specifically, the encryption identifier is used for indicating whether the memory page where the access request is located needs to be encrypted, the control of the memory page encryption of the virtual machine is controlled by a main operating system or a virtual machine manager, and whether the page is encrypted is marked by using a certain preset bit, specifically, the 47 th bit, also called as c-bit, in the physical address of the virtual machine. Specifically, when the c-bit is 1, it indicates that the page needs to be encrypted, then the access request related to the memory page is encrypted or decrypted, and when the c-bit is 0, then no encryption or decryption is performed.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating a process of accessing the external memory by the target virtual machine, where the target virtual machine 71 has its specific VMID, for example, 1, and when the access request accesses the external memory, it is necessary to set the c-bit of the page to be accessed to the first trusted device 72 or the second encrypted memory 73 in the trusted execution environment in the page table of the target virtual machine 71 to 1, and the c-bit of the other pages to 0, and then proceed with page table conversion. When the external memory is accessed, the VMID=1 and the c-bit=1 of the access request of the external memory in the trusted environment are accessed; when the access request accesses the normal memory 75 or the shared memory 74 in the non-trusted environment, since encryption is not required, i.e. c-bit=0, when the target virtual machine 71 outputs the VMID of the access request, the VMID of the non-target virtual machine is output, for example vmid=0, i.e. when the access request accesses the external memory in the non-trusted environment, vmid=0, c-bit=0. Thus, only the access requests satisfying vmid=0, c-bit=0 among the access requests accessing the untrusted environment are trusted access requests. In the figure, the access request vmid=1 for accessing the normal memory 75, and therefore, the access request is not trusted, and an error occurs in actual operation.
Further, please refer to fig. 4, if the access request is not trusted, that is, the vmid=1 and/or the c-bit=1 indicates that the access request has a risk of data leakage, in order to protect the security of the data of the computer and the external memory, in an alternative implementation, when the virtual machine identifier of the access request determined in step S60 is not the non-target virtual machine identifier or the encrypted identifier is not the non-encrypted identifier, step S51 is executed.
Therefore, the memory access method can protect the trusted environment in the external memory and simultaneously protect the non-trusted environment and the computer stability by using the memory access control table.
Further, in order to improve security, the memory access method of the present application is enabled to operate stably, and a secure and reliable access control table is obtained, and the present application further provides a memory access initialization method, as shown in fig. 6, including:
step S70: the security processor creates an access control table;
step S71: the security processor acquires an address block of the external memory, and writes an equipment function identifier corresponding to the address block of the external memory into the access control table;
step S72: the security processor acquires a virtual machine identifier of the target virtual machine and a device function identifier corresponding to a memory address to be accessed by the target virtual machine;
Step S73: and the secure processor establishes a mapping relation among the address block, the equipment function identifier and the virtual machine identifier, and writes the mapping relation into the access control table.
It should be noted that, because the virtual machine identifiers of the non-target virtual machines are the same, in one embodiment, the virtual machine identifiers of all virtual machines and the device function identifiers corresponding to the memory addresses to be accessed need not be acquired, and only the secure processor may acquire the virtual machine identifier of the target virtual machine and the device function identifier corresponding to the memory addresses to be accessed by the target virtual machine, while the virtual machine identifiers of other non-target virtual machines that are not acquired are all virtual machine identifiers of the non-target virtual machines.
Specifically, in order to send the address block of the external memory to the secure processor, the device function identifier corresponding to the address block of the external memory, as shown in fig. 7, in one embodiment, the step S71 further includes step S83:
the BIOS sends the device function identification of the external memory and the corresponding external memory address block to the secure processor.
The BIOS (Basic Input Output System ) is the piece of code that is initially executed when the computer system is started, typically solidified on the computer motherboard. In a trusted computer system, the BIOS is trusted through a metric verification. As shown in fig. 7, when the computer is powered on and initialized, the BIOS needs to perform hardware initialization in step S81, and then performs step S82: initializing the PCIe device, namely traversing the PCIe device and distributing the system address, and then adding step S83, namely the BIOS sends the device function identifier of the PCIe device required to be arranged in the trusted execution environment in the external memory and the memory address range corresponding to the PCIe device to the secure processor. It should be noted that, the memory address range corresponding to the PCIe device is the address block. At this time, in one embodiment, the secure processor creates an access control table according to the received address block and BDF, at this time, since the virtual machine identifier is not acquired, all VMIDs in the access control table are set to 0, and in this state, all access requests for accessing any PCIe device in the external memory are allowed to be accessed. After the above steps are completed, the BIOS continues to operate step S84: the main operating system is started.
If the hot-pluggable device is connected to the computer after the computer is started, the address block and BDF number of the hot-pluggable device cannot be sent to the secure processor and added to the access control table. Therefore, in order to ensure security, the memory access method and the memory access initialization method of the present application do not support hot-swapped devices, and only PCIe devices initialized by the BIOS support the memory access method of the present application during a system startup process.
Further, in order for the secure processor to obtain the virtual machine identifier of the target virtual machine and the device function identifier corresponding to the memory address to be accessed by the target virtual machine, as shown in fig. 8, step S72 further includes step S86:
and the virtual machine manager sends the virtual machine identifier of the target virtual machine and the equipment function identifier corresponding to the memory address to be accessed by the target virtual machine.
It should be noted that, because the virtual machine identifiers of the non-target virtual machines are the same, in one embodiment, the virtual machine identifiers of all virtual machines and the device function identifiers corresponding to the memory addresses to be accessed need not be acquired, and only the secure processor may acquire the virtual machine identifier of the target virtual machine and the device function identifier corresponding to the memory addresses to be accessed by the target virtual machine, while the virtual machine identifiers of other non-target virtual machines that are not acquired are all virtual machine identifiers of the non-target virtual machines.
It should be noted that, step S85 needs to be executed before the target virtual machine is started: after the virtual machine is initialized, in order to establish the access control table, step S86 needs to be executed, that is, the virtual machine manager sends the VMID of the target virtual machine and the device function identifier corresponding to the memory address to be accessed by the target virtual machine to the secure processor.
Specifically, in step S73, the process of establishing the mapping relationship is that the security processor searches for the device function identifier in the access control table, which is the same as the device function identifier corresponding to the memory address to be accessed by the target virtual machine, and then sets the VMID corresponding to the device function identifier in the access control table as the VMID of the target virtual machine to be accessed by the address block. After writing all VMIDs, the process continues with step S87: the virtual machine manager starts the target virtual machine. Step S88: the target virtual machine sets c-bit=1 to access the page table of the trusted device. The configuration and access of the subsequent target virtual machine and its accessed trusted device may then continue to run.
According to the embodiment of the application, the access control table is arranged, and the access control table is used for controlling the access request for accessing the external memory, so that the unreliable access request is screened out, and further, when the access request accesses the external device, the security of the data of the external memory is protected and illegal access to the external memory is prevented on the premise that encryption and decryption operations are not needed.
The embodiment of the application also provides a memory access device, as shown in fig. 9, including:
the control table acquisition module 400 is configured to acquire an access control table, where the access control table includes an address block of the external memory, a virtual machine identifier and a device function identifier corresponding to the address block of the external memory, and a mapping relationship between the virtual machine identifier and the device function identifier;
an access request obtaining module 410, configured to obtain an access request, where the access request includes an access address and a virtual machine identifier of the access request; wherein the sources of the access requests include target virtual machine 521, non-target virtual machine 522, and application 523.
A control table checking module 420, configured to respond to the access request, and determine whether the access request accesses the address block according to an access address in the access request and an address block corresponding to the access control table;
the virtual machine identifier checking module 430 is configured to determine whether the access request is trusted according to the virtual machine identifier in the access request and the virtual machine identifier corresponding to the access control table if the access request is to access the address block, and if the access request is trusted, allow access to the external memory 460.
Further, if the access request is not trusted, in order to protect the information security of the computer, the access request is prevented from continuing to run, and an exception is also required to be responded to the access request, in an implementation manner, as shown in fig. 9, the memory access device provided by the embodiment of the present application further includes: and the exception generation module 450 is configured to generate an exception corresponding to the access request if the access request is not trusted. For example, in the virtual machine identifier checking module 430, whether the access request is trusted is determined according to the virtual machine identifier in the access request and the virtual machine identifier corresponding to the access control table, and if the access request is not trusted, the exception generating module 450 generates an exception corresponding to the access request.
After the access request is obtained, to protect the external memory 460, the access control table needs to be used to determine whether the access request accesses the address block. At this time, in one embodiment, the control table checking module 420 includes:
checking whether the access address is within the address block;
if the address block is within the range of the address block, the access address accesses the address block;
if not, the access address does not access the address block.
If the access address accesses the external memory 460, it is necessary to continuously check whether the access request is trusted, and it should be noted that the above-mentioned trust means that there is no risk of information leakage after the access request is executed.
Specifically, to determine whether the access request is trusted, in one embodiment, the virtual machine identifier checking module 430 includes:
verifying whether the virtual machine identifier of the access request is identical to the virtual machine identifier corresponding to the address block where the access address of the access request is located in the access control table
If the access requests are the same, the access requests are credible;
if not, the access request is not trusted.
Further, in order to protect the computer system, other unreliable access requests or abnormal access requests that cannot be processed by the computer exist in all access requests that access the external memory 460, in one embodiment, as shown in fig. 9, the virtual machine includes a target virtual machine and a non-target virtual machine, and correspondingly, the virtual machine identifier includes a target virtual machine identifier and a non-target virtual machine identifier; the access request also comprises an encryption identifier, which is used for marking whether the access request is encrypted or not; the memory access device provided by the application further comprises:
The encryption verification module 440 is configured to determine whether the virtual machine identifier of the access request is a non-target virtual machine identifier and whether the encrypted identifier is a non-encrypted identifier if the address block is not accessed, and if yes, allow the external memory 460 to be accessed continuously.
Further, in an embodiment, the exception generation module 450 is further configured to generate an exception corresponding to the access request if the virtual machine identifier of the access request is not a non-target virtual machine identifier in the virtual machine identifier checking module 430 or the encrypted identifier is not a non-encrypted identifier in the encryption verification module 440.
Specifically, as shown in fig. 10, the computer system with external memory provided in the embodiment of the present application includes a processor 54, an encryption and decryption engine 56 in the processor 54, a system memory 55, an operating system 53, a target virtual machine 521, a non-target virtual machine 522, other application programs 523 in the computer, a device (accelerator card) 521, an accelerator card memory 511, a first PCIe controller 571 and a second PCIe controller 572. The memory 511 of the accelerator card is the external memory 460 described above. In one embodiment, the computer system adds a memory access device 58 in the processor 54 for controlling access requests of all devices 51 accessing the peripheral, said memory access device 58 being connected to the secure processor 59, said access control table being used by the secure processor 59 to configure the memory access device 58.
Further, in order to improve security, to make the memory access method of the present application run stably and obtain a secure and reliable access control table, an embodiment of the present application further provides a memory access initializing device, where the memory access initializing device is configured in a secure processor, as shown in fig. 11, and includes:
an access control table creation module 600 for creating an access control table;
an address range obtaining module 610, configured to obtain an address block of the external memory, and write an equipment function identifier corresponding to the address block of the external memory into the access control table;
the identifier obtaining module 620 is configured to obtain a virtual machine identifier of the target virtual machine and a device function identifier corresponding to a memory address to be accessed by the target virtual machine;
and a control table initializing module 630, configured to establish a mapping relationship among the address block, the device function identifier, and the virtual machine identifier, and write the mapping relationship into the access control table.
Specifically, the address block of the external memory and the device function identifier corresponding to the address block of the external memory are sent to the security process by the BIOS. Therefore, in order to obtain the address block of the external memory, the device function identifier corresponding to the address block of the external memory, as shown in fig. 11, in one embodiment, the memory access initializing device provided by the present application further includes:
The device function identifier of the external memory and the corresponding external memory address block are provided by the BIOS.
Specifically, the virtual machine identifier of the target virtual machine and the device function identifier corresponding to the memory address to be accessed by the target virtual machine are sent to the secure processor by the virtual machine manager, so in one embodiment, as shown in fig. 11, the memory access initializing device provided by the present application further includes:
and the virtual machine identifier of the virtual machine and the equipment function identifier corresponding to the memory address to be accessed by the virtual machine are provided by a virtual machine manager.
According to the embodiment of the application, the access control table is arranged, and the access control table is used for controlling the access request for accessing the external memory, so that the unreliable access request is screened out, and further, the security of the external memory is protected and illegal access to the external memory is prevented on the premise that encryption and decryption operations are not needed when the access request accesses the external device.
The embodiment of the application also provides a chip, and in the embodiment of the application, the chip can be configured with the memory access device and the memory access initializing device.
The embodiment of the application also provides the electronic equipment, and in the embodiment of the application, the electronic equipment can be provided with the chip.
Although the embodiments of the present application are disclosed above, the present application is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the application, and the scope of the application should be assessed accordingly to that of the appended claims.
Claims (19)
1. A memory access method, comprising:
obtaining an access control table, wherein the access control table comprises an address block of an external memory, a virtual machine identifier and a device function identifier corresponding to the address block of the external memory, and a mapping relation between the virtual machine identifier and the device function identifier;
acquiring an access request, wherein the access request comprises an access address and a virtual machine identifier of the access request;
responding to the access request, and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table;
if the address block is accessed, judging whether the access request is credible or not according to the virtual machine identification in the access request and the corresponding virtual machine identification in the access control table;
and if the external memory is trusted, allowing access to the external memory.
2. The memory access method of claim 1, further comprising:
If not, generating an exception corresponding to the access request.
3. The memory access method according to claim 1, wherein said step of determining whether said access request accesses said address block based on an access address in said access request and an address block corresponding to said access control table in response to said access request comprises:
checking whether the access address is within the address block;
if the address block is within the range of the address block, the access address accesses the address block;
if not, the access address does not access the address block.
4. The memory access method according to claim 1, wherein if the address block is accessed, determining whether the access request is trusted according to the virtual machine identifier in the access request and the virtual machine identifier corresponding to the access control table includes:
verifying whether the virtual machine identifier of the access request is the same as the virtual machine identifier corresponding to the address block where the access address of the access request is located in the access control table;
if the access requests are the same, the access requests are credible;
if not, the access request is not trusted.
5. The memory access method of claim 1, wherein the virtual machine identifier comprises a target virtual machine identifier and a non-target virtual machine identifier, corresponding to the target virtual machine and the non-target virtual machine, respectively;
the access request also comprises an encryption identifier, which is used for marking whether the access request is encrypted or not;
after the step of responding to the access request and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table, the method further comprises the following steps:
if the address block is not accessed, judging whether the virtual machine identifier of the access request is a non-target virtual machine identifier or not and whether the encrypted identifier is non-encrypted or not;
if yes, allowing the access request to continue to access the external memory.
6. The memory access method of claim 5, further comprising:
if not, generating an exception corresponding to the access request.
7. A memory access initialization method, comprising:
the security processor creates an access control table;
the security processor acquires an address block of the external memory, and writes an equipment function identifier corresponding to the address block of the external memory into the access control table;
The security processor acquires a virtual machine identifier of the target virtual machine and a device function identifier corresponding to a memory address to be accessed by the target virtual machine;
and the secure processor establishes a mapping relation among the address block, the equipment function identifier and the virtual machine identifier, and writes the mapping relation into the access control table.
8. The memory access initialization method of claim 7, further comprising:
the BIOS sends the device function identification of the external memory and the corresponding external memory address block to the secure processor.
9. The memory access initialization method of claim 7, further comprising:
and the virtual machine manager sends the virtual machine identifier of the target virtual machine and the equipment function identifier corresponding to the memory address to be accessed by the target virtual machine to the security processor.
10. A memory access device, comprising:
the control table acquisition module is used for acquiring an access control table, wherein the access control table comprises an address block of an external memory, a virtual machine identifier and a device function identifier corresponding to the address block of the external memory, and a mapping relation between the virtual machine identifier and the device function identifier;
the access request acquisition module is used for acquiring an access request, wherein the access request comprises an access address and a virtual machine identifier of the access request;
The control table checking module is used for responding to the access request and judging whether the access request accesses the address block according to the access address in the access request and the address block corresponding to the access control table;
and the virtual machine identification checking module is used for judging whether the access request is trusted according to the virtual machine identification in the access request and the corresponding virtual machine identification in the access control table if the access request is accessed to the address block, and allowing the access to the external memory if the access request is trusted.
11. The memory access device of claim 10, further comprising:
and the exception generation module is used for generating an exception corresponding to the access request if the access request is not trusted.
12. The memory access device of claim 10, wherein the control table checking module, configured to respond to the access request, and determine whether the access request accesses the address block according to an access address in the access request and an address block corresponding to the access control table, includes:
checking whether the access address is within the address block;
if the address block is within the range of the address block, the access address accesses the address block;
If not, the access address does not access the address block.
13. The memory access device of claim 10, wherein the virtual machine identifier checking module configured to determine whether the access request is trusted according to a virtual machine identifier in the access request and a corresponding virtual machine identifier in the access control table if the access request is to the address block, and if the access request is trusted, to allow access to the external memory, comprises:
verifying whether the virtual machine identifier of the access request is the same as the virtual machine identifier corresponding to the address block where the access address of the access request is located in the access control table;
if the access requests are the same, the access requests are credible;
if not, the access request is not trusted.
14. The memory access device of claim 10, wherein the virtual machine identification comprises a target virtual machine identification and a non-target virtual machine identification, corresponding to a target virtual machine and a non-target virtual machine, respectively;
the access request also comprises an encryption identifier, which is used for marking whether the access request is encrypted or not;
the memory access device further includes:
and the encryption verification module is used for judging whether the virtual machine identifier of the access request is a non-target virtual machine identifier or not if the address block is not accessed, and whether the encryption identifier is non-encryption or not, if so, allowing the external memory to be accessed continuously.
15. A memory access initialization apparatus, wherein the memory access initialization apparatus is configured in a secure processor, and comprises:
the access control table creating module is used for creating an access control table;
the address range acquisition module is used for acquiring an address block of the external memory, corresponding to the device function identifier of the address block of the external memory, and writing the device function identifier into the access control table;
the device comprises an identifier acquisition module, a memory address acquisition module and a memory address acquisition module, wherein the identifier acquisition module is used for acquiring a virtual machine identifier of a target virtual machine and a device function identifier corresponding to a memory address to be accessed by the target virtual machine;
and the control table initializing module is used for establishing a mapping relation among the address block, the equipment function identifier and the virtual machine identifier and writing the mapping relation into the access control table.
16. The memory access initialization apparatus of claim 15, further comprising:
the address block of the external memory and the device function identifier corresponding to the address block of the external memory are provided by the BIOS.
17. The memory access initialization apparatus of claim 15, further comprising:
and the virtual machine identifier of the target virtual machine and the equipment function identifier corresponding to the memory address to be accessed by the target virtual machine are provided by a virtual machine manager.
18. A chip, characterized in that the chip is provided with a memory access device according to any of claims 10-14 and a memory access initialisation device according to any of claims 15-17.
19. An electronic device comprising the chip of claim 18.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311120519.9A CN117194284A (en) | 2023-08-31 | 2023-08-31 | Memory access method, initialization method and related devices thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311120519.9A CN117194284A (en) | 2023-08-31 | 2023-08-31 | Memory access method, initialization method and related devices thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117194284A true CN117194284A (en) | 2023-12-08 |
Family
ID=88984359
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311120519.9A Pending CN117194284A (en) | 2023-08-31 | 2023-08-31 | Memory access method, initialization method and related devices thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117194284A (en) |
-
2023
- 2023-08-31 CN CN202311120519.9A patent/CN117194284A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220091998A1 (en) | Technologies for secure device configuration and management | |
| EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| EP3326103B1 (en) | Technologies for trusted i/o for multiple co-existing trusted execution environments under isa control | |
| CN107667347B (en) | Techniques for virtualized access to security services provided by a converged manageability and security engine | |
| KR102013841B1 (en) | Method of managing key for secure storage of data, and and apparatus there-of | |
| US8572410B1 (en) | Virtualized protected storage | |
| CN110348204B (en) | Code protection system, authentication method, authentication device, chip and electronic equipment | |
| US11888972B2 (en) | Split security for trusted execution environments | |
| US11575672B2 (en) | Secure accelerator device pairing for trusted accelerator-to-accelerator communication | |
| US9015454B2 (en) | Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys | |
| TW201617957A (en) | Management of authenticated variables | |
| US20200127850A1 (en) | Certifying a trusted platform module without privacy certification authority infrastructure | |
| US11620411B2 (en) | Elastic launch for trusted execution environments | |
| US12105806B2 (en) | Securing communications with security processors using platform keys | |
| US11368291B2 (en) | Mutually authenticated adaptive management interfaces for interaction with sensitive infrastructure | |
| US12105859B2 (en) | Managing storage of secrets in memories of baseboard management controllers | |
| US20240256649A1 (en) | Method for implementing virtualized trusted platform module, secure processor and storage medium | |
| US20230281324A1 (en) | Advanced elastic launch for trusted execution environments | |
| Hao et al. | Trusted block as a service: Towards sensitive applications on the cloud | |
| US20220129593A1 (en) | Limited introspection for trusted execution environments | |
| CN114499867B (en) | Trusted root management method, device, equipment and storage medium | |
| CN117194284A (en) | Memory access method, initialization method and related devices thereof | |
| CN118101201B (en) | DICE and pKVM-based privacy data protection system and method | |
| CN116860666A (en) | GPU memory protection method and device, chip and electronic equipment | |
| Bertani et al. | Confidential Computing: A Security Overview and Future Research Directions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240930 Address after: Rooms 501 and 502, No. 289 Chunxiao Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai, 200020 (nominal floor is 6th floor) Applicant after: Haiguang Yunxin Integrated Circuit Design (Shanghai) Co.,Ltd. Country or region after: China Address before: 300384 industrial incubation-3-8, North 2-204, No. 18, Haitai West Road, Tianjin Huayuan Industrial Zone, Binhai New Area, Tianjin Applicant before: Haiguang Information Technology Co.,Ltd. Country or region before: China |