JPWO2020182498A5 - - Google Patents
Download PDFInfo
- Publication number
- JPWO2020182498A5 JPWO2020182498A5 JP2021552193A JP2021552193A JPWO2020182498A5 JP WO2020182498 A5 JPWO2020182498 A5 JP WO2020182498A5 JP 2021552193 A JP2021552193 A JP 2021552193A JP 2021552193 A JP2021552193 A JP 2021552193A JP WO2020182498 A5 JPWO2020182498 A5 JP WO2020182498A5
- Authority
- JP
- Japan
- Prior art keywords
- secure
- interrupt
- entity
- interface control
- guest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims 12
- 238000004590 computer program Methods 0.000 claims 2
- 238000003780 insertion Methods 0.000 claims 2
- 230000037431 insertion Effects 0.000 claims 2
Claims (13)
前記セキュア・インターフェース制御によって、信頼されないエンティティにゲスト割り込みマスク更新を通知することであって、前記信頼されないエンティティは、前記信頼されないエンティティにおいて実行されるセキュア・エンティティの動作をサポートするために、前記セキュア・インターフェース制御を介して前記コンピュータのハードウェアにおいて実行され、それと通信する、前記通知することと、
前記セキュア・インターフェース制御によって、前記ゲスト割り込みマスク更新を前記通知することに応答して、最高優先順位のイネーブルされたゲスト割り込みを提供する要求を前記信頼されないエンティティから受信することと、
前記セキュア・インターフェース制御によって、ゲスト・プレフィックス・ページに割り込み情報を移動し、前記割り込みの挿入が有効と判定されたときに前記セキュア・エンティティに前記割り込みを挿入することと
を含む、方法。 Fetching a program status word or control register value from secure guest storage by the computer's secure interface control, which provides partial instruction interpretation for the instruction that enables interrupts,
The secure interface control is to notify the untrusted entity of a guest interrupt mask update, the untrusted entity said to support the operation of the secure entity performed on the untrusted entity. The notification, which is executed and communicates with the hardware of the computer via the interface control.
Receiving from the untrusted entity a request to provide the highest priority enabled guest interrupt in response to the notification of the guest interrupt mask update by said secure interface control.
A method comprising moving interrupt information to a guest prefix page by said secure interface control and inserting the interrupt into the secure entity when the insertion of the interrupt is determined to be valid.
前記システムは、割り込みをイネーブルする命令に対する部分的な命令解釈を提供するよう、請求項1ないし10のいずれか1項に記載の方法を行うように構成される、システム。 A system that includes secure interface control of a computer
The system is configured to perform the method of any one of claims 1-10 to provide a partial instruction interpretation for an instruction that enables interrupts.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/296,452 US11308215B2 (en) | 2019-03-08 | 2019-03-08 | Secure interface control high-level instruction interception for interruption enablement |
US16/296,452 | 2019-03-08 | ||
PCT/EP2020/055317 WO2020182498A1 (en) | 2019-03-08 | 2020-02-28 | Secure interface control high-level instruction interception for interruption enablement |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2022522374A JP2022522374A (en) | 2022-04-18 |
JPWO2020182498A5 true JPWO2020182498A5 (en) | 2022-06-07 |
JP7398472B2 JP7398472B2 (en) | 2023-12-14 |
Family
ID=69740350
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2021552193A Active JP7398472B2 (en) | 2019-03-08 | 2020-02-28 | Secure interface control high-level instruction intercept for interrupt enable |
Country Status (8)
Country | Link |
---|---|
US (1) | US11308215B2 (en) |
EP (1) | EP3935532A1 (en) |
JP (1) | JP7398472B2 (en) |
CN (1) | CN113544664B (en) |
AU (1) | AU2020237597B2 (en) |
CA (1) | CA3132752A1 (en) |
IL (1) | IL284822B2 (en) |
WO (1) | WO2020182498A1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11842227B2 (en) * | 2019-10-10 | 2023-12-12 | Advanced Micro Devices, Inc. | Hypervisor secure event handling at a processor |
US20230061511A1 (en) * | 2021-08-30 | 2023-03-02 | International Business Machines Corporation | Inaccessible prefix pages during virtual machine execution |
US20230083083A1 (en) * | 2021-09-14 | 2023-03-16 | International Business Machines Corporation | Storing diagnostic state of secure virtual machines |
Family Cites Families (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5896499A (en) | 1997-02-21 | 1999-04-20 | International Business Machines Corporation | Embedded security processor |
US7984108B2 (en) | 2003-10-08 | 2011-07-19 | Unisys Corporation | Computer system para-virtualization using a hypervisor that is implemented in a partition of the host system |
US20080059556A1 (en) | 2006-08-31 | 2008-03-06 | Egenera, Inc. | Providing virtual machine technology as an embedded layer within a processing platform |
US8176280B2 (en) | 2008-02-25 | 2012-05-08 | International Business Machines Corporation | Use of test protection instruction in computing environments that support pageable guests |
GB2460393B (en) * | 2008-02-29 | 2012-03-28 | Advanced Risc Mach Ltd | A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry |
US8516481B2 (en) | 2008-04-04 | 2013-08-20 | Hewlett-Packard Development Company, L.P. | Virtual machine manager system and methods |
US8370641B2 (en) | 2008-05-24 | 2013-02-05 | Via Technologies, Inc. | Initialization of a microprocessor providing for execution of secure code |
US9100548B2 (en) | 2008-07-17 | 2015-08-04 | Cisco Technology, Inc. | Feature enablement at a communications terminal |
GB2462258B (en) | 2008-07-28 | 2012-02-08 | Advanced Risc Mach Ltd | Interrupt control for virtual processing apparatus |
US8996885B2 (en) | 2008-10-02 | 2015-03-31 | Broadcom Corporation | Secure virtual machine manager |
US8555377B2 (en) | 2010-04-29 | 2013-10-08 | High Cloud Security | Secure virtual machine |
US8856504B2 (en) | 2010-06-07 | 2014-10-07 | Cisco Technology, Inc. | Secure virtual machine bootstrap in untrusted cloud infrastructures |
US8468284B2 (en) * | 2010-06-23 | 2013-06-18 | International Business Machines Corporation | Converting a message signaled interruption into an I/O adapter event notification to a guest operating system |
CN102811239B (en) | 2011-06-03 | 2017-09-12 | 中兴通讯股份有限公司 | A kind of dummy machine system and its method of controlling security |
KR101323858B1 (en) | 2011-06-22 | 2013-11-21 | 한국과학기술원 | Apparatus and method for controlling memory access in virtualized system |
CN102750178B (en) * | 2012-06-08 | 2015-04-29 | 华为技术有限公司 | Virtualization management method of communication equipment hardware resources, and device related to method |
US9218288B2 (en) | 2012-06-15 | 2015-12-22 | International Business Machines Corporation | Monitoring a value in storage without repeated storage access |
EP2867770B1 (en) | 2012-06-29 | 2020-05-27 | Intel Corporation | Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers |
US8656482B1 (en) | 2012-08-20 | 2014-02-18 | Bitdefender IPR Management Ltd. | Secure communication using a trusted virtual machine |
WO2014081611A2 (en) | 2012-11-20 | 2014-05-30 | Unisys Corporation | Error recovery in securely partitioned virtualization system with dedicated resources |
GB2515536A (en) | 2013-06-27 | 2014-12-31 | Ibm | Processing a guest event in a hypervisor-controlled system |
WO2015015473A1 (en) | 2013-08-02 | 2015-02-05 | Ologn Technologies Ag | A secure server on a system with virtual machines |
US9355050B2 (en) | 2013-11-05 | 2016-05-31 | Qualcomm Incorporated | Secure, fast and normal virtual interrupt direct assignment in a virtualized interrupt controller in a mobile system-on-chip |
US9672058B2 (en) | 2014-03-13 | 2017-06-06 | Unisys Corporation | Reduced service partition virtualization system and method |
US9483639B2 (en) | 2014-03-13 | 2016-11-01 | Unisys Corporation | Service partition virtualization system and method having a secure application |
US9213569B2 (en) * | 2014-03-27 | 2015-12-15 | International Business Machines Corporation | Exiting multiple threads in a computer |
KR20160033517A (en) | 2014-09-18 | 2016-03-28 | 한국전자통신연구원 | Hybrid virtualization scheme for interrupt controller |
GB2532415A (en) * | 2014-11-11 | 2016-05-25 | Ibm | Processing a guest event in a hypervisor-controlled system |
WO2016194102A1 (en) | 2015-06-01 | 2016-12-08 | 株式会社日立製作所 | Computer system, computer, and method |
GB2539436B (en) | 2015-06-16 | 2019-02-06 | Advanced Risc Mach Ltd | Secure initialisation |
CN105184147B (en) | 2015-09-08 | 2017-11-24 | 成都博元科技有限公司 | User safety management method in cloud computing platform |
CN105184164B (en) | 2015-09-08 | 2017-11-24 | 成都博元科技有限公司 | A kind of data processing method |
US9792143B1 (en) | 2015-10-23 | 2017-10-17 | Amazon Technologies, Inc. | Platform secure execution modes |
US9841987B2 (en) | 2015-12-17 | 2017-12-12 | International Business Machines Corporation | Transparent secure interception handling |
CN105700826A (en) * | 2015-12-31 | 2016-06-22 | 华为技术有限公司 | Virtualization method and device |
CN107038128B (en) | 2016-02-03 | 2020-07-28 | 华为技术有限公司 | Virtualization of execution environment, and access method and device of virtual execution environment |
US10223281B2 (en) * | 2016-07-18 | 2019-03-05 | International Business Machines Corporation | Increasing the scope of local purges of structures associated with address translation |
US10303899B2 (en) | 2016-08-11 | 2019-05-28 | Intel Corporation | Secure public cloud with protected guest-verified host control |
US20180165224A1 (en) | 2016-12-12 | 2018-06-14 | Ati Technologies Ulc | Secure encrypted virtualization |
WO2018176360A1 (en) | 2017-03-31 | 2018-10-04 | Intel Corporation | Scalable interrupt virtualization for input/output devices |
US11347887B2 (en) * | 2017-10-03 | 2022-05-31 | Rutgers, The State University Of New Jersey | Value-based information flow tracking in software packages |
DE112017008307T5 (en) | 2017-12-27 | 2020-09-17 | Intel Corporation | SYSTEMS AND PROCEDURES FOR EFFICIENT INTERRUPTION OF VIRTUAL MACHINERY |
US11693952B2 (en) | 2018-10-31 | 2023-07-04 | Vmware, Inc. | System and method for providing secure execution environments using virtualization technology |
US11182192B2 (en) * | 2019-03-08 | 2021-11-23 | International Business Machines Corporation | Controlling access to secure storage of a virtual machine |
US11640361B2 (en) * | 2019-03-08 | 2023-05-02 | International Business Machines Corporation | Sharing secure memory across multiple security domains |
US11487906B2 (en) * | 2019-03-08 | 2022-11-01 | International Business Machines Corporation | Storage sharing between a secure domain and a non-secure entity |
US10970100B2 (en) * | 2019-03-08 | 2021-04-06 | International Business Machines Corporation | Starting a secure guest using an initial program load mechanism |
US11347869B2 (en) * | 2019-03-08 | 2022-05-31 | International Business Machines Corporation | Secure interface control high-level page management |
US11283800B2 (en) * | 2019-03-08 | 2022-03-22 | International Business Machines Corporation | Secure interface control secure storage hardware tagging |
US20200285501A1 (en) * | 2019-03-08 | 2020-09-10 | International Business Machines Corporation | Communication interface of a secure interface control |
US11068310B2 (en) * | 2019-03-08 | 2021-07-20 | International Business Machines Corporation | Secure storage query and donation |
US11206128B2 (en) * | 2019-03-08 | 2021-12-21 | International Business Machines Corporation | Secure paging with page change detection |
US11347529B2 (en) * | 2019-03-08 | 2022-05-31 | International Business Machines Corporation | Inject interrupts and exceptions into secure virtual machine |
US11176054B2 (en) * | 2019-03-08 | 2021-11-16 | International Business Machines Corporation | Host virtual address space for secure interface control storage |
US11403409B2 (en) * | 2019-03-08 | 2022-08-02 | International Business Machines Corporation | Program interruptions for page importing/exporting |
US11455398B2 (en) * | 2019-03-08 | 2022-09-27 | International Business Machines Corporation | Testing storage protection hardware in a secure virtual machine environment |
US11531627B2 (en) * | 2019-03-08 | 2022-12-20 | International Business Machines Corporation | Secure storage isolation |
-
2019
- 2019-03-08 US US16/296,452 patent/US11308215B2/en active Active
-
2020
- 2020-02-28 CN CN202080019339.XA patent/CN113544664B/en active Active
- 2020-02-28 CA CA3132752A patent/CA3132752A1/en active Pending
- 2020-02-28 JP JP2021552193A patent/JP7398472B2/en active Active
- 2020-02-28 EP EP20708469.0A patent/EP3935532A1/en active Pending
- 2020-02-28 IL IL284822A patent/IL284822B2/en unknown
- 2020-02-28 AU AU2020237597A patent/AU2020237597B2/en active Active
- 2020-02-28 WO PCT/EP2020/055317 patent/WO2020182498A1/en active Application Filing
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8959318B2 (en) | Illegal mode change handling | |
TWI509518B (en) | Method, central processing unit apparatus, and system for improving the performance of nested virtualization | |
US8301856B2 (en) | Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag | |
JP5697609B2 (en) | Managing latency introduced by virtualization | |
US9311088B2 (en) | Apparatus and method for mapping architectural registers to physical registers | |
US9760374B2 (en) | Stack pointer and memory access alignment control | |
TWI786181B (en) | Permitting unaborted processing of transaction after exception mask update instruction | |
JP2014531088A5 (en) | ||
US20160048458A1 (en) | Computer Security Systems and Methods Using Hardware-Accelerated Access To Guest Memory From Below The Operating System | |
JP6920286B2 (en) | Exception handling | |
KR20110019750A (en) | Device emulation support within a host data processing apparatus | |
JP2018531462A6 (en) | Exception handling | |
JPWO2020182498A5 (en) | ||
US10409602B2 (en) | Vector operand bitsize control | |
US11144329B2 (en) | Processor microcode with embedded jump table | |
US11704127B2 (en) | Marking current context data to control a context-data-dependent processing operation to save current or default context data to a data location |