JPWO2020182498A5 - - Google Patents

Download PDF

Info

Publication number
JPWO2020182498A5
JPWO2020182498A5 JP2021552193A JP2021552193A JPWO2020182498A5 JP WO2020182498 A5 JPWO2020182498 A5 JP WO2020182498A5 JP 2021552193 A JP2021552193 A JP 2021552193A JP 2021552193 A JP2021552193 A JP 2021552193A JP WO2020182498 A5 JPWO2020182498 A5 JP WO2020182498A5
Authority
JP
Japan
Prior art keywords
secure
interrupt
entity
interface control
guest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2021552193A
Other languages
Japanese (ja)
Other versions
JP7398472B2 (en
JP2022522374A (en
Publication date
Priority claimed from US16/296,452 external-priority patent/US11308215B2/en
Application filed filed Critical
Publication of JP2022522374A publication Critical patent/JP2022522374A/en
Publication of JPWO2020182498A5 publication Critical patent/JPWO2020182498A5/ja
Application granted granted Critical
Publication of JP7398472B2 publication Critical patent/JP7398472B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Claims (13)

割り込みをイネーブルする命令に対する部分的な命令解釈を提供するコンピュータのセキュア・インターフェース制御によって、セキュア・ゲスト・ストレージからプログラム状況ワードまたは制御レジスタ値をフェッチすることと、
前記セキュア・インターフェース制御によって、信頼されないエンティティにゲスト割り込みマスク更新を通知することであって、前記信頼されないエンティティは、前記信頼されないエンティティにおいて実行されるセキュア・エンティティの動作をサポートするために、前記セキュア・インターフェース制御を介して前記コンピュータのハードウェアにおいて実行され、それと通信する、前記通知することと、
前記セキュア・インターフェース制御によって、前記ゲスト割り込みマスク更新を前記通知することに応答して、最高優先順位のイネーブルされたゲスト割り込みを提供する要求を前記信頼されないエンティティから受信することと、
前記セキュア・インターフェース制御によって、ゲスト・プレフィックス・ページに割り込み情報を移動し、前記割り込みの挿入が有効と判定されたときに前記セキュア・エンティティに前記割り込みを挿入することと
を含む、方法。 Fetching a program status word or control register value from secure guest storage by the computer's secure interface control, which provides partial instruction interpretation for the instruction that enables interrupts,
The secure interface control is to notify the untrusted entity of a guest interrupt mask update, the untrusted entity said to support the operation of the secure entity performed on the untrusted entity. The notification, which is executed and communicates with the hardware of the computer via the interface control.
Receiving from the untrusted entity a request to provide the highest priority enabled guest interrupt in response to the notification of the guest interrupt mask update by said secure interface control.
A method comprising moving interrupt information to a guest prefix page by said secure interface control and inserting the interrupt into the secure entity when the insertion of the interrupt is determined to be valid. 前記セキュア・エンティティによって、前記信頼されないエンティティによってモニタされるロード・プログラム状況ワードまたはロード制御を発行することをさらに含む、請求項1に記載の方法。 The method of claim 1, further comprising issuing a load program status word or load control monitored by said untrusted entity by said secure entity. 前記フェッチすることに応答して、前記セキュア・インターフェース制御によって、前記プログラム状況ワードまたは制御レジスタをロードすることをさらに含む、請求項1または2に記載の方法。 The method of claim 1 or 2, further comprising loading the program status word or control register by said secure interface control in response to said fetch. 前記信頼されないエンティティによって、保留およびイネーブルされた割り込みの優先順位付けをして、前記最高優先順位のイネーブルされたゲスト割り込みを決定することをさらに含む、請求項1ないし3のいずれか一項に記載の方法。 13. the method of. 前記信頼されないエンティティによって、前記最高優先順位のイネーブルされたゲスト割り込みに対する割り込み情報を非セキュア・ストレージに記憶することをさらに含む、請求項1ないし4のいずれか一項に記載の方法。 The method of any one of claims 1 to 4, further comprising storing interrupt information for the highest priority enabled guest interrupt in non-secure storage by said untrusted entity. 前記信頼されないエンティティは、状態記述に前記割り込み情報を提供する、請求項5に記載の方法。 The method of claim 5, wherein the untrusted entity provides the interrupt information in the state description. 前記信頼されないエンティティは前記セキュア・インターフェース制御に前記割り込み情報を提供するための命令を発行し、前記割り込み情報は前記命令に対するパラメータとして渡される、請求項5に記載の方法。 The method of claim 5, wherein the untrusted entity issues an instruction to provide the interrupt information to the secure interface control, and the interrupt information is passed as a parameter to the instruction. 前記割り込みの前記挿入が無効と判定されたときに、前記セキュア・インターフェース制御によって、前記信頼されないエンティティに例外を発行することをさらに含む、請求項1ないし7のいずれか一項に記載の方法。 The method of any one of claims 1-7, further comprising issuing an exception to the untrusted entity by said secure interface control when the insertion of the interrupt is determined to be invalid. 前記挿入された割り込みを受信したことに応答して、前記セキュア・エンティティによって割り込みハンドラを実行することをさらに含む、請求項1ないし8のいずれか一項に記載の方法。 The method of any one of claims 1-8, further comprising executing an interrupt handler by the secure entity in response to receiving the inserted interrupt. 前記セキュア・エンティティはセキュア・ゲストを含み、前記信頼されないエンティティはハイパーバイザを含む、請求項9に記載の方法。 9. The method of claim 9, wherein the secure entity comprises a secure guest and the untrusted entity comprises a hypervisor. コンピュータのセキュア・インターフェース制御を含むシステムであって、
前記システムは、割り込みをイネーブルする命令に対する部分的な命令解釈を提供するよう、請求項1ないし10のいずれか1項に記載の方法を行うように構成される、システム。 A system that includes secure interface control of a computer
The system is configured to perform the method of any one of claims 1-10 to provide a partial instruction interpretation for an instruction that enables interrupts. コンピュータに、請求項1ないし10のいずれか1項に記載の方法を実行させるためのコンピュータ・プログラム。 A computer program for causing a computer to perform the method according to any one of claims 1 to 10. 請求項12に記載のコンピュータ・プログラムを記録したプログラム製品。 A program product recording the computer program according to claim 12.
JP2021552193A 2019-03-08 2020-02-28 Secure interface control high-level instruction intercept for interrupt enable Active JP7398472B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/296,452 US11308215B2 (en) 2019-03-08 2019-03-08 Secure interface control high-level instruction interception for interruption enablement
US16/296,452 2019-03-08
PCT/EP2020/055317 WO2020182498A1 (en) 2019-03-08 2020-02-28 Secure interface control high-level instruction interception for interruption enablement

Publications (3)

Publication Number Publication Date
JP2022522374A JP2022522374A (en) 2022-04-18
JPWO2020182498A5 true JPWO2020182498A5 (en) 2022-06-07
JP7398472B2 JP7398472B2 (en) 2023-12-14

Family

ID=69740350

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2021552193A Active JP7398472B2 (en) 2019-03-08 2020-02-28 Secure interface control high-level instruction intercept for interrupt enable

Country Status (8)

Country Link
US (1) US11308215B2 (en)
EP (1) EP3935532A1 (en)
JP (1) JP7398472B2 (en)
CN (1) CN113544664B (en)
AU (1) AU2020237597B2 (en)
CA (1) CA3132752A1 (en)
IL (1) IL284822B2 (en)
WO (1) WO2020182498A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11842227B2 (en) * 2019-10-10 2023-12-12 Advanced Micro Devices, Inc. Hypervisor secure event handling at a processor
US20230061511A1 (en) * 2021-08-30 2023-03-02 International Business Machines Corporation Inaccessible prefix pages during virtual machine execution
US20230083083A1 (en) * 2021-09-14 2023-03-16 International Business Machines Corporation Storing diagnostic state of secure virtual machines

Family Cites Families (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5896499A (en) 1997-02-21 1999-04-20 International Business Machines Corporation Embedded security processor
US7984108B2 (en) 2003-10-08 2011-07-19 Unisys Corporation Computer system para-virtualization using a hypervisor that is implemented in a partition of the host system
US20080059556A1 (en) 2006-08-31 2008-03-06 Egenera, Inc. Providing virtual machine technology as an embedded layer within a processing platform
US8176280B2 (en) 2008-02-25 2012-05-08 International Business Machines Corporation Use of test protection instruction in computing environments that support pageable guests
GB2460393B (en) * 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
US8516481B2 (en) 2008-04-04 2013-08-20 Hewlett-Packard Development Company, L.P. Virtual machine manager system and methods
US8370641B2 (en) 2008-05-24 2013-02-05 Via Technologies, Inc. Initialization of a microprocessor providing for execution of secure code
US9100548B2 (en) 2008-07-17 2015-08-04 Cisco Technology, Inc. Feature enablement at a communications terminal
GB2462258B (en) 2008-07-28 2012-02-08 Advanced Risc Mach Ltd Interrupt control for virtual processing apparatus
US8996885B2 (en) 2008-10-02 2015-03-31 Broadcom Corporation Secure virtual machine manager
US8555377B2 (en) 2010-04-29 2013-10-08 High Cloud Security Secure virtual machine
US8856504B2 (en) 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures
US8468284B2 (en) * 2010-06-23 2013-06-18 International Business Machines Corporation Converting a message signaled interruption into an I/O adapter event notification to a guest operating system
CN102811239B (en) 2011-06-03 2017-09-12 中兴通讯股份有限公司 A kind of dummy machine system and its method of controlling security
KR101323858B1 (en) 2011-06-22 2013-11-21 한국과학기술원 Apparatus and method for controlling memory access in virtualized system
CN102750178B (en) * 2012-06-08 2015-04-29 华为技术有限公司 Virtualization management method of communication equipment hardware resources, and device related to method
US9218288B2 (en) 2012-06-15 2015-12-22 International Business Machines Corporation Monitoring a value in storage without repeated storage access
EP2867770B1 (en) 2012-06-29 2020-05-27 Intel Corporation Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers
US8656482B1 (en) 2012-08-20 2014-02-18 Bitdefender IPR Management Ltd. Secure communication using a trusted virtual machine
WO2014081611A2 (en) 2012-11-20 2014-05-30 Unisys Corporation Error recovery in securely partitioned virtualization system with dedicated resources
GB2515536A (en) 2013-06-27 2014-12-31 Ibm Processing a guest event in a hypervisor-controlled system
WO2015015473A1 (en) 2013-08-02 2015-02-05 Ologn Technologies Ag A secure server on a system with virtual machines
US9355050B2 (en) 2013-11-05 2016-05-31 Qualcomm Incorporated Secure, fast and normal virtual interrupt direct assignment in a virtualized interrupt controller in a mobile system-on-chip
US9672058B2 (en) 2014-03-13 2017-06-06 Unisys Corporation Reduced service partition virtualization system and method
US9483639B2 (en) 2014-03-13 2016-11-01 Unisys Corporation Service partition virtualization system and method having a secure application
US9213569B2 (en) * 2014-03-27 2015-12-15 International Business Machines Corporation Exiting multiple threads in a computer
KR20160033517A (en) 2014-09-18 2016-03-28 한국전자통신연구원 Hybrid virtualization scheme for interrupt controller
GB2532415A (en) * 2014-11-11 2016-05-25 Ibm Processing a guest event in a hypervisor-controlled system
WO2016194102A1 (en) 2015-06-01 2016-12-08 株式会社日立製作所 Computer system, computer, and method
GB2539436B (en) 2015-06-16 2019-02-06 Advanced Risc Mach Ltd Secure initialisation
CN105184147B (en) 2015-09-08 2017-11-24 成都博元科技有限公司 User safety management method in cloud computing platform
CN105184164B (en) 2015-09-08 2017-11-24 成都博元科技有限公司 A kind of data processing method
US9792143B1 (en) 2015-10-23 2017-10-17 Amazon Technologies, Inc. Platform secure execution modes
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
CN105700826A (en) * 2015-12-31 2016-06-22 华为技术有限公司 Virtualization method and device
CN107038128B (en) 2016-02-03 2020-07-28 华为技术有限公司 Virtualization of execution environment, and access method and device of virtual execution environment
US10223281B2 (en) * 2016-07-18 2019-03-05 International Business Machines Corporation Increasing the scope of local purges of structures associated with address translation
US10303899B2 (en) 2016-08-11 2019-05-28 Intel Corporation Secure public cloud with protected guest-verified host control
US20180165224A1 (en) 2016-12-12 2018-06-14 Ati Technologies Ulc Secure encrypted virtualization
WO2018176360A1 (en) 2017-03-31 2018-10-04 Intel Corporation Scalable interrupt virtualization for input/output devices
US11347887B2 (en) * 2017-10-03 2022-05-31 Rutgers, The State University Of New Jersey Value-based information flow tracking in software packages
DE112017008307T5 (en) 2017-12-27 2020-09-17 Intel Corporation SYSTEMS AND PROCEDURES FOR EFFICIENT INTERRUPTION OF VIRTUAL MACHINERY
US11693952B2 (en) 2018-10-31 2023-07-04 Vmware, Inc. System and method for providing secure execution environments using virtualization technology
US11182192B2 (en) * 2019-03-08 2021-11-23 International Business Machines Corporation Controlling access to secure storage of a virtual machine
US11640361B2 (en) * 2019-03-08 2023-05-02 International Business Machines Corporation Sharing secure memory across multiple security domains
US11487906B2 (en) * 2019-03-08 2022-11-01 International Business Machines Corporation Storage sharing between a secure domain and a non-secure entity
US10970100B2 (en) * 2019-03-08 2021-04-06 International Business Machines Corporation Starting a secure guest using an initial program load mechanism
US11347869B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Secure interface control high-level page management
US11283800B2 (en) * 2019-03-08 2022-03-22 International Business Machines Corporation Secure interface control secure storage hardware tagging
US20200285501A1 (en) * 2019-03-08 2020-09-10 International Business Machines Corporation Communication interface of a secure interface control
US11068310B2 (en) * 2019-03-08 2021-07-20 International Business Machines Corporation Secure storage query and donation
US11206128B2 (en) * 2019-03-08 2021-12-21 International Business Machines Corporation Secure paging with page change detection
US11347529B2 (en) * 2019-03-08 2022-05-31 International Business Machines Corporation Inject interrupts and exceptions into secure virtual machine
US11176054B2 (en) * 2019-03-08 2021-11-16 International Business Machines Corporation Host virtual address space for secure interface control storage
US11403409B2 (en) * 2019-03-08 2022-08-02 International Business Machines Corporation Program interruptions for page importing/exporting
US11455398B2 (en) * 2019-03-08 2022-09-27 International Business Machines Corporation Testing storage protection hardware in a secure virtual machine environment
US11531627B2 (en) * 2019-03-08 2022-12-20 International Business Machines Corporation Secure storage isolation

Similar Documents

Publication Publication Date Title
US8959318B2 (en) Illegal mode change handling
TWI509518B (en) Method, central processing unit apparatus, and system for improving the performance of nested virtualization
US8301856B2 (en) Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag
JP5697609B2 (en) Managing latency introduced by virtualization
US9311088B2 (en) Apparatus and method for mapping architectural registers to physical registers
US9760374B2 (en) Stack pointer and memory access alignment control
TWI786181B (en) Permitting unaborted processing of transaction after exception mask update instruction
JP2014531088A5 (en)
US20160048458A1 (en) Computer Security Systems and Methods Using Hardware-Accelerated Access To Guest Memory From Below The Operating System
JP6920286B2 (en) Exception handling
KR20110019750A (en) Device emulation support within a host data processing apparatus
JP2018531462A6 (en) Exception handling
JPWO2020182498A5 (en)
US10409602B2 (en) Vector operand bitsize control
US11144329B2 (en) Processor microcode with embedded jump table
US11704127B2 (en) Marking current context data to control a context-data-dependent processing operation to save current or default context data to a data location