WO2023184920A1

WO2023184920A1 - Virtualization implementation method and apparatus, electronic device, non-volatile readable storage medium, and arm platform

Info

Publication number: WO2023184920A1
Application number: PCT/CN2022/123583
Authority: WO
Inventors: 韩春超; 吴保锡; 许鑫
Original assignee: 苏州浪潮智能科技有限公司
Priority date: 2022-03-31
Filing date: 2022-09-30
Publication date: 2023-10-05
Also published as: CN114625484A

Abstract

A virtualization implementation method and apparatus, an electronic device, a non-volatile readable storage medium, and an ARM platform, which are applied to the technical field of computers. The method comprises: on the basis of a virtualization type, initializing, in advance, an ARM platform running a virtual machine for which a vfTPM function is configured; when a vfTPM request of the virtual machine is received, encapsulating an instruction comprising a real physical address and identification information of the virtual machine, and switching a running state to a trusted execution environment; in the trusted execution environment, calling a corresponding virtual machine trusted execution environment context to process the vfTPM request according to the identification information, feeding back a storage address for the processing result and the identification information of the virtual machine, and switching the current running state to a rich execution environment; in the rich execution environment, performing resolution to obtain a storage address and identification information, and sending the converted storage address to the corresponding virtual machine according to the identification information, so that firmware-based trusted platform virtualization is realized on the ARM platform.

Description

Virtualization implementation method, device, electronic equipment, non-volatile readable storage medium and ARM platform

Cross-references to related applications

This application requires the priority of the Chinese patent application submitted to the China Patent Office on March 31, 2022, with the application number 202210334870.7, and the application name is "Virtualization Implementation Method, Device, Electronic Equipment, Medium and ARM Platform", and its entire content incorporated herein by reference.

Technical field

This application relates to the field of computer technology, and in particular to a virtualization implementation method, device, electronic equipment, non-volatile readable storage medium and ARM platform.

Background technique

With the development of ARM (Advanced RISC (Reduced Instruction Set Computer) Machines, RISC microprocessor) technology and cloud computing, ARM computers have developed rapidly in mobile devices, desktops, servers and other fields. Based on ARM Virtualization technology is also developing rapidly in the field of cloud computing. While ARM virtualization technology is developing rapidly, ARM-related technical security and trust issues need to be solved urgently. For this reason, starting from ARMv8, ARM has divided the ARM execution environment into SW (Secure World) through TrustZone (Trust Zone) trusted technology. , safe world) and NW (Normal World, normal world). The execution environment in the normal world is also called REE (Rich Execution Environment, rich execution environment), and the execution environment in the safe world is also called TEE (Trusted execution environment, trusted execution environment). The programs running in REE are generally BIOS (Basic Input Output System, Basic Input and Output System)/UEFI (Unified Extensible Firmware Interface, Unified Extensible Firmware Interface) system firmware and normal operating systems such as Linux and Windows. There is a special operating system on the TEE side, generally called TEEOS (Trusted execution environment operating system, trusted operating system). For TEEOS, various manufacturers have different implementation methods, and generally follow the GP standard (Global Platform, global platform standard). For example, an open source implementation method of TEEOS based on the GP standard is called OPTEE (Open-source Portable Trusted execution environment). The GP standard clearly stipulates the framework and security requirements of TEE, and separately defines the interface functions, data types and data structures provided by the REE side, and the interface functions, data types and data structures provided by the TEE side for developers to use. clear regulations and definitions.

TPM (Trusted Platform Module, Trusted Platform Module) is a secure physical chip that complies with TPM standards and can effectively protect computers and prevent illegal access. The chip has unique computing resources and storage resources, which can achieve physical space isolation and prevent The role of illegal intrusion and tampering. fTPM (firmware Trusted Platform Module, firmware-based trusted platform module) relies on ARM's TrustZone technology to implement TPM's computing and storage resources in TrustZone, thereby also realizing the function of physical isolation. ARMv8 divides CPU (central processing unit, central processing unit) abnormal interrupts into four layers, as shown in Figure 1. The EL0 layer is the application layer, the EL1 layer is the system layer, EL2 is the virtualization layer, and EL3 is the firmware layer. In related technologies, fTPM is a TA (Trust Application) running in TEEOS. The left side of Figure 1 is the REE side, and the right side is the TEE side. REE side APP (Application, application) is a software application running in Rich OS (Rich Operating System, all-round operating system). Rich OS can be Windows, Unix, Linux and other operating systems. RPMB (Replay Protected Memory Block) is a partition with security features provided by EMMC (Embedded Multi Media Card). Rich OS FS (File System, file system) is the file system provided by rich OS. The TA on the TEE side is Trust Application, which runs on TEEOS and complies with GP standards; the TEEOS on the TEE side is an operating system that complies with GP specifications, and can be the OS provided by the manufacturer or OPTEEOS; the implementation of fTPM is to implement a fTPM TA (fTPM Trust Application) is used to implement the computing function of TPM. In Rich OS, RPMB or rich OS FS file system is used as the trusted storage of fTPM, and the secure storage function of TEE is used to read and write shared memory. Store TPM's persistent data in this securely encrypted RPMB or Rich OS FS.

The interaction between TEE and REE must pass the SMC (System Management Controller) command of the firmware/Secure Monitor (security monitor) of the EL3 layer to control the NS (Secure Read and Write) flag bit equal to 0 or After being equal to 1, the ARM CPU can enter the REE environment or TEE environment. During the entire process, the switching of the operating environment and the transmission of data are handled by the firmware/Secure Monitor. The Hypervisor (Virtual Machine Monitor) layer of the El2 layer on the REE side is the virtualization layer, which is used to convert the IPA (Internet Protocol Address, Internet Protocol Address, refers to the virtual machine physical address of the virtual machine) of the virtual machine into PA ( Physical Address, real physical address), in the current implementation of fTPM, the Hypervisor layer is not used, so virtualization is not implemented in the entire fTPM implementation. Naturally, fTPM cannot provide virtual machines running on ARM physical hosts. TPM service. In other words, the implementation of fTPM in related technologies can only be implemented on the ARM physical host and cannot be used by the virtual machine on the ARM host.

In view of this, how to implement firmware-based trusted platform virtualization on the ARM platform is a technical problem that technicians in the field need to solve.

Contents of the invention

Embodiments of the present application provide a virtualization implementation method, device, electronic device, non-volatile readable storage medium and ARM platform, and realize firmware-based trusted platform virtualization on the ARM platform.

In order to solve the above technical problems, the embodiments of this application provide the following technical solutions:

On the one hand, embodiments of the present application provide a virtualization implementation method, including:

Based on the virtualization type, the ARM platform running the target virtual machine configured with vfTPM (virtual firmware Trusted Platform Module, virtual firmware-based trusted platform module) function is initialized in advance;

When receiving the target vfTPM request from the target virtual machine, the instruction carrying the real physical address converted from the virtual physical address of the target virtual machine and the identification information of the target virtual machine is encapsulated, and the current running state is switched to the trusted execution environment. ;

In the trusted execution environment, based on the identification information, the corresponding target virtual machine trusted execution environment context is called to process the target vfTPM request, and a result feedback instruction carrying the storage address and identification information of the processing result is sent;

Encapsulate the result feedback instruction and switch the current running state to the rich execution environment; in the rich execution environment, the storage address and identification information are obtained by parsing the result feedback instruction, and the converted storage address is sent to the target virtual machine according to the identification information.

Optionally, after calling the corresponding target virtual machine trusted execution environment context to process the target vfTPM request, it also includes:

Store the processing results in shared memory.

Optionally, send the converted storage address to the target virtual machine according to the identification information, including:

The operating system of the rich execution environment converts the storage address into what the virtual machine considers to be a physical address, and sends the physical address to the target virtual machine based on the identification information.

Optionally, after sending the physical address to the target virtual machine based on the identification information, the method also includes:

The kernel of the target virtual machine converts the physical address into a virtual machine memory address, and transmits the virtual machine memory address to the operating system of the target virtual machine. The target virtual machine reads the processing result of the vfTPM request based on the virtual machine memory address.

Optionally, based on the virtualization type, initialize the reduced instruction set computer ARM platform running the target virtual machine configured with the virtual firmware-based trusted platform module vfTPM function, including:

The ARM platform is powered on and the target firmware and trusted execution environment operating system of the ARM platform are loaded;

When the trusted execution environment operating system starts, configure memory for the trusted execution environment operating system and perform memory initialization processing;

Based on the virtualization type to which the target virtual machine belongs, the rich execution environment is initialized.

Optionally, configure memory for the trusted execution environment operating system and perform memory initialization processing, including:

The memory of the trusted execution environment operating system is divided into running memory and virtual request execution memory; the running memory is used to process the underlying requests, and the virtual request execution memory is used to process the vfTPM request of the virtual machine;

In the flash memory chip, configure the proprietary memory for the trusted execution environment operating system to implement the vfTPM function;

Load the storage driver into the trusted execution environment operating system, use the storage driver to initialize the private memory, and partition the private memory.

Optionally, dedicated memory is used to store the data of the vfTPM. The method also includes: pre-allocating a storage area in the dedicated memory for each virtual machine for storing each virtual machine's own data. vfTPM data.

Optionally, based on the virtualization type of the target virtual machine, initialize the rich execution environment, including:

If the target virtual machine uses QEMU KVM virtualization technology, the loading of the rich execution environment operating system is completed.

If the target virtual machine uses Xen virtualization technology, start the Xen virtualization image file while starting the BIOS;

During the startup process, the virtual machine monitor is used as a virtual machine with a preset identification, and the corresponding virtual machine trusted execution environment instance and virtual machine trusted execution environment context are assigned to the virtual machine monitor;

Load the vfTPM trusted application through the virtual machine trusted execution environment instance; during the loading process of the vfTPM trusted application, use the storage driver to read and write the private memory, and allocate dedicated storage for the Xen virtual machine monitor in the private memory area;

Return the processing result of the vfTPM request of the virtual machine monitor to the virtual machine monitor, and start the virtual machine monitor.

Optionally, before receiving the vfTPM request of the target virtual machine, it also includes:

The rich execution environment issues virtual machine creation instructions and assigns corresponding identification information to the target virtual machine configured with the vfTPM function;

Encapsulate the identification information and virtual machine creation instructions, and switch the current running state to a trusted execution environment;

In the trusted execution environment, the trusted execution environment operating system allocates the target virtual machine trusted execution environment context, the target virtual machine trusted execution environment instance and the memory space to the target virtual machine based on the virtual machine creation instructions; through the target virtual machine trusted execution environment The execution environment instance loads the vfTPM trusted application, starts the TPM, and initializes the memory space and vfTPM of the target virtual machine;

Encapsulate the initialization result and identification information of the vfTPM of the target virtual machine, and switch the current running state to the rich execution environment to complete the creation of the target virtual machine in the rich execution environment based on the initialization result.

Optionally, methods also include:

Save the storage of vfTPM on flash memory so that it can only be read in the trusted execution environment.

Optional, initialize the memory space, including:

If the target virtual machine has a corresponding target storage space in the flash memory chip, allocate the target storage space to the vfTPM function of the target virtual machine;

If the target virtual machine has a corresponding storage partition in the flash memory chip, when the remaining storage space of the flash memory chip is greater than the preset space threshold, target storage space is allocated for the vfTPM function of the target virtual machine through the storage driver;

Bind the target storage space and identification information;

Among them, the target storage space is used as the NVRAM of the vfTPM of the target virtual machine; and the read and write functions of the target storage space are executed by the target virtual machine in a trusted execution environment.

Optionally, methods also include:

By partitioning on the flash chip, each virtual machine's vfTPM is given a partition for NVRAM storage.

Optionally, the flash chip driver on the trusted execution environment operating system is set to allow only the read and write permissions for the flash chip on the trusted execution environment side; and the target storage space is set to only allow the target virtual machine operation.

Optionally, after initializing the ARM platform running the target virtual machine configured with the vfTPM function, it also includes:

When a virtual machine destruction instruction is received, in the rich execution environment, the destruction identification of the virtual machine to be destroyed is obtained by parsing the virtual machine destruction instruction;

Encapsulate the parameterized virtual machine destruction instructions and destruction identifiers, and switch the current running state to a trusted execution environment;

In the trusted execution environment, the trusted execution environment operating system sends the virtual machine destruction instruction to the destroyed virtual machine trusted execution environment instance corresponding to the virtual machine to be destroyed based on the destruction identification; the destroyed virtual machine trusted execution environment instance deletes the destroyed virtual machine The machine trusts the execution environment context, and deletes the storage partition of the flash memory chip corresponding to the virtual machine to be destroyed; feeds back the virtual machine destruction completion instruction carrying the destruction identification;

Encapsulate the parameterized virtual machine destruction completion instructions and destruction identification, and switch the current running state to a rich execution environment;

In the rich execution environment, the virtual machine to be destroyed is deleted according to the virtual machine destruction completion instruction and destruction identification.

When receiving a virtual machine shutdown instruction, in the rich execution environment, by parsing the virtual machine shutdown instruction, the shutdown identifier of the virtual machine to be shut down is obtained;

Encapsulate the parameterized virtual machine shutdown instructions and shutdown flags, and switch the current running state to a trusted execution environment;

In the trusted execution environment, the trusted execution environment operating system sends the virtual machine shutdown instruction to the shutdown virtual machine trusted execution environment instance corresponding to the virtual machine to be shut down based on the shutdown identifier; the shutdown virtual machine trusted execution environment instance deletes the shutdown virtual machine Machine trusted execution environment context, and update the vfTPM that shuts down the virtual machine in the trusted execution environment; feedback the virtual machine shutdown completion instruction carrying the shutdown flag;

Encapsulate the parameterized virtual machine shutdown completion instructions and shutdown flags, and switch the current running state to a rich execution environment;

In a rich execution environment, the virtual machine to be shut down is shut down according to the virtual machine shutdown completion instruction and shutdown identifier.

On the other hand, embodiments of the present application provide a virtualization implementation device, including:

The initialization processing module is set to perform initialization processing on the ARM platform running the target virtual machine configured with the vfTPM function based on the virtualization type in advance;

The virtualization request delivery module is configured to encapsulate the instruction carrying the real physical address converted from the virtual physical address of the target virtual machine and the identification information of the target virtual machine when receiving the target vfTPM request of the target virtual machine. And switch the current running state to a trusted execution environment;

The virtualization request processing module is configured to call the corresponding target virtual machine trusted execution environment context to process the target vfTPM request based on the identification information in the trusted execution environment, and send the storage address and identification information carrying the processing result. Result feedback instructions;

The processing result feedback module is set to encapsulate the result feedback instruction and switch the current running state to the rich execution environment; in the rich execution environment, the storage address and identification information are obtained by parsing the result feedback instruction, and according to the identification information, the converted The storage address is sent to the target virtual machine.

Embodiments of the present application also provide an electronic device, including a processor, and the processor is configured to implement the steps of the preceding virtualization implementation method when executing a computer program stored in the memory.

Embodiments of the present application also provide a non-volatile readable storage medium. A computer program is stored on the non-volatile readable storage medium. When the computer program is executed by the processor, the steps of the previous virtualization implementation method are implemented. .

Finally, the embodiment of the present application also provides an ARM platform, which is configured to implement the steps of any of the above virtualization implementation methods when executing a computer program, which includes an application layer, a system layer, a virtualization layer and a firmware layer;

The application layer includes multiple virtual machine applications located in the rich execution environment, and a trusted application set located in the trusted execution environment. The trusted application set includes trusted applications set to implement the vfTPM function;

The system layer includes the host processing module located in the rich execution environment and the trusted management module located in the trusted execution environment;

The virtualization layer, including the virtual machine monitor located in the rich execution environment;

The firmware layer includes a firmware processing module. The firmware processing module is configured to receive instructions from the host processing module, virtual machine monitor and trusted management module; performs running state switching, and forwards the received instructions during the running state switching process. virtual machine identification information.

The advantage of the technical solution provided by the embodiment of the present application is that the ARM platform can be initialized accordingly for different virtualization technologies, thereby supporting the implementation of multiple virtualization technologies of the ARM platform. After receiving the vfTPM request issued by the upper-layer virtual machine, the rich execution environment encapsulates the real physical address converted by the virtual machine and the identification of the virtual machine so that it can be processed when switching to the trusted execution environment. After the state switch, the trusted execution environment calls the matching virtual machine context to process the request based on the identifier, and encapsulates the request processing result and the identifier again. After switching to the rich execution environment, the rich execution environment sends the vfTPM request processing result to This virtual machine enables fTPM to support virtual machines on the ARM platform, which not only saves research and development costs, but also improves the security of cloud computing products.

In addition, the embodiments of this application also provide corresponding implementation devices, electronic equipment, non-volatile readable storage media and ARM platforms for the virtualization implementation method, making the method more practical. Devices, electronic equipment, non-volatile Readable storage media and ARM platforms have corresponding advantages.

It should be understood that the above general description and the following detailed description are only exemplary and do not limit the present disclosure.

Description of drawings

In order to more clearly explain the embodiments of the present application or the technical solutions of related technologies, the drawings needed to be used in the description of the embodiments or related technologies will be briefly introduced below. Obviously, the drawings in the following description are only for the purpose of the present application. For some embodiments, those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.

Figure 1 is a schematic framework diagram of an exemplary application scenario in the related technology provided by the embodiment of this application;

Figure 2 is a schematic flow chart of a virtualization implementation method provided by an embodiment of the present application;

Figure 3 is a structural diagram of the virtualization implementation device provided by the embodiment of the present application in an optional implementation manner;

Figure 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application in an implementation manner;

Figure 5 is an optional implementation structure diagram of the ARM platform provided by the embodiment of the present application;

Figure 6 is a structural diagram of another optional implementation of the ARM platform provided by the embodiment of the present application;

Figure 7 is an optional implementation structure diagram of the trusted management module provided by the embodiment of the present application;

Figure 8 is a schematic flow chart of the ARM platform initialization method provided by the embodiment of the present application;

Figure 9 is a schematic flowchart of a virtual machine creation method provided by an embodiment of the present application;

Figure 10 is a schematic diagram of the vfTPM request and response flow provided by the embodiment of this application;

Figure 11 is a schematic diagram of the virtual machine destruction and shutdown process provided by the embodiment of the present application.

Detailed ways

In order to enable those skilled in the art to better understand the solution of the present application, the present application will be described in detail below with reference to the drawings and optional implementation modes. Obviously, the described embodiments are only some of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this application.

The terms "first", "second", "third", "fourth", etc. in the description and claims of this application and the above-mentioned drawings are used to distinguish different objects, rather than to describe specific objects. order. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device that includes a series of steps or units is not limited to the listed steps or units, but may include unlisted steps or units.

After introducing the technical solutions of the embodiments of the present application, various non-limiting implementations of the present application are described in detail below.

First, please refer to Figure 2. Figure 2 is a schematic flow chart of a virtualization implementation method provided by an embodiment of the present application. The embodiment of the present application is applied to the ARM platform. Based on TrustZone trusted technology, the ARM execution environment may include a trusted execution environment and Rich execution environment, which can switch the ARM execution environment to a trusted execution environment or a rich execution environment by changing the value of the NS bit through the SMC instruction. For example, NS=0 for the trusted execution environment and NS=1 for the rich execution environment. The virtual machine is deployed in a rich execution environment. The fTPM that implements TPM computing and storage resources in TrustZone runs in a trusted application TA in the trusted execution environment. The trusted execution environment includes multiple TAs, that is, the trusted execution environment. Including multiple fTPM instances, the computing function and implementation of the virtual machine's vfTPM rely on fTPM, that is, the virtual machine's vfTPM request processing is implemented in a trusted execution environment. Based on this, the process from when a virtual machine sends a vfTPM request to when it receives the vfTPM request processing result may include the following:

S201: Based on the virtualization type, initialize the ARM platform running the target virtual machine configured with the vfTPM function in advance.

In this step, the virtualization type refers to the virtualization technology supported by the ARM platform, or the ARM virtualization platform. The virtualization type includes but is not limited to KVM (Kernel-based Virtual Machine, system virtualization module) and Xen. The rich execution environment issues virtual machine creation instructions, and the rich execution environment also assigns unique identification information to each virtual machine as information that uniquely identifies the virtual machine. In response to the virtual machine creation instruction, the ARM platform performs creation operations in the rich execution environment and the trusted execution environment simultaneously, creates a virtual machine in the application layer of the rich execution environment, and creates a virtual machine corresponding to the virtual machine in the rich execution environment in the trusted execution environment. The machine has a trusted execution environment instance and a trusted execution environment context. The trusted execution environment context is used to process vfTPM requests corresponding to virtual machines in the rich execution environment. In order to implement fTPM support for virtual machines on the ARM platform, the virtual machine mounted on the ARM platform needs to be configured with the vfTPM (Virtual firmware Trusted Platform Module, virtual firmware-based trusted platform module) function. The ARM platform can run multiple virtual machines, and each virtual machine can be based on different virtualization types. The target virtual machine is any virtual machine running on the ARM platform. In order not to cause ambiguity, this embodiment will require virtual machines for vfTPM calculation. The virtual machine that issues the vfTPM request is called the target virtual machine. The number of target virtual machines can be multiple or one, which does not affect the implementation of this application.

S202: When receiving the target vfTPM request of the target virtual machine, encapsulate the instruction carrying the real physical address converted from the virtual physical address of the target virtual machine and the identification information of the target virtual machine, and switch the current running state to trusted execution environment.

For the ARM platform that has completed initialization, any virtual machine running on the ARM platform can issue a vfTPM request to realize the computing function of the virtual machine vfTPM. In a rich execution environment, the operating system of the virtual machine sends a vfTPM request. To avoid ambiguity, the vfTPM request issued by the target virtual machine is called the target vfTPM request in this embodiment. The operating system kernel of the virtual machine converts the vfTPM request and the virtual machine virtual memory address VA into the virtual machine physical address IPA considered by the virtual machine. The operating system of the rich execution environment receives the vfTPM request, and the operating system of the rich execution environment converts the vfTPM request and the virtual memory address VA of the virtual machine into the physical address IPA of the virtual machine. The physical address IPA is converted into a real physical address. The operating system of the rich execution environment is the system layer. The functional module that realizes the running state switching is located at the firmware layer. In order to transmit the request command across layers, the request command, including the converted The commands of the real physical address and the identification information of the target virtual machine are parameterized, that is, passed across layers in the form of parameters through fixed functions. After sending the converted real physical address and the identification information of the target virtual machine to the firmware layer, the firmware layer encapsulates the real physical address and the identification information of the target virtual machine. After the encapsulation is completed, the firmware layer executes the SMC instruction to convert the current operating environment Switch to a trusted execution environment.

S203: In the trusted execution environment, according to the identification information, call the corresponding target virtual machine trusted execution environment context to process the target vfTPM request, and send a result feedback instruction carrying the storage address and identification information of the processing result.

After switching the current running environment to a trusted execution environment in the previous step, the trusted execution environment obtains the encapsulated instruction and obtains the real physical address of the target virtual machine and the identification information of the target virtual machine by parsing the instruction. According to the identification information, obtain the virtual machine trusted execution environment instance and context assigned in the trusted execution environment when the target virtual machine is created, and perform vfTPM data calculation on the target vfTPM request by calling the virtual machine trusted execution environment instance and context. Obtain the processing result and store the processing result. The storage address storing the processing result and the identification information of the target virtual machine are sent to the firmware layer as the result feedback instruction. After receiving the result feedback instruction, the firmware layer will encapsulate the result feedback instruction. After the encapsulation is completed, the firmware layer passes Execute the SMC instruction to switch the current running environment to the rich execution environment. In order to improve efficiency and reduce resource efficiency, the trusted execution environment allocates shared memory, and the processing results can be stored in the shared memory. Correspondingly, the storage address of the result feedback instruction is the shared memory address.

S204: Encapsulate the result feedback instruction and switch the current running state to the rich execution environment; in the rich execution environment, obtain the storage address and identification information by parsing the result feedback instruction, and send the converted storage address to the target virtual machine according to the identification information. machine.

In this step, after switching the running environment to the rich execution environment, the operating system of the rich execution environment obtains the encapsulated result feedback instruction, obtains the storage address and identification information by parsing the result feedback instruction, and the operating system of the rich execution environment converts the storage address into a virtual The physical address considered by the machine is sent to the corresponding target virtual machine based on the identification information. The target virtual machine kernel converts the physical address into a virtual machine memory address and transmits the virtual machine memory address to the target virtual machine. In the operating system, the target virtual machine reads the processing result of the vfTPM request based on this address.

In the technical solution provided by the embodiment of this application, the ARM platform is initialized accordingly for different virtualization technologies, thereby supporting the implementation of multiple virtualization technologies of the ARM platform. After receiving the vfTPM request issued by the upper-layer virtual machine, the rich execution environment encapsulates the real physical address converted by the virtual machine and the identification of the virtual machine so that it can be processed when switching to the trusted execution environment. After the state switch, the trusted execution environment calls the matching virtual machine context to process the request based on the identifier, and encapsulates the request processing result and the identifier again. After switching to the rich execution environment, the rich execution environment sends the vfTPM request processing result to This virtual machine enables fTPM to support virtual machines on the ARM platform, which not only saves research and development costs, but also improves the security of cloud computing products.

It should be noted that there is no strict order of execution between the steps in this application. As long as they comply with the logical order, these steps can be executed at the same time or in a certain preset order. Figure 2 is only a schematic method. It does not mean that this is the only execution order.

The above embodiment does not limit the initialization process of the ARM platform in any way. This embodiment also provides an optional implementation method for the initialization of the ARM platform, which may include the following:

The ARM platform is powered on and the target firmware and trusted execution environment operating system of the ARM platform are loaded. When the trusted execution environment operating system starts, memory is configured for the trusted execution environment operating system and memory initialization is performed; based on the virtualization type to which the target virtual machine belongs, the rich execution environment is initialized.

Among them, the platform power-on process is related to the ARM chip and its firmware, and the platform can be powered on based on the existing process. The target firmware refers to the firmware that needs to be started during the initialization process of the ARM platform, such as turning on the TrustZone function and loading the Firmware/Secure Monitor firmware management module.

Existing technology usually stores the persistent storage of fTPM on the REE side, which increases security risks. In order to improve security performance, this application can store the storage of fTPM on a special flash memory so that it can only be read in the TEE. Pick. Correspondingly, for the trusted execution environment operating system, the process of configuring memory and performing memory initialization processing may include:

Divide the memory of the trusted execution environment operating system into running memory and virtual request execution memory; configure the dedicated execution memory for the trusted execution environment operating system to implement the vfTPM function in the flash memory chip; load the storage driver to the trusted execution environment In the operating system, the storage driver is used to initialize the private memory and partition the private memory.

In this embodiment, the running memory is used to process the underlying requests, and the running memory is responsible for processing the underlying implementation, such as SMC instruction processing, memory management class, thread management, etc. The virtual request execution memory is used to process the vfTPM request of the virtual machine, that is, it is responsible for request processing, loading TA, executing TA and other functions. Private memory is used to store vfTPM data. If the private memory is large enough, each virtual machine has a corresponding partition to store its own vfTPM data. A storage area can be allocated in advance for each virtual machine in the private memory. That is, partitioning the private memory.

For different virtualization types, the initialization process of the rich execution environment is different. For example, for Xen, the virtual machine monitor can be used as a virtual machine, so the virtual machine monitor needs to be used as a virtual machine during the initialization process. Carry out corresponding initialization processing. This embodiment provides corresponding rich execution environment initialization processes for KVM and Xen respectively, which may include the following content:

If the target virtual machine uses QEMU KVM (Quick Emulator Kernal-based Virtual Machine, virtual operating system simulator system virtualization module) virtualization technology, the loading of the rich execution environment operating system is completed.

If the target virtual machine uses Xen virtualization technology, start the Xen virtualization image file while starting the BIOS; during the startup process, the virtual machine monitor is used as a virtual machine with a preset identification, and the corresponding virtual machine monitor is allocated The virtual machine trusted execution environment instance and the virtual machine trusted execution environment context; the vfTPM trusted application is loaded through the virtual machine trusted execution environment instance; during the loading process of the vfTPM trusted application, the storage driver is used to read the proprietary memory Write, and allocate a dedicated storage area for the Xen virtual machine monitor in the dedicated memory; return the processing result of the vfTPM request of the virtual machine monitor to the virtual machine monitor, and start the virtual machine monitor.

Inevitably, the ARM platform needs to create a virtual machine. The above embodiment does not limit the creation of a virtual machine. This application also provides an optional creation method of a virtual machine, which may include the following:

Optionally, in order to improve security performance, in view of the security risks of storing the persistent storage of fTPM on the REE side in the existing technology, this application can save the storage of fTPM on a special flash memory, so that it can only be stored on the TEE. read in. Correspondingly, the implementation process of initializing the memory space during the virtual machine creation process may include:

If the target virtual machine has a corresponding target storage space in the flash memory chip, the target storage space is allocated to the vfTPM function of the target virtual machine; if the target virtual machine has a corresponding storage partition in the flash memory chip, then when the remaining storage space of the flash memory chip is If the space is greater than the preset space threshold, allocate target storage space for the vfTPM function of the target virtual machine through the storage driver; bind the target storage space to the identification information.

Among them, the target storage space is used as the NVRAM of the vfTPM of the target virtual machine; and the read and write functions of the target storage space are executed by the target virtual machine in a trusted execution environment. The preset spatial threshold can be flexibly selected according to actual application scenarios, and this application does not impose any restrictions on this. By partitioning on the flash memory chip, each virtual machine's vfTPM is provided with a partition for NVRAM storage. As a flash driver on TEEOS, the read and write permissions for flash can only be operated on the TEE side, and only the virtual machine can operate the flash partition corresponding to the corresponding virtual machine ID, that is, the target storage space, effectively improving the overall security performance.

In actual application scenarios, after a virtual machine is created, it is not always in a running state. The virtual machine will be set to a running state or the created virtual machine will be destroyed according to actual needs. In order to improve practicality and user experience, based on the above implementation For example, this application also provides a virtual machine destruction implementation method, which can include the following content:

In this embodiment, to avoid ambiguity, the virtual machine that needs to be destroyed is called a virtual machine to be destroyed, and the identification information of the virtual machine to be destroyed is called a destruction identification. The virtual machine instance and context corresponding to the virtual machine to be destroyed in the trusted execution environment are called the destroyed virtual machine trusted execution environment instance, and the virtual machine trusted execution environment context is destroyed.

In actual application scenarios, after a virtual machine is created, it is not always in a running state. The virtual machine will be set to a running state or shut down according to actual needs. In order to improve practicality and user experience, based on the above embodiment, This application also provides a method for shutting down the virtual machine, which may include the following:

In this embodiment, in order to avoid ambiguity, the virtual machine that needs to be shut down is called a virtual machine to be shut down, and the identification information of the virtual machine to be shut down is called a shutdown identifier. The virtual machine instance and context corresponding to the virtual machine to be shut down in the trusted execution environment are called the closed virtual machine trusted execution environment instance, and the virtual machine trusted execution environment context is closed.

The embodiments of the present application also provide corresponding devices for the virtualization implementation method, making the method more practical. Among them, the device can be described separately from the perspective of functional modules and the perspective of hardware. The virtualization implementation device provided by the embodiment of the present application is introduced below. The virtualization implementation device described below and the virtualization implementation method described above may be mutually referenced.

From the perspective of functional modules, see Figure 3. Figure 3 is a structural diagram of a virtualization implementation device provided by an embodiment of the present application in an optional implementation manner. The device may include:

The initialization processing module 301 is configured to perform initialization processing on the ARM platform running the target virtual machine configured with the vfTPM function based on the virtualization type in advance;

The virtualization request issuing module 302 is configured to encapsulate the instruction carrying the real physical address converted from the virtual physical address of the target virtual machine and the identification information of the target virtual machine when receiving the target vfTPM request of the target virtual machine. , and switch the current running state to a trusted execution environment;

The virtualization request processing module 303 is configured to call the corresponding target virtual machine trusted execution environment context to process the target vfTPM request according to the identification information in the trusted execution environment, and send the storage address and identification information carrying the processing results. Result feedback instructions;

The processing result feedback module 304 is configured to encapsulate the result feedback instruction and switch the current running state to the rich execution environment; in the rich execution environment, the storage address and identification information are obtained by parsing the result feedback instruction, and according to the identification information, the converted The storage address is sent to the target virtual machine.

Optionally, in some implementations of this embodiment, the above device may further include a storage module configured to store the processing results in the shared memory.

Optionally, in other implementations of this embodiment, the above-mentioned initialization processing module 301 may also include: powering on the ARM platform and loading the target firmware of the ARM platform and the trusted execution environment operating system; when the trusted execution environment operates The system starts, configures memory for the trusted execution environment operating system and performs memory initialization processing; based on the virtualization type of the target virtual machine, the rich execution environment is initialized.

As an optional implementation of the above embodiment, the above-mentioned initialization processing module 301 can also be used to: divide the memory of the trusted execution environment operating system into running memory and virtual request execution memory; the running memory is used to process underlying requests, virtual request The requested execution memory is used to process the vfTPM request of the virtual machine; in the flash memory chip, a dedicated memory for implementing the vfTPM function is configured for the trusted execution environment operating system; the storage driver is loaded into the trusted execution environment operating system, and the storage driver is used Initialize the private memory and partition the private memory.

As another optional implementation of the above embodiment, the above-mentioned initialization processing module 301 can also be set to: if the target virtual machine adopts QEMU KVM virtualization technology, complete the loading of the rich execution environment operating system.

As another optional implementation of the above embodiment, the above-mentioned initialization processing module 301 can also be set to: if the target virtual machine adopts Xen virtualization technology, start the Xen virtualization image file while starting the BIOS; During the startup process, the virtual machine monitor is used as a virtual machine with a preset identification, and the corresponding virtual machine trusted execution environment instance and virtual machine trusted execution environment context are assigned to the virtual machine monitor; through the virtual machine trusted execution environment instance Load the vfTPM trusted application; during the loading process of the vfTPM trusted application, use the storage driver to read and write the private memory, and allocate a dedicated storage area for the Xen virtual machine monitor in the private memory; change the virtual machine monitor's The processing result of the vfTPM request is returned to the virtual machine monitor, and the virtual machine monitor is started.

Optionally, in some other implementations of this embodiment, the above-mentioned device may also include a virtual machine creation module, configured to issue virtual machine creation instructions for a rich execution environment, and allocate the target virtual machine configured with the vfTPM function. Corresponding identification information; encapsulate the identification information and virtual machine creation instructions, and switch the current running state to the trusted execution environment; in the trusted execution environment, the trusted execution environment operating system allocates the target virtual machine to the target virtual machine based on the virtual machine creation instructions. The target virtual machine trusted execution environment context, the target virtual machine trusted execution environment instance and the memory space; load the vfTPM trusted application through the target virtual machine trusted execution environment instance, start the TPM, and initialize the memory space and the vfTPM of the target virtual machine; Encapsulate the initialization result and identification information of the vfTPM of the target virtual machine, and switch the current running state to the rich execution environment to complete the creation of the target virtual machine in the rich execution environment based on the initialization result.

As an optional implementation of the above embodiment, the above virtual machine creation module may also be configured to: if the target virtual machine has a corresponding target storage space in the flash memory chip, allocate the target storage space to the target virtual machine. vfTPM function; if the target virtual machine has a corresponding storage partition in the flash memory chip, when the remaining storage space of the flash memory chip is greater than the preset space threshold, the target storage space is allocated for the vfTPM function of the target virtual machine through the storage driver; the target storage space is It is bound with the identification information; the target storage space is used as the NVRAM of the vfTPM of the target virtual machine; and the read and write functions of the target storage space are executed by the target virtual machine in a trusted execution environment.

Optionally, in some other implementations of this embodiment, the above-mentioned device may also include a virtual machine destruction module, for example, which is configured to, when a virtual machine destruction instruction is received, in the rich execution environment, by parsing the virtual machine destruction instruction, Obtain the destruction identification of the virtual machine to be destroyed; encapsulate the parameterized virtual machine destruction instruction and destruction identification, and switch the current running state to a trusted execution environment; in the trusted execution environment, the trusted execution environment operating system is based on Destroy the identifier and send the virtual machine destruction instruction to the destroyed virtual machine trusted execution environment instance corresponding to the virtual machine to be destroyed; destroy the virtual machine trusted execution environment instance to delete the virtual machine trusted execution environment context and delete the corresponding virtual machine to be destroyed In the storage partition of the flash memory chip; feedback the virtual machine destruction completion instruction carrying the destruction identification; encapsulate the parameterized virtual machine destruction completion instruction and destruction identification, and switch the current running state to the rich execution environment; in the rich execution environment, Delete the virtual machine to be destroyed according to the virtual machine destruction completion instruction and destruction identification.

Optionally, in some other implementations of this embodiment, the above-mentioned device may also include a virtual machine shutdown module, which is configured to, when receiving a virtual machine shutdown instruction, in a rich execution environment, by parsing the virtual machine shutdown instruction, Obtain the shutdown identifier of the virtual machine to be shut down; encapsulate the parameterized virtual machine shutdown instruction and shutdown identifier, and switch the current running state to a trusted execution environment; in the trusted execution environment, the trusted execution environment operating system is based on Shut down the identifier and send the virtual machine shutdown instruction to the shutdown virtual machine trusted execution environment instance corresponding to the virtual machine to be shut down; the shutdown virtual machine trusted execution environment instance deletes the shutdown virtual machine trusted execution environment context, and updates the shutdown virtual machine in the trustable execution environment instance. vfTPM in the execution environment; feedback the virtual machine shutdown completion instruction carrying the shutdown flag; encapsulate the parameterized virtual machine shutdown completion instruction and shutdown flag, and switch the current running state to the rich execution environment; in the rich execution environment, Shut down the virtual machine to be shut down according to the virtual machine shutdown completion instruction and shutdown identifier.

The functions of each functional module of the virtualization implementation device in the embodiment of this application can be implemented according to the method in the above method embodiment. The implementation process can be referred to the relevant description of the above method embodiment, and will not be described again here.

It can be seen from the above that the embodiments of the present application can realize the TPM function of the virtual machine of the ARM platform.

The virtualization implementation device mentioned above is described from the perspective of functional modules. Optionally, this application also provides an electronic device, which is described from the perspective of hardware. FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application in an implementation manner. As shown in Figure 4, the electronic device includes a memory 40, which is configured to store a computer program; and a processor 41, which is configured to implement the steps of the virtualization implementation method mentioned in any of the above embodiments when executing the computer program.

The processor 41 may include one or more processing cores, such as a 4-core processor or an 8-core processor. The processor 41 may also be a controller, a microcontroller, a microprocessor or other data processing chips. The processor 41 can adopt at least one hardware form among DSP (Digital Signal Processing, digital signal processing), FPGA (Field-Programmable Gate Array, field programmable gate array), and PLA (Programmable Logic Array, programmable logic array). accomplish. The processor 41 may also include a main processor and a co-processor. The main processor is a processor configured to process data in the wake-up state, also called a CPU (Central Processing Unit, central processing unit); a co-processor It is a low-power processor configured to process data in standby mode. In some embodiments, the processor 41 may be integrated with a GPU (Graphics Processing Unit, image processor), and the GPU is configured to be responsible for rendering and drawing content that needs to be displayed on the display screen. In some embodiments, the processor 41 may also include an AI (Artificial Intelligence, artificial intelligence) processor, which is configured to process computing operations related to machine learning.

Memory 40 may include one or more computer non-volatile readable storage media, which may be non-transitory. The memory 40 may also include high-speed random access memory and non-volatile memory, such as one or more magnetic disk storage devices and flash memory storage devices. The memory 40 in some embodiments may be an internal storage unit of the electronic device, such as a hard drive of a server. In other embodiments, the memory 40 may also be an external storage device of an electronic device, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, or a flash memory equipped on a server. Flash Card, etc. Optionally, the memory 40 may also include both an internal storage unit of the electronic device and an external storage device. The memory 40 may not only be configured to store application software installed on the electronic device and various types of data, such as codes for programs that execute vfTPM calculation processing methods, etc., but may also be configured to temporarily store data that has been output or is to be output. In this embodiment, the memory 40 is at least configured to store the following computer program 401. After the computer program is loaded and executed by the processor 41, the relevant steps of the virtualization implementation method disclosed in any of the foregoing embodiments can be implemented. In addition, the resources stored in the memory 40 may also include the operating system 402, data 403, etc., and the storage method may be short-term storage or permanent storage. Among them, the operating system 402 may include Windows, Unix, Linux, etc. Data 403 may include but is not limited to data corresponding to virtualization implementation results, etc.

In some embodiments, the above-mentioned electronic device may also include a display screen 42, an input and output interface 43, a communication interface 44 or a network interface, a power supply 45 and a communication bus 46. Among them, the display screen 42 and the input/output interface 43 such as a keyboard belong to the user interface, and optional user interfaces may also include standard wired interfaces, wireless interfaces, etc. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-controlled liquid crystal display, an OLED (Organic Light-Emitting Diode, organic light-emitting diode) touch device, etc. The display, which may also appropriately be called a display screen or display unit, is configured to display information processed in the electronic device and is configured to display a visual user interface. The communication interface 44 may optionally include a wired interface and/or a wireless interface, such as a WI-FI interface, a Bluetooth interface, etc., and is usually configured to establish communication connections between electronic devices and other electronic devices. The communication bus 46 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one thick line is used in Figure 4, but it does not mean that there is only one bus or one type of bus.

Those skilled in the art can understand that the structure shown in FIG. 4 does not limit the electronic device, and may include more or fewer components than shown, for example, it may also include sensors 47 that implement various functions.

The functions of each functional module of the electronic device in the embodiment of the present application can be implemented according to the method in the above method embodiment, and the implementation process can be referred to the relevant description of the above method embodiment, which will not be described again here.

It can be understood that if the virtualization implementation method in the above embodiment is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , execute all or part of the steps of the methods of various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), electrically erasable programmable ROM, register, hard disk, multimedia Cards, card-type memories (such as SD or DX memories, etc.), magnetic memories, removable disks, CD-ROMs, magnetic disks or optical disks and other media that can store program codes.

Based on this, embodiments of the present application also provide a non-volatile readable storage medium that stores a computer program. When the computer program is executed by the processor, the steps of the virtualization implementation method in any of the above embodiments are performed.

Finally, the embodiment of the present application also provides an ARM platform. Please refer to Figure 5. The ARM platform is used to implement the steps of the virtualization implementation method of any of the above embodiments when executing a computer program. The ARM platform may include an application layer 501, a system layer 502, virtualization layer 503 and firmware layer 504.

The application layer 501 may include multiple virtual machine applications located in a rich execution environment, and a trusted application set located in a trusted execution environment. The trusted application set includes trusted applications used to implement vfTPM functions. The system layer 502 may include a host processing module located in a rich execution environment and a trusted management module located in a trusted execution environment. Virtualization layer 503 includes a virtual machine monitor located in a rich execution environment. The firmware layer 504 may include a firmware processing module, which is configured to receive instructions from the host processing module, the virtual machine monitor, and the trusted management module; the firmware layer 504 simultaneously performs running state switching, and performs the running state switching process. forward the virtual machine identification information in the received instruction.

In this embodiment, both KVM (Kernel-based Virtual Machine, system virtualization module) and Xen virtualization technology are supported. Based on this, the host processing module is designed to realize memory address translation of the virtual machine during the KVM virtualization implementation process. In other words, the host processing module completes the conversion between IPA and PA, which is the implementation of stage 2 in ARM virtualization implementation. In the request stage, that is, the vfTPM request sent by the virtual machine operating system, the request command of the virtual machine operating system, that is, GustOS, and the converted physical memory address are parameterized through the host processing module, that is, through a fixed function in the form of parameters. The system layer is passed across layers to the firmware layer, and the virtual machine identifier VMID is passed to the firmware processing module of the firmware layer 504. When accepting the request, that is, responding to the request of the firmware processing module, the vfTPM request processing result forwarded by the firmware processing module will be received. , forwarded to the corresponding virtual machine according to the VMID.

The virtual machine monitor, also known as the Hypervisor, translates the IPA address into a PA address during the stage2 translation process implemented by the virtual machine monitor in ARM virtualization during the Xen virtualization implementation process. In the request stage, that is, the vfTPM request sent by the virtual machine operating system, the request parameters and memory address of the GuestOS are parameterized through the hypervisor, and the attached VMID is passed to the firmware processing module. In the receiving stage, the vfTPM forwarded by the firmware processing module is received. The processing results are forwarded to the corresponding virtual machine or the Xen Hypervisor itself according to the VMID. Different from KVM, the VMID of XenHypervisor=0, which represents the Hypervisor itself. The Hypervisor's request is consistent with the virtual machine request, but it does not have a stage2 translation process.

The firmware processing module of the firmware layer 504 accepts requests from the host processing module, Hypervisor, and trusted management module. Through SMC instructions, it changes the value of the NS bit and switches the TEE or REE operating environment. During the conversion process of the SMC request, the received VMID is passed together for forwarding.

This embodiment completes TEEOS's support for virtualization by transforming the trusted execution environment operating system TEEOS. The TEE side includes a trusted management module and a trusted application set. The trusted application set includes a module used to implement the vfTPM function. Multiple trusted applications, with fTPM modules built into each trusted application, thereby running multiple fTPM instances in a trusted execution environment. The fTPM module, also known as the vfTPM module, is set as an implementation method of fTPM used as a virtual machine. It realizes the virtualization of computing and the virtualization of persistent storage. The computing function of vfTPM can be implemented using any modern method. There is technology, and this application does not impose any limitations on this. The trusted management module may include a storage driver and a virtual machine data processing module. The virtual machine data processing module may be the vmContext module shown in Figure 6. The virtual machine data processing module corresponds to the virtual machine one-to-one, that is, one virtual machine corresponds to one The virtual machine data processing module is configured to process the vfTPM request of the corresponding virtual machine, and stores the virtual machine trusted execution environment instance and its context of the corresponding virtual machine. The trusted management module of this embodiment is improved on the basis of the original TEEOS. Optionally, the original TEEOS instance is divided into two parts. One part can be called the running memory Nexus, and the other part is called the virtual request execution memory vm part. , The running memory part is responsible for handling the underlying implementation, such as SMC instruction processing, memory management class, thread management, etc. The virtual request execution memory is responsible for request processing, loading TA, executing TA and other functions. As shown in Figure 7, in the process of TEE implementation, there is a Nexus instance and multiple vm tee instances. One vm tee instance corresponds to a REE side For virtual machines, in order to distinguish the memory processing and requests of running memory and virtual request execution memory, the memory processing functions of running memory are differentiated and modified. For example, the processing of Nexus instances of running memory can be corresponding to .nex_data, .nex_bss, .nex_nozi, .nex_heap, etc. still use the original memory to process requests for vm tee instances.

In this embodiment, by transforming the trusted execution environment that complies with GP standards, multiple fTPM instances can be run in TrustZone to provide TPM functions for virtual machines, and the TPM functions of each virtual machine do not affect each other, so as to achieve Virtual machine isolation capabilities.

In order to improve the security performance, this embodiment also provides an optional fTPM storage method, that is, the fTPM is stored in a special flash memory so that it can only be read in the TEE. Correspondingly, the storage driver, also known as the NV Driver module shown in Figure 6, can implement a driver that implements the problem of reading and writing special flash, which implements functions such as flash partitioning, flash reading and writing, and permission control, providing fTPM with NVRAM persists storage objects. The principle is to partition the flash and provide each virtual machine vfTPM with a partition for NVRAM storage. As a flash driver on TEEOS, the read and write permissions for flash can only be operated on the TEE side, and only vm can operate the flash partition corresponding to the corresponding VMID.

The functions of each functional module of the ARM platform in the embodiment of this application can be implemented according to the method in the above method embodiment. The implementation process can be referred to the relevant description of the above method embodiment, which will not be described again here.

In order to make the entire technical solution more clear to those skilled in the art, based on the ARM platform architecture shown in Figure 6, this application also provides a schematic example in conjunction with Figures 8-11. This schematic example includes the initialization process of the ARM platform , virtual machine creation process, virtual machine request and response process, and virtual machine destruction and shutdown process. In this embodiment, TEE OS is the trusted execution environment operating system, NV Driver is the storage driver, VMID is the virtual machine identification information, vm tee Instances and contexts are virtual machine trusted execution environment instances and virtual machine trusted execution environment instance contexts, vm represents virtual machines, RichOS represents rich execution environment operating systems, NVRVM (Non-Volatile Random Access Memory, non-volatile random access memory ) represents the target storage space, Hypervisor represents the virtual machine monitor of the virtualization layer, and GuestOS represents the virtual machine operating system, which can include the following:

Among them, the initialization process of the ARM platform may include the following:

A1: Power on the ARM platform.

A2: Firmware loading. During the firmware loading process, the device is initialized, including turning on the TrustZone function and loading the Firmware/SecureMonitor firmware management module. The firmware management module implements the VMID forwarding function.

A3: TEEOS is loaded. Find the TEE OS image firmware from the firmware storage flash and load it. In the TEE, configure the memory for the TEE OS and initialize the NV Driver.

A4: Use NVDriver to initialize the flash chip used for fTPM. This initialization process includes but is not limited to metadata generation, flash encryption key generation, encryption key storage, permission settings, and partition permission processing.

A5: If it is QEMU (virtual operating system emulator) KVM virtualization, the loading of RichOS is completed.

A6: If it is Xen virtualization, search for the Xen virtualization image file and start it along with the BIOS.

A7: During the BIOS startup process, Xen Hypervisor acts as vm0 for processing, executes the virtual machine creation process, and allocates vm tee instances and contexts in TEE OS, with VMID=0.

A8: The vm tee instance loads vfTPM TA.

A9: During the TA loading process, initialize the nvram of the TPM, that is, read and write the TPM storage flash through the NV Driver, and allocate an nvram partition on the flash for use by the vfTPM with VMID=0.

A10: Return the data processed by vfTPM to the Xen Hypervisor through the vfTPM request and response process;

A10: The hypervisor enters the startup process and completes startup.

Among them, the virtual machine creation process may include:

R1: RichOS or Hypervisor initiates an instruction to create a virtual machine and requires that the virtual machine be configured with vfTPM.

B2: When RichOS or Hypervisor calls to create a virtual machine, the vfTPM-related initialization operations are first completed on the TEE side, that is, A3 and A4 in the initialization process. Therefore, RichOS or Hypervisor first assigns the request parameters with RichOS or Hypervisor to this virtual machine. A piece of VMID is passed to the firmware processing module of the firmware layer.

B3: The firmware processing module receives the request to create a virtual machine, encapsulates the request parameters, appends the VMID to the SMC command, sends the SMC_VM_CREATE command, sends the command to TEEOS on the TEE side, and switches the operating environment to TEE.

B4: The Nexus TEE on the TEEOS side receives the SMC command and analyzes this virtual machine which requires a vfTPM device.

B5: TEEOS allocates a vm tee instance and context to the virtual machine. The vm tee context is used to handle all requests related to the virtual machine, including the loading and execution of vfTPM.

B6: Load fTPM TA and perform vfTPM initialization operation. Optionally, during the initialization process, in addition to starting the TPM, NVRVM also needs to be initialized. The initialization process of NVRVM includes: using NV Driver to complete the allocation of flash partition. If the virtual machine has a corresponding flash partition, this partition will be directly allocated to vfTPM for use as NVRVM. If the vfTPM of the virtual machine does not have a corresponding flash partition, then NV Driver creates a partition for the virtual machine when the flash space is sufficient, and performs NVRVM initialization operations on this partition according to TPM specifications.

B7: NVRVM initialization is completed, continue to complete other initialization work of the TPM specification.

B8: Complete the fTPM initialization work and return the result to the RichOS or Hypervisor layer through the TEEOS and firmware processing modules;

B9: RichOS completes the subsequent creation of virtual machines.

Among them, the vfTPM request and response process for the virtual machine can be as follows:

C1: GuestOS sends vfTPM request.

C2: GustOS kernel (virtual machine operating system kernel) converts vfTPM request instructions and VA into IPA.

C3: RichOS or Hypervisor converts the instructions sent by GuestOS into PA, and appends the VMID and sends them to the firmware processing module.

C4: The firmware processing module encapsulates the instruction, attaches the VMID, executes the SMC instruction, and switches the running state to TEEOS.

C5: TEEOS processes the vfTPM request according to the VMID assigned to the corresponding vm tee context.

C6: TEEOS allocates shared memory, saves the processing results in the shared memory, and sends the shared memory address and VMID to the firmware processing module.

C7: After the firmware processing module encapsulates the request parameters, it executes the SMC instruction to switch the execution environment to REE, and sends the result to the Hypervisor or RichOS.

C8: RichOS or Hypervisor converts the shared memory address to IPA and returns the result to the corresponding virtual machine based on the VMID.

C9: The virtual machine kernel converts the IPA into VA and hands it over to the GuestOS APP for processing.

C10: GustOS APP obtains the processing result of vfTPM request.

Among them, the virtual machine destruction and shutdown process can be as follows:

D1: The user issues an instruction to destroy or shut down the virtual machine through the application layer. RichOS or Hypervisor receives the instruction to destroy or shut down the virtual machine and releases the vfTPM resources by executing the execution.

D2: Convert the instruction parameters of the virtual machine to be processed, that is, the virtual machine to be destroyed or the virtual machine to be shut down, and forward it to the firmware processing module with the VMID attached.

D3: The firmware processing module encapsulates the instructions generated by D2, appends the VMID, executes the SMC_VM_DESTROY instruction, and switches the running state to TEEOS.

D4: TEEOS accepts the instruction to destroy or shut down the virtual machine, and sends it to the corresponding vm tee based on the parameters and VMID of this instruction.

D5: Determine whether the command is to completely destroy and delete the virtual machine or to shut down the virtual system normally.

D6: If it is a command to shut down the virtual machine system, refresh the vfTPM data on the TEE side and delete the vm context;

D7: If the virtual machine is destroyed, delete the vm context on the TEE side and delete the vfTPM storage partition allocated to the virtual machine on the flash, that is, the target storage space.

D8: Return the processing results to RichOS or Hypervisor through TEEOS and firmware management modules.

D9: RichOS or Hypervisor completes the destruction or deletion of the vm in REE.

It can be seen from the above that the embodiment of the present application completes TEEOS's support for virtualization by transforming TEEOS, and supports KVM and Xen virtualization technology; by improving the implementation method of fTPM, it realizes fTPM's virtual machine on the ARM platform support; by improving the storage method of fTPM, the storage of fTPM is saved on a special flash memory, so that it can only be read in TEE, which enhances its security; the storage method of fTPM is virtualized, Solved the virtualization problem of fTPM. As a result, the TPM function is implemented based on firmware on the ARM platform, and virtualization is implemented, which can be used by ARM virtual machines. It can save physical costs at the research and development level. The implementation of fTPM virtualization can improve the security of cloud computing products and improve the cloud computing. Competitiveness in the computing industry.

Each embodiment in this specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same or similar parts between the various embodiments can be referred to each other. As for the hardware disclosed in the embodiments, including devices, electronic equipment and ARM platforms, since they correspond to the methods disclosed in the embodiments, the description is relatively simple. For relevant details, please refer to the description of the method section.

Those skilled in the art may also realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. In order to clearly illustrate the interoperability of hardware and software, Alternatively, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

The above has introduced in detail a virtualization implementation method, device, electronic equipment, non-volatile readable storage medium and ARM platform provided by this application. This article uses optional examples to illustrate the principles and implementation methods of the present application. The description of the above embodiments is only used to help understand the method and the core idea of the present application. It should be noted that for those of ordinary skill in the art, several improvements and modifications can be made to the present application without departing from the principles of the present application, and these improvements and modifications also fall within the protection scope of the claims of the present application.

Claims

A virtualization implementation method, including:

Based on the virtualization type, initialize the ARM platform running the target virtual machine configured with the virtual firmware-based trusted platform module vfTPM function in advance;

When receiving the target vfTPM request of the target virtual machine, encapsulate the instruction carrying the real physical address converted from the virtual physical address of the target virtual machine and the identification information of the target virtual machine, and switch the current running status to the trusted execution environment;

In the trusted execution environment, according to the identification information, the corresponding target virtual machine trusted execution environment context is called to process the target vfTPM request, and a result carrying the storage address of the processing result and the identification information is sent. feedback instructions;

Encapsulate the result feedback instruction, and switch the current running state to the rich execution environment; in the rich execution environment, obtain the storage address and the identification information by parsing the result feedback instruction, and according to the identification information, Send the converted storage address to the target virtual machine.
The virtualization implementation method according to claim 1, wherein after calling the corresponding target virtual machine trusted execution environment context to process the target vfTPM request, it further includes:

Store the processing results in shared memory.
The virtualization implementation method according to claim 1, wherein sending the converted storage address to the target virtual machine according to the identification information includes:

The operating system of the rich execution environment converts the storage address into a physical address considered by the virtual machine, and sends the physical address to the target virtual machine based on the identification information.
The virtualization implementation method according to claim 3, wherein after sending the physical address to the target virtual machine based on the identification information, the method further includes:

The kernel of the target virtual machine converts the physical address into a virtual machine memory address, and transmits the virtual machine memory address to the operating system of the target virtual machine. The target virtual machine is based on the virtual machine memory. The address reads the processing result of the vfTPM request.
The virtualization implementation method according to claim 1, wherein, based on the virtualization type, initializing the ARM platform running the target virtual machine configured with the vfTPM function includes:

The ARM platform is powered on and the target firmware and trusted execution environment operating system of the ARM platform are loaded;

When the trusted execution environment operating system starts, configure memory for the trusted execution environment operating system and perform memory initialization processing;

Based on the virtualization type to which the target virtual machine belongs, a rich execution environment is initialized.
The virtualization implementation method according to claim 5, wherein said configuring memory for the trusted execution environment operating system and performing memory initialization processing includes:

Divide the memory of the trusted execution environment operating system into running memory and virtual request execution memory; the running memory is used to process underlying requests, and the virtual request execution memory is used to process vfTPM requests of virtual machines;

In the flash memory chip, configure a dedicated memory for implementing the vfTPM function for the trusted execution environment operating system;

Load a storage driver into the trusted execution environment operating system, use the storage driver to initialize the private memory, and perform partitioning on the private memory.
The virtualization implementation method according to claim 6, wherein the dedicated memory is used to store data of the vfTPM, and the method further includes: allocating a piece of storage in the dedicated memory for each virtual machine in advance Interval, used to store the vfTPM data of each virtual machine.
The virtualization implementation method according to claim 6, wherein the initializing the rich execution environment based on the virtualization type to which the target virtual machine belongs includes:

If the target virtual machine adopts the virtual operating system emulator system virtualization module QEMU KVM virtualization technology, the loading of the rich execution environment operating system is completed.
The virtualization implementation method according to claim 6, wherein the initializing the rich execution environment based on the virtualization type to which the target virtual machine belongs includes:

If the target virtual machine adopts Xen virtualization technology, start the Xen virtualization image file while starting the basic input and output system BIOS;

During the startup process, the virtual machine monitor is used as a virtual machine with a preset identification, and the corresponding virtual machine trusted execution environment instance and virtual machine trusted execution environment context are assigned to the virtual machine monitor;

The vfTPM trusted application is loaded through the virtual machine trusted execution environment instance; during the loading process of the vfTPM trusted application, the storage driver is used to read and write the private memory, and in the private memory Allocating a dedicated storage area to the virtual machine monitor;

Return the processing result of the vfTPM request of the virtual machine monitor to the virtual machine monitor, and start the virtual machine monitor.
The virtualization implementation method according to any one of claims 1 to 9, wherein before receiving the target vfTPM request of the target virtual machine, the method further includes:

The rich execution environment issues a virtual machine creation instruction and allocates corresponding identification information to the target virtual machine configured with the vfTPM function;

Encapsulate the identification information and the virtual machine creation instruction, and switch the current running state to the trusted execution environment;

In the trusted execution environment, the trusted execution environment operating system allocates the target virtual machine trusted execution environment context and the target virtual machine trusted execution environment instance to the target virtual machine based on the virtual machine creation instruction. and memory space; load the vfTPM trusted application through the target virtual machine trusted execution environment instance, start the TPM, and initialize the memory space and the vfTPM of the target virtual machine;

Encapsulate the initialization result of the vfTPM of the target virtual machine and the identification information, and switch the current running state to the rich execution environment, so as to complete the target virtual machine in the rich execution environment based on the initialization result. creation operation.
The virtualization implementation method according to claim 10, wherein the method further includes:

The storage of the vfTPM is saved on flash memory so that it can only be read in the trusted execution environment.
The virtualization implementation method according to claim 10, wherein the initializing the memory space includes:

If the target virtual machine has a corresponding target storage space in the flash memory chip, allocate the target storage space to the vfTPM function of the target virtual machine;

If the target virtual machine has a corresponding storage partition in the flash memory chip, when the remaining storage space of the flash memory chip is greater than the preset space threshold, the target storage space is allocated for the vfTPM function of the target virtual machine through the storage driver;

Bind the target storage space and the identification information;

Wherein, the target storage space is used as the non-volatile random access memory NVRAM of the vfTPM of the target virtual machine; and the read and write functions of the target storage space are executed by the target virtual machine in the trusted execution environment .
The virtualization implementation method according to claim 12, wherein the method further includes:

By partitioning on the flash chip, each virtual machine's vfTPM is given a partition for NVRAM storage.
The virtualization implementation method according to claim 12, wherein the flash memory chip driver on the trusted execution environment operating system is set to only allow the read and write settings of the flash memory chip on the trusted execution environment side. permissions; and the target storage space is set to only allow operations by the target virtual machine.
The virtualization implementation method according to any one of claims 1 to 9, wherein after initializing the ARM platform running the target virtual machine configured with the vfTPM function, it further includes:

When a virtual machine destruction instruction is received, in the rich execution environment, by parsing the virtual machine destruction instruction, the destruction identification of the virtual machine to be destroyed is obtained;

Encapsulate the parameterized virtual machine destruction instruction and the destruction identification, and switch the current running state to the trusted execution environment;

In the trusted execution environment, the trusted execution environment operating system sends the virtual machine destruction instruction to the destroyed virtual machine trusted execution environment instance corresponding to the virtual machine to be destroyed based on the destruction identification; Deleting and destroying the virtual machine trusted execution environment instance deletes and destroys the virtual machine trusted execution environment context, and deletes the storage partition of the flash memory chip corresponding to the virtual machine to be destroyed; and feeds back a virtual machine destruction completion instruction carrying the destruction identification;

Encapsulate the parameterized virtual machine destruction completion instruction and the destruction identification, and switch the current running state to the rich execution environment;

In the rich execution environment, the virtual machine to be destroyed is deleted according to the virtual machine destruction completion instruction and the destruction identification.
The virtualization implementation method according to any one of claims 1 to 9, wherein after initializing the ARM platform running the target virtual machine configured with the vfTPM function, it further includes:

When a virtual machine shutdown instruction is received, in the rich execution environment, by parsing the virtual machine shutdown instruction, the shutdown identification of the virtual machine to be shut down is obtained;

Encapsulate the parameterized virtual machine shutdown instruction and the shutdown identifier, and switch the current running state to the trusted execution environment;

In the trusted execution environment, the trusted execution environment operating system sends the virtual machine shutdown instruction to the shutdown virtual machine trusted execution environment instance corresponding to the virtual machine to be shut down based on the shutdown identifier; so The shutdown virtual machine trusted execution environment instance deletes the shutdown virtual machine trusted execution environment context, and updates the vfTPM of the shutdown virtual machine in the trusted execution environment; feeds back a virtual machine shutdown completion instruction carrying the shutdown identification;

Encapsulate the parameterized virtual machine shutdown completion instruction and the shutdown identifier, and switch the current running state to the rich execution environment;

In the rich execution environment, the virtual machine to be shut down is shut down according to the virtual machine shutdown completion instruction and the shutdown identifier.
A virtualization implementation device, including:

The initialization processing module is set to perform initialization processing on the ARM platform running the target virtual machine configured with the vfTPM function based on the virtualization type in advance;

The virtualization request issuing module is configured to carry the real physical address converted from the virtual physical address of the target virtual machine and the identification of the target virtual machine when receiving the target vfTPM request of the target virtual machine. Encapsulate the information instructions and switch the current running state to a trusted execution environment;

The virtualization request processing module is configured to, in the trusted execution environment, call the corresponding target virtual machine trusted execution environment context to process the target vfTPM request according to the identification information, and send a message carrying the processing result. Store the address and the result feedback instruction of the identification information;

The processing result feedback module is configured to encapsulate the result feedback instruction and switch the current running state to a rich execution environment; in the rich execution environment, obtain the storage address and the identifier by parsing the result feedback instruction information, and sends the converted storage address to the target virtual machine according to the identification information.
An electronic device includes a processor and a memory. The processor is configured to implement the steps of the virtualization implementation method according to any one of claims 1 to 16 when executing a computer program stored in the memory.
A non-volatile readable storage medium. A computer program is stored on the non-volatile readable storage medium. When the computer program is executed by a processor, the virtualization as described in any one of claims 1 to 16 is realized. Implement the steps of the method.
An ARM platform, used to implement the steps of the virtualization implementation method according to any one of claims 1 to 16 when executing a computer program, which includes an application layer, a system layer, a virtualization layer and a firmware layer;

The application layer includes multiple virtual machine applications located in a rich execution environment and a trusted application set located in a trusted execution environment. The trusted application set includes trusted applications used to implement vfTPM functions;

The system layer includes a host processing module located in the rich execution environment, and a trusted management module located in the trusted execution environment;

The virtualization layer includes a virtual machine monitor located in the rich execution environment;

The firmware layer includes a firmware processing module. The firmware processing module is configured to receive instructions from the host processing module, the virtual machine monitor and the trusted management module; perform switching of running states, and The virtual machine identification information in the received instruction is forwarded during the execution of running state switching.