PROVIDING ISOLATION IN VIRTUALIZED SYSTEMS USING TRUST DOMAINS

PROVIDING ISOLATION IN VIRTUALIZED SYSTEMS USING TRUST DOMAINS

Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, an apparatus comprises: a memory encryption engine to protect memory using encryption; and a processor to execute one or more instructions to allow a virtual machine manager (VMM) to manag...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ouziel, Ido, Durham, David M, Neiger, Gilbert, Rozas, Carlos V, Khosravi, Hormuzd M, Chhabra, Siddhartha, Sahita, Ravi L, Schoinas, Ioannis T, Gerzon, Gideon, Patel, Baiju V, Huntley, Barry E
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, an apparatus comprises: a memory encryption engine to protect memory using encryption; and a processor to execute one or more instructions to allow a virtual machine manager (VMM) to manage a trust domain (TD). The processor is to support at least one of a first instruction to add a memory page to the TD, wherein execution of the first instruction is to use an address of TD control structure, an address of a source page, and an address of destination page to: copy the source memory page to the destination page using an encryption key identified in the TD control structure, a second instruction, wherein execution of the second instruction is to initialize the TD control structure for a TD and generate the encryption key, or a third instruction, wherein execution of the third instruction is to enter the TD and load a saved state of the TD from a data structure.