VIRTUALIZATION-BASED PLATFORM PROTECTION TECHNOLOGY

Embodiments described herein relate to platform security. For example, an apparatus comprises circuitry to execute instructions of a trusted execution environment, an untrusted execution environment, and a hypervisor; security circuitry to execute firmware to perform security operations, the security circuitry to provide a key to be used for encryption of data associated with the trusted execution environment; and memory management circuitry. The memory management circuitry is to: provide access by the untrusted execution environment to a first one or more page tables to translate a first guest virtual address to a first guest physical address associated with the untrusted execution environment and to provide access by the hypervisor to a second one or more page tables to translate the guest physical address to a host physical address; determine an isolated physical memory region; associate a plurality of entries of a table in the isolated physical memory region with the trusted execution environment, each entry of the plurality of entries to store information corresponding to a page table entry of a third one or more page tables associated with the trusted execution environment, the information including a corresponding guest physical address, page attributes, and permissions; and access an entry of the plurality of entries to provide security for address translations associated with the trusted execution environment.