DIRECT ASSIGNMENT OF PHYSICAL DEVICES TO CONFIDENTIAL VIRTUAL MACHINES

Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identif...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	BHANDARI, Aditya, STEPHENSON, Sarah Elizabeth, CUI, Dexuan, KELLEY, Michael Halstead, DELIGNAT-LAVAUD, Antoine Jean Denis, WEST, Steven Adrian, PEREZ-VARGAS, Carolina Cecilia, GREST, Alexander Daniel, MAINETTI, Attilio, VASWANI, Kapil, WOHLGEMUTH, Jason Stewart, CLEMENS, Emily Cara, HEPKIN, David Alan, LIN, Jin, EBERSOL, Michael Bishop, PRONOVOST, Steve Michel
Format:	Patent
Sprache:	eng
Schlagworte:	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.