What technology area does this patent fall under?

Primary CPC classification G06F9/45558. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 02 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Virtual trusted platform module function implementation method and management device

US10338949B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10338949-B2
Application number	US-201615360012-A
Country	US
Kind code	B2
Filing date	Nov 23, 2016
Priority date	May 26, 2014
Publication date	Jul 2, 2019
Grant date	Jul 2, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A virtual trusted platform module function implementation method is provided, the method is executed at an exception level EL3 of a processor that uses an ARM V8 architecture, and the method includes: generating, according to requirements of one or more VMs, one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, where each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and interacting with a VMM and the VM, so that the VM acquires a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance, and the VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address.

First claim

Opening claim text (preview).

What is claimed is: 1. A virtual trusted platform module (vTPM) function implementation method for use at an exception level EL3 of a processor that uses an ARM V8 architecture, the method comprising: generating, according to requirements of one or more virtual machines (VMs), one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, wherein each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and interacting with a virtual machine monitor (VMM) and the VM, for causing the VM to acquire a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance, by: sending a first query request to an EL2, wherein the first query request comprises the communication queue physical address of the vTPM instance, for causing the EL2 to determine, according to the first query request and a mapping table that is between a physical address and an intermediate physical address and is stored at the EL2, an intermediate physical address corresponding to the communication queue physical address of the vTPM instance, and send the intermediate physical address to the EL3; receiving the intermediate physical address sent by the EL2; and sending a second query request to an EL1 wherein the second query request comprises the intermediate physical address, for causing the EL1 to determine, according to the second query request and a mapping table that is between an intermediate physical address and a virtual address and is stored at the EL1 a virtual address corresponding to the intermediate physical address, wherein the determined virtual address is the VM communication queue virtual address, and wherein the VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address. 2. The method according to claim 1 , further comprising: sending, by the VM, a vTPM command to the vTPM instance according to the VM communication queue virtual address by using the vTPM instance communication queue, for causing the vTPM instance to process the vTPM command, and feed back a processing result to the VM by using the vTPM instance communication queue; and reading, by the VM, the processing result of the vTPM command according to the VM communication queue virtual address by using the vTPM instance communication queue. 3. A virtual trusted platform module (vTPM) function implementation method for use at an exception level EL3 of a processor that uses an ARM V8 architecture, the method comprising: generating, according to requirements of one or more virtual machines (VMs), one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, wherein each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; interacting with a virtual machine monitor (VMM) and the VM, for causing the VM to acquire a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance, by sending a first query request to an EL2, wherein the first query request comprises the communication queue physical address of the vTPM instance, for causing the EL2 to determine, according to the first query request and a mapping table that is between a physical address and an intermediate physical address and is stored at the EL2, an intermediate physical address corresponding to the communication queue physical address of the vTPM instance, and send the intermediate physical address to the EL1, wherein the EL1 determines, according to the intermediate physical address and a mapping table that is between an intermediate physical address and a virtual address and is stored at the EL1, a virtual address corresponding to the intermediate physical address, and wherein the determined virtual address is the VM communication queue virtual address and the VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address. 4. The method according to claim 3 , further comprising: sending, by the VM, a vTPM command to the vTPM instance according to the VM communication queue virtual address by using the vTPM instance communication queue, for causing the vTPM instance to process the vTPM command, and feed back a processing result to the VM by using the vTPM instance communication queue; and reading, by the VM, the processing result of the vTPM command according to the VM communication queue virtual address by using the vTPM instance communication queue. 5. A virtual trusted platform module (vTPM) management device for executing a vTPM function implementation method at an exception level EL3 of a processor that uses an ARM V8 architecture, the vTPM management device comprising: a generation unit, configured to generate, according to requirements of one or more virtual machines (VMs), one or more vTPM instances corresponding to each VM; a storage unit, configured to store the generated one or more vTPM instances in preset secure space, wherein each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and an interaction unit, configured to: interact with a virtual machine monitor (VMM) and the VM, for causing the VM to acquire a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance; send a first query request to an EL2, wherein the first query request comprises the communication queue physical address of the vTPM instance, for causing the EL2 to determine, according to the first query request and a mapping table that is between a physical address and an intermediate physical address and is stored at the EL2, an intermediate physical address corresponding to the communication queue physical address of the vTPM instance, and send the intermediate physical address to the EL3; receive the intermediate physical address sent by the EL2; and send a second query request to an EL1 wherein the second query request comprises the intermediate physical address, for causing the EL1 to determine, according to the second query request and a mapping table that is between an intermediate physical address and a virtual address and is stored at the EL1 a virtual address corresponding to the intermediate physical address, wherein the determined virtual address is the VM communication queue virtual address, and wherein VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address. 6. A virtual trusted platform module (vTPM) management device for executing a vTPM function implementation method at an exception level EL3 of a processor that uses an ARM V8 architecture, the vTPM management device comprising: a generation unit, configured to generate, according to requirements of one or more virtual machines (VMs), one or more vTPM instances corresponding to each VM; a storage unit, configured to store the generated one or more vTPM instances in preset secure space, wherein each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and an interaction unit, configured to: interact with a virtual machine monitor (VMM) and the VM, for causing the VM to acquire a VM communication queue virtual address, in VM vir

Assignees

Huawei Tech Co Ltd

Inventors

Classifications

G06F2009/4557
Distribution of virtual machine instances; Migration and load balancing · CPC title
G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
G06F9/455
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
G06F2009/45587
Isolation or security of virtual machine instances · CPC title

Patent family

Related publications grouped by family.

View patent family 51309908

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10338949B2 cover?: A virtual trusted platform module function implementation method is provided, the method is executed at an exception level EL3 of a processor that uses an ARM V8 architecture, and the method includes: generating, according to requirements of one or more VMs, one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, where ea…
Who is the assignee on this patent?: Huawei Tech Co Ltd
What technology area does this patent fall under?: Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 02 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).