Operating a secure storage device

What is claimed is: 1. A method for operating a secure storage device, comprising: configuring a computer system with at least one first level hypervisor managing at least one first level virtual machine (VM), the first level VM supporting a first level operating system (OS); configuring the first level virtual machine (VM) of the computer system with at least one second level hypervisor, the second level hypervisor managing at least one second level VM, the second level VM supporting a second level OS; storing first data indicative of the first level OS in a domain of the secure storage device, wherein the first data is not accessible by the second level OS; storing second data indicative of the second level OS in a subdomain of the domain of the secure storage device, wherein the second data is not accessible by the first level OS; storing in the computer system first profile data indicative of the first level OS and the domain of the secure storage device; storing in the computer system second profile data indicative of the second level OS and the subdomain of the secure storage device; sending the first profile data from the computer system to the secure storage device and performing, by the secure storage device, a first authentication process to authenticate the first level OS using the first profile data and a portion of the first data; sending the second profile data from the computer system to the secure storage device and performing, by the secure storage device, a second authentication process to authenticate the second level OS using the second profile data and a portion of the second data; in response to receiving a request from a trusted key entry system by the first level OS to manage the second data, forwarding the received request to the secure storage device by the first level OS, thereby causing the secure storage device to process the request; and in response to receiving by the first or second OS a request to manage the other portion of the first or second data respectively from a trusted key entry system, forwarding by the first OS or the second OS the received request to the secure storage device thereby causing the secure storage device to process the request. 2. The method of claim 1 , further comprising: associating the portion of the first data with a first flag; associating the portion of the second data with a second flag; setting the first flag and second flag for enabling a change of the portions of the first and second data respectively. 3. The method of claim 2 , wherein setting the first or second flag comprises: receiving a request from the trusted key entry system for setting the first or second flag respectively; and forwarding the request to the secure storage device, thereby causing the secure storage device to set the first or second flag. 4. The method of claim 2 , wherein the first and second flags are a same flag. 5. The method of claim 1 , wherein: the portion of the first data includes a first hash, the portion of the second data includes a second hash, the first profile data includes a hash that is generated from a unique identification of the first OS and a configuration data indicative of the domain, and the second profile data includes a hash that is generated from a unique identification of the second OS and a configuration data indicative of the subdomain; and wherein the first authentication process further comprises comparing the hash included in the first profile data with the first hash, and the second authentication process further comprises comparing the hash included in the second profile data with the second hash. 6. The method of claim 1 , wherein the second OS is configured to receive requests from the trusted key entry system via the first OS and to communicate with the secure storage device via the first OS. 7. The method of claim 1 , further comprising: creating a partition in the computer system, the partition including a secure firmware appliance, wherein the performing a second authentication process to authenticate the second level OS includes connecting the trusted key entry system to the partition, connecting the second level OS to the partition, and configuring the second level OS to receive data from the trusted key entry system via the partition and to send data to the secure storage device via the partition. 8. The method of claim 7 wherein the second profile data are sent via the firmware appliance. 9. The method of claim 7 , further comprising: transmitting a first set of keys from the TKE system to the second level OS, transmitting a second set of keys from the TKE system to the secure storage device, and establishing a secure channel between the second level OS and the secure storage device by exchanging the first and second set of keys. 10. The method of claim 9 , the first set of keys include a private key of a first pair of keys and a public key of a second pair of keys, and the second set of keys include a public key of the first pair of keys and a private key of the second pair of keys. 11. The method of claim 1 , wherein the sending of the second profile data is performed in response to a successful authentication of the first level OS. 12. A computer program product comprising a non-transitory computer-readable storage medium having computer-readable program instructions stored thereon, the instructions being for a hardware processor to perform a process for operating a secure storage device, comprising: instructions for configuring a computer system with at least one first level hypervisor managing at least one first level virtual machine (VM), the first level VM supporting a first level operating system (OS); instructions for configuring the first level virtual machine (VM) of the computer system with at least one second level hypervisor, the second level hypervisor managing at least one second level VM, the second level VM supporting a second level OS; instructions for storing first data indicative of the first level OS in a domain of the secure storage device, wherein the first data is not accessible by the second level OS; instructions for storing second data indicative of the second level OS in a subdomain of the domain of the secure storage device, wherein the second data is not accessible by the first level OS; instructions for storing in the computer system first profile data indicative of the first level OS and the domain of the secure storage device; instructions for storing in the computer system second profile data indicative of the second level OS and the subdomain of the secure storage device; instructions for sending the first profile data from the computer system to the secure storage device and performing, by the secure storage device, a first authentication process to authenticate the first level OS using the first profile data and a portion of the first data; instructions for sending the second profile data from the computer system to the secure storage device and performing, by the secure storage device, a second authentication process to authenticate the second level OS using the second profile data and a portion of the second data; instructions for, responsive to receiving a request from a trusted key entry system by the first level OS to manage the second data, forwarding the received request to the secure storage device by the first level OS, thereby causing the secure storage device to process the request; and instructions for, responsive to receiving by the first or second OS a request to manage the other portion of the first or second data respectively from a trusted key entry system, forwarding by the first OS or the sec