Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Secure interface control high-level page management
US2020285758A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020285758-A1 |
| Application number | US-201916296457-A |
| Country | US |
| Kind code | A1 |
| Filing date | Mar 8, 2019 |
| Priority date | Mar 8, 2019 |
| Publication date | Sep 10, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method is provided. The method is implemented by a secure interface control of a computer that prevents unauthorized accesses to locations in a memory of the computer. The secure interface control determines that a host absolute page is not previously mapped to a virtual page in accordance with securing the host absolute page and a host virtual page is not already mapped to an absolute page in accordance with securing the host absolute page.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: determining, by a secure interface control of a computer that prevents unauthorized accesses to locations in a memory of the computer, that a host absolute page is not previously mapped to a virtual page in accordance with securing the host absolute page; and determining, by the secure interface control, that a host virtual page is not already mapped to an absolute page in accordance with securing the host absolute page. 2 . The method of claim 1 , wherein the secure interface control marks the host absolute page as secure. 3 . The method of claim 2 , wherein the secure interface control registers the host absolute page for use by the secure interface control, securely decrypts the host absolute page, subsequently un-registers the host absolute page for use by the secure interface control, and registers the host absolute page to the secure domain. 4 . The method of claim 3 , wherein the secure interface control registers the host virtual address with the associated host absolute page to create a host-address pair for use by the secure entity, and checks the host virtual addresses match on access by the secure entity. 5 . The method of claim 3 , wherein the secure interface control locks the host absolute page for use by the secure interface control to prevent other calls to the host absolute page. 6 . The method of claim 5 , wherein the secure interface control unlocks the host absolute page to assign a secure guest domain loaded into the memory. 7 . The method of claim 1 , wherein a secure entity accesses a secure page that has been transparently paged-in by an untrusted entity executing on the computer and is non-secure. 8 . The method of claim 7 , wherein the untrusted entity is a hypervisor, and wherein the secure entity is a secure guest. 9 . The method of claim 7 , wherein hardware presents a program interruption to the untrusted entity indicating a need for decryption of a secure guest page. 10 . The method of claim 9 , wherein the untrusted entity issues an import instruction that provides the host absolute page and the host virtual page. 11 . A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable to cause operations comprising: determining, by a secure interface control of a computer that prevents unauthorized accesses to locations in a memory of the computer, that a host absolute page is not previously mapped to a virtual page in accordance with securing the host absolute page; and determining, by the secure interface control, that a host virtual page is not already mapped to an absolute page in accordance with securing the host absolute page. 12 . The computer program product of claim 11 , wherein the secure interface control marks the host absolute page as secure. 13 . The computer program product of claim 12 , wherein the secure interface control registers the host absolute page for use by the secure interface control, securely decrypts the host absolute page, subsequently un-registers the host absolute page for use by the secure interface control, and registers the host absolute page to the secure domain. 14 . The computer program product of claim 13 , wherein the secure interface control registers the host virtual address with the associated host absolute page to create a host-address pair for use by the secure entity, and checks the host virtual addresses match on access by the secure entity. 15 . The computer program product of claim 13 , wherein the secure interface control locks the host absolute page for use by the secure interface control to prevent other calls to the host absolute page. 16 . The computer program product of claim 15 , wherein the secure interface control unlocks the host absolute page to assign a secure guest domain loaded into the memory. 17 . The computer program product of claim 11 , wherein a secure entity accesses a secure page that has been transparently paged-in by an untrusted entity executing on the computer and is non-secure, 18 . The computer program product of claim 17 , wherein the untrusted entity is a hypervisor, and wherein the secure entity is a secure guest. 19 . The computer program product of claim 17 , wherein hardware presents a program interruption to the untrusted entity indicating a need for decryption of a secure guest page. 20 . The computer program product of claim 19 , wherein the untrusted entity issues an import instruction that provides the host absolute page and the host virtual page. 21 . A system comprising: a memory; a secure interface control of the system that prevents unauthorized accesses to locations in the memory, wherein the system performs operations comprising: determining, by a secure interface control of a computer that prevents unauthorized accesses to locations in a memory of the computer, that a host absolute page is not previously mapped to a virtual page in accordance with securing the host absolute page; and determining, by the secure interface control, that a host virtual page is not already mapped to an absolute page in accordance with securing the host absolute page. 22 . The system of claim 21 , wherein the secure interface control marks the host absolute page as secure. 23 . The system of claim 22 , wherein the secure interface control registers the host absolute page for use by the secure interface control, securely decrypts the host absolute page, subsequently un-registers the host absolute page for use by the secure interface control, and registers the host absolute page to the secure domain. 24 . The system of claim 23 , wherein the secure interface control registers the host virtual address with the associated host absolute page to create a host-address pair for use by the secure entity, and checks the host virtual addresses match on access by the secure entity. 25 . The system of claim 23 , wherein the secure interface control locks the host absolute page for use by the secure interface control to prevent other calls to the host absolute page.
Assignees
Inventors
Classifications
- G06F21/602Primary
Providing cryptographic facilities or services · CPC title
- G06F12/145Primary
the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism · CPC title
Security improvement · CPC title
Isolation or security of virtual machine instances · CPC title
Memory management, e.g. access or allocation · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020285758A1 cover?
- A method is provided. The method is implemented by a secure interface control of a computer that prevents unauthorized accesses to locations in a memory of the computer. The secure interface control determines that a host absolute page is not previously mapped to a virtual page in accordance with securing the host absolute page and a host virtual page is not already mapped to an absolute page i…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/602. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Sep 10 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).