Secure public cloud using extended paging and memory integrity
US-2020057664-A1 · Feb 20, 2020 · US
Multiple secure virtual processors for a trust domain
US2022012086A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022012086-A1 |
| Application number | US-202117484825-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 24, 2021 |
| Priority date | Sep 24, 2021 |
| Publication date | Jan 13, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Providing multiple virtual processors (VPs) for a trusted domain (TD) includes creating a virtual processor control structure (VPCS) for one or more of a plurality of VPs of the TD of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure extended page table (SEPT) for the VP; and for the VP, initializing the VPCS for the VP by copying selected entries of the TDCS to the SEPT of the VPCS, pointing a SEPT pointer to the VPCS, and setting an entry point for starting execution of the VP by the processor.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: creating a virtual processor control structure (VPCS) for one or more of a plurality of virtual processors (VPs) of a trust domain (TD) of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure extended page table (SEPT) for the VP; and for the VP, initializing the VPCS for the VP by copying selected entries of the TDCS to the SEPT of the VPCS, pointing a SEPT pointer to the VPCS, and setting an entry point for starting execution of the VP by the processor. 2 . The method of claim 1 , wherein the VPCS comprises a processor context of the VP. 3 . The method of claim 1 , wherein at least two VPs share a same view into the private memory of the TD by sharing a SEPT. 4 . The method of claim 1 , wherein at least two VPs share overlapping views into the private memory of the TD. 5 . The method of claim 1 , wherein at least two VPs have non-overlapping views into the private memory of the TD. 6 . The method of claim 1 , comprising using the SEPT for the VP to translate a private guest physical address (GPA) into a physical address and a private key identifier for the TD. 7 . The method of claim 1 , wherein a VP has a view into at least one range of addresses of the private memory of the TD. 8 . At least one non-transitory machine-readable storage medium comprising instructions that, when executed, cause at least one processing device to at least: create a virtual processor control structure (VPCS) for one or more of a plurality of virtual processors (VPs) of a trust domain (TD) of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure extended page table (SEPT) for the VP; and for the VP, initialize the VPCS for the VP by copying selected entries of the TDCS to the SEPT of the VPCS, pointing a SEPT pointer to the VPCS, and setting an entry point for starting execution of the VP by the processor. 9 . The at least one non-transitory machine-readable storage medium of claim 8 , wherein the VPCS comprises a processor context of the VP. 10 . The at least one non-transitory machine-readable storage medium of claim 8 , wherein at least two VPs share a same view into the private memory of the TD by sharing a SEPT. 11 . The at least one non-transitory machine-readable storage medium of claim 8 , wherein at least two VPs share overlapping views into the private memory of the TD. 12 . The at least one non-transitory machine-readable storage medium of claim 8 , wherein at least two VPs have non-overlapping views into the private memory of the TD. 13 . The at least one non-transitory machine-readable storage medium of claim 8 comprising instructions, when executed to use the SEPT for the VP to translate a private guest physical address (GPA) into a physical address and a private key identifier for the TD. 14 . The at least one non-transitory machine-readable storage medium of claim 8 , wherein a VP has a view into at least one range of addresses of the private memory of the TD. 15 . An apparatus comprising: a processor; and a memory coupled to the processor, the memory having instructions stored thereon that, in response to execution by the processor, cause the processor to: create a virtual processor control structure (VPCS) for one or more of a plurality of virtual processors (VPs) of a trust domain (TD) of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure extended page table (SEPT) for the VP; and for the VP, initialize the VPCS for the VP by copying selected entries of the TDCS to the SEPT of the VPCS, pointing a SEPT pointer to the VPCS, and setting an entry point for starting execution of the VP by the processor. 16 . The apparatus of claim 15 , wherein the VPCS comprises a processor context of the VP. 17 . The apparatus of claim 15 , wherein at least two VPs share a same view into the private memory of the TD by sharing a SEPT. 18 . The apparatus of claim 15 , wherein at least two VPs share overlapping views into the private memory of the TD. 19 . The apparatus of claim 15 , wherein at least two VPs have non-overlapping views into the private memory of the TD. 20 . The apparatus of claim 15 comprising instructions, when executed to use the SEPT for the VP to translate a private guest physical address (GPA) into a physical address and a private key identifier for the TD. 21 . The apparatus of claim 15 , wherein a VP has a view into at least one range of addresses of the private memory of the TD.
Assignees
Inventors
Classifications
using tables or multilevel address translation means (G06F12/023 takes precedence; address translation in virtual memory systems G06F12/10) · CPC title
Free address space management · CPC title
Memory management, e.g. access or allocation · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
Guest-host, i.e. hypervisor is an application program itself, e.g. VirtualBox · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022012086A1 cover?
- Providing multiple virtual processors (VPs) for a trusted domain (TD) includes creating a virtual processor control structure (VPCS) for one or more of a plurality of VPs of the TD of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure exten…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jan 13 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).