Methods and apparatus for remeasuring a virtual machine monitor

What is claimed is: 1. A method for remeasuring a virtual machine monitor, the method comprising: using a virtual machine monitor (VMM) of a processing system to obtain a secret value from a trusted platform module (TPM) of the processing system; providing the secret value from the VMM to a measurement agent executing in a resource privileged mode of the processing system; generating a remeasurement value for the VMM while the VMM is in runtime; using the secret value that was obtained from the TPM to certify the remeasurement value; and communicating the remeasurement value to a requesting program. 2. A method according to claim 1 , wherein the measurement agent comprises: a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in the resource privileged mode. 3. A method according to claim 1 , further comprising: using the VMM to verify the measurement agent before providing the secret value to the measurement agent. 4. A method according to claim 1 , further comprising: after providing the secret value to the measurement agent, erasing the secret value from memory of the VMM. 5. A method according to claim 1 , further comprising: receiving a VMM remeasurement request from the requesting program; and generating the remeasurement value for the VMM in response to the VMM remeasurement request. 6. A method according to claim 1 , further comprising: determining whether the requesting program is authorized before communicating the remeasurement value to the requesting program. 7. A method according to claim 1 , wherein the operation of using the secret value to certify the remeasurement value comprises: generating a hashed message authentication code (HMAC) for the remeasurement value; and using the secret value as a key for the HMAC. 8. A method according to claim 1 , wherein the operation of using the secret value to certify the remeasurement value comprises: generating a cryptographic signature for the remeasurement value; and using the secret value as a private key for the cryptographic signature. 9. An apparatus comprising: a non-transitory machine-accessible medium; and instructions in the machine-accessible medium, wherein the instructions, when executed by a processing system, implement a virtual machine monitor (VMM) remeasurement agent to perform operations comprising: receiving a secret value from a VMM while the processing system is in a resource privileged mode, wherein the secret value comprises data obtained from a trusted platform module (TPM) of the processing system; generating a remeasurement value for the VMM while the processing system is in the resource privileged mode; using the secret value to certify the remeasurement value; and communicating the remeasurement value to a requesting program. 10. An apparatus according to claim 9 , wherein the VMM remeasurement agent comprises: a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in the resource privileged mode. 11. An apparatus according to claim 9 , wherein the operations to be performed by the VMM remeasurement agent comprise: generating the remeasurement value for the VMM in response to a VMM remeasurement request from the requesting program. 12. An apparatus according to claim 11 , wherein the operation of using the secret value to certify the remeasurement value comprises: generating a hashed message authentication code (HMAC) for the remeasurement value; and using the secret value as a key for the HMAC. 13. An apparatus according to claim 11 , wherein the operation of using the secret value to certify the remeasurement value comprises: generating a cryptographic signature for the remeasurement value; and using the secret value as a private key for the cryptographic signature. 14. An apparatus according to claim 9 , wherein: the instructions in the machine-accessible medium, when executed, also implement the VMM; and the VMM is operable to perform operations comprising: verifying the VMM remeasurement agent before providing the secret value to the VMM remeasurement agent; receiving a remeasurement request from the requesting program; and verifying the requesting program before passing the remeasurement request to the VMM remeasurement agent. 15. A method for remeasuring a virtual machine monitor, the method comprising: initiating booting a processing system; launching a first instance of a virtual machine monitor (VMM) of the processing system, after initiating booting the processing system and before launching the first instance of the VMM, measuring the first instance of the VMM; after launching the first the instance of the VMM, obtaining a secret value from a trusted platform module (TPM) of the processing system; providing the secret value to a measurement agent executing in system management mode (SMM) of the processing system; after launching the first instance of the VMM, generating a remeasurement value for the first instance of the VMM while the first instance of the VMM is in runtime mode; using the secret value that was obtained from the TPM to certify the remeasurement value; and communicating the remeasurement value to a requesting program. 16. A method according to claim 15 , wherein the measurement agent comprises a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM. 17. A method according to claim 15 , further comprising using the first instance of the VMM to verify the measurement agent before providing the secret value to the measurement agent. 18. A method according to claim 15 , further comprising: after providing the secret value to the measurement agent, erasing the secret value from memory of the first instance of the VMM.