Methods and apparatus for a secure sleep state

What is claimed is: 1. A method to manage secure sleep state transitions in a computing platform including at least one processor, an operating system to control the computing platform, a basic input/output system to boot the computing platform, and a main memory, the method comprising: in response to a trigger to place the computing platform in a secure sleep state: encrypting content in the main memory, the content in the main memory including critical regions which must be decrypted before the operating system can control operation of the computing platform and other regions which do not need to be decrypted before the operating system can control the operation of the computing platform; and, placing the computing platform in the secure sleep state; in response to an initiation of a resume procedure to resume the computing platform from the secure sleep state: booting the computing platform with the basic input/output system; before passing control of the computing platform from the basic input/output system to the operating system, initiating a virtual machine monitor to execute on the at least one processor; decrypting the critical regions of the main memory with the virtual machine monitor executing on the at least one processor; and after the critical regions of the main memory have been decrypted and before the other regions of the main memory which do not need to be decrypted before the operating system can control the operation of the computing platform have been decrypted, passing control of the computing platform from the basic input/output system to the operating system; and after the operating system has received control of the computing platform from the basic input/output system and in response to at least one of a fault or violation triggered by an attempt to access the main memory: decrypting, with the virtual machine monitor executing on the at least one processor, the data at a location in at least one of the other regions of the main memory. 2. The method as defined in claim 1 , wherein the fault or violation is triggered by the operating system attempting to access the data at the location in the at least one of the other regions of the main memory. 3. The method as defined in claim 1 , further including generating a first table to track which portions of the main memory have been decrypted. 4. The method as defined in claim 3 , wherein the at least one of the fault or violation is triggered when the operating system attempts to access an address of the main memory not having a corresponding entry in the first table. 5. The method as defined in claim 3 , further including populating the first table with information associated with the location at the at least one of the other regions of the main memory in response to the decrypting of the data at the location at the at least one of the other regions of the main memory. 6. A The method as defined in claim 4 , further including completing resumption of the operating system from the secure sleep state when each encrypted portion of the main memory has been decrypted. 7. The method as defined in claim 4 , further including, when the main memory has not been completely decrypted within a time limit, decrypting a yet encrypted portion of the main memory without the at least one of the fault or violation being triggered by an access attempt to the yet encrypted portion of the main memory. 8. The method as defined in claim 1 , further including generating a second table in connection with the encryption of the content of the main memory to indicate a first address of the main memory corresponding to the critical regions and a second address of the main memory corresponding to at least one of the other regions. 9. The method as defined in claim 1 , wherein the critical regions of the main memory include at least one of locations or sizes of data structures required for the operating system to run upon the computing platform. 10. At least one tangible computer readable storage device comprising instructions that, when executed, cause a computing platform to at least: in response to a trigger to place the computing platform in a secure sleep state: encrypt content in a main memory of the computing platform, the content in the main memory including a first region which must be decrypted before control of the computing platform can be passed from a basic input/output system (BIOS) to a main operating system and a second region which does not need to be decrypted before control of the computing platform can be passed from the BIOS to the main operating system; and, place the computing platform in the secure sleep state; in response to initiation of a resume procedure to resume the computing platform from the secure sleep state: boot the computing platform with the BIOS; before passing control of the computing platform from the BIOS to the main operating system, initiate a virtual machine monitor (VMM); decrypt the first region of the main memory with the VMM; and after the first region of the main memory has been decrypted and before the second region of the main memory has been decrypted, pass control of the computing platform from the BIOS to the main operating system; and after the operating system has received control of the computing platform from the BIOS and in response to at least one of a fault or violation triggered by an attempt to access the main memory, decrypt at least a portion of the second region of the main memory with the VMM. 11. The at least one storage device as defined in claim 10 , wherein the at least one of the fault or the violation is triggered by the operating system attempting to access the at least the portion of the second region of the main memory. 12. The at least one storage device as defined in claim 10 , wherein the instructions, when executed, cause the computing platform to generate a first table to track which portions of the main memory have been decrypted. 13. The at least one storage device as defined in claim 12 , wherein the at least one of the fault or the violation is triggered when the operating system attempts to access an address of the main memory not having a corresponding entry in the first table. 14. The at least one storage device as defined in claim 12 , wherein the instructions, when executed, cause the computing platform to populate the first table with information associated with the at least the portion of the second region of the main memory in response to the decrypting of the at least the portion of the second region of the main memory. 15. The at least one storage device as defined in claim 13 , wherein the instructions, when executed, cause the computing platform to complete resumption of the operating system from the secure sleep state when every encrypted portion of the main memory has been decrypted. 16. The at least one storage device as defined in claim 13 , wherein, when the main memory has not been completely decrypted within a time limit, the instructions, when executed, cause the computing platform to decrypt a yet encrypted portion of the main memory without the at least one of the fault or violation being triggered by an access attempt to the yet encrypted portion of the main memory. 17. The at least one storage device as defined in claim 10 , wherein the instructions, when executed, cause the computing platform to generate a second table in connection with encryption of the main memory to indicate a first address of the main memory corresponding to the first region and a second address of the main memory corresponding to the sec