公开(公告)号：GB2594905A

公开(公告)日：2021-11-10

申请号：GB202113007

申请日：2020-03-06

Applicant: IBM

Inventor： JONATHAN DAVID BRADBURY ,  CHRISTIAN BORNTRAEGER ,  HEIKO CARSTENS ,  MARTIN SCHWIDEFSKY ,  REINHARD THEODOR BUENDGEN

IPC: G06F12/00 ,  G06F9/455 ,  G06F12/14 ,  G06F21/78 ,  H04L9/08 ,  H04L9/32

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes computing a hash value of a page of memory of a computer system and comparing the hash value with a previously computed hash value of the page. A per-encryption value per page can be used in encrypting the page based on determining that the hash value matches the previously computed hash value. A modified value of the per-encryption value per page can be used in encrypting the page based on determining that the hash value mismatches the previously computed hash value.

公开(公告)号：GB2596012B

公开(公告)日：2023-01-11

申请号：GB202113069

申请日：2020-03-06

Applicant: IBM

Inventor： JONATHAN BRADBURY ,  MARTIN SCHWIDEFSKY ,  CHRISTIAN BORNTRAEGER ,  LISA CRANTON HELLER ,  HEIKO CARSTENS ,  FADI BUSABA

IPC: G06F21/60 ,  G06F12/14

Abstract: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity accesses a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.

公开(公告)号：GB2596012A

公开(公告)日：2021-12-15

申请号：GB202113069

申请日：2020-03-06

Applicant: IBM

Inventor： JONATHAN BRADBURY ,  MARTIN SCHWIDEFSKY ,  CHRISTIAN BORNTRAEGER ,  LISA CRANTON HELLER ,  HEIKO CARSTENS ,  FADI BUSABA

IPC: G06F21/57

Abstract: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity access a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.

公开(公告)号：GB2594905B

公开(公告)日：2022-04-20

申请号：GB202113007

申请日：2020-03-06

Applicant: IBM

Inventor： JONATHAN DAVID BRADBURY ,  CHRISTIAN BORNTRAEGER ,  HEIKO CARSTENS ,  MARTIN SCHWIDEFSKY ,  REINHARD THEODOR BUENDGEN

IPC: G06F12/00 ,  G06F9/455 ,  G06F12/14 ,  G06F21/78 ,  H04L9/08 ,  H04L9/32

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes computing a hash value of a page of memory of a computer system and comparing the hash value with a previously computed hash value of the page. A per-encryption value per page can be used in encrypting the page based on determining that the hash value matches the previously computed hash value. A modified value of the per-encryption value per page can be used in encrypting the page based on determining that the hash value mismatches the previously computed hash value.

公开(公告)号：IL284822D0

公开(公告)日：2021-08-31

申请号：IL28482221

申请日：2021-07-13

Applicant: IBM ,  CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA ,  FADI Y BUSABA ,  JONATHAN D BRADBURY ,  LISA CRANTON HELLER

Inventor： CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA ,  FADI Y BUSABA ,  JONATHAN D BRADBURY ,  LISA CRANTON HELLER

IPC: G06F9/455 ,  G06F21/12 ,  G06F21/51 ,  G06F21/53 ,  G06F21/57 ,  G06F21/62 ,  G06F21/74

Abstract: A method is provided by a secure interface control of a computer that provides a partial instruction interpretation for an instruction which enables an interruption. The secure interface control fetches a program status word or a control register value from a secure guest storage. The secure interface control notifies an untrusted entity of guest interruption mask updates. The untrusted entity is executed on and in communication with hardware of the computer through the secure interface control to support operations of a secure entity executing on the untrusted entity. The secure interface control receives, from the untrusted entity, a request to present a highest priority, enabled guest interruption in response to the notifying of the guest interruption mask updates. The secure interface control moves interruption information into a guest prefix page and injecting the interruption in the secure entity when an injection of the interruption is determined to be valid.

公开(公告)号：GB2595428B

公开(公告)日：2022-04-13

申请号：GB202113915

申请日：2020-02-27

Applicant: IBM

Inventor： FADI BUSABA ,  LISA HELLER ,  JONATHAN BRADBURY ,  CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA

IPC: G06F9/455 ,  G06F21/62

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes executing, by a virtual machine that is executing on a host server, a stream of instructions, wherein an instruction from the stream of instructions is to be intercepted to a hypervisor. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine. The method further includes performing by a secure interface control of the host server, based on a determination that the instruction is not interpretable by the secure interface control itself, extracting one or more parameter data associated with the instruction from the secure virtual machine, and storing the parameter data into a buffer that is accessible by the hypervisor. The instruction is subsequently intercepted into the hypervisor.

公开(公告)号：GB2595428A

公开(公告)日：2021-11-24

申请号：GB202113915

申请日：2020-02-27

Applicant: IBM

Inventor： FADI BUSABA ,  LISA HELLER ,  JONATHAN BRADBURY ,  CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA

IPC: G06F9/455 ,  G06F21/62

Abstract: A computer implemented method is disclosed. The method includes executing, by a virtual machine that is executing on a host server, a stream of instructions, wherein an instruction from the stream of instructions is to be intercepted to a hypervisor. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine. The method further includes performing by a secure interface control of the host server, based on a determination that the instruction is not interpretable by the secure interface control itself, extracting one or more parameter data associated with the instruction from the secure virtual machine, and storing the parameter data into a buffer that is accessible by the hypervisor. The instruction is subsequently intercepted into the hypervisor.

公开(公告)号：IL285161D0

公开(公告)日：2021-09-30

申请号：IL28516121

申请日：2021-07-27

Applicant: IBM ,  REINHARD T BUENDGEN ,  CHRISTIAN BORNTRAEGER ,  JONATHAN D BRADBURY ,  FADI Y BUSABA ,  LISA CRANTON HELLER ,  VIKTOR MIHAJLOVSKI

Inventor： REINHARD T BUENDGEN ,  CHRISTIAN BORNTRAEGER ,  JONATHAN D BRADBURY ,  FADI Y BUSABA ,  LISA CRANTON HELLER ,  VIKTOR MIHAJLOVSKI

IPC: G06F9/4401 ,  G06F9/455 ,  G06F21/57

Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.

公开(公告)号：IL284973D0

公开(公告)日：2021-09-30

申请号：IL28497321

申请日：2021-07-19

Applicant: IBM ,  LISA CRANTON HELLER ,  FADI Y BUSABA ,  JONATHAN D BRADBURY ,  CHRISTIAN BORNTRAEGER ,  UTZ BACHER ,  REINHARD T BUENDGEN

Inventor： LISA CRANTON HELLER ,  FADI Y BUSABA ,  JONATHAN D BRADBURY ,  CHRISTIAN BORNTRAEGER ,  UTZ BACHER ,  REINHARD T BUENDGEN

IPC: G06F9/455 ,  G06F21/74

Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction

公开(公告)号：GB2546609B

公开(公告)日：2019-03-13

申请号：GB201620899

申请日：2016-12-08

Applicant: IBM

Inventor： DOMINIK DINGEL ,  REINHARD THEODOR BUENDGEN ,  CHRISTIAN BORNTRAEGER ,  UTZ BACHER

IPC: G06F9/455 ,  G06F21/53