-
公开(公告)号:DE112020000289T5
公开(公告)日:2021-10-14
申请号:DE112020000289
申请日:2020-03-06
Applicant: IBM
Inventor: BACHER UTZ , BUENDGEN REINHARD , BRADBURY JONATHAN , HELLER LISA , BUSABA FADI
IPC: G06F9/455
Abstract: Gemäß einer oder mehreren Ausführungsformen der vorliegenden Erfindung umfasst ein durch einen Computer umgesetztes Verfahren ein Empfangen einer Abfrage für eine Speichermenge im Arbeitsspeicher eines Computersystems, die einer sicheren Schnittstellensteuerung des Computersystems überlassen werden soll. Die sichere Schnittstellensteuerung kann die zu überlassende Speichermenge auf Grundlage einer Mehrzahl von sicheren Entitäten bestimmen, die durch die sichere Schnittstellensteuerung als eine Mehrzahl von vorbestimmten Werten unterstützt werden. Die sichere Schnittstellensteuerung kann eine Antwort auf die Abfrage, die für die Speichermenge indikativ ist, als Antwort auf die Abfrage zurückgeben. Eine Überlassung von zu sicherndem Speicher zur Verwendung durch die sichere Schnittstellensteuerung kann auf Grundlage der Antwort auf die Abfrage empfangen werden.
-
公开(公告)号:SG11202105431VA
公开(公告)日:2021-06-29
申请号:SG11202105431V
申请日:2020-03-02
Applicant: IBM
Inventor: BUSABA FADI , HELLER LISA , BRADBURY JONATHAN
Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a secure access request for a secure page of memory at a secure interface control of a computer system. The secure interface control can check a disable virtual address compare state associated with the secure page. The secure interface control can disable a virtual address check in accessing the secure page to support mapping of a plurality of virtual addresses to a same absolute address to the secure page based on the disable virtual address compare state being set and/or to support secure pages that are accessed using an absolute address and do not have an associated virtual address.
-
公开(公告)号:AU2020234887A1
公开(公告)日:2021-06-17
申请号:AU2020234887
申请日:2020-02-28
Applicant: IBM
Inventor: BUSABA FADI , HELLER LISA
Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine by determining, by a secure interface control of the host server, a security mode of the virtual machine. Based on the security mode being a first mode, the secure interface control loads a virtual machine state from a first state descriptor, which is stored in a non-secure portion of memory. Based on the security mode being a second mode, the secure interface control loads the virtual machine state from a second state descriptor, which is stored in a secure portion of the memory.
-
公开(公告)号:CA3132781A1
公开(公告)日:2020-09-17
申请号:CA3132781
申请日:2020-03-02
Applicant: IBM
Inventor: BRADBURY JONATHAN , HELLER LISA CRANTON , BACHER UTZ , BUSABA FADI
Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure- storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.
-
公开(公告)号:SG11202105419PA
公开(公告)日:2021-06-29
申请号:SG11202105419P
申请日:2020-03-02
Applicant: IBM
Inventor: BRADBURY JONATHAN , HELLER LISA , BACHER UTZ , BUSABA FADI
Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.
-
Patent Agency Ranking
公开(公告)号:SG11202105418YA
公开(公告)日:2021-06-29
申请号:SG11202105418Y
申请日:2020-02-26
Applicant: IBM
Inventor: HELLER LISA , BUSABA FADI , BRADBURY JONATHAN , BORNTRAEGER CHRISTIAN , BACHER UTZ , BUENDGEN REINHARD
Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction
-
公开(公告)号:AU2020236629A1
公开(公告)日:2021-06-10
申请号:AU2020236629
申请日:2020-02-17
Applicant: IBM
Inventor: BUENDGEN REINHARD , BORNTRAEGER CHRISTIAN , BRADBURY JONATHAN , BUSABA FADI , HELLER LISA , MIHAJLOVSKI VIKTOR
Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.
-
公开(公告)号:CA3132760A1
公开(公告)日:2020-09-17
申请号:CA3132760
申请日:2020-02-27
Applicant: IBM
Inventor: IMBRENDA CLAUDIO , BUSABA FADI , HELLER LISA , BRADBURY JONATHAN
IPC: G06F9/455
Abstract: According to one or more embodiments of the present invention, a computer implemented method includes initiating, by a non-secure entity that is executing on a host server, a secure entity, the non-secure entity prohibited from directly accessing any data of the secure entity. The method further includes injecting, into the secure entity, an interrupt that is generated by the host server. The injecting includes adding, by the non-secure entity, information about the interrupt into a portion of non-secure storage, which is then associated with the secure entity. The injecting further includes injecting, by a secure interface control of the host server, the interrupt into the secure entity.
-
公开(公告)号:CA3132757A1
公开(公告)日:2020-09-17
申请号:CA3132757
申请日:2020-03-06
Applicant: IBM
Inventor: HELLER LISA , BUSABA FADI , BRADBURY JONATHAN
IPC: G06F12/14
Abstract: A method is provided. A secure interface control in communication with an untrusted entity perform the method. In this regard, the secure interface control implements an initialization instruction to set donated storage as secure. The implementing of the initialization instruction is responsive to an instruction call issued from the untrusted entity.
-
公开(公告)号:CA3132753A1
公开(公告)日:2020-09-17
申请号:CA3132753
申请日:2020-02-26
Applicant: IBM
Inventor: HELLER LISA , BUSABA FADI , BRADBURY JONATHAN , BORNTRAEGER CHRISTIAN , BACHER UTZ , BUENDGEN REINHARD
Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/ In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction
-
-
-
-
-
-
-
-
-
Search Results
35
records
(took 0.027 seconds)
