公开(公告)号：IL285225D0

公开(公告)日：2021-09-30

申请号：IL28522521

申请日：2021-07-29

Applicant: IBM ,  VIKTOR MIHAJLOVSKI ,  CLAUDIO IMBRENDA

Inventor： VIKTOR MIHAJLOVSKI ,  CLAUDIO IMBRENDA

IPC: G06F9/455 ,  G06F21/53

Abstract: A method for starting a secure guest includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine (VM) on the host server. The VM is dispatched on the host server by the hypervisor. The VM includes a reboot instruction. The reboot instruction is triggered by the hypervisor to restart the VM in a secure mode.

公开(公告)号：IL284822D0

公开(公告)日：2021-08-31

申请号：IL28482221

申请日：2021-07-13

Applicant: IBM ,  CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA ,  FADI Y BUSABA ,  JONATHAN D BRADBURY ,  LISA CRANTON HELLER

Inventor： CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA ,  FADI Y BUSABA ,  JONATHAN D BRADBURY ,  LISA CRANTON HELLER

IPC: G06F9/455 ,  G06F21/12 ,  G06F21/51 ,  G06F21/53 ,  G06F21/57 ,  G06F21/62 ,  G06F21/74

Abstract: A method is provided by a secure interface control of a computer that provides a partial instruction interpretation for an instruction which enables an interruption. The secure interface control fetches a program status word or a control register value from a secure guest storage. The secure interface control notifies an untrusted entity of guest interruption mask updates. The untrusted entity is executed on and in communication with hardware of the computer through the secure interface control to support operations of a secure entity executing on the untrusted entity. The secure interface control receives, from the untrusted entity, a request to present a highest priority, enabled guest interruption in response to the notifying of the guest interruption mask updates. The secure interface control moves interruption information into a guest prefix page and injecting the interruption in the secure entity when an injection of the interruption is determined to be valid.

公开(公告)号：BR112021017782B1

公开(公告)日：2022-08-30

申请号：BR112021017782

申请日：2020-03-06

Applicant: IBM

Inventor： VIKTOR MIHAJLOVSKI ,  CLAUDIO IMBRENDA

IPC: G06F9/455 ,  G06F21/53 ,  G06F21/62 ,  H04L9/32

Abstract: INICIANDO UM CONVIDADO SEGURO USANDO UM MECANISMO DE CARGA DE PROGRAMA INICIAL. Um método para iniciar um convidado seguro inclui receber, por um hipervisor que está executando em um servidor host, uma solicitação para despachar uma máquina virtual (VM) no servidor host. A VM é despachada no servidor host pelo hipervisor. A VM inclui uma instrução de reinicialização. A instrução de reinicialização é acionada pelo hipervisor para reiniciar a VM em um modo seguro.

公开(公告)号：GB2595428B

公开(公告)日：2022-04-13

申请号：GB202113915

申请日：2020-02-27

Applicant: IBM

Inventor： FADI BUSABA ,  LISA HELLER ,  JONATHAN BRADBURY ,  CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA

IPC: G06F9/455 ,  G06F21/62

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes executing, by a virtual machine that is executing on a host server, a stream of instructions, wherein an instruction from the stream of instructions is to be intercepted to a hypervisor. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine. The method further includes performing by a secure interface control of the host server, based on a determination that the instruction is not interpretable by the secure interface control itself, extracting one or more parameter data associated with the instruction from the secure virtual machine, and storing the parameter data into a buffer that is accessible by the hypervisor. The instruction is subsequently intercepted into the hypervisor.

公开(公告)号：GB2595428A

公开(公告)日：2021-11-24

申请号：GB202113915

申请日：2020-02-27

Applicant: IBM

Inventor： FADI BUSABA ,  LISA HELLER ,  JONATHAN BRADBURY ,  CHRISTIAN BORNTRAEGER ,  CLAUDIO IMBRENDA

IPC: G06F9/455 ,  G06F21/62

Abstract: A computer implemented method is disclosed. The method includes executing, by a virtual machine that is executing on a host server, a stream of instructions, wherein an instruction from the stream of instructions is to be intercepted to a hypervisor. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine. The method further includes performing by a secure interface control of the host server, based on a determination that the instruction is not interpretable by the secure interface control itself, extracting one or more parameter data associated with the instruction from the secure virtual machine, and storing the parameter data into a buffer that is accessible by the hypervisor. The instruction is subsequently intercepted into the hypervisor.

公开(公告)号：IL284903D0

公开(公告)日：2021-08-31

申请号：IL28490321

申请日：2021-07-15

Applicant: IBM ,  CLAUDIO IMBRENDA ,  FADI Y BUSABA ,  LISA CRANTON HELLER ,  JONATHAN D BRADBURY

Inventor： CLAUDIO IMBRENDA ,  FADI Y BUSABA ,  LISA CRANTON HELLER ,  JONATHAN D BRADBURY

IPC: G06F9/38 ,  G06F9/455 ,  G06F9/48

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes initiating, by a non-secure entity that is executing on a host server, a secure entity, the non-secure entity prohibited from directly accessing any data of the secure entity. The method further includes injecting, into the secure entity, an interrupt that is generated by the host server. The injecting includes adding, by the non-secure entity, information about the interrupt into a portion of non-secure storage, which is then associated with the secure entity. The injecting further includes injecting, by a secure interface control of the host server, the interrupt into the secure entity.