公开(公告)号：GB2596012B

公开(公告)日：2023-01-11

申请号：GB202113069

申请日：2020-03-06

Applicant: IBM

Inventor： JONATHAN BRADBURY ,  MARTIN SCHWIDEFSKY ,  CHRISTIAN BORNTRAEGER ,  LISA CRANTON HELLER ,  HEIKO CARSTENS ,  FADI BUSABA

IPC: G06F21/60 ,  G06F12/14

Abstract: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity accesses a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.

公开(公告)号：GB2596012A

公开(公告)日：2021-12-15

申请号：GB202113069

申请日：2020-03-06

Applicant: IBM

Inventor： JONATHAN BRADBURY ,  MARTIN SCHWIDEFSKY ,  CHRISTIAN BORNTRAEGER ,  LISA CRANTON HELLER ,  HEIKO CARSTENS ,  FADI BUSABA

IPC: G06F21/57

Abstract: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity access a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.

公开(公告)号：IL285065D0

公开(公告)日：2021-09-30

申请号：IL28506521

申请日：2021-07-22

Applicant: IBM ,  LISA CRANTON HELLER ,  FADI Y BUSABA ,  JONATHAN D BRADBURY

Inventor： LISA CRANTON HELLER ,  FADI Y BUSABA ,  JONATHAN D BRADBURY

IPC: G06F9/455 ,  G06F12/1009 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  H04L29/06

Abstract: A method is provided. A secure interface control in communication with an untrusted entity perform the method. In this regard, the secure interface control implements an initialization instruction to set donated storage as secure. The implementing of the initialization instruction is responsive to an instruction call issued from the untrusted entity.

公开(公告)号：GB2539600B

公开(公告)日：2017-04-19

申请号：GB201616861

申请日：2015-03-06

Applicant: IBM

Inventor： LISA CRANTON HELLER ,  FADI YUSUF BUSABA ,  MARK FARRELL

IPC: G06F9/48

Abstract: According to one aspect, a computer system includes a configuration with a machine enabled to operate in a single thread (ST) mode and a multithreading (MT) mode. In addition, the machine includes physical threads. The machine is configured to perform a method that includes executing a guest entity on the core in MT mode. The guest entity includes all or a portion of a guest VM, and a plurality of logical threads executing on the physical threads. An exit event is detected at the machine. Based on detecting the exit event, the machine waits until all of the logical threads that are currently executing on the physical threads have reached a synchronization point. A state that includes exit reason information is saved for each of the logical threads and the execution of a host is initiated in the ST mode on one of the physical threads.

公开(公告)号：GB2596242B

公开(公告)日：2022-12-07

申请号：GB202112700

申请日：2020-03-02

Applicant: IBM

Inventor： LISA CRANTON HELLER ,  FADI YUSUF BUSABA ,  JONATHAN BRADBURY

IPC: G06F21/79

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes enabling, by a secure interface control of a computer system, a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear. The secure interface control can verify that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page. The secure interface control can provide a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page.

公开(公告)号：GB2539600A

公开(公告)日：2016-12-21

申请号：GB201616861

申请日：2015-03-06

Applicant: IBM

Inventor： LISA CRANTON HELLER ,  FADI YUSUF BUSABA ,  MARK FARRELL

IPC: G06F9/48

Abstract: According to one aspect, a computer system includes a configuration with a machine enabled to operate in a single thread (ST) mode and a multithreading (MT) mode. In addition, the machine includes physical threads. The machine is configured to perform a method that includes executing a guest entity on the core in MT mode. The guest entity includes all or a portion of a guest VM, and a plurality of logical threads executing on the physical threads. An exit event is detected at the machine. Based on detecting the exit event, the machine waits until all of the logical threads that are currently executing on the physical threads have reached a synchronization point. A state that includes exit reason information is saved for each of the logical threads and the execution of a host is initiated in the ST mode on one of the physical threads.

公开(公告)号：MX2016012531A

公开(公告)日：2016-12-20

申请号：MX2016012531

申请日：2015-03-16

Applicant: IBM

Inventor： GREINER DAN ,  SCHMIDT DONALD WILLIAM ,  OSISEK DAMIAN LEO ,  GAINEY JR CHARLES ,  FADI YUSUF BUSABA ,  MARK FARRELL ,  JEFFREY PAUL KUBALA ,  JONATHAN DAVID BRADBURY ,  LISA CRANTON HELLER ,  TIMOTHY SLEGEL

IPC: G06F9/455 ,  G06F9/50

Abstract: Un sistema de computadora incluye una configuración de máquina virtual (VM) con uno o más núcleos. Cada núcleo se hablita para operar en un modo de subprocesamiento individual (ST) o un modo de subprocesamiento múltiple (MT). El modo ST consiste de un subproceso individual y el modo MT consiste de una pluralidad de subprocesos en recursos compartidos de un núcleo respectivo. El sistema de computadora incluye un área de control de sistema orientada al núcleo (COSCA) que tiene un área común que representa todos los núcleos de la configuración de VM y áreas de descripción de núcleo separadas para cada uno de los núcleos en la configuración de VM. Cada área de descripción de núcleo indica una ubicación de una o más áreas de descripción de subproceso cada una que representa un subproceso dentro del núcleo respectivo, y cada área de descripción de subproceso indica una ubicación de una descripción de estado del subproceso respectivo.

公开(公告)号：GB2596242A

公开(公告)日：2021-12-22

申请号：GB202112700

申请日：2020-03-02

Applicant: IBM

Inventor： LISA CRANTON HELLER ,  FADI YUSUF BUSABA ,  JONATHAN BRADBURY

IPC: G06F21/79

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes enabling, by a secure interface control of a computer system, a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear. The secure interface control can verify that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page. The secure interface control can provide a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page.

公开(公告)号：IL285013D0

公开(公告)日：2021-09-30

申请号：IL28501321

申请日：2021-07-20

Applicant: IBM ,  JONATHAN D BRADBURY ,  LISA CRANTON HELLER ,  UTZ BACHER ,  FADI Y BUSABA

Inventor： JONATHAN D BRADBURY ,  LISA CRANTON HELLER ,  UTZ BACHER ,  FADI Y BUSABA

IPC: G06F9/455 ,  G06F12/14 ,  G06F21/62 ,  G06F21/78

Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.

公开(公告)号：IL284851D0

公开(公告)日：2021-08-31

申请号：IL28485121

申请日：2021-07-14

Applicant: IBM ,  FADI Y BUSABA ,  LISA CRANTON HELLER

Inventor： FADI Y BUSABA ,  LISA CRANTON HELLER

IPC: G06F9/455 ,  G06F21/12 ,  G06F21/51 ,  G06F21/53 ,  G06F21/62 ,  G06F21/74

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine by determining, by a secure interface control of the host server, a security mode of the virtual machine. Based on the security mode being a first mode, the secure interface control loads a virtual machine state from a first state descriptor, which is stored in a non-secure portion of memory. Based on the security mode being a second mode, the secure interface control loads the virtual machine state from a second state descriptor, which is stored in a secure portion of the memory.