公开(公告)号：US07340582B2

公开(公告)日：2008-03-04

申请号：US10956630

申请日：2004-09-30

Applicant: Rajesh Madukkarumukumana ,  Ioannis Schoinas ,  Ku-jei King ,  Balaji Vembu ,  Gilbert Neiger ,  Richard Uhlig

Inventor： Rajesh Madukkarumukumana ,  Ioannis Schoinas ,  Ku-jei King ,  Balaji Vembu ,  Gilbert Neiger ,  Richard Uhlig

IPC: G06F12/00 ,  G06F13/00

CPC classification number: G06F11/0712 ,  G06F11/073 ,  G06F11/0745 ,  G06F11/0793 ,  G06F12/1081

Abstract: An embodiment of the present invention is a technique to process faults in a direct memory access address translation. A register set stores global control or status information for fault processing of a fault generated by an input/output (I/O) transaction requested by an I/O device. An address translation structure translates a guest physical address to a host physical address. The guest physical address corresponds to the I/O transaction and is mapped to a domain. The address translation structure has at least an entry associated with the domain and domain-specific control information for the fault processing.

Abstract translation: 本发明的一个实施例是一种在直接存储器访问地址转换中处理故障的技术。 寄存器组存储由I / O设备请求的输入/输出（I / O）事务产生的故障的故障处理的全局控制或状态信息。 地址转换结构将访客物理地址转换为主机物理地址。 访客物理地址对应于I / O事务，并映射到域。 地址转换结构至少具有与域相关联的条目和用于故障处理的特定于域的控制信息。

公开(公告)号：US20070192577A1

公开(公告)日：2007-08-16

申请号：US11340181

申请日：2006-01-24

Applicant: Michael Kozuch ,  James Sutton ,  David Grawrock ,  Gilbert Neiger ,  Richard Uhlig ,  Bradley Burgess ,  David Poisner ,  Clifford Hall ,  Andy Glew ,  Lawrence Smith ,  Robert George

Inventor： Michael Kozuch ,  James Sutton ,  David Grawrock ,  Gilbert Neiger ,  Richard Uhlig ,  Bradley Burgess ,  David Poisner ,  Clifford Hall ,  Andy Glew ,  Lawrence Smith ,  Robert George

IPC: G06F15/177

CPC classification number: G06F21/57

Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

Abstract translation: 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收到的负载安全区域指令。 否则，响应于接收到的负载安全区域指令，引导存储器保护元件以形成安全存储器环境。 一旦定向，就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后，一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储，外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。

公开(公告)号：US07254707B2

公开(公告)日：2007-08-07

申请号：US11203538

申请日：2005-08-12

Applicant: Howard C. Herbert ,  David W. Grawrock ,  Carl M. Ellison ,  Roger A. Golliver ,  Derrick C. Lin ,  Francis X. McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James A. Sutton ,  Shreekant S. Thakkar ,  Millind Mittal

Inventor： Howard C. Herbert ,  David W. Grawrock ,  Carl M. Ellison ,  Roger A. Golliver ,  Derrick C. Lin ,  Francis X. McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James A. Sutton ,  Shreekant S. Thakkar ,  Millind Mittal

IPC: H04L9/00

CPC classification number: G06F21/305 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/35 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

Abstract: In one embodiment, a method of attestation involves a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing one or more software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving an attestation request. Then, the retrieved audit log is digitally signed to produce a digital signature in response to the attestation request.

Abstract translation: 在一个实施例中，认证方法涉及特殊的操作模式。 该方法包括将审核日志存储在平台的受保护的存储器内。 审计日志是表示加载到平台中的一个或多个软件模块的数据列表。 响应于接收到认证请求，从受保护的存储器检索审核日志。 然后，检索的审核日志被数字签名以响应于认证请求产生数字签名。

公开(公告)号：US20070157198A1

公开(公告)日：2007-07-05

申请号：US11323374

申请日：2005-12-30

Applicant: Steven Bennett ,  Andrew Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard Uhlig ,  Lawrence Smith ,  Barry Huntley

Inventor： Steven Bennett ,  Andrew Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard Uhlig ,  Lawrence Smith ,  Barry Huntley

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45566

Abstract: Embodiments of apparatuses, methods, and systems for processing interrupts in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a recognition logic, window logic, and evaluation logic. The event logic is to recognize an interrupt request. The window logic is to determine whether an interrupt window is open. The evaluation logic is to determine whether to transfer control to one of at least two virtual machine monitors in response to the interrupt request if the interrupt window is open.

Abstract translation: 公开了用于处理分层虚拟化架构中的中断的装置，方法和系统的实施例。 在一个实施例中，装置包括识别逻辑，窗口逻辑和评估逻辑。 事件逻辑是识别一个中断请求。 窗口逻辑是确定中断窗口是否打开。 如果中断窗口打开，则评估逻辑是确定是否将响应于中断请求的控制转移到至少两个虚拟机监视器之一。

公开(公告)号：US20070157197A1

公开(公告)日：2007-07-05

申请号：US11323114

申请日：2005-12-30

Applicant: Gilbert Neiger ,  Rajesh Madukkarumukumana ,  Richard Uhlig ,  Udo Steinberg ,  Sebastian Schoenberg ,  Sridhar Muthrasanallur ,  Steven Bennett ,  Andrew Anderson ,  Erik Cota-Robles

Inventor： Gilbert Neiger ,  Rajesh Madukkarumukumana ,  Richard Uhlig ,  Udo Steinberg ,  Sebastian Schoenberg ,  Sridhar Muthrasanallur ,  Steven Bennett ,  Andrew Anderson ,  Erik Cota-Robles

IPC: G06F9/455

CPC classification number: G06F13/24 ,  G06F9/45533 ,  G06F9/4812

Abstract: Embodiments of apparatuses, methods, and systems for delivering an interrupt to a virtual processor are disclosed. In one embodiment, an apparatus includes an interface to receive an interrupt request, delivery logic, and exit logic. The delivery logic is to determine, based on an attribute of the interrupt request, whether the interrupt request is to be delivered to the virtual processor. The exit logic is to transfer control to a host if the delivery logic determines that the interrupt request is not to be delivered to the virtual processor.

Abstract translation: 公开了用于向虚拟处理器递送中断的装置，方法和系统的实施例。 在一个实施例中，装置包括用于接收中断请求，传递逻辑和退出逻辑的接口。 交付逻辑是基于中断请求的属性来确定中断请求是否被传送到虚拟处理器。 如果传递逻辑确定中断请求不被传送到虚拟处理器，则出口逻辑是将控制传送到主机。

公开(公告)号：US07237051B2

公开(公告)日：2007-06-26

申请号：US10676887

申请日：2003-09-30

Applicant: Steven M. Bennett ,  Erik Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Gilbert Neiger ,  Richard Uhlig

Inventor： Steven M. Bennett ,  Erik Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Gilbert Neiger ,  Richard Uhlig

IPC: G06F9/46

CPC classification number: G06F9/4812 ,  G06F9/45533

Abstract: In one embodiment, a method includes recognizing an interrupt pending during an operation of guest software, determining that the interrupt is to cause a transition of control to a virtual machine monitor (VMM), determining whether the interrupt is to be acknowledged prior to the transition of control to the VMM, and if the interrupt is to be acknowledged, acknowledging the interrupt and transitioning control to the VMM.

Abstract translation: 在一个实施例中，一种方法包括在访客软件的操作期间识别中断等待，确定该中断将导致对虚拟机监视器（VMM）的控制转换，确定在转换之前中断是否被确认 控制到VMM，如果要确认中断，确认中断并将控制转换到VMM。

公开(公告)号：US20070028238A1

公开(公告)日：2007-02-01

申请号：US11191827

申请日：2005-07-27

Applicant: Steven Bennett ,  Andrew Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard Uhlig ,  Lawrence Smith ,  Barry Huntley

Inventor： Steven Bennett ,  Andrew Anderson ,  Gilbert Neiger ,  Dion Rodgers ,  Richard Uhlig ,  Lawrence Smith ,  Barry Huntley

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/3861 ,  G06F9/45545 ,  G06F9/4555 ,  G06F9/45558 ,  G06F9/4812 ,  G06F9/542 ,  G06F13/24 ,  G06F2009/45566

Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.

Abstract translation: 公开了在分层虚拟化架构中处理虚拟化事件的装置和方法的实施例。 在一个实施例中，装置包括事件逻辑和评估逻辑。 事件逻辑是识别虚拟化事件。 评估逻辑是为了响应于虚拟化事件来确定是否将控制从子客户端传送到父访客。

公开(公告)号：US20070006230A1

公开(公告)日：2007-01-04

申请号：US11173312

申请日：2005-06-30

Applicant: Gilbert Neiger ,  Richard Uhlig ,  Dion Rodgers ,  Jason Brandt ,  Rajesh Parthasarathy

Inventor： Gilbert Neiger ,  Richard Uhlig ,  Dion Rodgers ,  Jason Brandt ,  Rajesh Parthasarathy

IPC: G06F9/46

CPC classification number: G06F9/45533

Abstract: Embodiments of apparatuses and methods for guest processes to access registers are disclosed. In one embodiment, an apparatus includes an interface to a first register, shadow logic, evaluation logic, and exit logic. The shadow logic is to, in response to a guest attempt to write data to the first register, cause the data to be written to a second register. The evaluation logic is to determine, based on the value of the data, whether to transfer control to a host in response to the guest attempt. The exit logic is to transfer control to the host after the data is written to the second register if the evaluation logic determines to transfer control.

Abstract translation: 公开了访问进程访问寄存器的装置和方法的实施例。 在一个实施例中，装置包括到第一寄存器，影子逻辑，评估逻辑和退出逻辑的接口。 影子逻辑是为了响应客人尝试向第一寄存器写入数据，使数据被写入第二寄存器。 评估逻辑是基于数据的值来确定是否将控制转移给主机以响应客人尝试。 如果评估逻辑确定传输控制，则退出逻辑是在将数据写入第二寄存器之后将控制传送到主机。

公开(公告)号：US07127548B2

公开(公告)日：2006-10-24

申请号：US10124641

申请日：2002-04-16

Applicant: Steve Bennett ,  Andrew V. Anderson ,  Erik Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Gilbert Neiger ,  Richard Uhlig ,  Michael A. Kozuch

Inventor： Steve Bennett ,  Andrew V. Anderson ,  Erik Cota-Robles ,  Stalinselvaraj Jeyasingh ,  Alain Kagi ,  Gilbert Neiger ,  Richard Uhlig ,  Michael A. Kozuch

IPC: G06F12/00

CPC classification number: G06F9/45533 ,  G06F9/468

Abstract: In one embodiment, a command pertaining to one or more portions of a register is received from guest software. Further, a determination is made as to whether the guest software has access to all of the requested portions of the register based on indicators within a mask field that correspond to the requested portions of the register. If the guest software has access to all of the requested portions of the register, the command received from the guest software is executed on the requested portions of the register.

公开(公告)号：US07111176B1

公开(公告)日：2006-09-19

申请号：US09538954

申请日：2000-03-31

Applicant: Carl M. Ellison ,  Roger A. Golliver ,  Howard C. Herbert ,  Derrick C. Lin ,  Francis X. McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James A. Sutton ,  Shreekant S. Thakkar ,  Millind Mittal

Inventor： Carl M. Ellison ,  Roger A. Golliver ,  Howard C. Herbert ,  Derrick C. Lin ,  Francis X. McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James A. Sutton ,  Shreekant S. Thakkar ,  Millind Mittal

IPC: G06F17/00

CPC classification number: G06F12/1491 ,  G06F21/71 ,  G06F2221/2105

Abstract: The present invention is a method and apparatus to generates an isolated bus cycle for a transaction in a processor. A configuration storage contains configuration parameters to configure a processor in one of a normal execution mode and an isolated execution mode. An access generator circuit generates an isolated access signal using at least one of the isolated area parameters and access information in the transaction. The isolated access signal is asserted when the processor is configured in the isolated execution mode. A bus cycle decoder generates an isolated bus cycle corresponding to a destination in the transaction using the asserted isolated access signal and the access information.

Abstract translation: 本发明是一种用于为处理器中的事务生成隔离总线周期的方法和装置。 配置存储包含用于将处理器配置为正常执行模式和隔离执行模式之一的配置参数。 访问发生器电路使用交易中的隔离区域参数和访问信息中的至少一个来生成隔离访问信号。 当处理器配置为隔离执行模式时，隔离访问信号被断言。 总线周期解码器使用断言的隔离访问信号和访问信息来生成对应于交易中的目的地的隔离总线周期。