-
1.发明授权Timer for hardware protection of virtual machine monitor runtime integrity watcher 有权虚拟机监视器运行时完整性监视器的硬件保护计时器公开(公告)号:US08800052B2
公开(公告)日:2014-08-05
申请号:US13539299
申请日:2012-06-29
申请人: Brent Thomas , Shamanna Datta , Scott Durrant , Alberto Munoz
发明人: Brent Thomas , Shamanna Datta , Scott Durrant , Alberto Munoz
CPC分类号: G06F9/45533 , G06F21/554 , G06F21/566 , G06F21/70 , G06F2221/2139
摘要: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. Execution of the VMM runtime integrity watcher is triggered by a timer event generated based on multiple frequency bands.
摘要翻译: 描述了用于虚拟机监视器(VMM)运行时完整性监视器的硬件保护的装置和方法。 一组一个或多个硬件范围寄存器,用于保护存储VMM运行时完整性监视器的连续内存空间。 该组硬件范围寄存器是为了保护VMM运行时完整性监视器在加载到连续的内存空间时被修改。 VMM运行时完整性观察器在执行时,在VMM的运行期间对VMM执行完整性检查。 VMM运行时完整性监视器的执行由基于多个频带生成的定时器事件触发。
-
2.发明申请公开(公告)号:US20140007248A1
公开(公告)日:2014-01-02
申请号:US13539299
申请日:2012-06-29
申请人: Brent Thomas , Shamanna Datta , Scott Durrant , Alberto Munoz
发明人: Brent Thomas , Shamanna Datta , Scott Durrant , Alberto Munoz
IPC分类号: G06F21/70
CPC分类号: G06F9/45533 , G06F21/554 , G06F21/566 , G06F21/70 , G06F2221/2139
摘要: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. Execution of the VMM runtime integrity watcher is triggered by a timer event generated based on multiple frequency bands.
摘要翻译: 描述了用于虚拟机监视器(VMM)运行时完整性监视器的硬件保护的装置和方法。 一组一个或多个硬件范围寄存器,用于保护存储VMM运行时完整性监视器的连续内存空间。 该组硬件范围寄存器用于保护VMM运行时完整性监视器在加载到连续的内存空间时被修改。 VMM运行时完整性观察器在执行时,在VMM的运行期间对VMM执行完整性检查。 VMM运行时完整性监视器的执行由基于多个频带生成的定时器事件触发。
-
公开(公告)号:US20100169599A1
公开(公告)日:2010-07-01
申请号:US12319193
申请日:2008-12-31
申请人: Mahesh Natu , Shamanna Datta
发明人: Mahesh Natu , Shamanna Datta
CPC分类号: G06F12/1433 , G06F21/71
摘要: In some embodiments a Trusted Platform Module (TPM) manages a first flag that identifies whether a secure environment has ever been established. A chipset manages a second flag that identifies that there might have been secrets in memory and a reset or power failure occurred. At least one processor and/or the chipset lock, maintain a lock, and/or unlock a memory in response to the second flag. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,可信平台模块(TPM)管理标识安全环境是否已建立的第一标志。 一个芯片组管理一个第二个标志,标识出可能存在内存中的秘密,并发生复位或电源故障。 响应于第二标志,至少一个处理器和/或芯片组锁定,保持锁定和/或解锁存储器。 描述和要求保护其他实施例。
-
公开(公告)号:US20070192611A1
公开(公告)日:2007-08-16
申请号:US11355697
申请日:2006-02-15
申请人: Shamanna Datta , Mohan Kumar
发明人: Shamanna Datta , Mohan Kumar
IPC分类号: H04L9/00
摘要: A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system.
摘要翻译: 验证固件的技术。 本发明的一个实施例使用处理器的微代码来验证系统的固件,使得固件可以与操作系统一起被包括在可信赖的代码链中。
-
公开(公告)号:US20060224878A1
公开(公告)日:2006-10-05
申请号:US11096832
申请日:2005-03-31
申请人: Shamanna Datta , Vincent Zimmer , Michael Rothman
发明人: Shamanna Datta , Vincent Zimmer , Michael Rothman
IPC分类号: G06F9/00 , G06F12/14 , G06F15/177 , G06F11/30 , H04L9/32
CPC分类号: G06F21/575 , H04L9/3234
摘要: In some embodiments, the invention involves extending trusted computing environments to the boot firmware. In at least one embodiment, the present invention is intended to enable the trusted environment to be extended forward to the pre-boot environment in addition to post-OS load environment. Embodiments of the present invention enable the trusted environment to extend to the firmware at power-on. The firmware is integrated within the secure perimeter which was previously only available to the OS. In other words, the BIOS is made to be a trusted entity, as well as the OS. Extensible firmware interface (EFI) modules are signed with a public key. The processor has an embedded private key. EFI modules are verified using the keys to ensure a trusted environment from boot to OS launch. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及将可信计算环境扩展到引导固件。 在至少一个实施例中,本发明旨在使可信环境除了后OS负载环境之外还能够向前扩展到预引导环境。 本发明的实施例使可信环境能够在上电时扩展到固件。 固件集成在安全周边内,以前只可用于操作系统。 换句话说,BIOS被做成可靠的实体以及操作系统。 可扩展固件接口(EFI)模块使用公共密钥进行签名。 处理器具有嵌入式私钥。 EFI模块使用密钥进行验证,以确保从引导到操作系统启动的受信任环境。 描述和要求保护其他实施例。
-
公开(公告)号:US08392985B2
公开(公告)日:2013-03-05
申请号:US12319193
申请日:2008-12-31
申请人: Mahesh Natu , Shamanna Datta
发明人: Mahesh Natu , Shamanna Datta
IPC分类号: H04L29/06
CPC分类号: G06F12/1433 , G06F21/71
摘要: In some embodiments a Trusted Platform Module (TPM) manages a first flag that identifies whether a secure environment has ever been established. A chipset manages a second flag that identifies that there might have been secrets in memory and a reset or power failure occurred. At least one processor and/or the chipset lock, maintain a lock, and/or unlock a memory in response to the second flag. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,可信平台模块(TPM)管理标识安全环境是否已建立的第一标志。 一个芯片组管理一个第二个标志,标识出可能存在内存中的秘密,并发生复位或电源故障。 响应于第二标志,至少一个处理器和/或芯片组锁定,保持锁定和/或解锁存储器。 描述和要求保护其他实施例。
-
7.发明申请System and method for limiting exposure of hardware failure information for a secured execution environment 有权用于限制安全执行环境的硬件故障信息暴露的系统和方法公开(公告)号:US20060075312A1
公开(公告)日:2006-04-06
申请号:US10956322
申请日:2004-09-30
申请人: Stephen Fischer , Shamanna Datta
发明人: Stephen Fischer , Shamanna Datta
IPC分类号: G06F11/00
CPC分类号: G06F21/74 , G06F2221/2101
摘要: A method and apparatus for limiting the exposure of hardware failure information is described. In one embodiment, an error reporting system of a processor may log various status and error address data into registers that retain their contents through a warm reset event. But the error reporting system of the processor may then determine whether the processor is operating in a trusted or secure mode. If not, then the processor's architectural state variables may also be logged into registers. But if the processor is operating in a trusted or secure mode, then the logging of the architectural state variables may be inhibited, or flagged as invalid.
摘要翻译: 描述了用于限制硬件故障信息的暴露的方法和装置。 在一个实施例中,处理器的错误报告系统可以将各种状态和错误地址数据记录到通过热复位事件保留其内容的寄存器中。 但是处理器的错误报告系统然后可以确定处理器是否以可信任或安全模式操作。 如果没有,则处理器的体系结构状态变量也可能被记录到寄存器中。 但是,如果处理器以可信任或安全模式运行,则可能会禁止对架构状态变量的日志记录或标记为无效。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.018 秒)
