公开(公告)号：US20160299851A1

公开(公告)日：2016-10-13

申请号：US14798483

申请日：2015-07-14

Applicant: VMWARE, INC.

Inventor： James S. Mattson, JR. ,  Rakesh Agarwal ,  Alok Nemchand Kataria ,  Wei Xu ,  Frederick Joseph Jacobs

IPC: G06F12/10

CPC classification number: G06F12/145 ,  G06F9/45558 ,  G06F21/78 ,  G06F2009/45587 ,  G06F2212/1052 ,  G06F2212/151

Abstract: A hypervisor provides a guest operating system with a plurality of protection domains, including a root protection domain and one or more secure protection domains, and mechanisms for controlling the transitions between the protection domains. The guest physical memory region of a secure protection domain, which is mapped to host physical memory by secure nested page tables, stores secure guest code and data, and guest page tables for the secure guest code. When executing secure guest code, the guest page tables stored in the secure protection domain region are used for guest virtual to guest physical address translations, and the secure nested page tables are used for guest physical to host physical address translations.

Abstract translation: 管理程序为客户机操作系统提供了多个保护域，包括根保护域和一个或多个安全保护域，以及用于控制保护域之间转换的机制。 通过安全嵌套页面表映射到主机物理内存的安全保护域的访客物理内存区域存储安全访客代码和数据，以及安全访客代码的访客页面表。 当执行安全访客代码时，存储在安全保护域区域中的访客页面表用于访客虚拟客户物理地址转换，并且安全嵌套页面表用于访客物理主机物理地址转换。