摘要:
Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
摘要:
A method comprises filtering branch trap events at a branch event filter, monitoring a branch event filter to capture indirect branch trap events that cause a control flow trap exception, receiving the indirect branch trap events at a handler and the handler processing the indirect branch trap events.
摘要:
A processing core comprising instruction execution logic circuitry and register space. The register space to be loaded from a VMCS, commensurate with a VM entry, with information indicating whether a service provided by the processing core on behalf of the VMM is enabled. The instruction execution logic to, in response to guest software invoking an instruction: refer to the register space to confirm that the service has been enabled, and, refer to second register space or memory space to fetch input parameters for said service written by said guest software.
摘要:
Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.
摘要:
Embodiments of apparatuses, methods, and systems for controlling virtual machines based on activity state are disclosed. In one embodiment, an apparatus includes virtual machine entry logic and activity state evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The activity state evaluation logic is to determine whether the activity state of the guest would be inactive upon receiving control.
摘要:
In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
摘要:
Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.
摘要:
Technologies for shadow stack support for legacy guests include a computing device having a processor with shadow stack support. During execution of a call instruction, the processor determines whether a legacy stack pointer is within bounds and generates a virtual machine exit if the legacy stack pointer is out-of-bounds. If not out-of-bounds, the processor pushes a return address onto the legacy stack and onto a shadow stack protected by a hypervisor. During execution of a return instruction, the processor determines whether top return addresses of the legacy stack and the shadow stack match, and generates a virtual machine exit if the return addresses do not match. If the return addresses match, the processor pops the return addresses off of the legacy stack and off of the shadow stack. The stack out-of-bounds and the stack mismatch virtual machine exits may be handled by the hypervisor. Other embodiments are described and claimed.
摘要:
A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.
摘要:
Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.