公开(公告)号：US20180004954A1

公开(公告)日：2018-01-04

申请号：US15199479

申请日：2016-06-30

Applicant: Amazon Technologies, Inc.

Inventor： ANTHONY NICHOLAS LIGUORI ,  BARAK WASSERSTROM

IPC: G06F21/57 ,  H04L9/32 ,  H04L9/30 ,  G06F9/455 ,  G06F9/44 ,  H04L9/06 ,  H04L9/00 ,  H04L9/08 ,  H04L29/06 ,  H04L9/14

CPC classification number: G06F21/575 ,  G06F9/4405 ,  G06F9/4416 ,  G06F9/455 ,  G06F9/45558 ,  G06F2009/45575 ,  G06F2221/034 ,  H04L9/006 ,  H04L9/0643 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/302 ,  H04L9/3239 ,  H04L9/3249 ,  H04L9/3263 ,  H04L63/0823

Abstract: A multi-phase boot operation of a virtualization manager at a virtualization host is initiated at an offload card. In a first phase of the boot, a security key stored in a tamper-resistant location of the offload card is used. In a second phase, firmware programs are measured using a security module, and a first version of a virtualization coordinator is instantiated at the offload card. The first version of the virtualization coordinator obtains a different version of the virtualization coordinator and launches the different version at the offload card. Other components of the virtualization manager (such as various hypervisor components that do not run at the offload card) are launched by the different version of the virtualization controller.