公开(公告)号：US20210397698A1

公开(公告)日：2021-12-23

申请号：US16905652

申请日：2020-06-18

Applicant: VMware, Inc.

Inventor： Ye LI ,  David OTT ,  Cyprien LAPLACE ,  Alexander FAINKICHEN ,  Shruthi HIRIYURU

IPC: G06F21/53 ,  G06F21/57 ,  G06F21/60 ,  G06F9/455 ,  H04L9/08 ,  H04L9/32

Abstract: System and method for performing a remote attestation for creation of a trusted execution environment (TEE) using a virtual secure enclave device running in a virtualized environment utilizes a trusted bootloader appliance in a TEE virtual computing instance, which is created in response to a request for a TEE from a software process running in the system. The trusted bootloader appliance manages the provisioning of a TEE in the TEE virtual computing instance for the software process. The remote attestation includes performing a first stage attestation on the trusted bootloader appliance by a hardware platform of the computer system and performing a second stage attestation on the provisioned TEE by the trusted bootloader appliance.

公开(公告)号：US20210224089A1

公开(公告)日：2021-07-22

申请号：US16744351

申请日：2020-01-16

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Regis DUCHESNE ,  Andrei WARKENTIN ,  Ye LI ,  Alexander FAINKICHEN

IPC: G06F9/455

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

公开(公告)号：US20210026648A1

公开(公告)日：2021-01-28

申请号：US16521434

申请日：2019-07-24

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F9/4401 ,  G06F16/22

Abstract: A method for generating boot tables for a device having access to device information. It is determined whether there exists at least one system boot table stored in a memory. If it is determined that a system boot table does not exist, the device information is retrieved, and the device information is converted to at least one boot table. The converting includes generating a first boot table by populating the first boot table with information of components of the device that have a correspondence to a computer system boot information standard. The generating also includes generating a second boot table for another component of the device that does not have a correspondence to the computer system boot information standard, by creating an entry in the second boot table that is populated with an identifier used to find a compatible component defined in the computer system boot standard.

公开(公告)号：US20170364379A1

公开(公告)日：2017-12-21

申请号：US15184455

申请日：2016-06-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/455 ,  G06F11/36

CPC classification number: G06F9/45558 ,  G06F9/3861 ,  G06F9/4812 ,  G06F11/362 ,  G06F13/24 ,  G06F2009/45591 ,  G06F2209/481

Abstract: A method of providing a backdoor interface between software executing in a virtual machine and a hypervisor executing on a computing system that supports the virtual machine includes trapping, at the hypervisor, an exception generated in response to execution of a debug instruction on a central processing unit (CPU) by the software; identifying, by an exception handler of the hypervisor handling the exception, an equivalence between an immediate operand of the debug instruction and a predefined value; and invoking, in response to the equivalence, a backdoor service of the hypervisor using state of at least one register of the CPU as parametric input, the state being set by the software prior to executing the debug instruction.

公开(公告)号：US20170060613A1

公开(公告)日：2017-03-02

申请号：US14982837

申请日：2015-12-29

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/45562

Abstract: In an example, a computer system includes a hardware platform and a hypervisor executing on the hardware platform. The hypervisor includes a kernel and a plurality of user-space instances within a user-space above the kernel. Each user-space instance is isolated from each other user-space instance through namespaces. Each user-space instance includes resources confined by hierarchical resource groups. The computer system includes a plurality of virtual hypervisors, where each virtual hypervisor executes in a respective user-space instance of the plurality of user-space instances.

Abstract translation: 在一个示例中，计算机系统包括在硬件平台上执行的硬件平台和管理程序。 管理程序包括内核和内核之上的用户空间中的多个用户空间实例。 每个用户空间实例通过命名空间与其他用户空间实例隔离。 每个用户空间实例包括由分层资源组限制的资源。 计算机系统包括多个虚拟管理程序，其中每个虚拟管理程序在多个用户空间实例的相应用户空间实例中执行。

公开(公告)号：US20210132968A1

公开(公告)日：2021-05-06

申请号：US16671086

申请日：2019-10-31

Applicant: VMware, Inc.

Inventor： Ye LI ,  David OTT ,  Cyprien LAPLACE ,  Andrei WARKENTIN ,  Alexander FAINKICHEN

IPC: G06F9/455 ,  G06F9/30 ,  G06F9/54 ,  G06F13/42

Abstract: System and method for providing trusted execution environments uses a peripheral component interconnect (PCI) device of a computer system to receive and process commands to create and manage a trusted execution environment for a software process running in the computer system. The trusted execution environment created in the PCI device is then used to execute operations for the software process.

公开(公告)号：US20190258590A1

公开(公告)日：2019-08-22

申请号：US15898714

申请日：2018-02-19

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F13/10 ,  G06F9/455

Abstract: An example method of accessing a computing system includes: providing serial terminal driver configured to interface a serial port in a hardware platform of the computer system; providing a console object configured to communicate with an operating system (OS) in a software platform of the computer system and the serial terminal driver; connecting to the console object through the serial port via a computer terminal; sending text and commands from the console object to the computer terminal; and rendering, by the computer terminal, a console for presentation on a display of the computer terminal.

公开(公告)号：US20190012179A1

公开(公告)日：2019-01-10

申请号：US15644670

申请日：2017-07-07

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Regis DUCHESNE ,  Alexander FAINKICHEN ,  Ye LI

IPC: G06F9/44 ,  G06F3/06 ,  G06F12/1009 ,  G06F9/38 ,  G06F12/121 ,  G06F12/1027

CPC classification number: G06F9/4403 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/068 ,  G06F9/38 ,  G06F9/4405 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/121 ,  G06F2212/65 ,  G06F2212/68

Abstract: A method of initializing a secondary processor pursuant to a soft reboot of system software comprises storing code to be executed by the secondary processor in memory, building first page tables to map the code into a first address space and second page tables to identically map the code into a second address space, fetching a first instruction of the code based on a first virtual address in the first address space and the first page tables, and executing the code beginning with the first instruction to switch from the first to the second page tables. The method further comprises, fetching a next instruction of the code using a second virtual address, which is identically mapped to a corresponding machine address, turning off a memory management unit of the secondary processor, and executing a waiting loop until a predetermined location in the physical memory changes in value.

公开(公告)号：US20160291986A1

公开(公告)日：2016-10-06

申请号：US14675381

申请日：2015-03-31

Applicant: VMWARE, INC.

Inventor： Andrei WARKENTIN ,  Alexander FAINKICHEN ,  Harvey TUCH

IPC: G06F9/44

CPC classification number: G06F9/4411

Abstract: A mapping table is passed to system software upon loading of the system software in a computer system. The mapping table is generated from a user-defined configuration file and maps device identifiers of various devices implemented in the computer system, as assigned by the device manufacturers, to device identifiers that are recognizable by the system software. The mapping is used by the system software when it performs binding of device drivers to devices so that devices that have been given generic and sometimes obscure names by the device manufacturers can still be associated with and bound to device drivers loaded by the system software.

Abstract translation: 在计算机系统中加载系统软件时，将映射表传递给系统软件。 映射表是从用户定义的配置文件生成的，并将在设备制造商分配的计算机系统中实现的各种设备的设备标识符映射到系统软件可识别的设备标识符。 当系统软件执行设备驱动程序到设备的绑定时，系统软件将使用该映射，以便设备制造商给予通用且有时是模糊的名称的设备仍然可以与系统软件加载的设备驱动程序相关联并绑定到设备驱动程序。

公开(公告)号：US20230195484A1

公开(公告)日：2023-06-22

申请号：US17553607

申请日：2021-12-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE ,  Cyprien LAPLACE ,  Shruthi Muralidhara HIRIYURU ,  Sunil Kumar KOTIAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583

Abstract: An example method of managing guest time for a virtual machine (VM) supported by a hypervisor of a virtualized host computer includes: configuring, by the hypervisor, a central processing unit (CPU) of the host computer to trap, to the hypervisor, access by guest code in the VM to a physical counter and timer of the CPU; configuring, by the hypervisor, the guest code in the VM to use the physical counter and timer of the CPU rather than a virtual counter and timer of the CPU; trapping, at the hypervisor, an access to the physical counter and timer by the guest code; and executing, by the hypervisor, the access to the physical counter and timer on behalf of the guest code while compensating for an adjustment of a system count of the physical counter and timer to maintain the guest time as scaled with respect to frequency of the physical counter and timer.