公开(公告)号：US20210132968A1

公开(公告)日：2021-05-06

申请号：US16671086

申请日：2019-10-31

Applicant: VMware, Inc.

Inventor： Ye LI ,  David OTT ,  Cyprien LAPLACE ,  Andrei WARKENTIN ,  Alexander FAINKICHEN

IPC: G06F9/455 ,  G06F9/30 ,  G06F9/54 ,  G06F13/42

Abstract: System and method for providing trusted execution environments uses a peripheral component interconnect (PCI) device of a computer system to receive and process commands to create and manage a trusted execution environment for a software process running in the computer system. The trusted execution environment created in the PCI device is then used to execute operations for the software process.

公开(公告)号：US20190258590A1

公开(公告)日：2019-08-22

申请号：US15898714

申请日：2018-02-19

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F13/10 ,  G06F9/455

Abstract: An example method of accessing a computing system includes: providing serial terminal driver configured to interface a serial port in a hardware platform of the computer system; providing a console object configured to communicate with an operating system (OS) in a software platform of the computer system and the serial terminal driver; connecting to the console object through the serial port via a computer terminal; sending text and commands from the console object to the computer terminal; and rendering, by the computer terminal, a console for presentation on a display of the computer terminal.

公开(公告)号：US20190012179A1

公开(公告)日：2019-01-10

申请号：US15644670

申请日：2017-07-07

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Regis DUCHESNE ,  Alexander FAINKICHEN ,  Ye LI

IPC: G06F9/44 ,  G06F3/06 ,  G06F12/1009 ,  G06F9/38 ,  G06F12/121 ,  G06F12/1027

CPC classification number: G06F9/4403 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/068 ,  G06F9/38 ,  G06F9/4405 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/121 ,  G06F2212/65 ,  G06F2212/68

Abstract: A method of initializing a secondary processor pursuant to a soft reboot of system software comprises storing code to be executed by the secondary processor in memory, building first page tables to map the code into a first address space and second page tables to identically map the code into a second address space, fetching a first instruction of the code based on a first virtual address in the first address space and the first page tables, and executing the code beginning with the first instruction to switch from the first to the second page tables. The method further comprises, fetching a next instruction of the code using a second virtual address, which is identically mapped to a corresponding machine address, turning off a memory management unit of the secondary processor, and executing a waiting loop until a predetermined location in the physical memory changes in value.

公开(公告)号：US20230195484A1

公开(公告)日：2023-06-22

申请号：US17553607

申请日：2021-12-16

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Ye LI ,  Alexander FAINKICHEN ,  Regis DUCHESNE ,  Cyprien LAPLACE ,  Shruthi Muralidhara HIRIYURU ,  Sunil Kumar KOTIAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583

Abstract: An example method of managing guest time for a virtual machine (VM) supported by a hypervisor of a virtualized host computer includes: configuring, by the hypervisor, a central processing unit (CPU) of the host computer to trap, to the hypervisor, access by guest code in the VM to a physical counter and timer of the CPU; configuring, by the hypervisor, the guest code in the VM to use the physical counter and timer of the CPU rather than a virtual counter and timer of the CPU; trapping, at the hypervisor, an access to the physical counter and timer by the guest code; and executing, by the hypervisor, the access to the physical counter and timer on behalf of the guest code while compensating for an adjustment of a system count of the physical counter and timer to maintain the guest time as scaled with respect to frequency of the physical counter and timer.

公开(公告)号：US20190227934A1

公开(公告)日：2019-07-25

申请号：US15878062

申请日：2018-01-23

Applicant: VMware, Inc.

Inventor： Ye LI ,  Cyprien LAPLACE ,  Andrei WARKENTIN ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F12/0815 ,  G06F12/0808

Abstract: An example method of maintaining cache coherency in a virtualized computing system includes: trapping access to a memory page by guest software in a virtual machine at a hypervisor managing the virtual machine, where the memory page is not mapped in a second stage page table managed by the hypervisor; performing cache coherency maintenance for instruction and data caches of a central processing unit (CPU) in the virtualized computing system in response to the trap; mapping the memory page in the second stage page table with execute permission; and resuming execution of the virtual machine.

公开(公告)号：US20190065213A1

公开(公告)日：2019-02-28

申请号：US15880964

申请日：2018-01-26

Applicant: VMware, Inc.

Inventor： Ye LI ,  Cyprien LAPLACE ,  Andrei WARKENTIN ,  Alexander FAINKICHEN ,  Regis DUCHESNE

IPC: G06F9/4401 ,  G06F17/30 ,  G06F9/455

Abstract: An example method of provisioning a virtual appliance to a virtualized computing system, comprising: deploying the virtual appliance to the virtualized computing system, the virtual appliance including a system partition, one or more disk images, and configuration data, the configuration data defining a virtual machine executable on each of a plurality of processor architectures, the system partition configured to boot on any one of the plurality of processor architectures; and booting the virtual appliance from the system partition.

公开(公告)号：US20170364365A1

公开(公告)日：2017-12-21

申请号：US15183192

申请日：2016-06-15

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Cyprien LAPLACE ,  Alexander FAINKICHEN

IPC: G06F9/44

Abstract: An example method of initializing a plurality of processors in a hardware platform of computing device for use by system software executing on the hardware platform includes: parsing a descriptor table that has been loaded into memory from firmware to identify an original boot protocol for initializing at least one secondary processor of the plurality of processors; creating at least one mailbox structure in the memory associated with the at least one secondary processor; causing the at least one secondary processor to execute secondary processor initialization code stored in the memory, the secondary processor initialization code implementing a mailbox-based boot protocol that uses the at least one mailbox structure to initialize the at least one secondary processor; and modifying the descriptor table to identify the mailbox-based boot protocol for initializing the at least one secondary processor in place of the original boot protocol.

公开(公告)号：US20210397698A1

公开(公告)日：2021-12-23

申请号：US16905652

申请日：2020-06-18

Applicant: VMware, Inc.

Inventor： Ye LI ,  David OTT ,  Cyprien LAPLACE ,  Alexander FAINKICHEN ,  Shruthi HIRIYURU

IPC: G06F21/53 ,  G06F21/57 ,  G06F21/60 ,  G06F9/455 ,  H04L9/08 ,  H04L9/32

Abstract: System and method for performing a remote attestation for creation of a trusted execution environment (TEE) using a virtual secure enclave device running in a virtualized environment utilizes a trusted bootloader appliance in a TEE virtual computing instance, which is created in response to a request for a TEE from a software process running in the system. The trusted bootloader appliance manages the provisioning of a TEE in the TEE virtual computing instance for the software process. The remote attestation includes performing a first stage attestation on the trusted bootloader appliance by a hardware platform of the computer system and performing a second stage attestation on the provisioned TEE by the trusted bootloader appliance.

公开(公告)号：US20210224089A1

公开(公告)日：2021-07-22

申请号：US16744351

申请日：2020-01-16

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Regis DUCHESNE ,  Andrei WARKENTIN ,  Ye LI ,  Alexander FAINKICHEN

IPC: G06F9/455

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

公开(公告)号：US20210133315A1

公开(公告)日：2021-05-06

申请号：US16671106

申请日：2019-10-31

Applicant: VMware, Inc.

Inventor： Ye LI ,  David OTT ,  Cyprien LAPLACE ,  Andrei WARKENTIN ,  Regis DUCHESNE

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/60

Abstract: System and method for creating and managing trusted execution environments (TEEs) using different underlying hardware TEE mechanisms use a virtual secure enclave device which runs in a virtualized environment in a computer system. The device enables an enclave command transmitted to the virtual secure enclave device to be retrieved and parsed to extract an enclave operation to be executed. A TEE backend module is used to interact with a particular hardware TEE mechanism among those available in the computer system. The module ensures the enclave operation for the software process is executed by the particular hardware TEE mechanism, or the TEE scheme based on a particular hardware TEE mechanism.