-
公开(公告)号:US20100125709A1
公开(公告)日:2010-05-20
申请号:US12272261
申请日:2008-11-17
申请人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
CPC分类号: G06F12/1036
摘要: A mechanism is provided, in a data processing system, for accessing memory based on an effective address submitted by a process of a partition. The mechanism may translate the effective address into a virtual address using a segment look-aside buffer. The mechanism may further translate the virtual address into a partition real address using a page table. Moreover, the mechanism may translate the partition real address into a system real address using a logical partition real memory map for the partition. The system real address may then be used to access the memory.
摘要翻译: 在数据处理系统中提供了一种基于由分区的进程提交的有效地址来访问存储器的机制。 该机制可以使用段间隔缓冲区将有效地址转换为虚拟地址。 该机制可以使用页表进一步将虚拟地址转换成分区实际地址。 此外,该机制可以使用分区的逻辑分区实际存储器映射将分区实际地址转换为系统实际地址。 然后可以使用系统实际地址来访问存储器。
-
公开(公告)号:US20130019307A1
公开(公告)日:2013-01-17
申请号:US13613708
申请日:2012-09-13
申请人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
IPC分类号: G06F21/00
CPC分类号: G06F21/85 , G06F21/606
摘要: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.
摘要翻译: 提供安全的计算机体系结构。 利用这种架构,在实现安全计算机架构的集成电路芯片的组件中接收数据,用于跨数据通信链路进行传输。 数据被组件转换成一个或多个第一固定长度的帧。 一个或多个第一固定长度帧然后由组件以连续的帧流在数据通信链路上发送。 连续的帧流包括当没有数据可用于包括在连续流的帧中时生成的一个或多个第二固定长度帧。
-
公开(公告)号:US20110035532A1
公开(公告)日:2011-02-10
申请号:US12537808
申请日:2009-08-07
申请人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Suzanne K. McIntosh , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Suzanne K. McIntosh , Mark F. Mergen , David R. Safford , David C. Toll
CPC分类号: G06F9/45533 , G06F9/5077 , G06F21/57 , G06F2009/4557 , G06F2009/45579
摘要: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.
摘要翻译: 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器(VMM)或操作系统(OS)分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件(SVF)来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求,对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示,调度初始程序的执行。
-
公开(公告)号:US20100125915A1
公开(公告)日:2010-05-20
申请号:US12272217
申请日:2008-11-17
申请人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D.H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
IPC分类号: G06F21/00
CPC分类号: G06F21/85 , G06F21/606
摘要: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.
摘要翻译: 提供安全的计算机体系结构。 利用这种架构,在实现安全计算机架构的集成电路芯片的组件中接收数据,用于跨数据通信链路进行传输。 数据被组件转换成一个或多个第一固定长度的帧。 一个或多个第一固定长度帧然后由组件以连续的帧流在数据通信链路上发送。 连续的帧流包括当没有数据可用于包括在连续流的帧中时生成的一个或多个第二固定长度帧。
-
公开(公告)号:US10802990B2
公开(公告)日:2020-10-13
申请号:US12245964
申请日:2008-10-06
申请人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
摘要: Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.
-
公开(公告)号:US08135937B2
公开(公告)日:2012-03-13
申请号:US12272261
申请日:2008-11-17
申请人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
CPC分类号: G06F12/1036
摘要: A mechanism is provided, in a data processing system, for accessing memory based on an effective address submitted by a process of a partition. The mechanism may translate the effective address into a virtual address using a segment look-aside buffer. The mechanism may further translate the virtual address into a partition real address using a page table. Moreover, the mechanism may translate the partition real address into a system real address using a logical partition real memory map for the partition. The system real address may then be used to access the memory.
摘要翻译: 在数据处理系统中提供了一种基于由分区的进程提交的有效地址来访问存储器的机制。 该机制可以使用段间隔缓冲区将有效地址转换为虚拟地址。 该机制可以使用页表进一步将虚拟地址转换成分区实际地址。 此外,该机制可以使用分区的逻辑分区实际存储器映射将分区实际地址转换为系统实际地址。 然后可以使用系统实际地址来访问存储器。
-
公开(公告)号:US09996709B2
公开(公告)日:2018-06-12
申请号:US13613708
申请日:2012-09-13
申请人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
CPC分类号: G06F21/85 , G06F21/606
摘要: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.
-
公开(公告)号:US08286164B2
公开(公告)日:2012-10-09
申请号:US12537808
申请日:2009-08-07
申请人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Suzanne K. McIntosh , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Suzanne K. McIntosh , Mark F. Mergen , David R. Safford , David C. Toll
CPC分类号: G06F9/45533 , G06F9/5077 , G06F21/57 , G06F2009/4557 , G06F2009/45579
摘要: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.
摘要翻译: 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器(VMM)或操作系统(OS)分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件(SVF)来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求,对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示,调度初始程序的执行。
-
公开(公告)号:US10255463B2
公开(公告)日:2019-04-09
申请号:US12272217
申请日:2008-11-17
申请人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Mark F. Mergen , David R. Safford , David C. Toll
摘要: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.
-
公开(公告)号:US20120331466A1
公开(公告)日:2012-12-27
申请号:US13603643
申请日:2012-09-05
申请人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Suzanne K. McIntosh , Mark F. Mergen , David R. Safford , David C. Toll
发明人: William E. Hall , Guerney D. H. Hunt , Paul A. Karger , Suzanne K. McIntosh , Mark F. Mergen , David R. Safford , David C. Toll
IPC分类号: G06F9/455
CPC分类号: G06F9/45533 , G06F9/5077 , G06F21/57 , G06F2009/4557 , G06F2009/45579
摘要: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.
摘要翻译: 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器(VMM)或操作系统(OS)分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件(SVF)来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求,对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示,调度初始程序的执行。
-
-
-
-
-
-
-
-
-