摘要:
A combined-hardware-and-software secure-platform interface to which operating systems and customized control programs interface within a computer system. The combined-hardware-and-software secure-platform interface employs a hardware platform that provides at least four privilege levels, non-privileged instructions, non-privileged registers, privileged instructions, privileged registers, and firmware interfaces. The combined-hardware-and-software secure-platform interface conceals all privileged instructions, privileged registers, and firmware interfaces and privileged registers from direct access by operating systems and custom control programs, providing to the operating systems and custom control programs the non-privileged instructions and non-privileged registers provided by the hardware platform as well as a set of callable software services. The callable services provide a set of secure-platform management services for operational control of hardware resources that neither exposes privileged instructions, privileged registers, nor firmware interfaces of the hardware nor simulates privileged instructions and privileged registers. The callable services also provide a set of security-management services that employ internally generated secret data, each compartmentalized security-management service managing internal secret data without exposing the internal secret data to computational entities other than the security-management service itself.
摘要:
In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.
摘要:
To provide an arrangement of virtual machines on physical machines, at least one controller compares indicators associated with plural different layouts of the virtual machines on the physical machines, wherein the indicators provide information regarding performances of corresponding layouts. The at least one controller selects one of the plural layouts based on the comparing.
摘要:
A command is received to place a first physical machine into a lower power mode. The first physical machine has a virtual machine. In response to the received command, a procedure is performed to migrate the virtual machine from the first physical machine to a second physical machine.
摘要:
A command is received to place a first physical machine into a lower power mode. The first physical machine has a virtual machine. In response to the received command, a procedure is performed to migrate the virtual machine from the first physical machine to a second physical machine.
摘要:
According to at least one embodiment, a flexible operating system comprises operability for executing in a first manner as a native operating system on a computer system and for executing in a second manner as a virtualized operating system on the computer system. The flexible operating system further comprises code for determining whether it is being used as a native operating system or as a virtualized operating system on the computer system.
摘要:
A system for providing virtualization that includes a processor operable to execute one or more machine-readable instructions, the processor having a native instruction set architecture (ISA) and a virtual machine monitor (VMM) operable to host at least a first virtual machine having a first ISA different from the native ISA, the VMM having integrated therein a first dynamic binary translation (DBT) layer to assist in an execution of a first application of the first ISA in the first virtual machine by the processor having the native ISA.
摘要:
One embodiment of the invention is a method for handling an interruption during execution of an application on a computer system that uses a register stack, the method comprising receiving the interruption by a hypervisor, sending the interruption to an operating system for handling; if the register stack has a fault, then generating, by the operating system, another interruption that is delivered to the hypervisor; after receiving the another interruption, covering, by the hypervisor, the register stack; after covering the register stack, sending the interruption to the operating system for handling; and after handling, returning to execution of the application.