Abstract: Protecting secured boot secrets while starting an operating system. Embodiments include identifying that a second operating system is to be started to replace a first operating system, and loading code of the second operating system in a protected portion of the system memory. The protected portion of the system memory is then unprotected, and processor state is set to initiate execution of the code of the second operating system, while using one or more secured boot secrets that were stored in the protected portion of the system memory by the first operation system to attest a security status of the second operating system. The portion of the system the memory is re-protected, including preventing access to the portion of the system memory by the second operating system.

Abstract: Protecting secured boot secrets while starting an operating system. Embodiments include identifying that a second operating system is to be started to replace a first operating system, and loading code of the second operating system in a protected portion of the system memory. The protected portion of the system memory is then unprotected, and processor state is set to initiate execution of the code of the second operating system, while using one or more secured boot secrets that were stored in the protected portion of the system memory by the first operation system to attest a security status of the second operating system. The portion of the system the memory is re-protected, including preventing access to the portion of the system memory by the second operating system.

Abstract: Techniques for adjusting memory in virtual machines are disclosed. According to aspects, memory status is obtained for a guest operating system. Based on the obtained memory status, an amount of guest physical addresses is reported to a memory manager of the guest operating system. Moreover, the amount of memory assigned to the guest operating system may be adjusted during the runtime operation of the guest operating system.

Abstract: Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a second operating system is to be started to replace the first operating system, embodiments include configuring one or more memory data structures, including code of the second operating system, in the protected portion of the system memory. The protected portion of the system memory is unprotected, while mitigating attacks on the portion of system memory, and processor state is set to execute the code of the second operating system. The second operating system starts using the secured boot secrets stored in the portion of the system memory.

Abstract: Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a second operating system is to be started to replace the first operating system, embodiments include configuring one or more memory data structures, including code of the second operating system, in the protected portion of the system memory. The protected portion of the system memory is unprotected, while mitigating attacks on the portion of system memory, and processor state is set to execute the code of the second operating system. The second operating system starts using the secured boot secrets stored in the portion of the system memory.

Abstract: Techniques for adjusting memory in virtual machines are disclosed. According to aspects, memory status is obtained for a guest operating system. Based on the obtained memory status, an amount of guest physical addresses is reported to a memory manager of the guest operating system. Moreover, the amount memory assigned to the guest operating system may be adjusted during the runtime operation of the guest operating system.

Abstract: Embodiments of the disclosure provide access to data in a compressed container through dynamic redirection, without storing decompressed data in persistent memory. The compressed container is stored in a first portion of memory. User data and reference files, with redirect pointers, for accessing corresponding files in the compressed container are stored in a second portion of memory. A command to access data is detected by a computing device. The redirect pointer in the reference file associated with the command redirects access to the corresponding compressed version of data stored in the compressed container. The corresponding accessed compressed version of data is decompressed on the fly and provided in response to the command without storing the decompressed data in persistent memory. Some embodiments provide integrity protection to validate the data coming from the compressed container.

Abstract: Embodiments of the disclosure provide access to data in a compressed container through dynamic redirection, without storing decompressed data in persistent memory. The compressed container is stored in a first portion of memory. User data and reference files, with redirect pointers, for accessing corresponding files in the compressed container are stored in a second portion of memory. A command to access data is detected by a computing device. The redirect pointer in the reference file associated with the command redirects access to the corresponding compressed version of data stored in the compressed container. The corresponding accessed compressed version of data is decompressed on the fly and provided in response to the command without storing the decompressed data in persistent memory. Some embodiments provide integrity protection to validate the data coming from the compressed container.

Abstract: Techniques for adjusting memory in virtual machines are disclosed.