Abstract: A method includes establishing an isolated execution environment for executing a platform firmware operating mode subroutine in a platform firmware operating mode. In response to receiving an interrupt, the platform firmware operating mode subroutine is executed in the isolated execution environment. In response to detecting an attempted access of a hardware resource resulting from execution of the platform firmware operating mode subroutine, the attempted access is blocked when the attempted access violates a security policy.

Abstract: A security module in a memory access path of a processor of a processing system protects secure information by verifying the contents of memory pages as they transition between one or more virtual machines (VMs) executing at the processor and a hypervisor that provides an interface between the VMs and the processing system's hardware. The security module of the processor is employed to monitor memory pages as they transition between one or more VMs and a hypervisor so that memory pages that have been altered by a hypervisor or other VM cannot be returned to the VM from which they were transitioned.

Abstract: A computing device that handles address translations is described. The computing device includes a hardware table walker and a memory that stores a reverse map table and a plurality of pages of memory. The table walker is configured to use validated indicators in entries in the reverse map table to determine if page accesses are made to pages for which entries are validated. The table walker is further configured to use virtual machine permissions levels information in entries in the reverse map table determine if page accesses for specified operation types are permitted.

Abstract: A table walker receives, from a requesting entity, a request to translate a first address into a second address associated with a page of memory. During a corresponding table walk, when a lock indicator in an entry in a reverse map table (RMT) for the page is set to mark the entry in the RMT as locked, the table walker halts processing the request and performs a remedial action. In addition, when the request is associated with a write access of the page and an immutable indicator in the entry in the RMT is set to mark the page as immutable, the table walker halts processing the request and performs the remedial action. Otherwise, when the entry in the RMT is not locked and the page is not marked as immutable for a write access, the table walker continues processing the request.

Abstract: The described embodiments perform a method for handling memory accesses by virtual machines in a computing device. The described embodiments include a reverse map table (RMT) and a separate guest accessed pages table (GAPT) for each virtual machine. The RMT has a plurality of entries, each entry including information for identifying a virtual machine that is permitted to access an associated page of data in a memory. Each GAPT has a record of pages being accessed by a corresponding virtual machine. During operation, a table walker receives a request from a given virtual machine to translate a guest physical address to a system physical address. The table walker checks at least one of the RMT and a corresponding GAPT to determine whether the given virtual machine has access to a corresponding page. If not, the table walker terminates the translating. Otherwise, the table walker completes the translating.

Abstract: A security module in a memory access path of a processor of a processing system protects secure information by verifying the contents of memory pages as they transition between one or more virtual machines (VMs) executing at the processor and a hypervisor that provides an interface between the VMs and the processing system's hardware. The security module of the processor is employed to monitor memory pages as they transition between one or more VMs and a hypervisor so that memory pages that have been altered by a hypervisor or other VM cannot be returned to the VM from which they were transitioned.

Abstract: A computing device that handles address translations is described. The computing device includes a hardware table walker and a memory that stores a reverse map table and a plurality of pages of memory. The table walker is configured to use validated indicators in entries in the reverse map table to determine if page accesses are made to pages for which entries are validated. The table walker is further configured to use virtual machine permissions levels information in entries in the reverse map table determine if page accesses for specified operation types are permitted.

Abstract: The described embodiments perform a method for handling memory accesses by virtual machines in a computing device. The described embodiments include a reverse map table (RMT) and a separate guest accessed pages table (GAPT) for each virtual machine. The RMT has a plurality of entries, each entry including information for identifying a virtual machine that is permitted to access an associated page of data in a memory. Each GAPT has a record of pages being accessed by a corresponding virtual machine. During operation, a table walker receives a request from a given virtual machine to translate a guest physical address to a system physical address. The table walker checks at least one of the RMT and a corresponding GAPT to determine whether the given virtual machine has access to a corresponding page. If not, the table walker terminates the translating. Otherwise, the table walker completes the translating.

Abstract: A table walker receives, from a requesting entity, a request to translate a first address into a second address associated with a page of memory. During a corresponding table walk, when a lock indicator in an entry in a reverse map table (RMT) for the page is set to mark the entry in the RMT as locked, the table walker halts processing the request and performs a remedial action. In addition, when the request is associated with a write access of the page and an immutable indicator in the entry in the RMT is set to mark the page as immutable, the table walker halts processing the request and performs the remedial action. Otherwise, when the entry in the RMT is not locked and the page is not marked as immutable for a write access, the table walker continues processing the request.

Abstract: A processor employs a security module to manage authentication and encryption keys for the processor. The security module can authenticate itself to other processing systems, such as processing systems providing software to be executed at the processor, can generate keys for encrypting address spaces for the provided software, and can securely import and export information at the encrypted address spaces to and from the processing system. By using a security module that is separate from the processor cores of the processor to perform these security operations, the processing system allows software executing on the processor cores to manage operations based on the authentication and encryption keys without being able to read the keys themselves, thereby preventing unauthorized access by malicious software to the keys.