Abstract: In one embodiment, a method for supporting address translation in a virtual-machine environment includes creating a guest translation data structure to be used by a guest operating system for address translation operations, creating an active translation data structure based on the guest translation data structure, and periodically modifying the content of the active translation data structure to conform to the content of the guest translations data structure. The content of the active translation data structure is used by a processor to cache address translations in a translation-lookaside buffer (TLB).

Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.

Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.

Abstract: In one embodiment, a request to transition control to a virtual machine (VM) is received from a virtual machine monitor (VMM) and a determination is made as to whether the VMM has requested a delivery of a fault to the VM. If the determination is positive, the fault is delivered to the VM when control is transitioned to the VM.

Abstract: Methods and systems are provided to control transitions between a virtual machine (VM) and Virtual Machine Monitor (VMM). A processor uses state action indicators to load and/or store associated elements of machine state before completing the transition. The state action indicators may be stored in a Virtual Machine Control Structure (VMCS), predetermined, and/or calculated dynamically. In some embodiments, the values loaded can be directly acquired from the VMCS, predetermined and/or calculated dynamically. In some embodiments, the values stored may be acquired directly from machine state, predetermined and/or calculated dynamically.

Abstract: In one embodiment, an occurrence of an interrupt is identified during the operation of guest software. Further, a determination is made as to whether the interrupt is managed by guest software. The determination depends on the current value of an interrupt control indicator. If the interrupt is not managed by guest software, control is transitioned to a virtual machine monitor (VMM) if the VMM is ready to receive control.

Abstract: In one embodiment, when it is determined that a modification of content of an active address translation data structure is required, an entry in the active address translation data structure is modified to conform to a corresponding entry in a guest address translation data structure. During the modification, a bit field including one or more access control indicators in the entry of the active address translation data structure is not overwritten with corresponding data from the guest address translation data structure.

Abstract: Methods and systems are provided to control the execution of a virtual machine (VM). A VM Monitor (VMM) accesses VM Control Structures (VMCS) indirectly through access instructions passed to a processor. In one embodiment, the access instructions include VMCS component identifiers used by the processor to determine the appropriate storage location for the VMCS components. The processor identifies the appropriate storage location for the VMCS component within the processor storage or within memory.

Abstract: In one embodiment, a method for resolving address space conflicts includes detecting that a guest operating system attempts to access a region occupied by a first portion of a virtual machine monitor and relocating the first portion of the virtual machine monitor within the first address space to allow the guest operating system to access the region previously occupied by the first portion of the virtual machine monitor.

Abstract: A system is initialized for operation in a protected operating environment by executing authenticated code that prepares various portions of the hardware for protection from non-trusted software. In one embodiment, initialization includes identifying and locking down specified areas of memory for protected processing, then placing trusted software into the specified areas of memory and validating the trusted software. In a particular embodiment, initialization may also include deriving and protectively storing identifying characteristics of the trusted software.

Abstract: In one embodiment, fault information relating to a fault associated with the operation of guest software is received. Further, a determination is made as to whether the fault information satisfies one or more filtering criterion. If the determination is positive, control remains with the guest software and is not transferred to the virtual machine monitor (VMM).

Abstract: A system and method for permitting the execution of system management mode (SMM) code during secure operations in a microprocessor system is described. In one embodiment, the system management interrupt (SMI) may be first directed to a handler in a secured virtual machine monitor (SVMM). The SMI may then be re-directed to SMM code located in a virtual machine (VM) that is under the security control of the SVMM. This redirection may be accomplished by allowing the SVMM to read and write the system management (SM) base register in the processor.

Abstract: In one embodiment, a command pertaining to one or more portions of a register is received from guest software. Further, a determination is made as to whether the guest software has access to all of the requested portions of the register based on indicators within a mask field that correspond to the requested portions of the register. If the guest software has access to all of the requested portions of the register, the command received from the guest software is executed on the requested portions of the register.

Abstract: A method and an apparatus are used to efficiently translate memory addresses. The translation scheme yields a translated address, a memory type for the translated address, and a fault bit for the translation.

Abstract: A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.

Abstract: An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.

Abstract: A processor loads, authenticates, and/or initiates execution of authenticated code modules in response to executing launch authenticated code instructions.

Abstract: Apparatus and method load, authenticate, and/or execute authenticated code modules stored in a private memory.

Abstract: In one embodiment, a method for resolving address space conflicts includes detecting that a guest operating system attempts to access a region occupied by a first portion of a virtual machine monitor and relocating the first portion of the virtual machine monitor within the first address space to allow the guest operating system to access the region previously occupied by the first portion of the virtual machine monitor.

Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.