Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Techniques for secure sharing of data in computing systems are disclosed herein. In one embodiment, a method includes when exchanging data between the host operating system and the guest operating system, encrypting, at a trusted platform module (TPM) of the host, data to be exchanged with a first key to generate encrypted data. The method also includes transmitting the encrypted data from the host operating system to the guest operating system and decrypting, at the guest operating system, the transmitted encrypted data using a second key previously exchanged between the TPM of the host and a virtual TPM of the guest operating system.

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Communicating a low-latency event across a virtual machine boundary. Based on an event signaling request by a first process running at a first virtual machine, the first virtual machine updates a shared register that is accessible by a second virtual machine. Updating the shared register includes updating a signal stored in the shared register. The first virtual machine sends an event signal message, which includes a register identifier, through a virtualization fabric to the second virtual machine. The second virtual machine receives the event signaling message and identifies the register identifier from the message. Based on the register identifier, the second virtual machine reads the shared register, identifying a value of the signal stored in the shared register. Based at least on the value of the signal comprising a first value, the second virtual machine signals a second process running at the second virtual machine.

Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.

Abstract: Communicating a low-latency event across a virtual machine boundary. Based on an event signaling request by a first process running at a first virtual machine, the first virtual machine updates a shared register that is accessible by a second virtual machine. Updating the shared register includes updating a signal stored in the shared register. The first virtual machine sends an event signal message, which includes a register identifier, through a virtualization fabric to the second virtual machine. The second virtual machine receives the event signaling message and identifies the register identifier from the message. Based on the register identifier, the second virtual machine reads the shared register, identifying a value of the signal stored in the shared register. Based at least on the value of the signal comprising a first value, the second virtual machine signals a second process running at the second virtual machine.

Abstract: Techniques for secure sharing of data in computing systems are disclosed herein. In one embodiment, a method includes when exchanging data between the host operating system and the guest operating system, encrypting, at a trusted platform module (TPM) of the host, data to be exchanged with a first key to generate encrypted data. The method also includes transmitting the encrypted data from the host operating system to the guest operating system and decrypting, at the guest operating system, the transmitted encrypted data using a second key previously exchanged between the TPM of the host and a virtual TPM of the guest operating system.

Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.

Abstract: Securely storing, installing, or launching applications. A method includes determining a trust characteristic or a license characteristic assigned to an application. When the trust characteristic or the license characteristic meets or exceeds a predetermined trust condition or a predetermined license condition, then the method includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system. When the trust characteristic or the license characteristic does not meet or exceed the predetermined trust condition or the predetermined license condition, then the method includes at least one of storing, installing or launching the application in the second less secure operating system while preventing the application from being at least one of stored, installed or launched in the first, more secure operating system.