Abstract: Examples provide for automatically provisioning hosts in a cloud environment. A cloud daemon generates a cloud host-state configuration, for a given cloud instance of a host, stored on a cloud metadata service prior to first boot of the given cloud instance of the host. A first boot of a plurality of cloud instances of hosts is performed using a stateless, master boot image lacking host-specific configuration data. On completion of the first boot of a given cloud instance of a host, the cloud host-state configuration is installed on the master boot image to generate a self-configured boot image including host-specific configuration data for the given cloud instance of the host. A second boot is performed on the given cloud instance of the host by executing the self-configured boot image to automatically provision the given cloud instance of the host in the cloud environment.

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

Abstract: An example method of interfacing with a hypervisor in a computing system is described, which includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level.

Abstract: An example method of implementing firmware runtime services in a computer system having a processor with a plurality of hierarchical privilege levels, the method including: calling, from software executing at a first privilege level of the processor, a runtime service stub in a firmware of the computer system; executing, by the runtime service stub, an upcall instruction from the first privilege level to a second privilege level of the processor that is more privileged than the first privilege level; and executing, by a handler, a runtime service at the second privilege level in response to execution of the upcall instruction.

Abstract: System and method for creating and managing trusted execution environments (TEEs) using different underlying hardware TEE mechanisms use a virtual secure enclave device which runs in a virtualized environment in a computer system. The device enables an enclave command transmitted to the virtual secure enclave device to be retrieved and parsed to extract an enclave operation to be executed. A TEE backend module is used to interact with a particular hardware TEE mechanism among those available in the computer system. The module ensures the enclave operation for the software process is executed by the particular hardware TEE mechanism, or the TEE scheme based on a particular hardware TEE mechanism.

Abstract: System and method for providing trusted execution environments uses a peripheral component interconnect (PCI) device of a computer system to receive and process commands to create and manage a trusted execution environment for a software process running in the computer system. The trusted execution environment created in the PCI device is then used to execute operations for the software process.

Abstract: Disclosed are various embodiments for software-based interrupt remapping. A memory address for a respective interrupt request of the peripheral device is allocated. The peripheral device is then configured to write to the memory address to raise an interrupt with the processor. Later, it can be determined that the peripheral device has attempted to write to the memory address. In response, an interrupt can be raised for the respective interrupt request with the processor of the computing device on behalf of the peripheral device.

Abstract: A method for generating boot tables for a device having access to device information. It is determined whether there exists at least one system boot table stored in a memory. If it is determined that a system boot table does not exist, the device information is retrieved, and the device information is converted to at least one boot table. The converting includes generating a first boot table by populating the first boot table with information of components of the device that have a correspondence to a computer system boot information standard. The generating also includes generating a second boot table for another component of the device that does not have a correspondence to the computer system boot information standard, by creating an entry in the second boot table that is populated with an identifier used to find a compatible component defined in the computer system boot standard.

Abstract: A method of creating a new page table structure after first stage boot operations has completed but before handoff to a hypervisor occurs. Firmware page tables are reused and copied to a region of memory by a first-stage bootloader while the firmware is running, processed to have an expected multi-stage page table structure and desired access rights, and copied again to another region of memory by the first-stage bootloader after the first-stage bootloader has completed its booting operations and after the firmware has been quiesced.

Abstract: A method of handling message signaled interrupts in a computer system that uses an internal bus for communication between peripheral devices, using shared peripheral interrupt (SPI) vectors. The method includes determining whether a message signaled interrupt (MSI) needs to be allocated for a PCI-e device for an interrupt to be sent to a host. If it is determined that MSI needs to be allocated for the PCI-e device, a determination is made as to whether a Locality Specific Interrupt (LPI) register or an Interrupt Translation Service (ITS) is available to process the interrupt. If it is determined that neither the LPI register nor the Interrupt Translation Service (ITS) is available to process the interrupt, the PCI-e device is configured for SPI-based MSI generation to route the interrupt by determining an available SPI vector and assigning the available SPI vector to the PCI-e device.

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

Abstract: An example method of accessing a computing system includes: providing serial terminal driver configured to interface a serial port in a hardware platform of the computer system; providing a console object configured to communicate with an operating system (OS) in a software platform of the computer system and the serial terminal driver; connecting to the console object through the serial port via a computer terminal; sending text and commands from the console object to the computer terminal; and rendering, by the computer terminal, a console for presentation on a display of the computer terminal.

Abstract: A method of detecting virtualization in a computing system, which includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level, is described. The method includes: executing a program on the processor at a privilege level less privileged than the third privilege level, the program including a load-exclusive instruction of the processor, followed by at least one instruction of the processor capable of being trapped to the third privilege level, followed by a store-exclusive instruction of the processor; and determining presence or absence of virtualization software at least a portion of which executes at the third privilege level in response to a return status of the store-exclusive instruction.

Abstract: An example method of scanning a guest virtual address (GVA) space generated by a guest operating system executing in a virtual machine of a virtualized computing system includes setting, in a scan of the GVA space by a hypervisor that manages the virtual machine, a current GVA to a first GVA in the GVA space; executing, on a processor allocated to the virtual machine, an address translation instruction, which is in an instruction set of the processor, to perform a first address translation of the current GVA; reading a register of the processor to determine a first error resulting from the first address translation; determining, in response to the first error, a level of a faulting page table in a first page table hierarchy generated by the guest operating system; and setting the current GVA to a second GVA based on the level of the faulting page table.

Abstract: System and method for providing secure execution environments in a computer system uses an enclave virtual computing instance to create a secure execution environment, which is deployed in response to a request for such a secure execution environment for content from a software process running in the computer system.

Abstract: A method of providing software support of an input/output (IO) device of a computing system having an advanced configuration and power interface (ACPI) subsystem executing therein is described. The method includes: processing an ACPI namespace to determine first and second identifiers of the IO device; determining absence of a device driver for the IO device based on the first identifier; and loading a first fallback device driver portion based on the second identifier, the first fallback device driver portion providing an interface to a control method in the ACPI namespace, the control method executable by the ACPI subsystem to implement a second fallback device driver portion that supports at least a portion of functionality for the IO device.

Abstract: Negative path testing in a bootloader environment can include backing up a global state of a component under test, injecting a fault to trigger an error in the component under test in a bootloader environment, executing error handling instructions until a checkpoint of the component under test in the bootloader environment is reached, restoring the global state to the component under test from the backup, and restarting the component under test.

Abstract: An example method of initializing a plurality of processors in a hardware platform of computing device for use by system software executing on the hardware platform includes: parsing a descriptor table that has been loaded into memory from firmware to identify an original boot protocol for initializing at least one secondary processor of the plurality of processors; creating at least one mailbox structure in the memory associated with the at least one secondary processor; causing the at least one secondary processor to execute secondary processor initialization code stored in the memory, the secondary processor initialization code implementing a mailbox-based boot protocol that uses the at least one mailbox structure to initialize the at least one secondary processor; and modifying the descriptor table to identify the mailbox-based boot protocol for initializing the at least one secondary processor in place of the original boot protocol.

Abstract: An example method of provisioning a virtual appliance to a virtualized computing system, comprising: deploying the virtual appliance to the virtualized computing system, the virtual appliance including a system partition, one or more disk images, and configuration data, the configuration data defining a virtual machine executable on each of a plurality of processor architectures, the system partition configured to boot on any one of the plurality of processor architectures; and booting the virtual appliance from the system partition.

Abstract: Devices are emulated as PCI devices so that existing PCI drivers can be used for the devices. This is accomplished by creating a shim PCI device with a emulated PCI configuration space, accessed via a emulated PCI Extended Configuration Access Mechanism (ECAM) space which is emulated by accesses to trapped unbacked memory addresses. When system software accesses the PCI ECAM space to probe for PCI configuration data or program base address registers of the PCI ECAM space, an exception is raised and the exception is handled by a secure monitor that is executing at a higher privilege level than the system software. The secure monitor in handling the exception emulates the PCI configuration space access of the emulated PCI device corresponding to the ECAM address accessed, such that system software may discover the device and bind and appropriately configure a PCI driver to it with the right IRQ and memory base ranges.