Abstract: A method and a related apparatus provide a virtual trusted platform module (TPM). In an example embodiment, a virtual TPM service creates a virtual TPM for use in a processing system that contains a physical TPM. The virtual TPM service may store a key for the virtual TPM in the physical TPM. The virtual TPM service may then use the virtual TPM to provide emulated physical TPM features. In one embodiment, the virtual TPM service may use the virtual TPM to emulate a physical TPM for a virtual machine in the processing system. Other embodiments are described and claimed.

Abstract: Disclosed is a virtual machine monitor (VMM) that controls access to a page table hierarchy by a guest operating system (OS). For example, the guest operating system may operate as part of a virtual machine. Particularly, the virtual machine monitor obtains control of memory access transactions responsive to the guest operating system attempting to access the page table hierarchy. More particularly, when the guest operating system attempts to access a page table, control of memory access transactions is trapped to the virtual machine monitor.

Abstract: Methods and apparatuses associated with sharing cryptographic keys in a network domain. An embedded agent on a network endpoint participates in the distribution of cryptographic keys. In one embodiment the embedded agent receives and stores a shared symmetric key, as do embedded agents on other network endpoints in the same network domain. The embedded agent causes the shared key to be stored in a secure storage not directly accessible by the host. When the host wants to transmit enciphered data, the embedded agent may provide access to cryptographic services. The embedded agent provides isolation of the shared key from parts of the host that are subject to compromise by attack or infection.

Abstract: Cooperative embedded agents as well as manageability and security operations that can be performed on a host system having cooperative embedded agents are disclosed.

Abstract: A method, apparatus and system may monitor system integrity in a trusted computing environment. More specifically, in one embodiment, an integrity monitor in a root virtual machine (“VM”) may monitor guest software in a guest VM. The integrity monitor may securely maintain baseline information pertaining to the guest software and periodically (at predetermined intervals and/or based on predetermined events) compare the current state of the guest software against the baseline information. If the current state of the guest software is deemed to be compromised, the integrity monitor may be configured to take appropriate action, e.g., restrict the guest VM's access to resources. Additionally, according to one embodiment, the integrity monitor itself may be verified to determine whether it has been compromised.

Abstract: A method and apparatus for memory encryption with reduced decryption latency. In one embodiment, the method includes reading an encrypted data block from memory. During reading of the encrypted data block, a keystream used to encrypt the data block is regenerated according to one or more stored criteria of the encrypted data block. Once the encrypted data block is read, the encrypted data block is decrypted using the regenerated keystream. Accordingly, in one embodiment, encryption of either random access memory (RAM) or disk memory is performed. A keystream is regenerated during data retrieval such that once the data is received, the data may be decrypted using a single clock operation. As a result, memory encryption is performed without exacerbating memory latency between the processor and memory.

Abstract: A method for generating a signed manifest includes referencing an object. A metadata name is recorded. A digest algorithm is recorded. An integrity value that belongs to the object that corresponds to the metadata subject name is digested with the digest algorithm.

Abstract: A method for generating a signed manifest includes referencing an object. A metadata name is recorded. A digest algorithm is recorded. An integrity value that belongs to the object that corresponds to the metadata subject name is digested with the digest algorithm.