Abstract: A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed.

Abstract: A method, apparatus and system for a trusted platform module accepting a customized integrity policy provisioned to a virtual machine monitor, verifying the security of a first policy object, for example, including the customized integrity policy, by comparing a counter associated with the first policy object with a counter associated with a second policy object, and customizing a virtual trusted platform module of the virtual machine monitor according to the first policy object, for example, when the first policy object is verified. The customized integrity policy may include user specified configurations for implementing a customized virtual environment. Other embodiments are described and claimed.

Abstract: The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.

Abstract: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

Abstract: A data processing system isolates a virtual trusted platform module (vTPM) manager in the processing system from other management software in the processing system. In one example process, the processing system launches a virtual machine monitor (VMM) that includes a memory-mapped input/output (MMIO) trap. The processing system also launches a vTPM manager in a first virtual machine (VM). In addition, the processing system launches a second VM to contain virtual machine management programs other than the vTPM manager and the MMIO trap. Other embodiments are described and claimed.

Abstract: An apparatus comprising a memory controller including therein a configuration register, a communication channel coupled to the memory controller, and first and second memory partitions coupled to the communication channel, wherein configuration parameters in the configuration register are set so that the memory controller recognizes one partition at a time. A process comprising setting configuration parameters in a configuration register of a memory controller so that the memory controller recognizes a first memory partition coupled to the memory controller by a communication channel instead of a second memory partition coupled to the memory controller by the communication channel and re-setting the configuration parameters so that the memory controller recognizes the second memory partition instead of the first memory partition.

Abstract: An embodiment for modifying the contents of a revision identification register includes a revision identification register that is both readable and writable (the contents of the revision identification register are modifiable). A revision identification modification bit is also included. The contents of the revision identification register are only modifiable when the revision identification modification bit is set to indicate that writes to the revision identification register will be accepted.

Abstract: Methods and apparatuses for dynamically loading and unloading power management code at runtime in a secure environment are described herein. In one embodiment, exemplary method includes loading authenticated/trusted power management code into a memory of a secure environment of an operating system (OS) and executing the power management code within the secure environment of the OS to handle power management tasks. Other methods and apparatuses are also described.

Abstract: A computer system and method for computer initialization with caching includes enabling at least one cache memory and then copying an option basic input/output system (BIOS) from a first memory to a Programmable Attribute Map (PAM) main memory area, the copying including executing a cache-line fill to the at least one cache memory. Initialization is then performed by providing control to the option BIOS, the execution being performed substantially from the at least one cache memory. Processor Memory Type Range Registers (MTRRs) for the PAM memory area may be programmed as write-back. The at least one cache memory may be at least one of level 1 (L1) and level 2 (L2) processor cache memories. The first memory may be a flash memory or a ROM Read Only Memory (ROM). The at least one cache memory may be flushed upon completion of the option BIOS execution.

Abstract: An embodiment for modifying the contents of a revision identification register includes a revision identification register that is both readable and writable (the contents of the revision identification register are modifiable). A revision identification modification bit is also included. The contents of the revision identification register are only modifiable when the revision identification modification bit is set to indicate that writes to the revision identification register will be accepted.