Abstract: A processor includes a processor control register with a control flag that determines an operating mode of the processor. A pointer to a guest virtual machine context in a portion of a random access memory (RAM) is coupled to the processor. An execution control unit tests a first flag in the guest virtual machine context, the first flag to indicate whether the control flag is owned by a guest virtual machine associated with the guest virtual machine context. The execution control unit maintains the control flag in the processor control register if the control flag is owned by the guest virtual machine and maintains the control flag in a shadow location in the guest virtual machine context if the control flag is not owned by the guest virtual machine.

Abstract: A processor includes a processor control register with a control flag that determines an operating mode of the processor. A pointer to a guest virtual machine context in a portion of a random access memory (RAM) is coupled to the processor. An execution control unit tests a first flag in the guest virtual machine context, the first flag to indicate whether the control flag is owned by a guest virtual machine associated with the guest virtual machine context. The execution control unit maintains the control flag in the processor control register if the control flag is owned by the guest virtual machine and maintains the control flag in a shadow location in the guest virtual machine context if the control flag is not owned by the guest virtual machine.

Abstract: Writing a control flag in a processor control register by a guest virtual machine. Determine whether the control flag is owned by the guest virtual machine. Write the control flag to the processor control register if the control flag is owned by the guest virtual machine. Write the control flag to a shadow location if the control flag is not owned by the guest virtual machine.

Abstract: Method for selecting a virtualization algorithm to virtualize a context change. An exit-enter time (EET) to exit and enter a context and a save-restore time (SRT) to save and restore a machine state are calculated. A selective algorithm that selectively saves and restores the machine state when there is a change of context is executed. Statistics are accumulated on an expected value for EET overhead plus an expected value for SRT overhead while executing the selective algorithm. A cost of the selective algorithm is computed as the expected value for EET overhead plus the expected value for SRT overhead. The cost of the selective algorithm is compared to two times SRT which is the cost of an unconditional algorithm that always saves and restores the machine state on context changes. One of the selective algorithm or the unconditional algorithm having the least cost is selected as the virtualization algorithm.

Abstract: An executable module includes a dynamic data area that contains all data that may be changed by execution of the executable module. A header in the module includes a start address and an end address for the dynamic data area. The executable module is loaded in a memory. An alternate memory area is allocated in the memory. The dynamic data area is copied to the alternate memory area. The memory is mapped so that execution of the executable module modifies exactly one of the dynamic data area and the alternate memory area. A hash value is computed for the executable module. The hash value includes exactly one of the dynamic data area and the alternate memory area. The unmodified memory area is copied to the modified memory area and the hash value is recomputed to re-establish the executable module in a known state.

Abstract: An executable module includes a dynamic data area that contains all data that may be changed by execution of the executable module. A header in the module includes a start address and an end address for the dynamic data area. The executable module is loaded in a memory. An alternate memory area is allocated in the memory. The dynamic data area is copied to the alternate memory area. The memory is mapped so that execution of the executable module modifies exactly one of the dynamic data area and the alternate memory area. A hash value is computed for the executable module. The hash value includes exactly one of the dynamic data area and the alternate memory area. The unmodified memory area is copied to the modified memory area and the hash value is recomputed to re-establish the executable module in a known state.

Abstract: Method for selecting a virtualization algorithm to virtualize a context change. An exit-enter time (EET) to exit and enter a context and a save-restore time (SRT) to save and restore a machine state are calculated. A selective algorithm that selectively saves and restores the machine state when there is a change of context is executed. Statistics are accumulated on an expected value for EET overhead plus an expected value for SRT overhead while executing the selective algorithm. A cost of the selective algorithm is computed as the expected value for EET overhead plus the expected value for SRT overhead. The cost of the selective algorithm is compared to two times SRT which is the cost of an unconditional algorithm that always saves and restores the machine state on context changes. One of the selective algorithm or the unconditional algorithm having the least cost is selected as the virtualization algorithm.

Abstract: Disclosed is a processor having a normal execution mode and a host execution mode. A virtual machine monitor (VMM) operable in conjunction with the host execution mode creates at least one protected mode environment to operate guest software in a protected memory area. Responsive to a command to switch between protected modes, the VMM causes the processor to atomically switch between an original protected mode environment and a target protected mode environment. A virtual machine execution (VMX) mode may be utilized to enable virtual machine functionality for use in switching between protected modes.

Abstract: Disclosed is a processor having a normal execution mode and a secure execution mode to create a secure execution environment. A secure virtual machine monitor (SVMM) implements the secure execution environment in which a plurality of separate virtual machines are created that operate simultaneously and separately from one another including at least a first virtual machine to implement trusted guest software in a protected memory area and a second virtual machine to implement a non-trusted guest operating system (OS) simultaneously in a non-protected memory area. Responsive to a command to tear down the secure execution environment, the SVMM causes the processor to exit out of the secure execution mode, tears down the secure execution environment, and instructs the non-trusted guest OS to resume control in the normal execution mode.

Abstract: Writing a control flag in a processor control register by a guest virtual machine. Determine whether the control flag is owned by the guest virtual machine. Write the control flag to the processor control register if the control flag is owned by the guest virtual machine. Write the control flag to a shadow location if the control flag is not owned by the guest virtual machine.