Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.

Abstract: Embodiments of apparatuses, methods, and systems for controlling virtual machines based on activity state are disclosed. In one embodiment, an apparatus includes virtual machine entry logic and activity state evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The activity state evaluation logic is to determine whether the activity state of the guest would be inactive upon receiving control.

Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.

Abstract: Embodiments of apparatuses, methods, and systems for injecting virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes virtual machine entry logic, recognition logic, and evaluation logic. The virtual machine entry logic is to initiate a transfer of control of the apparatus from a host to a guest running on a virtual machine. The recognition logic is to recognize a request from the host to inject a virtualization event into the virtual machine. The evaluation logic is to identify an intervening monitor to handle the virtualization event.

Abstract: Embodiments of apparatuses, methods, and systems for processing virtual interrupts in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes virtual machine entry logic, recognition logic, and evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The recognition logic is to recognize a virtual interrupt request. The evaluation logic is to determine whether to transfer control from the guest to an intervening monitor in response to the virtual interrupt request.

Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

Abstract: Embodiments of apparatuses, methods, and systems for processing interrupts in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a recognition logic, window logic, and evaluation logic. The event logic is to recognize an interrupt request. The window logic is to determine whether an interrupt window is open. The evaluation logic is to determine whether to transfer control to one of at least two virtual machine monitors in response to the interrupt request if the interrupt window is open.

Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a event logic and evaluation logic. The event logic is to recognize a virtualization event. The evaluation logic is to determine whether to transfer control from a child guest to a parent guest in response to the virtualization event.

Abstract: A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.

Abstract: A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.

Abstract: A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.

Abstract: In one embodiment, a method includes transitioning control to a virtual machine (VM) from a virtual machine monitor (VMM), determining that a VMM timer indicator is set to an enabling value, and identifying a VMM timer value configured by the VMM. The method further includes periodically comparing a current value of a timing source with the VMM timer value, generating an internal event if the current value of the timing source has reached the VMM timer value, and transitioning control to the VMM in response to the internal event without incurring an event handling procedure in any one of the VMM and the VM.

Abstract: A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.

Abstract: Techniques for handling certain virtualization events occurring within a virtual machine environment. More particularly, at least one embodiment of the invention pertains to handling events related to the sub-operating system mode using a dedicated virtual machine monitor (VMM) called the system management mode VMM (SVMM), which exists in a separate portion of memory from a main virtual machine monitor (MVMM) used to handle virtualization events other than those related to the sub-operating system mode. In at least one embodiment, a technique for initializing and managing transitions to and from the SVMM is disclosed.

Abstract: Embodiments of apparatuses, methods, and systems for injecting virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes virtual machine entry logic, recognition logic, and evaluation logic. The virtual machine entry logic is to initiate a transfer of control of the apparatus from a host to a guest running on a virtual machine. The recognition logic is to recognize a request from the host to inject a virtualization event into the virtual machine. The evaluation logic is to identify an intervening monitor to handle the virtualization event.

Abstract: Embodiments of apparatuses, methods, and systems for processing virtual interrupts in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes virtual machine entry logic, recognition logic, and evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The recognition logic is to recognize a virtual interrupt request. The evaluation logic is to determine whether to transfer control from the guest to an intervening monitor in response to the virtual interrupt request.

Abstract: Embodiments of apparatuses, methods, and systems for controlling virtual machines based on activity state are disclosed. In one embodiment, an apparatus includes virtual machine entry logic and activity state evaluation logic. The virtual machine entry logic is to transfer control of the apparatus from a host to a guest. The activity state evaluation logic is to determine whether the activity state of the guest would be inactive upon receiving control.

Abstract: An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.

Abstract: In one embodiment, information pertaining to a first fault occurring during operation of a virtual machine (VM) is stored in a first field. A second fault is detected while delivering the first fault to the VM, and a determination is made as to whether the second fault is associated with a transition of control to a virtual machine monitor (VMM). If this determination is positive, information pertaining to the second fault is stored in a second field, and control is transitioned to the VMM.

Abstract: A method and an apparatus are used to efficiently translate memory addresses. The translation scheme yields a translated address, a memory type for the translated address, and a fault bit for the translation.