CN109828827B - A detection method, device and related equipment - Google Patents
A detection method, device and related equipment Download PDFInfo
- Publication number
- CN109828827B CN109828827B CN201910059800.3A CN201910059800A CN109828827B CN 109828827 B CN109828827 B CN 109828827B CN 201910059800 A CN201910059800 A CN 201910059800A CN 109828827 B CN109828827 B CN 109828827B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- secure
- memory
- control
- control block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a detection method, a detection device and related equipment, wherein the detection method comprises the following steps: detecting whether a virtual machine control block of a secure virtual machine is positioned in a secure control memory area of a secure memory of the secure virtual machine; the secure memory comprises: a plurality of secure memory regions; at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing virtual machine control blocks of a secure virtual machine, a non-secure control memory area of the plurality of secure memory areas is used for storing at least page tables of the secure virtual machine, and a virtual machine control block of the secure virtual machine points to the page tables of the secure virtual machine; and if the virtual machine control block of the secure virtual machine is not positioned in the secure control memory area of the secure memory of the secure virtual machine, reminding. The embodiment of the invention can improve the data security of the memory of the virtual machine.
Description
Technical Field
The embodiment of the invention relates to the technical field of virtual machines, in particular to a detection method, a detection device and related equipment.
Background
Through Virtualization technology (Virtualization), a host Machine can virtualize a plurality of Virtual Machines (VMs), so that hardware resources of the host Machine are utilized to the maximum extent; each virtualized virtual machine may be allocated memory (space), and the memory allocated for the virtual machine may be referred to as virtual machine memory, which is mainly used for task consumption and supporting virtualization.
At present, a virtual machine page table in a virtual machine memory is mainly maintained by a host, and the host can achieve the aim of randomly exchanging virtual machine pages by tampering with information of the virtual machine page table, which definitely makes the data security of the virtual machine memory lower.
Disclosure of Invention
In view of the above, the embodiments of the present invention provide a detection method, apparatus and related device, so as to improve the data security of the virtual machine memory.
In order to solve the above problems, the embodiment of the present invention provides the following technical solutions:
a method of detection comprising:
detecting whether a virtual machine control block of a secure virtual machine is positioned in a secure control memory area of a secure memory of the secure virtual machine; the secure memory comprises: a plurality of secure memory regions; at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing virtual machine control blocks of a secure virtual machine, a non-secure control memory area of the plurality of secure memory areas is used for storing at least page tables of the secure virtual machine, and a virtual machine control block of the secure virtual machine points to the page tables of the secure virtual machine;
And if the virtual machine control block of the secure virtual machine is not positioned in the secure control memory area of the secure memory of the secure virtual machine, reminding.
The embodiment of the invention also provides a detection device, which comprises:
the first detection module is used for detecting whether a virtual machine control block of the secure virtual machine is positioned in a secure control memory area of a secure memory of the secure virtual machine; the secure memory comprises: a plurality of secure memory regions; at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing virtual machine control blocks of a secure virtual machine, a non-secure control memory area of the plurality of secure memory areas is used for storing at least page tables of the secure virtual machine, and a virtual machine control block of the secure virtual machine points to the page tables of the secure virtual machine;
the first reminding module is used for reminding if the virtual machine control block of the secure virtual machine is not located in the secure control memory area of the secure memory of the secure virtual machine.
The embodiment of the invention also provides a virtual machine memory, which comprises a secure memory allocated for the secure virtual machine; the secure memory includes: a plurality of secure memory regions;
At least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing a virtual machine control block of a secure virtual machine;
the non-secure control memory area is used for storing at least a page table of the secure virtual machine; and a virtual machine control block of the secure virtual machine points to a page table of the secure virtual machine.
The embodiment of the invention also provides a CPU core comprising the detection device.
The embodiment of the invention also provides a chip which comprises a secure processor, the virtual machine memory and the CPU core.
The embodiment of the invention also provides electronic equipment comprising the chip.
According to the scheme provided by the embodiment of the invention, the page table of the secure virtual machine can be stored in the secure memory of the secure virtual machine, the secure memory is protected by adopting a secure protection mechanism, the secure protection of the page table of the secure virtual machine can be realized, and the risk of tampering the page table of the secure virtual machine by a host is avoided; and the security control memory area is isolated from the security memory of the security virtual machine and used for storing the virtual machine control block of the security virtual machine, and the virtual machine control block of the security control memory area points to the page table of the security virtual machine, so that the possibility that the virtual machine control block of the security virtual machine is tampered can be reduced, and the security of the page table of the security virtual machine is further improved. Therefore, the embodiment of the invention can detect whether the virtual machine control block of the secure virtual machine is positioned in the secure control memory area of the secure memory of the secure virtual machine, and if not, the method can remind so as to improve the data security of the memory of the virtual machine.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a system architecture diagram of a virtualized environment;
FIG. 2 is another system architecture diagram of a virtualized environment;
FIG. 3 is a schematic diagram of a microarchitecture of a secure virtualization technique;
FIG. 4 is a schematic diagram of physical memory including secure memory and normal memory;
FIG. 5 is a diagram of a memory access schematic architecture for secure memory and normal memory;
FIG. 6 is another memory access schematic architecture diagram of secure memory and normal memory;
FIG. 7 is a diagram of a physical register indicating address ranges of a secure memory area;
FIG. 8 is a schematic diagram of an embodiment of an SMCR architecture;
FIG. 9 is a diagram of a particular physical register indicating the address range of a secure control memory area;
FIG. 10 is a schematic diagram of sharing part of the information of a page table by sharing a common memory;
FIG. 11 is a flowchart of a detection method according to an embodiment of the present invention;
FIG. 12 is a flow chart of a method of determining a virtual processor to which a virtual machine control block belongs;
FIG. 13 is a schematic diagram of determining a virtual processor to which a virtual machine control block belongs;
FIG. 14 is a block diagram of a detection device according to an embodiment of the present invention;
FIG. 15 is another block diagram of a detection device according to an embodiment of the present invention;
FIG. 16 is a block diagram of a detecting device according to an embodiment of the present invention;
FIG. 17 is a further block diagram of a detection apparatus according to an embodiment of the present invention;
FIG. 18 is a block diagram of a detection device according to an embodiment of the present invention;
fig. 19 is a further block diagram of a detection apparatus according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As an alternative example, fig. 1 shows a system architecture schematic diagram of a virtualized environment, as shown in fig. 1, the system architecture of the virtualized environment may include: a CPU (Central Processing Unit ) core 1, a memory controller 2, a memory 3;
The CPU core may configure the virtual machine manager 11 in a software manner, and virtualize a plurality of virtual machines 12 through a virtualization technology, where the plurality of virtual machines 12 may be managed by the virtual machine manager 11, for example, the virtual machine manager 11 manages the virtual machine memory of the virtual machines 12;
the memory controller 2 is a hardware that controls the memory 3 and makes the memory 3 exchange data with the CPU core, and part or all of the memory 3 may be used as a virtual machine memory to allocate a memory space for the virtual machine; in a typical computer system, the memory controller 2 is responsible for processing a memory access request, and for the memory access request, the memory controller 2 may detect whether the cache records an address corresponding to the memory access request, if so, read the data corresponding to the address from the cache, otherwise, traverse the page table of the memory to find the address and read the data corresponding to the address.
The system architecture shown in fig. 1 may be implemented based on a conventional virtualization technology, which does not perform security protection on the virtual machine memory, so that security of virtual machine data in the virtual machine memory is threatened, and in order to improve security of virtual machine data in the virtual machine memory, a security virtualization technology different from the conventional virtualization technology is generated;
The secure virtualization technology is a virtualization technology capable of performing secure protection on the virtual machine memory, for example, may perform secure protection such as encryption on the virtual machine memory, and of course, the secure virtualization technology may also perform secure protection such as isolation on the virtual machine memory;
in an example secure virtualization technology, part or all of virtual machine memories of a virtual machine can be encrypted by the secure virtualization technology, and different virtual machine memories are encrypted by different keys, so that a virtual machine manager cannot access the keys, and access and tampering of a physical host and the virtual machine manager to virtual machine data in the virtual machine memories are prevented, and the security of the virtual machine data is improved;
as an alternative example, based on the secure virtualization technology, fig. 2 shows another system architecture schematic diagram of the virtualized environment, and in conjunction with fig. 1 and fig. 2, the system architecture shown in fig. 2 may further include, compared to the system architecture shown in fig. 1: a security processor 4;
the secure processor 4 is a specially configured processor responsible for processing operations related to security of the virtual machine, for example, the secure processor 4 may perform operations such as encryption and decryption on the memory of the virtual machine; in the embodiment of the invention, the virtual machine manager 11 can configure an API interface which is communicated with the secure processor 4, so that the data interaction between the virtual machine manager 11 and the secure processor 4 is realized;
In the embodiment of the present invention, the memory controller 2 may configure the encryption engine 21, and the encryption engine 21 may store the key;
the secure processor 4 may encrypt some or all of the virtual machine memory with a key stored by the encryption engine 21, and different virtual machine memories with different keys; optionally, to better prevent replay attacks, different physical addresses in the virtual machine memory may use different encryption parameters; it should be noted that Replay Attacks (Replay Attacks) are also called Replay Attacks and Replay Attacks, and refer to that an attacker sends a packet received by a destination host to achieve the purpose of spoofing a system, and the correctness of authentication is destroyed mainly in an identity authentication scene.
For example, fig. 3 shows a schematic micro-architecture diagram of a secure virtualization technology, as shown in fig. 3, the secure processor is a processor in an SoC (System on Chip) for processing memory encryption and decryption of a virtual machine and starting the virtual machine, the secure processor 4 may interact with the CPU core 1 through an API interface, and the secure processor 4 interacts with the memory controller (memory controller) 2 through a bus and runs a program;
the components involved in the SoC are a CPU core 1, a security processor 4, and a memory controller 2; the SOC is externally designed with a memory 3 (e.g., dynamic random access memory DRAM, etc.); optionally, the data outside the SOC may be encrypted ciphertext, and the SOC is plaintext;
In fig. 3, a plurality of VEKs (Virtualization Encrypted Key, virtual machine encryption keys) are used for different virtual machines, so that each different virtual machine (or host) can have its own independent key, and it is ensured that the different virtual machines and hosts cannot read the correct data of other virtual machines or hosts.
Alternatively, in the System architecture shown in fig. 2 and 3, the CPU core, the memory controller, and the security processor may be integrated on an SOC (System on Chip); it should be apparent that SOC is only an alternative form of computer architecture, and embodiments of the present invention may support other forms of computer architecture, such as a computer architecture in which a processor and a south bridge are coupled, a computer architecture in which a south bridge and a north bridge are separately configured, etc., where a CPU core, a memory controller, a memory, and a secure processor may be deployed accordingly, which is not further described herein.
The secure virtualization technology enables different virtual machines or hosts to not correctly read memory data among the virtual machines by using different secret keys, so that the protection requirement of data confidentiality in the memory of the virtual machine is met, but the hosts are authorized to modify the data in the memory of the virtual machine and are not found, and the data integrity protection of the memory of the virtual machine is lacked;
Based on this, in the embodiment of the present invention, the memory 3 includes a secure memory (space) and a normal memory (space), the secure memory may include a plurality of secure memory areas, and the normal memory may include a plurality of normal memory areas; generally, the security of the secure memory is higher than that of the common memory, for example, the secure memory can adopt a secure protection mechanism;
for example, fig. 4 shows a schematic diagram of a physical memory that may include a secure memory and a normal memory, and as an alternative implementation, the embodiments of the present invention may mark a plurality of memory areas (where the plurality of memory areas may be part of a memory or may be all of a memory) in the memory as the secure memory; for example, the address range of the memory area of the secure memory is recorded through a physical register, so that the secure memory is marked through hardware and protected by adopting a secure protection mechanism (for example, the secure memory can be protected by using encryption, isolation and other mechanisms); the non-secure memory in the memory can be called a common memory, and the common memory is not generally protected by a security protection mechanism; the safety of the safe memory can be higher than that of the common memory;
as an optional example, the size of the secure memory may be larger than the normal memory, and of course, the embodiment of the present invention may also support that the size of the secure memory may be smaller than the normal memory; it should be noted that, in the example shown in fig. 4, the secure memory is a partial memory area of the memory, and the embodiment of the present invention may also support the secure memory as an entire memory area of the memory;
Alternatively, a virtual machine using a security protection mechanism may be referred to as a secure virtual machine, for example, a virtual machine using secure memory may be referred to as a secure virtual machine, a virtual machine not using a security protection mechanism may be referred to as a general virtual machine, for example, a virtual machine using general memory may be referred to as a general virtual machine, and generally, the security of the secure virtual machine may be higher than that of the general virtual machine.
On the basis that the memory comprises a safe memory and a common memory, when the virtual machine is started, special safe hardware (such as a safe processor) can set the safe memory exclusive to the safe virtual machine in the safe memory, so that the safe memory (space) of the safe virtual machine is allocated, and the safe memory of the safe virtual machine is subjected to access control, so that even a virtual machine manager cannot access the safe memory of the safe virtual machine;
as an alternative implementation, fig. 5 shows a memory access schematic architecture of a secure memory and a normal memory, as shown in fig. 5, for any client, a guest OS (Operating System) may run in the normal memory, or may run in the secure memory, or may run in both the normal memory and the secure memory, where the guest OS runs on a virtual machine;
If the client OS of the virtual machine runs in the common memory, the virtual machine is the common virtual machine, and the memory of the common virtual machine is managed by a virtual machine manager; if the guest OS of the virtual machine runs in the secure memory, the virtual machine is a secure virtual machine, and the memory of the secure virtual machine can be managed by a secure processor or a main virtual machine; in this way, the secure memory of the secure virtual machine may be made inaccessible even to the virtual machine manager, which may run on top of the host OS; in other words, the embodiment of the invention can isolate the memory access among different virtual machines by isolating the exclusive safe memory of the safe virtual machine, so that even a host cannot access the data of the safe virtual machine in the protected safe memory.
It should be noted that, if the secure virtualization technology is improved, management of the virtual machine memory is handed over by the virtual machine manager to the secure processor, and although the security of the virtual machine memory can be improved, the secure processor will become a performance bottleneck (the performance of the secure processor is generally weaker than that of the general-purpose processor); therefore, in order to perform memory management on the virtual machine, both safety and performance are considered, the embodiment of the invention can design a special virtual machine to manage the memory used by other virtual machines, wherein the special virtual machine can be called a master virtual machine, and other virtual machines except the master virtual machine can be called slave virtual machines.
Optionally, the master virtual machine may be a virtual machine with a trust root configured by a secure processor, such as a virtual machine signed and authenticated by the secure processor, where the code of the master virtual machine may be set in advance in a software form, and the secure processor is responsible for configuring the master virtual machine, and grants memory management authority to the slave virtual machine to the master virtual machine in the process of configuring the master virtual machine, so that the memory management work to the slave virtual machine is implemented by the master virtual machine.
After isolating the exclusive secure memory from the secure virtual machine, access control to the secure memory of the secure virtual machine may be performed by the memory controller by configuring access rights for the secure memory of the secure virtual machine (the configuration of access rights may be performed by the secure processor or the host virtual machine), such that an access request to the secure memory of the secure virtual machine (which may be issued by the host or the virtual machine) is allowed to be performed only if the configured access rights are met.
Optionally, after isolating the secure virtual machine from the exclusive secure memory, in order to enable the secure virtual machine to exchange necessary information with the host, in the embodiment of the present invention, the common memory may include a shared common memory shared by the secure virtual machine and the host (e.g. a virtual machine manager running on the host), as shown in fig. 6, which illustrates another memory access schematic architecture of the secure memory and the common memory, where the shared common memory may be accessed by the virtual machine manager and the secure virtual machine running on the secure memory together for information interaction.
As an alternative implementation, the secure memory may include a plurality of secure memory regions, the normal memory may include a plurality of normal memory regions, and an address range of the memory regions in the memory may be indicated by a physical register; optionally, in the embodiment of the present invention, a physical register indicating an address range may be set for each secure memory area, so as to implement definition of each secure memory area in the secure memory; for example, a pair of physical registers may indicate an address range of a secure memory area, e.g., a pair of physical registers may indicate a start address and a size of a secure memory area, e.g., as shown in fig. 7, one physical register of the pair indicates a start address of a secure memory area, and the other physical register indicates a size of a secure memory area, thereby defining the secure memory area; the embodiment of the invention can define a plurality of safe memory areas through a plurality of pairs of physical registers; the indication of the address range of the common memory area is realized in the same way;
as a possible alternative implementation, one physical register may indicate an address mask or end address of the secure memory area, among a pair of physical registers indicating an address range of the secure memory area, in addition to the start address of the secure memory area, the other physical register may indicate an address mask or end address of the secure memory area, etc., without being limited to indicating the size of the secure memory area.
According to the scheme provided by the embodiment of the invention, the memory data of different virtual machines can be isolated, so that the exclusive safe memory can be isolated for the safe virtual machine, the host cannot access the safe memory of the safe virtual machine, the threat that the data of the safe memory of the safe virtual machine is tampered by the host is avoided, the integrity protection can be provided for the memory data in the safe memory of the safe virtual machine, and the safety of the virtual machine data is improved.
In the secure virtualization technology, the page table of the virtual machine is maintained by the host, so that the host can achieve the purpose of arbitrarily exchanging the pages of the virtual machine by tampering with the information of the page table of the virtual machine, which definitely damages the integrity of the memory data of the virtual machine;
based on this, the inventors of the present invention propose improvements to the secure virtualization technique: for the secure virtual machine, besides setting the exclusive secure memory of the secure virtual machine, the data of the secure virtual machine is in the isolated secure memory, and the page table of the secure virtual machine is also in the secure memory (Secure Memory Region, SMR) of the secure virtual machine, so that the host cannot access the information of the page table of the secure virtual machine;
In the embodiment of the invention, the page table of the secure virtual machine can be protected by the secure memory (for example, the page table can be a mapping page table from a virtual machine physical address to a host physical address), that is, the secure memory should store at least the page table of the secure virtual machine, and of course, can also store the data of the secure virtual machine; the page table protected by the secure memory according to the embodiment of the present invention may be referred to as a secure page table.
It should be noted that, the page table referred to in the embodiments of the present invention may be, for example, a mapping page table from a virtual machine physical address to a host physical address, and is not specific to a certain virtualization technology, but may be adapted to all possible virtualization technologies; in one possible virtualization technique, the page table referred to by the embodiments of the present invention may be a nested page table, and accordingly, the page table protected by the secure memory may be referred to as a secure nested page table;
the memory is generally in units of memory pages and is managed by using a multi-level page table; the last-stage page table stores the mapping from virtual address to physical address, called page table item; in other page tables than the last page table, the upper page table holds a mapping of virtual addresses to lower page tables, called page directories.
In secure virtualization technology, the starting address of the page table is typically located in a virtual machine control block describing the state of the virtual machine, e.g., pointed to the page table by control registers in the virtual machine control block; optionally, the virtual machine control block is an information structure describing a state of a virtual processor of the virtual machine, and by way of example, the control block of the virtual machine may describe a state of a logic core corresponding to the virtual machine in the CPU, that is, a state of the virtual processor corresponding to the virtual machine;
It should be noted that, the virtual machine control block according to the embodiment of the present invention does not refer to a certain virtualization technology, but is applicable to all possible virtualization technologies; in different virtualization technologies, the naming of the virtual machine control blocks may not be uniform, and may be, for example, a virtual machine control structure.
Optionally, the starting address of the page table may be located in a virtual machine control block, where the virtual machine control block may be used to describe a state of a virtual processor corresponding to the virtual machine, and a control register in the virtual machine control block points to the page table;
different from the case that the virtual machine control block is maintained by the host, the virtual machine control block of the secure virtual machine is not maintained by the virtual machine manager in the embodiment of the invention, and the embodiment of the invention can further isolate a special secure memory area in the secure memory of the secure virtual machine for storing the virtual machine control block of the secure virtual machine; the special secure memory region, which may be referred to as a secure control memory region (Secure Memory Control Region, SMCR), is inaccessible to neither the virtual machine nor the host (e.g., virtual machine manager), and is accessed by the secure processor or the host virtual machine;
optionally, in the case where the memory includes a normal memory and a secure memory, and an exclusive secure memory is isolated for the secure virtual machine, fig. 8 shows an architecture schematic with an SMCR, as shown in fig. 8, a virtual machine control block of the secure virtual machine is not maintained by a virtual manager of the host, but an SMCR is further isolated in the secure memory of the secure virtual machine, the virtual machine control block is stored by the SMCR, and a virtual machine control block and a page table for managing the secure virtual machine are implemented by the secure processor or the host virtual machine;
Meanwhile, the page table of the secure virtual machine is stored in the secure memory of the secure virtual machine, the control register of the virtual machine control block stored in the SMCR points to the page table of the secure virtual machine, and the mapping of the physical address of the secure memory can be managed through the page table of the secure virtual machine, so that the mapping from the virtual machine physical address of the secure virtual machine to the host (host machine) physical address is realized.
It can be seen that, in the embodiment of the present invention, the virtual machine control block of the secure virtual machine is located in the secure control memory area, and the starting address of the page table of the secure virtual machine is located in the secure memory; for the normal virtual machine, the virtual machine control block of the normal virtual machine is not located in the secure memory (and therefore is not located in the SMCR), and the starting address of the page table of the normal virtual machine is not located in the secure memory.
As an alternative implementation, based on the address range of the secure memory area being indicated by the physical register, the embodiment of the present invention may set a specific physical register with a specific flag bit to indicate the address range of the secure control memory area, for example, as shown in fig. 9, the address range of the secure control memory area may be indicated by a pair of specific physical registers with specific flag bits, where a specific physical register with a specific flag bit indicates the start address of the secure control memory area, and a specific physical register with another specific flag bit indicates the size of the secure control memory area.
It can be seen that, in the embodiment of the present invention, the secure virtual machine may be allocated with a secure memory protected by using a secure protection mechanism, that is, the secure memory may include a plurality of secure memory areas; at least one secure memory region of the plurality of secure memory regions may be isolated as a secure control memory region for storing virtual machine control blocks of the secure virtual machine, a non-secure control memory region of the plurality of secure memory regions may be used to store at least page tables of the secure virtual machine, and the secure virtual machine control blocks of the secure virtual machine stored in the secure control memory region may point to the page tables of the secure virtual machine stored in the non-secure control memory region.
As an alternative implementation, the secure memory area may be indicated by a physical register for an address range, and a particular physical register for the address range for the secure control memory area has a particular flag bit.
According to the scheme provided by the embodiment of the invention, the page table of the secure virtual machine can be stored in the secure memory of the secure virtual machine, the secure memory is protected by adopting a secure protection mechanism, the secure protection of the page table of the secure virtual machine can be realized, and the risk of tampering the page table of the secure virtual machine by a host is avoided; and the security control memory area is isolated from the security memory of the security virtual machine and used for storing the virtual machine control block of the security virtual machine, and the virtual machine control block of the security control memory area points to the page table of the security virtual machine, so that the possibility that the virtual machine control block of the security virtual machine is tampered can be reduced, the security of the page table of the security virtual machine is further improved, and the data security of the memory of the virtual machine is further improved.
Optionally, further, in the case that a shared common memory shared by the secure virtual machine and the virtual machine manager is set in the common memory (optionally, the shared common memory may be dynamically set and adjusted), shared information (shared information may be part of nested pages) of the page table in the secure memory may be transferred to the shared common memory, so that the virtual machine manager may implement part of information acquisition of the page table of the secure virtual machine through the shared common memory, and optionally, the secure processor or the host virtual machine may have authority to determine part of information that may be shared in the page table of the secure virtual machine;
alternatively, fig. 10 shows an illustration of sharing information of page tables of a secure virtual machine to a virtual machine manager by sharing a common memory, which can be referred to; it can be seen that, since the page table of the secure virtual machine is still protected in the secure memory of the secure virtual machine, only part of the information of the page table of the secure virtual machine is recorded in the shared common memory, and therefore the virtual machine manager cannot tamper the page table of the secure virtual machine.
Optionally, on the basis that the page table of the secure virtual machine is stored in the secure memory of the secure virtual machine, and the secure memory further isolates the secure control memory area for storing the virtual machine control block, the CPU core may detect, in a microinstruction form, whether the virtual machine control block of the secure virtual machine is within the SMCR of the secure memory;
For example, when an instruction of the virtual machine is executed, the CPU core may detect whether a virtual machine control block of the secure virtual machine is in an SMCR of a secure memory of the secure virtual machine, and only if the detection result is yes, the secure virtual machine is executed, and if the detection result is no, a reminder, such as an error report, is executed;
optionally, fig. 11 shows a flow of a detection method provided by an embodiment of the present invention, where the flow of the method may be executed by a CPU core, and referring to fig. 11, the flow of the method may include:
step S10, when the virtual machine is operated, detecting whether a virtual machine control block of the secure virtual machine is in the SMCR of the secure memory of the secure virtual machine, if not, executing step S11, and if so, executing step S12.
Optionally, the embodiment of the invention can judge whether the starting address of the virtual machine control block of the secure virtual machine is in the address range of the SMPR, thereby realizing the SMPR for detecting whether the virtual machine control block of the secure virtual machine is in the secure memory of the secure virtual machine.
For example, in the case where the address range of the SMCR is indicated by a specific physical register, embodiments of the present invention may determine whether the starting address of the virtual machine control block is within the address range indicated by the specific physical register;
For example, where one particular physical register of a pair of particular physical registers indicates the starting address of the SMCR and the other particular physical register indicates the size of the SMCR, embodiments of the present invention may require that the starting address and size of the SMCR indicated by the particular physical register be aligned by a multiple of the memory page size, e.g., the starting address of the SMCR should be the starting address of a memory page and the size of the SMCR should be an integer multiple of the memory page size; the starting address of the virtual machine control block is required to be aligned according to the size of the memory page, for example, the starting address of the virtual machine control block is the starting address of a memory page;
thus, the embodiment of the invention can consider that the virtual machine control block of the secure virtual machine is in the SMCR when judging the following result: the starting address of the SMCR is less than or equal to the starting address of a virtual machine control block of the secure virtual machine < the starting address of the SMCR+the size of the SMCR; assuming that the starting address of the SMCR is base and the size is size, and the starting address of the virtual machine control block of the secure virtual machine is start_address, base is less than or equal to start_address < base+size.
As another example, where one particular physical register of a pair of particular physical registers indicates a start address of an SMCR and the other particular physical register indicates an address mask of the SMCR, embodiments of the present invention may consider a virtual machine control block of a secure virtual machine to be within the SMCR when determining the following result: the result of the negation and operation of the starting address of the SMPR and the address mask of the SMPR is equal to the result of the negation and operation of the starting address of the virtual machine control block and the address mask of the SMPR; assuming that the address mask of the SMCR is mask, when the base & (mask) and the start_address & (mask) are equal, the virtual machine control block of the secure virtual machine is considered to be within the SMCR.
And S11, reminding.
Optionally, such as reporting errors.
And step S12, running the secure virtual machine.
Further, the CPU core may further detect whether a virtual machine control block of the general virtual machine is stored in the general memory, for example, may determine whether a start address of the virtual machine control block of the general virtual machine is located in an address range of the general memory area; the CPU core may also detect whether the virtual machine control block of the general virtual machine does not point to the secure memory, e.g., whether the address pointed to by the virtual machine control block of the general virtual machine is not within the address range of the secure memory area;
if the virtual machine control block of the common virtual machine is not located in the common memory, and/or the virtual machine control block of the common virtual machine points to the secure memory, reminding (such as error reporting) is performed; if the virtual machine control block of the common virtual machine is located in the common memory and the virtual machine control block of the common virtual machine does not point to the secure memory, the common virtual machine can be operated.
The scheme provided by the embodiment of the invention can realize the safety protection of the page table of the safety virtual machine and avoid the risk of the host tampering with the page table of the safety virtual machine.
Alternatively, further, the inventors of the present invention found that: the secure virtualization technology can adopt a virtual machine control block of a secure virtual machine to describe the state of a virtual processor corresponding to the secure virtual machine, but the virtual machine control block of the secure virtual machine can only describe the state (such as an initial state) of one virtual processor independently, and lacks description of the whole state of the virtual machine; meanwhile, only the data of each memory page of the secure virtual machine is protected when the secure virtual machine is initialized, but the address information of the data is not protected, so that a malicious virtual machine manager can randomly exchange the distribution of the initial data of the secure virtual machine in the memory when the virtual machine is started;
Based on this, the inventors of the present invention further propose to improve the secure virtualization technique: in addition to using the virtual machine control blocks to separately describe the states of the single virtual processor, the secure processor or the main virtual machine can define a secure code control information structure (SCCS) for each secure virtual machine; the security code control information structure of a virtual machine is used to describe the overall initial state of the secure virtual machine, including but not limited to: the distribution condition of the safe virtual machine in the virtual address space, the address distribution of all data in the initial state of the safe virtual machine, the number of virtual processors used by the safe virtual machine, the initial state of each virtual processor and other information; the embodiment of the invention better ensures the integrity of the initial state of the secure virtual machine through the secure code control information structure.
Optionally, the security code control information structure of the security virtual machine may be defined by the security processor or the host virtual machine through software, and stored in the security memory of the security virtual machine; preferably, each virtual machine control block of the secure virtual machine may reserve an address field (located in the secure memory) that may be used to hold a starting address of the secure code control information structure, thereby implementing the secure code control information structure of the secure virtual machine by way of virtual machine control block pointing of the secure virtual machine;
Optionally, the virtual machine control block generally corresponds to a physical page in the memory and may be divided into a plurality of fields, for example, each field may be several bytes or one bit; the embodiment of the invention can use the unused Reserve field in the virtual machine control block of the secure virtual machine as the address field, for example, 8 aligned consecutive bytes can be arbitrarily selected from the Reserve field as the address field, so as to save the starting address of the secure code control information structure of the secure virtual machine.
Further, the address field (starting address) in the virtual machine control block of the same secure virtual machine may be initialized to the same value (e.g., initialized by the secure processor or the host virtual machine) and not changed in the life cycle of the entire secure virtual machine.
The embodiment of the invention uses the security code control information structure to describe the whole initial state of the security virtual machine, can provide a security virtual machine environment, and prevents hackers controlling the management codes of the virtual machine from stealing the content of the security virtual machine; under the condition that the security code control information structure is not set to uniformly describe the whole initial state of the security virtual machine, for different virtual processors of the same security virtual machine, hardware is difficult to identify whether the different virtual processors are from the same security virtual machine, at the moment, if an attacker creates one virtual processor and then accesses the resource of the other virtual processor through the virtual processor, as the hardware cannot identify whether the two virtual processors belong to the same security virtual machine, whether the access is illegal or not cannot be judged, so that illegal access cannot be prevented;
by setting the security code control information structure, the embodiment of the invention can enable the virtual processors of different security virtual machines to have different security code control information structures, thereby rejecting illegal access among the virtual processors not belonging to the same security virtual machine and protecting the data security of the security virtual machine.
As an optional implementation, the hardware (such as a CPU core) may determine and verify whether different virtual machine control blocks belong to different virtual processors of the same secure virtual machine by detecting whether SCCS pointed to by the different virtual machine control blocks are the same, that is, when SCCS pointed to by the different virtual machine control blocks are the same, the embodiment of the present invention considers that the different virtual machine control blocks belong to different virtual processors of the same secure virtual machine, and one virtual machine control block of the secure virtual machine may correspond to one virtual processor of the secure virtual machine;
alternatively, fig. 12 shows a method flow of determining a virtual processor to which a virtual machine control block belongs, and the method shown in fig. 12 may be executed by a CPU core in the form of microinstructions, and referring to fig. 12, the method flow may include:
step S20, determining at least two virtual machine control blocks.
The at least two virtual machine control blocks may belong to the same secure virtual machine or may belong to different secure virtual machines.
Step S21, determining the same virtual machine control block of the pointed SCCS.
The address field of the virtual machine control block indicates the starting address of the pointed SCCS, and the embodiment of the invention can determine the pointed SCCS of the virtual machine control block through the address field of the virtual machine control block, if the address fields of the virtual machine control block are the same, the pointed SCCS of the virtual machine control block is the same, so that the pointed SCCS of the same virtual machine control block can be determined.
In step S22, the virtual machine control blocks with the same pointed SCCS are determined to belong to a secure virtual machine, and the virtual machine control blocks with the same pointed SCCS belong to a virtual processor of the secure virtual machine.
By way of example, as shown in FIG. 13, address fields of virtual machine control block 1 point to SCCS1, address fields of virtual machine control block 2 point to SCCS1, and address fields of virtual machine control block 3 point to SCCS2; it may be determined that the virtual machine control block 1 and the virtual machine control block 2 point to the same SCCS, that the virtual machine control block 1 and the virtual machine control block 2 belong to different virtual processors of the same secure virtual machine, e.g., that the virtual machine control block 1 belongs to the virtual processor 11 of the secure virtual machine 1, and that the virtual machine control block 2 belongs to the virtual processor 12 of the secure virtual machine 1; whereas, since the SCCS to which the virtual machine control block 3 points is different from the virtual machine control block 1 and the virtual machine control block 2, the virtual machine control block 3 and the virtual machine control block 1 and the virtual machine control block 2 belong to different secure virtual machines, for example, the virtual machine control block 3 belongs to the virtual processor 21 of the secure virtual machine 2.
Optionally, for virtual processors that do not belong to the same secure virtual machine, the embodiment of the invention can reject access between virtual processors that do not belong to the same secure virtual machine, thereby further protecting the data security of the secure virtual machine; while allowing access between virtual processors belonging to the same secure virtual machine.
The embodiment of the invention can limit the virtual machine control block and SCCS of the secure virtual machine to be in the secure memory, so that the virtual machine manager can not modify various control information and state information about the secure virtual machine in the virtual control block; as an alternative implementation, embodiments of the present invention may also support that some of the information in the virtual machine control block may be modified by the host, e.g., information in the SCCS that allows the virtual machine control block to be modified by the host may be defined.
Alternatively, table 1 below shows an illustration of various fields and field descriptions of an example SCCS, to which reference may be made.
TABLE 1
Optionally, the embodiment of the present invention may apply for modifying the state information of the virtual machine control block of the secure virtual machine to the secure processor or the host virtual machine; the security code control information structure of the security virtual machine can define the modification attribute of the information of the virtual machine control block, so that the security processor or the main virtual machine can assist in modifying the information of the virtual machine control block according to the modification attribute defined by the security code control information structure;
for example, when the target information of the virtual machine control block of the secure virtual machine needs to be modified, the CPU core or the secure processor may acquire a secure code control information structure defined for the secure virtual machine; wherein the secure code control information structure further defines modification attributes of information in a virtual machine control block of the secure virtual machine, the modification attributes including modifiable and non-modifiable; thus, the modification attribute of the target information can be determined according to the security code control information structure; if the modification attribute of the target information is modifiable, allowing modification of the target information; and if the modification attribute of the target information is non-modifiable, refusing to modify the target information.
Alternatively, the target information may be any information of a virtual machine control block of the secure virtual machine.
Optionally, the above procedure of modifying the target information of the virtual machine control block of the secure virtual machine may be executed by the CPU core or the secure processor; for example, the CPU core may execute the above procedure through a special instruction, and for example, the host may modify the information in the virtual machine control block through the secure processor, where the secure processor may determine whether the information in the virtual machine control block may be modified by querying the secure code control information structure.
Alternatively, the security code control information structure may define modification attributes of respective field information of a virtual machine control block of the secure virtual machine.
Further, the virtual machine control block includes: control zone information and state save zone information; the control area information comprises a plurality of pieces of control information of the virtual machine control block, and the state save area information comprises a plurality of pieces of state information of the virtual machine control block;
optionally, the security code control information structure defines modification attributes defined for each control information of the control area information, and modification attributes defined for each status information of the status save area information.
Optionally, the modification attribute of the control information of the control area information includes modifiable and non-modifiable; the modification attribute of the state save area information is non-modifiable.
Optionally, the modifiable modification attribute is represented by a first value of the tag information and the non-modifiable modification attribute is represented by a second value of the tag information, the first value being logically opposite to the second value, e.g., a first value of 1 for a bit value and a second value of 0 for a bit value.
The foregoing describes several embodiments of the present invention, and the various alternatives presented by the various embodiments may be combined, cross-referenced, with each other without conflict, extending beyond what is possible embodiments, all of which are considered to be embodiments of the present invention disclosed and disclosed.
The embodiment of the invention also provides a detection device, which can be considered as a micro instruction logic architecture of the CPU core optionally; the content of the detection means described below may be referred to in correspondence with the above.
Fig. 14 is a block diagram of a detection device according to an embodiment of the present invention, and referring to fig. 14, the detection device may include:
a first detection module 100, configured to detect whether a virtual machine control block of a secure virtual machine is located in a secure control memory area of a secure memory of the secure virtual machine; the secure memory comprises: a plurality of secure memory regions; at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing virtual machine control blocks of a secure virtual machine, a non-secure control memory area of the plurality of secure memory areas is used for storing at least page tables of the secure virtual machine, and a virtual machine control block of the secure virtual machine points to the page tables of the secure virtual machine;
The first reminding module 110 is configured to remind if the virtual machine control block of the secure virtual machine is not located in the secure control memory area of the secure memory of the secure virtual machine.
Optionally, the secure memory may be a virtual machine memory allocated for the secure virtual machine and protected by a secure protection mechanism.
Optionally, the first detection module 100 is configured to detect whether a virtual machine control block of a secure virtual machine is located in a secure control memory area of a secure memory of the secure virtual machine, and specifically includes:
detecting whether the starting address of a virtual machine control block of the secure virtual machine is in the address range of the secure control memory area; and if the starting address of the virtual machine control block of the secure virtual machine is in the address range of the secure control memory area, the virtual machine control block of the secure virtual machine is located in the secure control memory area.
Optionally, the address range of the secure control memory area is indicated by a pair of specific physical registers, one specific physical register of the pair of specific physical registers indicating a start address of the secure control memory area, the other specific physical register indicating a size of the secure control memory area;
The first detection module 100 is configured to detect whether a start address of a virtual machine control block of a secure virtual machine is within an address range of the secure control memory area, and specifically includes:
detecting whether the starting address of a virtual machine control block of the secure virtual machine is not smaller than the starting address of the secure control memory area and smaller than the starting address of the secure control memory area plus the size of the secure control memory area.
Optionally, fig. 15 shows another block diagram of a detection device provided in an embodiment of the present invention, and in combination with fig. 14 and fig. 15, the detection device may further include:
a second detecting module 120, configured to detect an instruction for running a virtual machine before performing the step of detecting whether a virtual machine control block of the secure virtual machine is located in a secure control memory area of a secure memory of the secure virtual machine;
the running secure virtual machine module 130 is configured to run the secure virtual machine if a virtual machine control block of the secure virtual machine is located in a secure control memory area of a secure memory of the secure virtual machine.
Optionally, fig. 16 shows a further block diagram of a detection device according to an embodiment of the present invention, and in combination with fig. 15 and fig. 16, the detection device may further include:
The third detection module 140 is configured to detect whether a virtual machine control block of the common virtual machine is stored in the common memory, and detect whether the virtual machine control block of the common virtual machine does not point to the secure memory;
the running normal virtual machine module 150 is configured to run the normal virtual machine if the virtual machine control block of the normal virtual machine is stored in the normal memory and the virtual machine control block of the normal virtual machine does not point to the secure memory;
the second reminding module 160 is configured to remind if the virtual machine control block of the common virtual machine is not stored in the common memory and/or the virtual machine control block of the common virtual machine points to the secure memory.
Optionally, fig. 17 shows a further block diagram of a detection device provided by an embodiment of the present invention, and in combination with fig. 14 and fig. 17, the detection device may further include:
a fourth detection module 170, configured to detect whether the security code control information structures pointed by at least two virtual machine control blocks are the same; the secure code control information structure is used for describing the overall initial state of the secure virtual machine, and an address field is reserved in a virtual machine control block of the secure virtual machine and used for storing the starting address of the secure code control information structure of the secure virtual machine; address fields in virtual machine control blocks of the same secure virtual machine are initialized to the same value, so that secure code control information structures pointed by different virtual machine control blocks of the same secure virtual machine are the same;
The determining module 180 is configured to determine that the virtual processors corresponding to the at least two virtual machine control blocks belong to the same secure virtual machine if the secure code control information structures pointed by the at least two virtual machine control blocks are the same.
Optionally, fig. 18 shows still another block diagram of a detection device provided by an embodiment of the present invention, and in conjunction with fig. 17 and fig. 18, the detection device may further include:
an access permission module 190, configured to allow access between virtual processors corresponding to the at least two virtual machine control blocks if the security code control information structures pointed to by the at least two virtual machine control blocks are the same;
and the access rejection module 200 is configured to reject access between virtual processors corresponding to the at least two virtual machine control blocks if the security code control information structures pointed by the at least two virtual machine control blocks are different.
Optionally, fig. 19 shows a further block diagram of a detection device according to an embodiment of the present invention, and in combination with fig. 17 and fig. 19, the detection device may further include:
a modification module 210, configured to obtain a secure code control information structure defined for a secure virtual machine when target information of a virtual machine control block of the secure virtual machine needs to be modified; determining modification attributes of the target information according to the security code control information structure; if the modification attribute of the target information is modifiable, allowing modification of the target information; if the modification attribute of the target information is non-modifiable, refusing to modify the target information;
Wherein the secure code control information structure further defines modification attributes of information in a virtual machine control block of the secure virtual machine, the modification attributes including modifiable and non-modifiable.
Optionally, the embodiment of the invention further provides a CPU core, which includes the detection device.
Optionally, an embodiment of the present invention further provides a chip, which may, for example, be an SoC chip, and the chip may include a secure processor, a virtual machine memory as described above, and a CPU core as described above.
Optionally, the embodiment of the invention further provides an electronic device, which may include the chip. The electronic device may be a terminal device or a server device.
Although the embodiments of the present invention are disclosed above, the present invention is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the invention, and the scope of the invention should be assessed accordingly to that of the appended claims.
Claims (21)
1. A method of detection comprising:
detecting whether a virtual machine control block of a secure virtual machine is positioned in a secure control memory area of a secure memory of the secure virtual machine; the secure memory comprises: a plurality of secure memory regions; at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing virtual machine control blocks of a secure virtual machine, a non-secure control memory area of the plurality of secure memory areas is used for storing at least page tables of the secure virtual machine, and a virtual machine control block of the secure virtual machine points to the page tables of the secure virtual machine; the virtual machine or the host cannot access the safety control memory area;
And if the virtual machine control block of the secure virtual machine is not positioned in the secure control memory area of the secure memory of the secure virtual machine, reminding.
2. The method according to claim 1, wherein detecting whether a virtual machine control block of a secure virtual machine is located in a secure control memory area of a secure memory of the secure virtual machine comprises:
detecting whether the starting address of a virtual machine control block of the secure virtual machine is in the address range of the secure control memory area; and if the starting address of the virtual machine control block of the secure virtual machine is in the address range of the secure control memory area, the virtual machine control block of the secure virtual machine is located in the secure control memory area.
3. The method of claim 2, wherein the address range of the secure control memory area is indicated by a pair of specific physical registers, one specific physical register of the pair indicating a starting address of the secure control memory area and the other specific physical register indicating a size of the secure control memory area;
the detecting whether the starting address of the virtual machine control block of the secure virtual machine is within the address range of the secure control memory area includes:
Detecting whether the starting address of a virtual machine control block of the secure virtual machine is not smaller than the starting address of the secure control memory area and smaller than the starting address of the secure control memory area plus the size of the secure control memory area.
4. A detection method according to any one of claims 1 to 3, further comprising:
detecting an instruction for running the virtual machine before executing the step of detecting whether a virtual machine control block of the secure virtual machine is located in a secure control memory area of a secure memory of the secure virtual machine;
and if the virtual machine control block of the secure virtual machine is positioned in the secure control memory area of the secure memory of the secure virtual machine, operating the secure virtual machine.
5. The method of detecting according to claim 4, further comprising:
detecting whether a virtual machine control block of a common virtual machine is stored in a common memory or not, and detecting whether the virtual machine control block of the common virtual machine does not point to a secure memory or not;
if the virtual machine control block of the common virtual machine is stored in the common memory and the virtual machine control block of the common virtual machine does not point to the secure memory, the common virtual machine is operated;
if the virtual machine control block of the common virtual machine is not stored in the common memory, and/or the virtual machine control block of the common virtual machine points to the secure memory, reminding is performed.
6. The method of detecting according to claim 1, further comprising:
detecting whether the security code control information structures pointed by at least two virtual machine control blocks are the same; the secure code control information structure is used for describing the overall initial state of the secure virtual machine, and an address field is reserved in a virtual machine control block of the secure virtual machine and used for storing the starting address of the secure code control information structure of the secure virtual machine; address fields in virtual machine control blocks of the same secure virtual machine are initialized to the same value, so that secure code control information structures pointed by different virtual machine control blocks of the same secure virtual machine are the same;
and if the security code control information structures pointed by the at least two virtual machine control blocks are the same, determining that the virtual processors corresponding to the at least two virtual machine control blocks belong to the same security virtual machine.
7. The method of detecting according to claim 6, further comprising:
if the security code control information structures pointed by the at least two virtual machine control blocks are the same, allowing access between virtual processors corresponding to the at least two virtual machine control blocks;
And if the security code control information structures pointed by the at least two virtual machine control blocks are different, refusing the access among the virtual processors corresponding to the at least two virtual machine control blocks.
8. The detection method according to claim 6 or 7, characterized by further comprising:
when target information of a virtual machine control block of a secure virtual machine needs to be modified, acquiring a secure code control information structure defined for the secure virtual machine; wherein the secure code control information structure further defines modification attributes of information in a virtual machine control block of the secure virtual machine, the modification attributes including modifiable and non-modifiable;
determining modification attributes of the target information according to the security code control information structure;
if the modification attribute of the target information is modifiable, allowing modification of the target information;
and if the modification attribute of the target information is non-modifiable, refusing to modify the target information.
9. A detection apparatus, characterized by comprising:
the first detection module is used for detecting whether a virtual machine control block of the secure virtual machine is positioned in a secure control memory area of a secure memory of the secure virtual machine; the secure memory comprises: a plurality of secure memory regions; at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing virtual machine control blocks of a secure virtual machine, a non-secure control memory area of the plurality of secure memory areas is used for storing at least page tables of the secure virtual machine, and a virtual machine control block of the secure virtual machine points to the page tables of the secure virtual machine; the virtual machine or the host cannot access the safety control memory area;
The first reminding module is used for reminding if the virtual machine control block of the secure virtual machine is not located in the secure control memory area of the secure memory of the secure virtual machine.
10. The virtual machine memory is characterized by comprising a secure memory allocated for a secure virtual machine; the secure memory includes: a plurality of secure memory regions;
at least one secure memory area of the plurality of secure memory areas is isolated as a secure control memory area for storing a virtual machine control block of a secure virtual machine; the virtual machine or the host cannot access the safety control memory area;
the non-secure control memory area is used for storing at least a page table of the secure virtual machine; and a virtual machine control block of the secure virtual machine points to a page table of the secure virtual machine.
11. The virtual machine memory of claim 10, wherein each secure memory region is indicated by a pair of physical registers for an address range; the safety control memory area indicates an address range by a pair of specific physical registers with specific flag bits; the virtual machine or host cannot access the secure control memory area.
12. The virtual machine memory of claim 11, wherein each secure memory region is indicated by one physical register indicating a starting address and the other physical register indicating a size of the secure memory region; the safety control memory area is indicated by a specific physical register with a specific flag bit, and the other specific physical register with a specific flag bit indicates the size of the safety control memory area.
13. The virtual machine memory of claim 12, wherein the starting address of the secure memory area is aligned with the starting address of a memory page of the secure memory, the secure memory area being an integer multiple of the size of the memory page.
14. The virtual machine memory of any one of claims 10-13, wherein the virtual machine memory further comprises a normal memory allocated for a normal virtual machine, the security of the secure memory being higher than the normal memory; the normal memory is at least stored with a virtual machine control block and a page table of the normal virtual machine, and the virtual machine control block of the normal virtual machine points to the page table of the normal virtual machine and does not point to the safe memory.
15. The virtual machine memory of claim 14, wherein the virtual machine control block of the secure virtual machine and the page table of the secure virtual machine are maintained by a secure processor or a host virtual machine; the host virtual machine is a virtual machine with a trust root configured by a secure processor.
16. The virtual machine memory of claim 15, wherein the common memory comprises a shared common memory shared by the secure virtual machine and the virtual machine manager, the shared common memory storing at least shared information of page tables of the secure virtual machine shared to the virtual machine manager.
17. The virtual machine memory of claim 10, wherein the non-secure control memory area of the secure memory further stores a secure code control information structure of the secure virtual machine;
the security code control information structure is used for describing the whole initial state of the security virtual machine and defining the modification attribute of the information of the virtual machine control block of the security virtual machine; the virtual machine control block of the secure virtual machine is reserved with an address field, and the address field is used for storing the starting address of the secure code control information structure; the address fields in the virtual machine control blocks of the same secure virtual machine are initialized to the same value, so that when the secure code control information structures pointed by different virtual machine control blocks of the same secure virtual machine are the same, the virtual processors corresponding to the different virtual machine control blocks belong to the same secure virtual machine.
18. The virtual machine memory of claim 17, wherein the address field is selected from a reserved field of a virtual machine control block.
19. A CPU core comprising the detection apparatus of claim 9.
20. A chip comprising a secure processor, a virtual machine memory according to any one of claims 10-18, and a CPU core according to claim 19.
21. An electronic device comprising the chip of claim 20.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811401839 | 2018-11-22 | ||
| CN2018114018390 | 2018-11-22 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109828827A CN109828827A (en) | 2019-05-31 |
| CN109828827B true CN109828827B (en) | 2023-10-27 |
Family
ID=66861836
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910059800.3A Active CN109828827B (en) | 2018-11-22 | 2019-01-22 | A detection method, device and related equipment |
| CN201910060494.5A Active CN109858265B (en) | 2018-11-22 | 2019-01-22 | Encryption method, device and related equipment |
| CN201910060502.6A Active CN109901911B (en) | 2018-11-22 | 2019-01-22 | An information setting method, control method, device and related equipment |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910060494.5A Active CN109858265B (en) | 2018-11-22 | 2019-01-22 | Encryption method, device and related equipment |
| CN201910060502.6A Active CN109901911B (en) | 2018-11-22 | 2019-01-22 | An information setting method, control method, device and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN109828827B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110348204B (en) * | 2019-06-17 | 2023-05-16 | 海光信息技术股份有限公司 | Code protection system, authentication method, device, chip and electronic equipment |
| CN110380854A (en) * | 2019-08-12 | 2019-10-25 | 南京芯驰半导体科技有限公司 | For root key generation, partition method and the root key module of multiple systems |
| CN111045605B (en) * | 2019-12-12 | 2023-10-20 | 海光信息技术股份有限公司 | Technical solutions to improve system security using processor cache and security processors |
| CN111143900B (en) * | 2019-12-24 | 2023-09-26 | 海光信息技术(苏州)有限公司 | Data processing and access control method, system, device, equipment and storage medium |
| US11604671B2 (en) | 2020-03-19 | 2023-03-14 | Red Hat, Inc. | Secure virtual machine and peripheral device communication |
| CN111984374B (en) * | 2020-08-20 | 2021-07-23 | 海光信息技术股份有限公司 | Method and system, apparatus and storage medium for managing secure memory |
| CN111949376B (en) * | 2020-08-24 | 2021-12-17 | 海光信息技术股份有限公司 | Virtual machine system and method for virtual machine system |
| CN111949995B (en) * | 2020-08-25 | 2021-07-16 | 海光信息技术股份有限公司 | Host CPU architecture system and method for securely managing hardware resources |
| CN112363797B (en) * | 2020-10-19 | 2022-04-05 | 海光信息技术股份有限公司 | Virtual machine safe operation method, electronic equipment and storage medium |
| CN112363800B (en) * | 2020-11-10 | 2023-03-07 | 海光信息技术股份有限公司 | Network card memory access method, security processor, network card and electronic equipment |
| CN112363801B (en) * | 2020-11-10 | 2022-10-21 | 海光信息技术股份有限公司 | Virtual machine migration method, processing method, system, device, chip and medium |
| CN112433817B (en) * | 2020-11-27 | 2022-11-25 | 海光信息技术股份有限公司 | Information configuration method, direct storage access method and related device |
| CN112748984B (en) * | 2020-12-28 | 2022-12-06 | 海光信息技术股份有限公司 | Virtual machine data processing, control method, processor, chip, device and medium |
| CN112540833B (en) * | 2020-12-28 | 2022-11-11 | 海光信息技术股份有限公司 | Process running method and device, processor, storage medium and electronic equipment |
| CN113342735B (en) * | 2021-06-28 | 2024-04-16 | 海光信息技术股份有限公司 | Processor chip and electronic equipment |
| CN113485785B (en) * | 2021-06-28 | 2023-10-27 | 海光信息技术股份有限公司 | A virtualized trusted platform module implementation method, security processor and storage medium |
| CN114564724A (en) * | 2021-12-30 | 2022-05-31 | 海光信息技术股份有限公司 | Method and device for protecting memory integrity of virtual machine, electronic equipment and storage medium |
| CN114579482B (en) * | 2022-01-17 | 2024-12-24 | 上海交通大学 | Hybrid physical memory protection method and system |
| CN114840862B (en) * | 2022-04-27 | 2026-02-27 | 海光信息技术股份有限公司 | Computing devices, physical input devices, physical output devices and data transmission methods |
| US12609811B2 (en) | 2022-07-28 | 2026-04-21 | Red Hat, Inc. | Secured peripheral device communication in virtualized computer system |
| US12494898B2 (en) | 2022-08-31 | 2025-12-09 | Red Hat, Inc. | Secured peripheral device communication via bridge device in virtualized computer system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572488A (en) * | 2015-02-13 | 2015-04-29 | 西安酷派软件科技有限公司 | Memory management method, memory management device and terminal |
| JP2015176292A (en) * | 2014-03-14 | 2015-10-05 | 三菱電機株式会社 | Information processing apparatus, information processing method, and program |
| EP2985718A1 (en) * | 2014-08-15 | 2016-02-17 | Intel Corporation | Technologies for secure inter-virtual-machine shared memory communication |
| CN106295267A (en) * | 2015-06-09 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The method and apparatus of private data in a kind of physical memory accessing electronic equipment |
| CN106445628A (en) * | 2015-08-11 | 2017-02-22 | 华为技术有限公司 | Virtualization method, apparatus and system |
| CN107038128A (en) * | 2016-02-03 | 2017-08-11 | 华为技术有限公司 | A kind of virtualization of performing environment, the access method of virtual execution environment and device |
| CN107450962A (en) * | 2017-07-03 | 2017-12-08 | 北京东土科技股份有限公司 | Abnormality eliminating method, apparatus and system under a kind of virtualization running environment |
| CN108509250A (en) * | 2017-02-28 | 2018-09-07 | 英特尔公司 | Secure public cloud with protected guest authenticated host controls |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050204357A1 (en) * | 2004-03-15 | 2005-09-15 | Ajay Garg | Mechanism to protect extensible firmware interface runtime services utilizing virtualization technology |
| JP4811271B2 (en) * | 2004-08-25 | 2011-11-09 | 日本電気株式会社 | Information communication apparatus and program execution environment control method |
| CN101719825A (en) * | 2009-04-30 | 2010-06-02 | 中兴通讯股份有限公司 | Method and system for realizing safe bifurcation call session in IP multimedia subsystem |
| CN102752301A (en) * | 2012-07-04 | 2012-10-24 | 深圳市京华科讯科技有限公司 | Data transmission system and data transmission method applied to virtualized environment |
| EP2876593B1 (en) * | 2013-11-21 | 2018-09-26 | Nxp B.V. | Method of generating a structure and corresponding structure |
| FR3020160B1 (en) * | 2014-04-16 | 2017-08-11 | Commissariat Energie Atomique | SYSTEM FOR EXECUTING A CODE WITH BLIND HYPERVISION MECHANISM |
| CN105718794B (en) * | 2016-01-27 | 2018-06-05 | 华为技术有限公司 | The method and system of safeguard protection are carried out to virtual machine based on VTPM |
| US10536274B2 (en) * | 2016-03-31 | 2020-01-14 | Intel Corporation | Cryptographic protection for trusted operating systems |
| CN106293873B (en) * | 2016-07-29 | 2019-11-05 | 北京北信源软件股份有限公司 | A method of it is accurate to obtain critical data position in virtual machine control block (VMCS) |
| CN106970823B (en) * | 2017-02-24 | 2021-02-12 | 上海交通大学 | Efficient nested virtualization-based virtual machine security protection method and system |
| CN107341115B (en) * | 2017-06-30 | 2021-07-16 | 联想(北京)有限公司 | Virtual machine memory access method and system and electronic equipment |
| CN107368354B (en) * | 2017-08-03 | 2021-02-02 | 海光信息技术股份有限公司 | Virtual machine security isolation method |
| CN107562515B (en) * | 2017-08-04 | 2021-09-07 | 海光信息技术股份有限公司 | A method of managing memory in virtualization technology |
| CN108599930B (en) * | 2018-04-02 | 2021-05-14 | 湖南国科微电子股份有限公司 | Firmware encryption and decryption system and method |
| CN108804203B (en) * | 2018-06-15 | 2019-06-21 | 四川大学 | Label-based vTPM privacy information protection method |
-
2019
- 2019-01-22 CN CN201910059800.3A patent/CN109828827B/en active Active
- 2019-01-22 CN CN201910060494.5A patent/CN109858265B/en active Active
- 2019-01-22 CN CN201910060502.6A patent/CN109901911B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2015176292A (en) * | 2014-03-14 | 2015-10-05 | 三菱電機株式会社 | Information processing apparatus, information processing method, and program |
| EP2985718A1 (en) * | 2014-08-15 | 2016-02-17 | Intel Corporation | Technologies for secure inter-virtual-machine shared memory communication |
| CN104572488A (en) * | 2015-02-13 | 2015-04-29 | 西安酷派软件科技有限公司 | Memory management method, memory management device and terminal |
| CN106295267A (en) * | 2015-06-09 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The method and apparatus of private data in a kind of physical memory accessing electronic equipment |
| CN106445628A (en) * | 2015-08-11 | 2017-02-22 | 华为技术有限公司 | Virtualization method, apparatus and system |
| CN107038128A (en) * | 2016-02-03 | 2017-08-11 | 华为技术有限公司 | A kind of virtualization of performing environment, the access method of virtual execution environment and device |
| CN108509250A (en) * | 2017-02-28 | 2018-09-07 | 英特尔公司 | Secure public cloud with protected guest authenticated host controls |
| CN107450962A (en) * | 2017-07-03 | 2017-12-08 | 北京东土科技股份有限公司 | Abnormality eliminating method, apparatus and system under a kind of virtualization running environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109858265A (en) | 2019-06-07 |
| CN109828827A (en) | 2019-05-31 |
| CN109901911B (en) | 2023-07-07 |
| CN109858265B (en) | 2022-01-28 |
| CN109901911A (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109828827B (en) | A detection method, device and related equipment | |
| US12189542B2 (en) | Technologies for secure device configuration and management | |
| CN109766165B (en) | Memory access control method and device, memory controller and computer system | |
| CN110928646B (en) | A method, device, processor and computer system for accessing shared memory | |
| US11575672B2 (en) | Secure accelerator device pairing for trusted accelerator-to-accelerator communication | |
| CN110348204B (en) | Code protection system, authentication method, device, chip and electronic equipment | |
| CN109766164B (en) | A kind of access control method, memory management method and related device | |
| US8826391B2 (en) | Virtualized trusted descriptors | |
| US7073059B2 (en) | Secure machine platform that interfaces to operating systems and customized control programs | |
| CN101517549B (en) | Data processing device and method for creating a access request in data processing device | |
| US20180082057A1 (en) | Access control | |
| CN109800050B (en) | Memory management method, device, related equipment and system of virtual machine | |
| US11775649B2 (en) | Perform verification check in response to change in page table base register | |
| US8799673B2 (en) | Seamlessly encrypting memory regions to protect against hardware-based attacks | |
| CN105447406A (en) | Method and apparatus for accessing storage space | |
| TWI608378B (en) | An interface between a device and a secure processing environment | |
| AU2020287873B2 (en) | Systems and methods for processor virtualization | |
| CN112182560B (en) | Efficient isolation methods, systems and media for Intel SGX internals | |
| US20080163212A1 (en) | Paralleled management mode integrity checks | |
| US8839237B2 (en) | Method and apparatus for tamper resistant communication in a virtualization enabled platform | |
| US20170337384A1 (en) | Secure asset management system | |
| JP2004272816A (en) | Multitask execution system and multitask execution method | |
| Zhang et al. | iFlask: Isolate flask security system from dangerous execution environment by using ARM TrustZone | |
| US20240289150A1 (en) | Secure management of device control information in confidential computing environments | |
| CN116126463A (en) | Memory access method, configuration method, computer system and related devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 300384 industrial incubation-3-8, North 2-204, No. 18, Haitai West Road, Tianjin Huayuan Industrial Zone, Binhai New Area, Tianjin Applicant after: Haiguang Information Technology Co.,Ltd. Address before: 300384 industrial incubation-3-8, North 2-204, No. 18, Haitai West Road, Tianjin Huayuan Industrial Zone, Binhai New Area, Tianjin Applicant before: HAIGUANG INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |