18283205. APPARATUS AND METHOD TO IMPLEMENT SHARED VIRTUAL MEMORY IN A TRUSTED ZONE simplified abstract (Intel Corporation)
Contents
- 1 APPARATUS AND METHOD TO IMPLEMENT SHARED VIRTUAL MEMORY IN A TRUSTED ZONE
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 APPARATUS AND METHOD TO IMPLEMENT SHARED VIRTUAL MEMORY IN A TRUSTED ZONE - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Unanswered Questions
- 1.11 Original Abstract Submitted
APPARATUS AND METHOD TO IMPLEMENT SHARED VIRTUAL MEMORY IN A TRUSTED ZONE
Organization Name
Inventor(s)
Maksim Lukoshkov of Clarecastle, Clare (IE)
APPARATUS AND METHOD TO IMPLEMENT SHARED VIRTUAL MEMORY IN A TRUSTED ZONE - A simplified explanation of the abstract
This abstract first appeared for US patent application 18283205 titled 'APPARATUS AND METHOD TO IMPLEMENT SHARED VIRTUAL MEMORY IN A TRUSTED ZONE
Simplified Explanation
The abstract describes an apparatus and method for implementing shared virtual memory in a trust zone. Here are some key points from the abstract:
- Processor with multiple cores and a memory controller
- Memory controller establishes private memory regions using keys associated with trust domains
- Input/Output Memory Management Unit (IOMMU) receives memory access requests from IO devices
- IOMMU accesses translation tables to determine memory access destination
- Virtual Machine Monitor (VMM) initiates secure transaction sequence with trust domain manager to translate guest virtual addresses to physical addresses
- IOMMU performs memory access on behalf of IO device using physical address provided by VMM
Potential Applications
This technology could be applied in secure computing environments where different trust domains need to access shared virtual memory without compromising security.
Problems Solved
This technology solves the problem of securely accessing shared virtual memory in a trust zone, ensuring that only authorized entities can access specific memory regions.
Benefits
The benefits of this technology include enhanced security, efficient memory access management, and improved isolation between different trust domains.
Potential Commercial Applications
Potential commercial applications of this technology include secure cloud computing, virtualization platforms, and data centers where secure memory access is crucial for protecting sensitive information.
Possible Prior Art
One possible prior art in this field is Intel's Software Guard Extensions (SGX) technology, which provides secure enclaves for protecting sensitive data within a processor.
Unanswered Questions
How does this technology impact system performance?
Answer: The abstract does not provide information on the potential impact of this technology on system performance, such as latency or throughput.
Are there any limitations to the scalability of this technology?
Answer: The abstract does not address any potential limitations to the scalability of this technology, such as the number of trust domains that can be supported simultaneously.
Original Abstract Submitted
An apparatus and method to implement shared virtual memory in a trust zone. For example, one embodiment of a processor comprises: a plurality of cores; a memory controller coupled to the plurality of cores to establish a first private memory region in a system memory using a first key associated with a first trust domain of a first guest; an input/output memory management unit (IOMMU) coupled to the memory controller, the IOMMU to receive a memory access request by an input/output (IO) device, the memory access request comprising a first address space identifier and a guest virtual address (GVA), the IOMMU to access an entry in a first translation table using at least the first address space identifier to determine that the memory access request is directed to the first private memory region which is not directly accessible to the IOMMU, the IOMMU to generate an address translation request associated with the memory access request, wherein based on the address translation request, a virtual machine monitor (VMM) running on one or more of the plurality of cores is to initiate a secure transaction sequence with trust domain manager to cause a secure entry into the first trust domain to translate the GVA to a physical address based on the address space identifier, the IOMMU to receive the physical address from the VMM and to use the physical address to perform the requested memory access on behalf of the IO device.
