18465148. GUEST ADMIN PROTECTION FOR CONFIDENTIAL VIRTUAL MACHINES (Microsoft Technology Licensing, LLC)
GUEST ADMIN PROTECTION FOR CONFIDENTIAL VIRTUAL MACHINES
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Saket Suman of Bellevue WA (US)
Gangadhara Swamy Shivaganga Nagaraju of Kirkland WA (US)
Simran Parkhe of Seattle WA (US)
Pushkar V. Chitnis of Bothell WA (US)
Vikas Bhatia of Kirkland WA (US)
Alec Stephen Fernandez of Durham NC (US)
GUEST ADMIN PROTECTION FOR CONFIDENTIAL VIRTUAL MACHINES
This abstract first appeared for US patent application 18465148 titled 'GUEST ADMIN PROTECTION FOR CONFIDENTIAL VIRTUAL MACHINES
Original Abstract Submitted
Example solutions for performing attestation for a confidential virtual machine (CVM) provision a confidential virtual machine within a virtualization platform. The virtualization platform includes confidential computing hardware configured to support encryption services to data while that data is in use on the CVM. A third party with administrative rights is provided to the CVM. The administrative rights allow the third party to modify a configuration of the CVM. After the administrative rights of the third party are removed from the CVM, a measurement is received from the CVM. The measurement is added to a build attestation report for the CVM. The attestation report is transmitted to a primary administrative party of the CVM. Using the confidential computing hardware, the CVM enters operational service with confidential data upon receiving certification user input from the primary administrative party who has reviewed the attestation report.
