| US 7,552,419 B2 | ||
| Sharing trusted hardware across multiple operational environments | ||
| Vincent J. Zimmer, Federal Way, Wash. (US); and Michael A. Rothman, Puyallup, Wash. (US) | ||
| Assigned to Intel Corporation, Santa Clara, Calif. (US) | ||
| Filed on Mar. 18, 2004, as Appl. No. 10/804,489. | ||
| Prior Publication US 2005/0210467 A1, Sep. 22, 2005 | ||
| Int. Cl. G06F 9/44 (2006.01) | ||
| U.S. Cl. 717—121 [717/127] | 21 Claims |
| 1. A method, comprising:
loading a virtual machine monitor (VMM) to support a plurality of virtual machines in a computer system, the VMM including
a VMM multiplexer;
loading a first and a second virtual machine (VM) supported by the VMM;
determining a first VM platform configuration including a first hash value based on information measured from the first VM
and a second VM platform configuration including a second hash value based on information measured from the second VM;
using a trusted hardware device shared between the first and the second VM to compute a compound hash value based on a combination
of the first VM platform configuration including the first hash value and the second VM platform configuration including the
second hash value;
storing the compound hash value in the trusted hardware device;
receiving a request for a VMM service that is associated with the first VM, wherein the request comprises a challenger hash
value;
computing a current compound hash value based on a combination of the first VM platform configuration including the challenger
hash value and the second VM platform configuration including the second VM hash value;
determining whether the current compound hash value is equal to the stored compound hash value; and
executing the received request when the current compound hash value is equal to the stored compound hash value.
|