	US 11,748,146 B2
	Scalable virtual machine operation inside trust domains within the trust domain architecture
Ravi L. Sahita, Portland, OR (US); Tin-Cheung Kung, Folsom, CA (US); Vedvyas Shanbhogue, Austin, TX (US); Barry E. Huntley, Hillsboro, OR (US); and Arie Aharon, Haifa (IL)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Aug. 17, 2021, as Appl. No. 17/404,786.
Application 17/404,786 is a continuation of application No. 16/456,628, filed on Jun. 28, 2019, granted, now 11,099,878.
Prior Publication US 2021/0373933 A1, Dec. 2, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 9/455 (2018.01); G06F 9/50 (2006.01); H04L 9/06 (2006.01)

CPC G06F 9/45558 (2013.01) [G06F 9/455 (2013.01); G06F 9/45533 (2013.01); G06F 9/50 (2013.01); G06F 9/5005 (2013.01); G06F 9/5011 (2013.01); G06F 9/5016 (2013.01); G06F 9/5022 (2013.01); G06F 9/5061 (2013.01); H04L 9/06 (2013.01); H04L 9/0618 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45566 (2013.01); G06F 2009/45575 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)]

10 Claims

1. An apparatus comprising:

a processor core, including an instruction decoder to decode a first instruction, wherein the processor core, in response to the first instruction from a virtual machine monitor (VMM) within a trust domain (TD), is to exit the VMM into a secure arbitration mode (SEAM) module to manage memory space for one or more of the plurality of virtual machines (VMs) to be managed by the VMM,

wherein the SEAM is to have been assigned a SEAM range of memory inaccessible to a trust domain resource manager (TDRM) to manage the TD; and

one or more registers to store:

an identifier of the SEAM range of memory, and

a TD key identifier (key ID) identifying a TD private encryption key to encrypt a plurality of memory pages exclusively associated a plurality of memory pages with the TD, wherein the TD private encryption key is inaccessible to the TDRM.