CPC G06F 9/45558 (2013.01) [G06F 9/455 (2013.01); G06F 9/45533 (2013.01); G06F 9/50 (2013.01); G06F 9/5005 (2013.01); G06F 9/5011 (2013.01); G06F 9/5016 (2013.01); G06F 9/5022 (2013.01); G06F 9/5061 (2013.01); H04L 9/06 (2013.01); H04L 9/0618 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45566 (2013.01); G06F 2009/45575 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)] | 10 Claims |
1. An apparatus comprising:
a processor core, including an instruction decoder to decode a first instruction, wherein the processor core, in response to the first instruction from a virtual machine monitor (VMM) within a trust domain (TD), is to exit the VMM into a secure arbitration mode (SEAM) module to manage memory space for one or more of the plurality of virtual machines (VMs) to be managed by the VMM,
wherein the SEAM is to have been assigned a SEAM range of memory inaccessible to a trust domain resource manager (TDRM) to manage the TD; and
one or more registers to store:
an identifier of the SEAM range of memory, and
a TD key identifier (key ID) identifying a TD private encryption key to encrypt a plurality of memory pages exclusively associated a plurality of memory pages with the TD, wherein the TD private encryption key is inaccessible to the TDRM.
|