	US 11,880,481 B2
	Secure modular devices
Michael Tsirkin, Westford, MA (US); and Sergio Lopez Pascual, Madrid (ES)
Assigned to Red Hat, Inc., Raleigh, NC (US)
Filed by Red Hat, Inc., Raleigh, NC (US)
Filed on Jan. 9, 2023, as Appl. No. 18/094,709.
Application 18/094,709 is a continuation of application No. 16/863,250, filed on Apr. 30, 2020, granted, now 11,550,941.
Prior Publication US 2023/0145134 A1, May 11, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 9/455 (2018.01); G06F 21/62 (2013.01); G06F 12/1027 (2016.01)

CPC G06F 21/6218 (2013.01) [G06F 9/45558 (2013.01); G06F 12/1027 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)]

20 Claims

8. A system, comprising:

a memory; and

a processor in communication with the memory, wherein the processor is configured to perform:

initializing a secure interface configured to provide access to a virtual machine (VM), a self-contained platform, or a container from a device, wherein the VM, the self-contained platform (SCP), or the container is associated with a level of security;

allocating a buffer associated with the secure interface, wherein the level of security indicates whether the device has access to guest memory of the VM, the self-contained platform (SCP), or the container via the buffer;

providing the buffer to the device; and

sending input/outputs (I/Os) between the device and the VM, the self-contained platform (SCP), or the container via the secure interface,

wherein the buffer is allocated such that at least one of:

when the level of security is low, the buffer is allocated from a portion of the guest memory,

when the device is a trusted device, the buffer is a total amount of the guest memory, or

when the level of security is high, the buffer is allocated outside the guest memory.