| CPC G06F 9/45558 (2013.01) [G06F 9/455 (2013.01); G06F 9/45533 (2013.01); G06F 9/50 (2013.01); G06F 9/5005 (2013.01); G06F 9/5011 (2013.01); G06F 9/5016 (2013.01); G06F 9/5022 (2013.01); G06F 9/5061 (2013.01); H04L 9/06 (2013.01); H04L 9/0618 (2013.01); G06F 2009/45566 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45575 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)] | 21 Claims |
|
1. An apparatus comprising:
a cache; and
a plurality of processor cores coupled with the cache, a first processor core of the plurality of processor cores configured to execute in one of a plurality of modes, including:
a first processor mode in which a first virtual machine monitor (VMM) is to run, the first VMM to securely manage a plurality of secure virtual machines (VMs), wherein an execution state of the secure VMs is accessible to the first VMM; and
a second processor mode in which a second VMM is to run, wherein the second VMM is a different type than the first VMM, wherein the second VMM is to have more control over assigning resources to the secure VMs than the first VMM, and wherein the execution state of the secure VMs is not accessible to the second VMM;
wherein the first processor core comprises circuitry to perform operations corresponding to an instruction issued based on a request from the first VMM, the instruction to indicate a guest physical address of a page and how a permission of the page is to be modified, the operations including to:
modify the permission of the page as indicated by the instruction in a page table entry of a set of page tables; and
provide a status associated with the modification of the permission of the page.
|