| CPC G06F 9/45558 (2013.01) [G06F 2009/4557 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45583 (2013.01)] | 20 Claims |
|
1. A method for managing a system having a near memory and a far memory, the method comprising:
receiving a read request from a requestor to read a first block of data that is either stored in the near memory or in the far memory, wherein the read request includes a first key associated with a first virtual machine corresponding to the system, wherein the first key is for exclusive use by the first virtual machine;
in response to determining that the far memory contains an encrypted version of the first block of data: (1) retrieving from the far memory the encrypted version of the first block of data, decrypting the first block of data using the first key, and providing a decrypted version of the first block of data to the requestor, and (2) swapping out a second block of data having an address conflict with the first block of data from the near memory to the far memory, wherein the second block of data is encrypted using a second key associated with a second virtual machine corresponding to the system, and wherein the second key is for exclusive use by the second virtual machine; and
analyzing a metadata portion associated with the first block of data, the metadata portion including: (1) first information related to whether the near memory contains the first block of data or whether the far memory contains the first block of data, (2) second information comprising a first trusted domain identifier value associated with the second block of data stored in the near memory, and (3) third information comprising a second trusted domain identifier value associated with the first block of data stored in the far memory, wherein each of the first trusted domain identifier value and the second trusted domain identifier value is managed by a near memory controller associated with the near memory regardless of whether the first block of data is stored in the near memory or the far memory.
|