US 12,411,719 B2
Deferred reclaiming of secure guest resources
Claudio Imbrenda, Boeblingen (DE); Christian Borntraeger, Stuttgart (DE); Janosch Andreas Frank, Stuttgart (DE); and Jonathan D. Bradbury, Poughkeepsie, NY (US)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on Aug. 5, 2021, as Appl. No. 17/394,642.
Prior Publication US 2023/0039894 A1, Feb. 9, 2023
Int. Cl. G06F 9/50 (2006.01); G06F 9/455 (2018.01); G06F 21/70 (2013.01)
CPC G06F 9/5077 (2013.01) [G06F 9/45558 (2013.01); G06F 21/70 (2013.01); G06F 2009/45587 (2013.01); G06F 2221/2141 (2013.01); G06F 2221/2143 (2013.01)] 22 Claims
OG exemplary drawing
 
1. A computer program product for facilitating processing within a computing environment, the computer program product comprising:
at least one computer-readable storage medium having program instructions embodied therewith, the program instructions being readable by a processing circuit to cause the processing circuit to perform a method comprising:
initiating, by a host of the computing environment, starting of a secure guest within the computing environment, the initiating comprising sending a secure guest image and secure guest metadata to a secure platform of the computing environment separate from the host for use in starting the secure guest using one or more secure guest resources that are indicated inaccessible by the host via the secure guest metadata;
initiating, by the host of the computing environment, removal of the secure guest from the computing environment and reclaiming of secure guest resources, including leaving one or more secure guest resources of the secure guest to be reclaimed by the host asynchronous to the removal of the secure guest by the secure platform, wherein interaction with a state of the secure guest is to be processed by the secure platform of the computing environment, the secure platform being trusted by the secure guest and by the host, and wherein the initiating comprises sending, by the host, a request to the secure platform to remove the secure guest and change state metadata associated with the one or more secure guest resources of the secure guest to indicate that the one or more secure guest resources are in a discarded state, the discarded state allowing the one or more secure guest resources to be reclaimed by the host asynchronous to removal of the secure guest by the secure platform; and
reclaiming, by the host subsequent to the initiating removal of the secure guest, the one or more secure guest resources in the discarded state asynchronous to removal of the secure guest, the reclaiming including determining, by the host, that the state metadata associated with the one or more secure guest resources is in the discarded state and, based on the state metadata of the one or more secure guest resources being in the discarded state, clearing by the host the one or more secure guest resources for reuse, wherein the one or more secure guest resources are available for reuse as the one or more secure guest resources are reclaimed asynchronous to the removal of the secure guest by the secure platform.