| CPC G06F 12/1408 (2013.01) [G06F 9/45558 (2013.01); G06F 12/0646 (2013.01); G06F 2009/45583 (2013.01); G06F 2212/1052 (2013.01)] | 13 Claims |
|
1. An apparatus comprising:
execution circuitry to execute a first one or more of instructions to establish a trusted domain using a trusted domain key, the trusted domain key to be used to encrypt memory pages of the trusted domain, and
the execution circuitry to execute a second one or more of the instructions to add a first memory page to the trusted domain, wherein the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, and wherein the first set of page attributes indicates how the first memory page is mapped in a secure extended page table, wherein the secure extended page table is to translate guest physical addresses to host physical addresses, wherein the first set of page attributes is to indicate the first memory page to be a type within a set of memory page types including a type of supervisor shadow stack or a type of hypervisor-managed linear address translation (HLAT) page, and wherein the type of HLAT page is a HLAT paging-write (HLAT-PW) page or a HLAT verify paging-write (HLAT-VPW) page; and
a storage location to store the first set of page attributes for the first memory page in the secure extended page table responsive to executing the second one or more of the instructions.
|