| 发明名称 |
User trusted device for detecting a virtualized environment |
| 摘要 |
The present invention is notably directed to a method for enabling a computer (101) to boot from a user trusted device (10), the user trusted device (10) comprising a connection interface (12) enabling connection (S2) with said computer (101), the method comprising: enabling (S3) said computer (101) to start booting from the user trusted device (10) upon connection (S2) of the user trusted device with said computer (101) via said connection interface (12); instructing a processor (105) of the computer (101) to execute (S7) virtualization sensitive code and issue (S8) completion data upon completion of execution, which completion data depends on the virtualization sensitive code and its execution by the processor (105); determining (S9-S14), based on said completion data, whether the execution was not performed in a virtualized environment; and enabling (S15) said computer (101) to complete booting from the user trusted device (10) upon determining that the execution was not performed in a virtualized environment. The invention is further directed to a user trusted device enabling this method and to related systems. |
| 申请公布号 |
US9589128(B2) |
申请公布日期 |
2017.03.07 |
| 申请号 |
US201314651540 |
申请日期 |
2013.11.26 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Baentsch Michael;Gschwind Thomas;Schade Andreas |
| 分类号 |
G06F21/00;G06F21/44;G06F9/44;G06F21/57;G06F21/50;G06F21/51;G06F21/56;G06F9/455 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
Edwards Peter J. |
| 主权项 |
1. A user trusted device, comprising:
a connection interface enabling connection with a computer; and a persistent memory storing modules, which are configured, upon connection of the user trusted device with said computer via said connection interface, to:
enable said computer to start booting from the user trusted device;instruct a processor of the computer to execute virtualization sensitive code while starting to boot and to issue completion data upon completion of execution wherein the virtualization sensitive code comprises instructions to produce as part of the completion data a list of one or more features supported by the computer, wherein the list of one or more features comprises whether hardware virtualization is supported in the form of a vtx bit set;determine, based on such completion data whether the execution was not performed in a virtualized environment; andenable said computer to complete booting from the user trusted device upon determining that the execution was not performed in a virtualized environment. |
| 地址 |
Armonk NY US |
