Virtualized security processor

摘要

Aspects of a virtualized security processor are described herein. In various embodiments, one or more virtual security modules may be instantiated at a port interface between a security module and a processing environment of a host device. In one embodiment, a virtual security module is instantiated for each service of the host device. Each virtual security module is configured for at least one command supported by the security module for an associated service of the host device. After being configured, a virtual security module may receive a security command request from an associated service and, before submitting the security command request to the security module, verify and prioritize the security command request. In certain aspects, the use of virtual security modules assists the host device to interface multiple services with the security module, while prioritizing tasks for and offloading certain tasks from the security module.

主权项

1. A method, comprising:
initializing, with a host device, an interface between the host device and a security module; instantiating, for one or more services of the host device, one or more virtual security modules of the interface, the one or more virtual security modules instantiated by and hosted within the host device; configuring, for at least one command supported by the security module for the one or more services of the host device, a command for the one or more virtual security modules; receiving, by the one or more virtual security modules, a plurality of security command requests from the one or more services; before submitting the security command requests to the security module, verifying and prioritizing the security command requests with the one or more virtual security modules, wherein prioritizing the security command requests comprises determining a priority level for each of the security command requests for determining an order in which the security command requests are addressed by the security module; and for each security command request, when the security command request is verified with one of the virtual security modules, submitting the security command request to the security module.