发明名称 |
Root volume encryption mechanism in para-virtualized virtual machine |
摘要 |
Techniques to perform root volume encryption in a para-virtualized virtual machine are described. A disk layout supports the root volume encryption, set key flow, and normal boot flow of the para-virtualized virtual machine. An implementation for performing encryption for a cloud-based service is disclosed. |
申请公布号 |
US9202058(B1) |
申请公布日期 |
2015.12.01 |
申请号 |
US201414325221 |
申请日期 |
2014.07.07 |
申请人 |
Trend Micro Inc. |
发明人 |
Yen Po-Hsun;Lin Chuan-Hung;Shih Jie-Ren |
分类号 |
G06F21/57;G06F9/455;G06F21/60 |
主分类号 |
G06F21/57 |
代理机构 |
Beyer Law Group LLP |
代理人 |
Beyer Law Group LLP |
主权项 |
1. A method of providing security for a memory accessible by a cloud-based web service, comprising:
providing a disk layout including a root file system section to support a mini-OS to perform pre-boot encryption; performing boot volume encryption in a para-virtualized (PV) virtual machine (VM) wherein the boot volume encryption is for a disk of a system accessible by the cloud-based web service; wherein the mini OS is installed; and wherein the mini OS performs pre-boot encryption; wherein a booting process includes a hypervisor accessing a para-virtualized Grub and loading a kernel; and wherein the performing boot volume encryption includes a pre-boot image installation flow in the para-virtualized VM, wherein the pre-boot image installation flow comprises: creating a profile for an installer; injecting an installer into initrd; rebooting the VM, resizing a root file system, creating a dummy MBR, installing a pre-boot image, initializing a scratch space, patching initrd, shutting down the VM, and changing a pv-grub setting. |
地址 |
Tokyo JP |