PROCESSOR EXTENSIONS FOR EXECUTION OF SECURE EMBEDDED CONTAINERS

摘要

Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.

主权项

1. A processor comprising:
one or more processor cores; a cache storage accessible to said one or more processor cores at least in part by using an extended page table (EPT); an on-package memory to store a key page mapped to physical addresses from an Operating System (OS) independent memory partition; an embedded processor key accessible to an OS Independent (OI) Resource Manager (OIRM) for use in cryptographic operations, wherein an application running on the processor from outside the OI memory partition can invoke a blob service provided by the OIRM to create a key blob to access the key page inside the OI memory partition.