ROOTS-OF-TRUST FOR MEASUREMENT OF VIRTUAL MACHINES

摘要

Embodiments of techniques and systems associated with roots-of-trust (RTMs) for measurement of virtual machines (VMs) are disclosed. In some embodiments, a computing platform may provide a virtual machine RTM (vRTM) in a first secure enclave of the computing platform. The computing platform may be configured to perform an integrity measurement of the first secure enclave. The computing platform may provide a virtual machine trusted platform module (vTPM), for a guest VM, outside the first secure enclave of the computing platform. The computing platform may initiate a chain of integrity measurements between the vRTM and a resource of the guest VM. Other embodiments may be described and/or claimed.

主权项

1. An apparatus for computing, comprising:
a processor; and memory coupled with the processor, with instructions stored therein, wherein the instructions are configured to be operated by the processor to cause the apparatus to:
provide a management virtual machine (MVM) in a first secure enclave of the apparatus;provide a virtual machine trusted platform module (vTPM) for a guest virtual machine (VM) of the apparatus, the vTPM being provided in a second secure enclave of the apparatus different from the first secure enclave;receive, at the vTPM, a command to change a value stored in a platform configuration register (PCR) of the vTPM;receive, at the vTPM from the MVM through a secure channel, a modifier indicating that the command is allowed; andafter receiving the modifier, change the value stored in the PCR.