| 摘要 |
A guest event triggers a first service, specific for the guest event, in firmware (70, fig. 3). The guest event is associated with a guest 20, with guest state (52, fig. 3) and guest memory (22, fig. 3) encrypted with guest key 24. The firmware processes guest state and guest memory information and presents only a subset of the information in decrypted form to hypervisor 30, wherein the subset of information is selected to suffice for the hypervisor to process the guest event. The firmware retains a part of the information of the guest state and memory that is not sent to the hypervisor. The hypervisor processes the guest event, based on the received subset of information, and sends a process result to the firmware which triggers a second firmware service specific for the guest event. The firmware processes the received result, together with the part of the guest information not sent to the hypervisor, to generate a state and/or memory modification. The firmware performs the state and/or memory modification associated with the guest event at the guest memory in encrypted form. |
