| 摘要 |
<p>An apparatus implementing a secure zone on a virtual machine may be provided. In one aspect, the apparatus may comprise a screen and a computer processor. The computer processor may be configured to initialize a hypervisor, establish a first virtual machine to execute code for a secure zone and a second virtual machine to execute code for a non-secure zone. The code for the secure zone may assume or transfer control over an output to the screen depending whether the apparatus is operating in a secure mode. In another aspect, the apparatus may also comprise a security-enhancing chip. The chip may comprise a non- volatile storage for storing an encryption key and a first configuration digest, and may be configured to create a second configuration digest based on received configuration data, and allow access to the encryption key based on comparison of the first and the second configuration digests.</p> |
