| 发明名称 |
System and method for achieving protected region within computer system |
| 摘要 |
A system and method for achieving one or more protected regions within a computer system having multiple partitions are disclosed. In at least some embodiments, the system includes an intermediary device for use within the computer system having the multiple partitions. The intermediary device includes a fabric device, and a first firewall device capable of limiting communication of a signal based upon at least one of a source of the signal and an intended destination of the signal, the first firewall device being at least indirectly coupled to the fabric device. The intermediary device further includes a first conversion device that is one of integrated with the first firewall device and distinct from the first firewall device, and that is capable of converting between a processor address and a fabric address for use by the fabric device. In some embodiments, the various devices each include Control and Status Registers (CSRs). |
| 申请公布号 |
US8782779(B2) |
申请公布日期 |
2014.07.15 |
| 申请号 |
US200711862002 |
申请日期 |
2007.09.26 |
| 申请人 |
Hewlett-Packard Development Company, L.P. |
发明人 |
Giles Chris M.;Herrell Russ W.;Morrison John A.;Wheeler Andrew R.;Kaufman, Jr. Gerald J.;Johnson Leith L.;Zilavy Daniel |
| 分类号 |
G06F21/00;G06F12/14;G06F21/53;G06F12/02 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer system comprising:
a plurality of partitions having respective operating systems; a layer to communicate with each of the plurality of partitions; unprotected resources including processing devices and dynamically assignable to the plurality of partitions, where a portion of the unprotected resources is reassignable from one of the partitions to another of the partitions; and protected resources accessible by the layer but configured to not provide a useful response to the operating systems, and where the protected resources include dedicated resources assigned to the layer that are invisible to the operating systems, and wherein the protected resources are arranged to restrict communications between the partitions, the protected resources including an address conversion resource to convert between addresses in a first address space and addresses in a second address space, and a firewall to accept or reject communications between the partitions, wherein the firewall is to determine whether a request from a requester in a first of the partitions is allowed to access a resource in a second of the partitions, the firewall to allow the request to access the resource in the second partition under a first condition, and to not allow the request to access the resource in the second partition under a second condition. |
| 地址 |
Houston TX US |
