摘要 |
In a logically partitioned computer system, a partition manager maintains and controls master encryption keys for the different partitions. Preferably, processes executing within a partition have no direct access to real memory, addresses in the partition's memory space being mapped to real memory by the partition manager. The partition manager maintains master keys at real memory addresses inaccessible to processes executing in the partitions. Preferably, a special hardware register stores a pointer to the current key, and is read only by a hardware crypto-engine to encrypt/decrypt data. The crypto-engine returns the encrypted/decrypted data, but does not output the key itself or its location.
|