Methods and systems to measure a hypervisor after the hypervisor has already been measured and booted

US 10,152,600 B2
Filed: 03/03/2016
Issued: 12/11/2018
Est. Priority Date: 12/29/2006
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine-readable medium having stored thereon data which, if used by at least one machine, causes the at least one machine to perform operations comprising:

receive a request for a measurement of a hypervisor from at least one computing node that is external to the at least one machine;

execute a previously measured measuring agent to measure the hypervisor, after the hypervisor is measured and booted, to generate a measurement while;

(a) the at least one machine is in virtual machine extension (VMX) root operation, and (b) the measuring agent is in a protected mode;

attest to the measurement, based on at least one encryption credential, to generate an attested measurement output; and

communicate the attested measurement output to the at least one computing node;

wherein the hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment: (a) receives a request for a measurement of a hypervisor from at least one computing node that is external to the at least one machine; (b) executes a previously measured measuring agent to measure the hypervisor, after the hypervisor is measured and booted, to generate a measurement while: (b)(i) the at least one machine is in virtual machine extension (VMX) root operation, and (b)(ii) the measuring agent is in a protected mode; (c) attest to the measurement, based on at least one encryption credential, to generate an attested measurement output; and (d) communicate the attested measurement output to the at least one computing node. The hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor. Other embodiments are described herein.

38 Citations

View as Search Results

20 Claims

1. At least one non-transitory machine-readable medium having stored thereon data which, if used by at least one machine, causes the at least one machine to perform operations comprising:
- receive a request for a measurement of a hypervisor from at least one computing node that is external to the at least one machine;
  
  execute a previously measured measuring agent to measure the hypervisor, after the hypervisor is measured and booted, to generate a measurement while;
  
  (a) the at least one machine is in virtual machine extension (VMX) root operation, and (b) the measuring agent is in a protected mode;
  
  attest to the measurement, based on at least one encryption credential, to generate an attested measurement output; and
  
  communicate the attested measurement output to the at least one computing node;
  
  wherein the hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The at least one non-transitory machine-readable medium of claim 1, wherein the hypervisor comprises code and measuring the booted hypervisor to generate a measurement comprises generating an image of the code.
  - 3. The at least one non-transitory machine-readable medium of claim 1, wherein the protected mode includes system management mode (SMM).
  - 4. The at least one non-transitory machine-readable medium of claim 1, wherein the at least one encryption credential comprises a private key.
  - 5. The at least one non-transitory machine-readable medium of claim 4, wherein the data which, if used by the at least one machine, causes the at least one machine to perform operations comprising:
    - encrypt a public key, which corresponds to the private key, with a key corresponding to a Trusted Platform Module (TPM).

6. An apparatus comprising:
- at least one memory and at least one processor, coupled to the at least one memory, to perform operations comprising;
  
  measure a hypervisor;
  
  measure a measuring agent;
  
  receive a request for a measurement of the hypervisor from at least one computing node;
  
  execute the previously measured measuring agent to measure the hypervisor, after the hypervisor has been booted and measured, to generate a measurement while;
  
  (a) the at least one processor is in virtual machine extension (VMX) root operation, and (b) the measuring agent is in a protected mode;
  
  attest to the measurement, based on at least one encryption credential, to generate an attested measurement output; and
  
  communicate the attested measurement output to the at least one computing node;
  
  wherein the hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the hypervisor comprises code and measuring the booted hypervisor to generate a measurement comprises generating an image of the code.
  - 8. The apparatus of claim 6, wherein the protected mode includes system management mode (SMM).
  - 9. The apparatus of claim 6, wherein the at least one encryption credential comprises a private key.
  - 10. The apparatus of claim 9, wherein the at least one processor is to perform operations comprising:
    - encrypt a public key, which corresponds to the private key, with a key corresponding to a Trusted Platform Module (TPM).

11. A method comprising:
- receiving a request for a measurement of hypervisor from at least one computing node;
  
  prompting a previously measured measuring agent to measure the hypervisor, after the hypervisor is measured and booted, to generate a measurement while;
  
  (a) at least one machine, coupled to the hypervisor, is in virtual machine extension (VMX) root operation, and (b) the measuring agent is in a protected mode;
  
  attesting to the measurement, based on at least one encryption credential, to generate an attested measurement output; and
  
  communicating the attested measurement output to the at least one computing node;
  
  wherein the hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the hypervisor comprises code and measuring the booted hypervisor to generate a measurement comprises generating an image of the code.
  - 13. The method of claim 11, wherein the protected mode includes system management mode (SMM).
  - 14. The method of claim 11, wherein the at least one encryption credential comprises a private key.
  - 15. The method of claim 14 comprising encrypting a public key, which corresponds to the private key, with a key corresponding to a Trusted Platform Module (TPM).

16. A system comprising:
- means for receiving a request for a measurement of a hypervisor from at least one computing node;
  
  means for executing a previously measured measuring agent to measure the hypervisor, after the hypervisor is measured and booted, to generate a measurement while;
  
  (a) at least one machine, coupled to the hypervisor, is in virtual machine extension (VMX) root operation, and (b) the measuring agent is in a protected mode;
  
  means for attesting to the measurement, based on at least one encryption credential, to generate an attested measurement output; and
  
  means for communicating the attested measurement output to the at least one computing node;
  
  wherein the hypervisor does not include the at least one encryption credential while the measuring agent is measuring the booted hypervisor.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the hypervisor comprises code and measuring the booted hypervisor to generate a measurement comprises generating an image of the code.
  - 18. The system of claim 16, wherein the protected mode includes system management mode (SMM).
  - 19. The system of claim 16, wherein the at least one encryption credential comprises a private key.
  - 20. The system of claim 19 comprising means for encrypting a public key, which corresponds to the private key, with a key corresponding to a Trusted Platform Module (TPM).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Rozas, Carlos V., Scarlata, Vincent R.
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Gao, Shu C

Application Number

US15/059,485
Publication Number

US 20170024563A1
Time in Patent Office

1,013 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/033   Test or assess software

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

Methods and systems to measure a hypervisor after the hypervisor has already been measured and booted

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems to measure a hypervisor after the hypervisor has already been measured and booted

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links