Virtual high privilege mode for a system management request

US 10,303,501 B2
Filed: 08/30/2011
Issued: 05/28/2019
Est. Priority Date: 08/30/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A computing system comprising:

a processor;

a physical basic input/output system (BIOS);

a virtual machine monitor (VMM) to manage a trusted virtual machine (VM); and

a virtual high-privilege mode in the trusted VM to handle a system management request,the VMM to trap requests to access functionalities of the physical BIOS from sources other than the trusted VM, the trapping of the requests preventing the requests from being communicated to the physical BIOS.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system and a method of handling a system management request. The computing system includes a virtual high-privilege mode in a trusted domain managed by the virtual machine monitor. The virtual high-privilege mode handles the system management request.

Citations

20 Claims

1. A computing system comprising:
- a processor;
  
  a physical basic input/output system (BIOS);
  
  a virtual machine monitor (VMM) to manage a trusted virtual machine (VM); and
  
  a virtual high-privilege mode in the trusted VM to handle a system management request,the VMM to trap requests to access functionalities of the physical BIOS from sources other than the trusted VM, the trapping of the requests preventing the requests from being communicated to the physical BIOS.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing system of claim 1, wherein the virtual high-privilege mode is a virtual system management interrupt mode to handle a system management request.
  - 3. The computing system of claim 2, wherein the processor does not enter a system management mode in response to the system management request.
  - 4. The computing system of claim 1, wherein the trusted VM is a domain 0 VM.
  - 5. The computing system of claim 2, wherein the system management request is provided to the virtual high-privilege mode using one of a virtual basic input output system (vBIOS), a Windows management instrumentation (WMI) wrapper, or a remote procedure call (RPC).
  - 6. The computing system of claim 1, wherein the virtual high-privilege mode in the trusted VM is to respond to the system management request by calling the physical BIOS.
  - 7. The computing system of claim 6, wherein the VMM allows the call of the physical BIOS by the virtual high-privilege mode in the trusted VM to pass to the physical BIOS.
  - 8. The computing system of claim 1, wherein the VMM is to route the system management request from a guest virtual machine to the virtual high-privilege mode in the trusted VM.

9. A method of handling a system management request in a computing system, comprising:
- managing, by a virtual machine monitor (VMM), a trusted virtual machine (VM) with a virtual high-privilege mode, the trusted VM with the virtual high-privilege mode to receive the system management request;
  
  preventing the system management request from initiating a system management mode at a processor of the computing system;
  
  handling the system management request by the trusted VM with the virtual high-privilege mode; and
  
  trapping, by the VMM, requests to a physical basic input/output system (BIOS) of the computing system from sources other than the trusted VM, the trapping of the requests preventing the requests from being communicated to the physical BIOS.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising changing a system configuration of the computing system by the trusted VM with the virtual high-privilege mode.
  - 11. The method of claim 9, further comprising issuing a system management interrupt from a guest domain, the system management request comprising the system management interrupt.
  - 12. The method of claim 9, further comprising:
    - calling, by the trusted VM with the virtual high-privilege mode, the physical BIOS in response to the system management request.
  - 13. The method of claim 9, further comprising:
    - routing, by the VMM, the system management request from a guest virtual machine to the trusted VM with the virtual high-privilege mode.
  - 14. The method of claim 9, wherein the trusted VM is a domain 0 VM.
  - 15. The method of claim 9, wherein trapping the requests to the physical BIOS comprises trapping requests to access functionalities of the physical BIOS.

16. A non-transitory computer readable medium storing instructions that upon execution cause a computing system to:
- manage, by a virtual machine monitor (VMM), a trusted virtual machine (VM);
  
  receive a system management request by a virtual high-privilege mode environment in the trusted VM;
  
  prevent the system management request from initiating a system management mode;
  
  handle the system management request in the virtual high-privilege mode environment of the trusted VM;
  
  trap, by the VMM, requests to a physical basic input/output system (BIOS) of the computing system from sources other than the trusted VM, the trapping of the requests preventing the requests from being communicated to the physical BIOS.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable medium of claim 16, wherein the trusted VM including the virtual high-privilege mode environment is to change a system configuration that is not changeable by a guest domain.
  - 18. The non-transitory computer readable medium of claim 16, wherein the instructions upon execution cause the computing device to:
    - forward the system management request from a virtual basic input output system (vBIOS) to the trusted VM including the virtual high-privilege mode environment.
  - 19. The non-transitory computer readable medium of claim 16, wherein the instructions upon execution cause the computing system to further:
    - call, by the trusted VM including the virtual high-privilege mode environment, the physical BIOS in response to the system management request.
  - 20. The non-transitory computer readable medium of claim 16, wherein the instructions upon execution cause the computing system to further:
    - route, by the VMM, the system management request from a guest virtual machine to the trusted VM with the virtual high-privilege mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Ali, Valiuddin Y, Pires, Jose Paulo Xavier, Mann, James M, Balacheff, Boris, Dalton, Chris I
Primary Examiner(s)
Chowdhury, Ziaul A
Assistant Examiner(s)
Wei, Zengpu

Application Number

US14/240,198
Publication Number

US 20150040130A1
Time in Patent Office

2,828 Days
Field of Search

718 1
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 9/4401   Bootstrapping security arra...

G06F 9/45541   Bare-metal, i.e. hypervisor...

G06F 9/45558   Hypervisor-specific managem...

Virtual high privilege mode for a system management request

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual high privilege mode for a system management request

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links