Method and system to support a trusted set of operational environments using emulated trusted hardware

US 20050138370A1
Filed: 12/23/2003
Published: 06/23/2005
Est. Priority Date: 12/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

loading a virtual machine monitor (“

VMM”

) to support a virtual machine (“

VM”

) session;

loading the VM session;

loading an operating system (“

OS”

) into the VM session; and

emulating a trusted platform module (“

TPM”

) to hold a key associated with the VM session and to execute trusted operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to emulate a trusted platform module to execute trusted operations. A virtual machine monitor is executed to support a virtual machine session. An operating system is loaded into the virtual machine session. The trusted platform module is emulated to hold a key associated with the virtual session and to execute trusted operations.

170 Citations

30 Claims

1. A method, comprising:
- loading a virtual machine monitor (“
  
  VMM”
  
  ) to support a virtual machine (“
  
  VM”
  
  ) session;
  
  loading the VM session;
  
  loading an operating system (“
  
  OS”
  
  ) into the VM session; and
  
  emulating a trusted platform module (“
  
  TPM”
  
  ) to hold a key associated with the VM session and to execute trusted operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein emulating the TPM comprises emulating the TPM under the control of the VMM, the VMM to prevent unauthorized access to the key held within the emulated TPM.
  - 3. The method of claim 2 wherein the VMM comprises a layer of software executing below the VM session and having a higher privileged access to system resources than the OS.
  - 4. The method of claim 3 wherein TPM commands originating from within the VM session to execute the trusted operations are trapped and redirected to the emulated TPM.
  - 5. The method of claim 1, further comprising:
    - determining whether the OS is trustworthy using the key held within the emulated TPM; and
      
      terminating the VM sessions along with the OS, if the OS is determined to be untrustworthy.
  - 6. The method of claim 5 wherein determining whether the OS is trustworthy comprises determining whether the OS has an unauthorized modification via:
    - hashing a portion of the OS to obtain a hash value; and
      
      comparing the hash value to the key held within the emulated TPM.
  - 7. The method of claim 1, further comprising:
    - loading a plurality of VM sessions and a plurality of OS'"'"'s, each one of the plurality of OS'"'"'s loaded into one of the plurality of VM sessions; and
      
      emulating a plurality of TPMs each corresponding to one of the plurality of VM sessions, each of the plurality of TPMs to hold a key associated with the corresponding one of the plurality of VM sessions and to execute trusted operations.
  - 8. The method of claim 7, further comprising:
    - determining whether each of the plurality of OS'"'"'s is trustworthy using the key associated with each of the plurality of VM sessions; and
      
      terminating any of the plurality of VM sessions supporting an OS determined to be untrustworthy.
  - 9. The method of claim 1 wherein the trusted operations include at least one of encrypting data, decrypting data, hashing, and sealing data to a software environment.
  - 10. The method of claim 1, further comprising:
    - determining whether the OS is trustworthy using the key held within the emulated TPM; and
      
      denying the OS access to a network domain, if the OS is determined to be untrustworthy.
  - 11. The method of claim 10 wherein denying the OS access to the network domain comprises a management module of a rack of blade servers denying a blade server executing the OS within the VM session access to the network domain.
  - 12. The method of claim 1 wherein the emulated TPM simulates the functionality of a hardware TPM compliant with a Trusted Computing Group'"'"'s (“
    - TCG”
      
      ) trusted platform architecture.

13. A machine-accessible medium that provides instructions that, if executed by a machine, will cause the machine to perform operations comprising:
- executing a virtual machine monitor (“
  
  VMM”
  
  ) to support a virtual machine (“
  
  VM”
  
  ) session;
  
  executing the VM session;
  
  executing an operating system (“
  
  OS”
  
  ) within the VM session; and
  
  emulating a trusted platform module (“
  
  TPM”
  
  ) to hold a key associated with the VM session, the VMM to prevent unauthorized access to the key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The machine-accessible medium of claim 13 wherein emulating the TPM further comprises emulating the TPM to allow software applications executing within the OS to establish trust via TPM commands.
  - 15. The machine-accessible medium of claim 14 wherein the VMM comprises a layer of software executing below the VM session and having a higher privileged access to system resources than the OS.
  - 16. The machine-accessible medium of claim 14 wherein the TPM commands are trapped and redirected to the emulated TPM.
  - 17. The machine-accessible medium of claim 13, further providing instructions that, if executed by the machine, will cause the machine to perform operations, comprising:
    - determining whether the OS is trustworthy using the key held within the emulated TPM; and
      
      terminating the VM session along with the OS, if the OS is determined to be untrustworthy.
  - 18. The machine-accessible medium of claim 17 wherein determining whether the OS is trustworthy comprises determining whether the OS has an unauthorized modification via:
    - hashing a portion of the OS to obtain a hash value; and
      
      comparing the hash value to the key.
  - 19. The machine-accessible medium of claim 13, further providing instructions that, if executed by the machine, will cause the machine to perform operations, comprising:
    - executing the VMM to support a plurality of VM sessions;
      
      executing a plurality of VM sessions;
      
      executing a plurality of OS'"'"'s, each one of the plurality of OS'"'"'s executed within one of the plurality of VM sessions; and
      
      emulating a plurality of TPMs each corresponding to one of the plurality of VM sessions, each of the plurality of TPMs to hold a key associated with the corresponding one of the plurality of VM sessions.
  - 20. The machine-accessible medium of claim 19, further providing instructions that, if executed by the machine will cause the machine to perform operations, comprising:
    - determining whether each of the plurality of OS'"'"'s is trustworthy using the key associated with each of the plurality of VM sessions; and
      
      terminating any of the plurality of VM sessions supporting an OS determined to be untrustworthy.

21. A system, comprising:
- a processor to execute a virtual machine monitor (“
  
  VMM”
  
  ) to support a virtual machine (“
  
  VM”
  
  ) session;
  
  system memory communicatively coupled to the processor; and
  
  a data storage unit (“
  
  DSU”
  
  ) communicatively coupled to the processor and the system memory and having the VMM and an emulated trusted platform module (“
  
  TPM”
  
  ) stored therein, the processor coupled to load the VMM from the DSU into the system memory, the VM session to support an operating system (“
  
  OS”
  
  ) therein, the emulated TPM to execute trusted operations.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The system of claim 21 wherein the DSU comprises a firmware unit and the VMM comprises a firmware layer to execute below the VM session, the VMM having a higher privileged access to the system memory.
  - 23. The system of claim 22 wherein the emulated TPM is further to securely hold a key for executing at least a portion of the trusted operations.
  - 24. The system of claim 23 wherein the VMM prevents unauthorized access to the key securely held by the emulated TPM via hiding a memory location of the key.
  - 25. The system of claim 24 wherein the processor is further coupled to execute the VMM and the emulated TPM to determine whether the OS is trustworthy via executing one of the trusted operations using the key and to terminate the VM session along with the OS, if the OS is determine to be untrustworthy.
  - 26. The system of claim 21 wherein the emulated TPM emulates the functionality of a TPM compliant with a Trusted Computing Group'"'"'s (“
    - TCG”
      
      ) trusted platform architecture.

27. A chassis, comprising:
- a management module;
  
  a plurality of blades mounted within the chassis and communicatively coupled to the management module, the plurality of blades each including a data storage unit (“
  
  DSU”
  
  ) having stored therein an emulated trusted platform module (“
  
  TPM”
  
  ) to hold a key; and
  
  a switch communicatively coupled to the management module and the plurality of blades, the switch to provide the plurality of blades access to a network domain, the switch to deny access to the network domain, if one of the plurality of blades is determined to be untrustworthy based on the key.
- View Dependent Claims (28, 29, 30)
- - 28. The chassis of claim 27 wherein the DSU of each of the plurality of blades having further stored therein a virtual machine monitor (“
    - VMM”
      
      ) to protect the emulated TPM from unauthorized access and to support a virtual machine (“
      
      VM”
      
      ) session, the VM session to support an operating system (“
      
      OS”
      
      ) therein.
  - 29. The chassis of claim 28 wherein the one of the plurality of blades is determined to be untrustworthy based on the key, if a hash of a portion of the OS fails to correspond to the key.
  - 30. The chassis of claim 28 wherein the key comprises a private key and wherein the one of the plurality of blades is determined to be untrustworthy, if the private key fails to correspond to a public key obtained from a trusted third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Zimmer, Vincent J., Goud, Gundrala D.

Granted Patent

US 7,222,062 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 21/57 Certifying or maintaining t...

Method and system to support a trusted set of operational environments using emulated trusted hardware

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

170 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system to support a trusted set of operational environments using emulated trusted hardware

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

170 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links