METHODS AND SYSTEMS FOR PREVENTING ACCESS TO DISPLAY GRAPHICS GENERATED BY A TRUSTED VIRTUAL MACHINE
First Claim
1. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a method for preventing the non-trusted virtual machine from reading the graphical output of the trusted virtual machine, comprising:
- receiving, by a graphics manager executed by a processor of a computing device, a request from a trusted virtual machine executed by the computing device to render graphical data using a graphics processing unit of the computing device;
assigning, by the graphics manager to the trusted virtual machine, a secure section of a memory of the graphics processing unit;
rendering, by the graphics manager, graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory;
receiving, by the graphics manager, a request from a non-trusted virtual machine executed by the computing device to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory; and
preventing, by the graphics manager, the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory.
7 Assignments
0 Petitions
Accused Products
Abstract
The methods and systems described herein provide for preventing a non-trusted virtual machine from reading the graphical output of a trusted virtual machine. A graphics manager receives a request from a trusted virtual machine to render graphical data using a graphics processing unit. The graphics manager assigns, to the trusted virtual machine, a secure section of a memory of the graphics processing unit. The graphics manager renders graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory. The graphics manager receives a request from a non-trusted virtual machine to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory, and prevents the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory.
146 Citations
16 Claims
-
1. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a method for preventing the non-trusted virtual machine from reading the graphical output of the trusted virtual machine, comprising:
-
receiving, by a graphics manager executed by a processor of a computing device, a request from a trusted virtual machine executed by the computing device to render graphical data using a graphics processing unit of the computing device; assigning, by the graphics manager to the trusted virtual machine, a secure section of a memory of the graphics processing unit; rendering, by the graphics manager, graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory; receiving, by the graphics manager, a request from a non-trusted virtual machine executed by the computing device to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory; and preventing, by the graphics manager, the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computing device executing a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, a system for preventing the non-trusted virtual machine from reading the graphical output of the trusted virtual machine, comprising:
-
a computing device comprising; a processor executing a graphics manager and a hypervisor hosting a trusted virtual machine and a non-trusted virtual machine, and a graphics processing unit, comprising a memory; and wherein the graphics manager is configured to; receive a request from the trusted virtual machine to render graphical data using the graphics processing unit, assign, to the trusted virtual machine, a secure section of the memory of the graphics processing unit, render graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory, receive a request from the non-trusted virtual machine to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory, and prevent the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification