Secure migratable architecture having security features
First Claim
1. A computing system comprising:
- a programmable circuit configured to execute instructions according to a first computing architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including;
an operating system; and
a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process, the software executable to perform a method including;
upon initiating execution of the process, allocating a portion of the memory for use by the process during execution;
and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is located, the base address translated to an address in the memory managed by the operating systemwherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with the address is compatible, write the a value of the memory access request at the offset address,the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture converts the virtual address to a physical address and writes the value in the memory.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for implementing a secure migratable architecture are disclosed. One method includes, upon initiating execution of a process, allocating a portion of a memory for use by the process during execution, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed. The method also includes executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using one or more area descriptors to describe the portion of the memory, each of the one or more area descriptors defining to the firmware environment a base address at which a memory area is located, the base address translated to an address in the memory managed by the operating system, the memory area being within the portion of memory allocated for use by the process.
9 Citations
21 Claims
-
1. A computing system comprising:
- a programmable circuit configured to execute instructions according to a first computing architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including; an operating system; and a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process, the software executable to perform a method including; upon initiating execution of the process, allocating a portion of the memory for use by the process during execution; and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is located, the base address translated to an address in the memory managed by the operating system wherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with the address is compatible, write the a value of the memory access request at the offset address, the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture converts the virtual address to a physical address and writes the value in the memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- a programmable circuit configured to execute instructions according to a first computing architecture;
-
12. A computer-implemented method comprising:
- upon initiating execution of a process, allocating a portion of a memory for use by the process during execution, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed;
and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is located, the base address translated to an address in the memory managed by the operating system, wherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with the address is compatible, write the a value of the memory access request at the offset address, the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture converts the virtual address to a physical address and writes the value in the memory. - View Dependent Claims (13, 14, 15, 16, 17)
- upon initiating execution of a process, allocating a portion of a memory for use by the process during execution, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed;
-
18. A computing system comprising:
-
a programmable circuit configured to execute instructions according to a first computing architecture; a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including; an operating system; and a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process according to the second computing architecture, the software executable to perform a method including; upon initiating execution of the process, allocating a portion of the memory for use by the process during execution; creating an area descriptor associated with a memory area included within the portion of the memory, the area descriptor including a base address and a length of the memory area; storing the area descriptor in an area descriptor collection; and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is located, the base address translated to an address in the memory managed by the operating system wherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with the address is compatible, write the a value of the memory access request at the offset address the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture converts the virtual address to a physical address and writes the value in the memory. - View Dependent Claims (19, 20, 21)
-
Specification