WO2024255640A1 - 加密硬件的配置方法、数据机密计算方法及相关设备 - Google Patents

加密硬件的配置方法、数据机密计算方法及相关设备 Download PDF

Info

Publication number
WO2024255640A1
WO2024255640A1 PCT/CN2024/097172 CN2024097172W WO2024255640A1 WO 2024255640 A1 WO2024255640 A1 WO 2024255640A1 CN 2024097172 W CN2024097172 W CN 2024097172W WO 2024255640 A1 WO2024255640 A1 WO 2024255640A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual machine
encryption hardware
hardware
computing
confidential
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2024/097172
Other languages
English (en)
French (fr)
Inventor
刘子行
应志伟
杨葛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hygon Information Technology Co Ltd
Original Assignee
Hygon Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hygon Information Technology Co Ltd filed Critical Hygon Information Technology Co Ltd
Priority to EP24822591.4A priority Critical patent/EP4621568A4/en
Publication of WO2024255640A1 publication Critical patent/WO2024255640A1/zh
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Definitions

  • a computer can virtualize multiple virtual machines (VMs) to efficiently utilize the computer's hardware resources.
  • VMs virtual machines
  • how to provide a technical solution to improve the utilization rate of encryption hardware by virtual machines has become a technical problem that technicians in this field need to solve urgently.
  • the embodiments of the present disclosure provide a method for configuring encryption hardware, a data confidentiality computing method, and related equipment to improve the utilization rate of encryption hardware by virtual machines and enhance the data processing performance of virtual machines.
  • an embodiment of the present disclosure provides a method for configuring encryption hardware, including:
  • a request for use of the encryption hardware by the virtual machine is processed through a simulation device corresponding to the virtual machine, so that the virtual machine uses the encryption hardware, and the virtual machine is any one of multiple virtual machines.
  • an embodiment of the present disclosure provides a configuration device for encryption hardware, including:
  • the state maintenance logic is used to maintain the device state of the encryption hardware bound to the multiple simulated devices, wherein the device state includes an idle state and a busy state; wherein one simulated device corresponds to one virtual machine, and the multiple simulated devices are bound to the encryption hardware so that the multiple virtual machines share the encryption hardware through the corresponding simulated devices;
  • the request processing logic is used to process the virtual machine's request to use the encryption hardware based on the device status of the encryption hardware through the simulated device corresponding to the virtual machine, so that the virtual machine uses the encryption hardware.
  • the virtual machine is any one of multiple virtual machines.
  • an embodiment of the present disclosure provides a data confidentiality computing method, including:
  • the use authority of the secure cryptographic coprocessor is obtained so that according to the confidential computing command, the confidential computing result of the secure cryptographic coprocessor is obtained, and the confidential computing result is returned to the virtual machine.
  • an embodiment of the present disclosure provides a data confidentiality computing device, including:
  • a command acquisition logic used to acquire a confidential computing command for a simulated device sent by a virtual machine, the simulated device being used to simulate a program of a secure cryptographic coprocessor, wherein the secure cryptographic coprocessor is cryptographic hardware configured according to the configuration method of cryptographic hardware as described above;
  • the hardware usage logic is used to obtain the use permission of the secure cryptographic coprocessor so as to obtain the confidential computing result of the secure cryptographic coprocessor according to the confidential computing command, and return the confidential computing result to the virtual machine.
  • an embodiment of the present disclosure provides a computer system, comprising: a virtual machine monitor, multiple virtual machines, and encryption hardware; the virtual machine monitor comprises a configuration device for the encryption hardware as described above, or a data confidentiality computing device as described above.
  • an embodiment of the present disclosure provides an electronic device, comprising a memory and a processor, wherein the memory stores a computer program that can be executed by the processor, and when the processor runs the computer program, the processor executes the method for configuring encryption hardware as described above, or the steps in the data confidentiality computing method as described above.
  • an embodiment of the present disclosure provides a storage medium, wherein the storage medium stores one or more computer executable instructions, and when the one or more computer executable instructions are executed, The method for configuring encryption hardware as described above, and/or the method for data confidentiality computing as described above.
  • the device status of the cryptographic coprocessor to which multiple simulated devices are bound is maintained, and the device status includes an idle state and a busy state, wherein one simulated device corresponds to one virtual machine, and multiple simulated devices are bound to the encryption hardware so that multiple virtual machines share the encryption hardware through the corresponding simulated devices; then, based on the device status of the encryption hardware, the virtual machine's request to use the encryption hardware is processed through the simulated device corresponding to the virtual machine, so that the virtual machine uses the encryption hardware, and the virtual machine is any one of the multiple virtual machines.
  • the embodiment of the present disclosure maintains the device status of the encryption hardware through multiple simulation devices, so that multiple virtual machines can share the encryption hardware.
  • the encryption hardware is in an idle state, any one of the multiple virtual machines can use the encryption hardware for calculation processing, and then based on the device status of the encryption hardware, the virtual machine's request to use the encryption hardware is processed through the simulation device corresponding to the virtual machine, ensuring that the encryption hardware is used by one virtual machine at a time, and realizing that multiple virtual machines share the encryption hardware to perform cryptographic calculation processing of data, thereby improving the utilization rate of the encryption hardware by the virtual machine and improving the data processing performance of the virtual machine.
  • FIG1 is a schematic diagram of an alternative architecture of a computer system
  • FIG2 is a schematic diagram of another optional architecture of a computer system
  • FIG3 is a schematic diagram of another optional architecture of a computer system
  • FIG4 is a schematic diagram of an optional architecture of encryption hardware
  • FIG5 is an optional configuration method of encryption hardware
  • FIG6 is an optional flow chart of a method for configuring encryption hardware provided in an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram of multiple virtual machines accessing encryption hardware according to an embodiment of the present disclosure.
  • FIG8 is a schematic diagram of an interaction of a virtual machine accessing encryption hardware provided by an embodiment of the present disclosure
  • FIG9 is another optional flow chart of the method for configuring encryption hardware provided in an embodiment of the present disclosure.
  • FIG. 10 is a schematic diagram of address mapping for a virtual machine to access encryption hardware provided by an embodiment of the present disclosure
  • FIG. 11 is a schematic diagram of an interaction in which a virtual machine synchronously accesses a shared memory space through a simulation device according to an embodiment of the present disclosure
  • FIG12 is a schematic diagram of address conversion of encryption hardware accessing memory provided by an embodiment of the present disclosure.
  • FIG13 is a calculation timing diagram of multiple virtual machines sharing encryption hardware provided by an embodiment of the present disclosure.
  • FIG14 is an optional block diagram of a configuration device for encryption hardware provided in an embodiment of the present disclosure.
  • FIG15 is an optional flow chart of a data confidentiality computing method provided by an embodiment of the present disclosure.
  • FIG16 is a schematic diagram of interaction of multiple virtual machines synchronously accessing a secure cryptographic coprocessor according to an embodiment of the present disclosure.
  • FIG. 17 is an optional block diagram of a data confidentiality computing device provided in an embodiment of the present disclosure.
  • Figure 1 shows an optional architectural diagram of a computer system.
  • the architecture of the computer system may include: CPU (Central Processing Unit) core 1, encryption hardware 2, and memory 3.
  • the CPU core 1 can configure a virtual machine monitor (Virtual Machine Monitor, VMM) 11 in the form of software, and virtualize multiple virtual machines (Virtual Machine, VM) 12 through virtualization technology.
  • VMM Virtual Machine Monitor
  • VM Virtual Machine
  • the multiple virtual machines 12 can be managed by the virtual machine monitor 11.
  • the encryption hardware 2 is a hardware device for performing cryptographic calculations, such as a cryptographic coprocessor.
  • the encryption hardware 2 can be used to optimize frequent data operations in cryptographic calculations, save calculation time, increase calculation speed, and enhance cryptographic calculation performance on data.
  • the encryption hardware 2 can be used to perform cryptographic calculations on the virtual machine data of the virtual machine.
  • the encryption hardware can obtain the data calculation command of the virtual machine, and then obtain the corresponding data from the memory according to the address information of the data calculation command, and perform cryptographic calculations on the data, and the cryptographic calculations can be encryption calculations, decryption calculations, or hash calculations.
  • the encryption hardware can be called by the encryption hardware driver to drive the encryption. The hardware works.
  • the encryption hardware can realize basic cryptographic computing functions when the operating environment of the system architecture described in Figure 1 is a common computing environment. However, since the hardware resources of the encryption hardware can be directly accessed by the virtual machine in a common computing environment, and the encryption hardware does not have a closed execution environment, it does not have the confidential computing capability for data.
  • FIG. 2 shows another optional architectural diagram of the computer system, in which the vertical dotted line is used to distinguish between the confidential computing environment and the ordinary computing environment, the solid line box is the component of the confidential computing environment, and the dotted line box is the component of the ordinary computing environment.
  • a computer system can include five parts: hardware layer, system software layer, service layer, application layer, and cross-layer management.
  • the hardware layer implements protected resources based on hardware isolation to prevent them from being accessed by open systems, and provides a trusted hardware foundation for confidential computing based on hardware security functions;
  • the system software layer provides a software-based isolation mechanism, necessary hardware resources, and basic services for confidential computing;
  • the service layer provides a unified confidential computing service interface and security services for upper-layer applications.
  • the security service is formed by the interaction of the underlying system software, hardware, and management modules.
  • the unified service interface for confidential computing is used to shield the differences in the development interface of the underlying hardware architecture and software; the application layer is an application directly facing the result demander, and the result demander performs computing operations through the application; cross-layer management provides the necessary management modules for executing confidential computing services.
  • the components of the hardware layer in a confidential computing environment may mainly include a trusted execution control unit, isolated memory space, trusted firmware, hardware cryptographic engine, device unique key, random number generator, and trust root;
  • the components of the system software layer may mainly include a confidential computing operating system and confidential computing virtualization software;
  • the components of the service layer may mainly include a confidential computing unified service interface, isolated computing, secure boot, remote attestation, secure channel, key derivation, storage protection, cryptographic operations, and data encapsulation;
  • the components of the application layer may mainly include confidential computing applications; and the components of cross-layer management may mainly include key management, log management, whitelist management, and resource management.
  • the trusted firmware can be, for example, a security processor.
  • FIG3 exemplarily shows another optional architecture diagram of a computer system.
  • the system architecture can also include: a security processor 4, which is a processor specially set up to handle operations related to confidential computing of the virtual machine.
  • the security processor 4 can perform operations such as memory encryption and decryption. This prevents the physical host and virtual machine monitor 11 from accessing and tampering with the virtual machine's data, thereby ensuring the data security of the virtual machine.
  • the operating environment of the system architecture shown in Figure 3 may include a confidential computing environment.
  • the security processor has a closed executable environment.
  • the virtual machine monitor 11 can be configured with an API interface that communicates with the security processor 4 to achieve data interaction between the virtual machine monitor 11 and the security processor 4.
  • the encryption hardware may be further configured as an isolated common cryptographic coprocessor and a secure cryptographic coprocessor.
  • the ordinary cryptographic coprocessor may also be called a high-performance cryptographic coprocessor, which is hardware that performs basic cryptographic calculations for virtual machines.
  • the hardware resources of the ordinary cryptographic coprocessor can be directly accessed by the CPU core and applied in ordinary computing environments.
  • the secure cryptographic coprocessor is hardware that performs confidential computing for virtual machines, and the secure cryptographic coprocessor and the security processor can use a closed execution environment, so that the hardware resources of the secure cryptographic coprocessor cannot be directly accessed by the virtual machine. It can be configured by the security processor and can be used when the virtual machine performs confidential computing tasks with high security requirements, thereby realizing confidential computing of virtual machine data and ensuring that confidential data is not leaked.
  • the virtual machine 12 in the CPU core 1 may include a virtual machine 121 and a virtual machine 122.
  • the virtual machine 121 is a virtual machine that does not use a security protection mechanism in a normal computing environment, such as a normal virtual machine using normal memory
  • the virtual machine 122 is a virtual machine that uses a security protection mechanism in a confidential computing environment, such as a secure virtual machine using secure memory.
  • the security of the secure virtual machine may be higher than that of the ordinary virtual machine.
  • the security processor 4 may allocate secure memory to the secure virtual machine and maintain the nested page table of the secure virtual machine to prevent the host operating system, virtual machine monitor, etc. from obtaining the usage of the secure memory, thereby reducing the risk of the virtual machine being attacked.
  • a computer can virtualize multiple virtual machines.
  • TEE Trusted Execution Environment
  • the encryption hardware can include ordinary cryptographic coprocessors and secure cryptographic coprocessors, the number of encryption hardware is far less than the number of virtualized virtual machines, and the simultaneous use of encryption hardware by multiple virtual machines will lead to hardware resource conflicts of the encryption hardware.
  • the encryption hardware can be directly passed to any virtual machine in multiple virtual machines.
  • a normal cryptographic coprocessor is passed directly to a normal virtual machine for use, or in a confidential computing environment, a secure cryptographic coprocessor is passed directly to a secure virtual machine for use.
  • the cryptographic hardware passed directly to the virtual machine obtains and executes the data computing task sent by the virtual machine, and after the calculation is completed, the virtual machine is notified through an interrupt, thereby saving the CPU computing bandwidth.
  • the inventor discovered that the encryption hardware can only be used by the directly connected virtual machine, and cannot be used by other virtual machines or the host operating system. This will result in the virtual machine being unable to efficiently utilize the encryption hardware to perform computing functions, thereby reducing the data processing performance of the virtual machine.
  • the embodiment of the present disclosure uses an improved technical solution to maintain the device status of encryption hardware using multiple simulated devices of a virtual machine monitor, so that multiple virtual machines can share encryption hardware, and based on the device status of the encryption hardware, the virtual machine's request to use the encryption hardware is processed through the simulated device corresponding to the virtual machine, so that any virtual machine among the multiple virtual machines uses the encryption hardware for cryptographic calculations, thereby improving the utilization rate of the encryption hardware by the virtual machine and improving the data processing performance of the virtual machine.
  • FIG6 exemplarily shows an optional flow chart of the configuration method of encryption hardware provided by an embodiment of the present disclosure, and the method flow can be implemented by a virtual machine monitor.
  • the virtual machine monitor can create multiple simulation devices through the simulation device layer when the virtual machine is started, and the simulation device is used to simulate the configuration of the encryption hardware.
  • One simulation device corresponds to one virtual machine.
  • the use of the encryption hardware by the virtual machine needs to establish a usage relationship through the corresponding simulation device, and the virtual machine monitor can specify the encryption hardware bound to the simulation device.
  • the method flow may include the following steps.
  • Step S21 maintaining the device status of encryption hardware bound to multiple simulated devices.
  • the virtual machine monitor in the embodiment of the present disclosure adds a simulated device layer, which enables multiple virtual machines to share the cryptographic coprocessor, so that multiple virtual machines can concurrently access the encryption hardware and perform data processing, avoiding the use of a direct pass-through method to pass the encryption hardware directly to a single virtual machine.
  • the simulation devices can be configurations of simulated encryption hardware.
  • One simulation device corresponds to one virtual machine.
  • Multiple simulation devices are bound to the encryption hardware, so that the virtual machine no longer directly accesses the encryption hardware, but accesses the corresponding simulation device, so that multiple virtual machines share the encryption hardware through the corresponding simulation devices.
  • FIG. 7 exemplarily shows a schematic diagram of multiple virtual machines accessing encryption hardware in an embodiment of the present disclosure.
  • multiple virtual machines access corresponding simulation devices and share encryption hardware through corresponding simulation devices.
  • multiple simulation devices operate synchronously with each other to control the virtual machine's access to encryption hardware.
  • a virtual machine uses the encryption hardware through the simulation device, another virtual machine needs to wait for the execution of the encryption hardware to be completed.
  • a virtual machine monitor may correspond to a shared memory space, wherein the shared memory space may be configured to allow multiple simulated devices to read and write, and the multiple simulated devices may store the device status of the bound encryption hardware in the shared memory space, thereby recording the device status of the encryption hardware bound to the multiple simulated devices in the shared memory space, and the multiple simulated devices may share the device status of the encryption hardware based on access to the shared memory space.
  • the device status may include an idle state and a busy state of the encryption hardware, wherein when the encryption hardware is in an idle state, it indicates that the encryption hardware is not performing cryptographic calculation processing and can be used by any virtual machine; when the encryption hardware is in a busy state, it indicates that the encryption hardware is currently occupied by a certain virtual machine and is performing cryptographic calculation processing and cannot be used by other virtual machines except the currently used virtual machine. Since the use of encryption hardware by a virtual machine needs to be performed through a corresponding simulation device, by maintaining the device status of the encryption hardware bound to multiple simulation devices, multiple virtual machines can share the encryption hardware through the corresponding simulation devices.
  • Step S22 Based on the device status of the encryption hardware, a request for the virtual machine to use the encryption hardware is processed through a simulated device corresponding to the virtual machine.
  • the device status based on the encryption hardware includes an idle state and a busy state.
  • the virtual monitor can process the virtual machine's request to use the encryption hardware through the simulated device corresponding to the virtual machine.
  • the virtual machine can query the device status of the encryption hardware based on the corresponding simulated device, thereby determining the timing of sending the use request for the encryption hardware.
  • the use request of the virtual machine to use the encryption hardware can be obtained through the simulated device corresponding to the virtual machine, and then the simulated device corresponding to the virtual machine responds to the use request, so that the virtual machine uses the encryption hardware, thereby realizing the use of the encryption hardware by the virtual machine.
  • encryption hardware is used to perform cryptographic calculations on virtual machine data of a virtual machine. Since virtual machine data corresponds to the physical address of the virtual machine in the virtual machine address space, The virtual machine data processed by the encryption hardware corresponds to the host physical address (HPA) of the memory address space. The encryption hardware needs to find the corresponding data in the memory according to the host physical address. Therefore, before the encryption hardware obtains the calculation command of the virtual machine, it needs to obtain the mapping relationship between the virtual machine physical address in the virtual machine address space and the host physical address in the memory address space. This mapping relationship is mainly recorded through the input and output (I/O) page table.
  • I/O input and output
  • the simulation device in the embodiment of the present disclosure can maintain an I/O page table that records the mapping relationship between the virtual machine physical address in the virtual machine address space and the host physical address in the memory address space.
  • the first simulation device can respond to the use request so that the first virtual machine uses the encryption hardware.
  • the first simulation device may respond to the use request of the first virtual machine by setting the I/O page table of the first virtual machine to the input and output memory management unit (IOMMU), so that the encryption hardware can obtain the calculation command sent by the virtual machine.
  • the calculation command may carry the physical address of the virtual machine.
  • the encryption hardware can translate the virtual machine physical address in the calculation command into the host physical address through the IOMMU, and obtain the corresponding target data in the memory for calculation.
  • the embodiment of the present disclosure maintains the device status of the encryption hardware through multiple simulation devices, so that multiple virtual machines can share the encryption hardware, and then based on the device status of the encryption hardware, the virtual machine's request to use the encryption hardware is processed through the simulation device corresponding to the virtual machine, ensuring that the encryption hardware is used by one virtual machine at a time, and multiple virtual machines share the encryption hardware to perform cryptographic calculations on data, thereby improving the utilization rate of the encryption hardware by the virtual machine and improving the data security of the virtual machine. Processing performance.
  • the use of the encryption hardware by the virtual machine can be achieved through the corresponding simulation device.
  • the first virtual machine can send a use request to the corresponding first simulation device to request the use of the encryption hardware, and then can obtain the use request of the first virtual machine to request the use of the encryption hardware through the first simulation device corresponding to the first virtual machine, and respond to the use request through the first simulation device, so that the first virtual machine uses the encryption hardware.
  • the device state of the encryption hardware can be adjusted to a busy state through the first simulation device corresponding to the first virtual machine, so that the second virtual machine stops sending a use request until the device state of the encryption hardware is adjusted to an idle state.
  • the second virtual machine can be a virtual machine different from the first virtual machine among the multiple virtual machines.
  • the first virtual machine can use the encryption hardware to perform cryptographic calculations on the data.
  • the device state of the encryption hardware in an idle state can be adjusted to a busy state through the first simulation device.
  • the device state of the encryption hardware queried by the simulation device corresponding to the other virtual machines is busy, so that the other virtual machines stop sending the use request of the encryption hardware to the corresponding simulation device until the first virtual machine is used.
  • the device state of the encryption hardware can be adjusted to an idle state through the first simulation device corresponding to the first virtual machine.
  • the other virtual machines query the encryption hardware to be in an idle state through the corresponding simulation device, they can send the use request of the encryption hardware to the corresponding simulation device, thereby ensuring that the encryption hardware is used by one virtual machine at a time, and by using the encryption hardware when the encryption hardware is in an idle state, multiple virtual machines can share the encryption hardware to perform cryptographic calculations on the data.
  • the device states of the encryption hardware bound to the multiple simulated devices can be maintained based on the shared memory by reading and writing the device states of the encryption hardware bound to the multiple simulated devices.
  • the device status of encryption hardware bound to multiple simulated devices can be recorded in the shared memory space, so that multiple virtual machines can access the shared memory space through the corresponding simulated devices, share the device status of encryption hardware, and then realize shared encryption hardware to perform cryptographic calculations on data.
  • adjusting the device status of the encryption hardware to a busy state through the first simulation device corresponding to the first virtual machine can be achieved by adjusting the device status of the encryption hardware recorded in the shared memory space to a busy state through the first simulation device corresponding to the first virtual machine, so that other virtual machines can stop sending requests to use the encryption hardware, thereby avoiding other virtual machines from sending invalid requests to use the encryption hardware and resource conflicts.
  • the device state of the encryption hardware recorded in the shared memory space can be adjusted to an idle state through the first simulation device corresponding to the first virtual machine, so that other virtual machines can send requests for the use of the encryption hardware and use the encryption hardware to perform cryptographic calculation processing of data.
  • FIG. 9 exemplarily shows another optional flow chart of the configuration method of encryption hardware in the embodiment of the present disclosure. As shown in FIG. 9, before step S21, it can also include:
  • Step S20 when the virtual machine is started, the register address space of the encryption hardware is mapped to the virtual machine through the simulation device corresponding to the virtual machine.
  • the register address space of the encryption hardware can be mapped to the virtual machine through the simulated device corresponding to the virtual machine.
  • the timing of mapping the register address space of the encryption hardware to the virtual machine through the simulated device corresponding to the virtual machine can also occur when the virtual machine is started, that is, when the virtual machine is started, the register address space of the encryption hardware is mapped to the virtual machine through the simulated device corresponding to the virtual machine.
  • the virtual machine no longer directly accesses the encryption hardware, but accesses the simulated device.
  • the virtual machine can send a query request for the register address of the encryption hardware to the simulated device. That is, when the virtual machine is started, the query request for the register address space of the encryption hardware is obtained by the simulated device corresponding to the virtual machine. Then, the corresponding simulated device is used to query the Address information of the register address space, and, based on the queried address information of the register address space, mapping the register address space of the encryption hardware for the virtual machine.
  • the register address space of the encryption hardware is mapped to the virtual machine, and a nested page table can be established based on the address information of the register address space, and the nested page table is used to record the mapping of the virtual machine physical address of the virtual machine to the address space of the cryptographic coprocessor.
  • a virtual machine creates a nested page table through a corresponding simulation device, so that before the virtual machine uses the encryption hardware, the physical address corresponding to the virtual machine physical address in the address space of the encryption hardware is obtained according to the nested page table, and then the virtual machine can query the device status corresponding to the encryption hardware in the shared memory space through the simulation device and use the encryption hardware.
  • Figure 10 exemplarily shows a schematic diagram of the address mapping of the virtual machine accessing the encryption hardware.
  • the virtual machine monitor creates a nested page table, maps the virtual machine physical address of the virtual machine to the register space of the encryption hardware, so that the virtual machine can use the nested page table to query the physical address of the virtual machine physical address in the register space of the encryption hardware, thereby realizing access to the encryption hardware.
  • FIG11 exemplarily shows an interactive schematic diagram of a virtual machine synchronously accessing a shared memory space through a simulated device.
  • virtual machines 01 and 02 respectively query the mapping relationship between the virtual machine physical address of the virtual machine recorded in the corresponding nested page table and the address space of the encryption hardware, thereby sending a device status query request to the corresponding simulated devices 01' and 02'; query the device status of the encryption hardware in the shared memory space through the corresponding simulated devices 01' and 02'; when the corresponding simulated device 01' or 02' queries that the current device status of the encryption hardware is "idle", according to the mapping relationship between the virtual machine physical address of the virtual machine recorded in the corresponding nested page table 01" or 02" and the address space of the encryption hardware, the device status in the shared memory space is adjusted to "busy" through the corresponding simulated device 01' or 02', so that the corresponding virtual machine 01 or 02 can use the encryption hardware.
  • the encryption hardware when a virtual machine uses encryption hardware to perform data calculations, the encryption hardware needs to obtain the host physical address corresponding to the virtual machine physical address of the virtual machine through the input-output memory management unit. Therefore, based on the input-output page table, the mapping relationship between the virtual machine physical address of the virtual machine and the host physical address can be recorded.
  • the input-output page table of the first virtual machine can be written into the input-output memory management unit through the first simulation device.
  • the input-output page table records the address mapping relationship between the virtual machine physical address and the host physical address, so that the first virtual machine can use the cryptographic coprocessor to When performing calculations, the host physical address is queried according to the input and output page table, thereby obtaining the target data to be processed in the memory, performing calculations, and returning the calculation results to the first virtual machine.
  • the virtual machine monitor can enable the IOMMU function, establish an I/O page table for the encryption hardware, and provide a mapping relationship from the virtual machine physical address to the host physical address, so that the encryption hardware can access the host physical memory through the I/O page table.
  • Figure 12 exemplarily shows a schematic diagram of address conversion for encryption hardware to access memory.
  • the encryption hardware can query the I/O page table through the IOMMU, translate the GPA into the host physical address (HPA), and access the memory data.
  • GPA virtual machine physical address
  • FIG13 exemplarily shows a calculation timing diagram of multiple virtual machines sharing encryption hardware provided by an embodiment of the present disclosure.
  • step S310 is executed to send a query request for the register address space of the encryption hardware to the simulation device; the simulation device obtains the query request of the virtual machine, and then executes step S311, the simulation device queries the register address space of the encryption hardware.
  • the address information can be fed back to the virtual machine so that the virtual machine obtains the register address space of the encryption hardware; the simulation device executes step S312 to map the register address space of the encryption hardware for the virtual machine, and completes the mapping of the register address space of the virtual machine and the encryption hardware.
  • the virtual machine executes step S313, and the virtual machine queries the simulated device for the device status of the encryption hardware; the simulated device obtains the query request and executes step S314, and the simulated device queries and adjusts the device status of the encryption hardware in the shared memory space.
  • the simulated device can feedback the device status of the encryption hardware to the virtual machine (the step indicated by the dotted arrow in the figure); when the simulated device queries that the device status of the encryption hardware is idle, the simulated device executes step S315 to set an I/O page table that records the mapping relationship between GPA and HPA to the IOMMU , so that the virtual machine can execute step S316 to send a calculation command to the encryption hardware, wherein the calculation command carries the GPA; the encryption hardware obtains the calculation command and executes step S317 to query the IOMMU for the HPA corresponding to the GPA; based on the corresponding HPA, step S318 can be executed to request the target data from the memory; then step S319 is executed, and the memory returns the target data corresponding to the HPA to the encryption hardware; the encryption hardware obtains the target data and executes step S320 to perform calculation processing on the target data; then after obtaining the calculation result, step S321 is executed, and the
  • the cryptographic hardware may include a common cryptographic coprocessor and/or a secure cryptographic coprocessor.
  • the common cryptographic coprocessor is used to perform common computing tasks in a common computing environment
  • the secure cryptographic coprocessor is used to perform confidential computing tasks in a confidential computing environment.
  • the ordinary computing environment can be isolated from the confidential computing environment, the ordinary computing environment is used to perform ordinary computing tasks, and the confidential computing environment is used to perform confidential computing tasks.
  • the configuration method of the encryption hardware of the embodiment of the present disclosure is applicable to ordinary cryptographic coprocessors, and is also applicable to situations where there are one or more secure cryptographic coprocessors in a confidential computing environment; wherein, when a secure cryptographic coprocessor is applied, based on the security of the data, it is necessary to convey messages to the secure cryptographic coprocessor through the secure processor.
  • the embodiment of the present disclosure maintains the device status of the encryption hardware through multiple simulation devices, so that multiple virtual machines can share the encryption hardware.
  • the encryption hardware is in an idle state, any one of the multiple virtual machines can use the encryption hardware for calculation processing, and then based on the device status of the encryption hardware, the virtual machine's request to use the encryption hardware is processed through the simulation device corresponding to the virtual machine, thereby ensuring that the cryptographic coprocessor is used by one virtual machine at a time, and realizing that multiple virtual machines share the encryption hardware to perform cryptographic calculation processing of data, thereby improving the utilization rate of the encryption hardware by the virtual machine and improving the data processing performance of the virtual machine.
  • the following is an introduction to the configuration device of the encryption hardware provided in the embodiment of the present disclosure.
  • the device content described below can be considered as the functional modules required for the virtual machine monitor to implement the configuration method of the encryption hardware provided in the embodiment of the present disclosure.
  • the content described below can be referenced to the content described above.
  • FIG14 exemplarily shows an optional block diagram of a configuration device for encryption hardware provided in an embodiment of the present disclosure.
  • the device may be applied to a virtual machine monitor.
  • the device may include: state maintenance logic 101 and request processing logic 102 .
  • the state maintenance logic 101 is used to maintain the device state of the encryption hardware bound to the multiple simulated devices, and the device state includes an idle state and a busy state; wherein one simulated device corresponds to one virtual machine, and the multiple simulated devices are bound to the encryption hardware so that the multiple virtual machines share the encryption hardware through the corresponding simulated devices;
  • the request processing logic 102 is used to process the virtual machine's request to use the encryption hardware through the simulated device corresponding to the virtual machine based on the device status of the encryption hardware, so that the virtual machine
  • the encryption hardware is used by a virtual machine, and the virtual machine is any one of a plurality of virtual machines.
  • the request processing logic 102 is configured to process the virtual machine's request for using the encryption hardware through a simulated device corresponding to the virtual machine based on the device state of the encryption hardware, including:
  • the device state of the encryption hardware is an idle state, obtaining a use request of the first virtual machine to use the encryption hardware through a first simulation device corresponding to the first virtual machine; the first virtual machine is any one of the multiple virtual machines;
  • it also includes: adjusting the device state of the encryption hardware to a busy state through the first simulation device, so that the second virtual machine stops sending usage requests until the device state of the encryption hardware is adjusted to an idle state; wherein the second virtual machine is a virtual machine among the multiple virtual machines that is different from the first virtual machine.
  • the state maintenance logic 101 is used to execute the aforementioned encryption hardware configuration method.
  • the encryption hardware configuration device may further set an address mapping logic 100 for mapping the register address space of the encryption hardware for the virtual machine through the simulation device corresponding to the virtual machine when the virtual machine is started.
  • the step of maintaining the device state of the encryption hardware bound to the multiple simulated devices includes:
  • the device states of the encryption hardware bound to the multiple simulated devices are recorded in a shared memory space, and the shared memory space is configured to allow the multiple simulated devices to read and write.
  • the state maintenance logic 101 by means of a first simulated device corresponding to the first virtual machine, adjusts the device state of the encryption hardware to a busy state, comprising:
  • the state maintenance logic 101 is further used to adjust the device state of the encryption hardware recorded in the shared memory space to an idle state through a first simulation device corresponding to the first virtual machine when the first virtual machine ends using the encryption hardware.
  • the address mapping logic 100 when the virtual machine is started, maps the register address space of the encryption hardware for the virtual machine through the simulation device corresponding to the virtual machine, may include:
  • the address information of the register address space is queried through a simulation device corresponding to the virtual machine, and the register address space of the encryption hardware is mapped to the virtual machine according to the queried address information of the register address space.
  • the step of mapping the register address space of encryption hardware for the virtual machine according to the queried address information of the register address space may include:
  • the state maintenance logic 101 responds to the use request through the first simulation device so that the first virtual machine uses the encryption hardware, and the step may include:
  • the input/output page table of the first virtual machine is written into the input/output memory management unit through the first simulation device, wherein the input/output page table records the address mapping relationship between the virtual machine physical address and the host physical address.
  • the embodiment of the present disclosure also proposes a data confidentiality computing method in a confidential computing environment, wherein the secure cryptographic coprocessor in the confidential computing environment may be the encryption hardware configured according to the configuration method of the encryption hardware described above.
  • FIG15 shows an optional flow chart of the data confidentiality computing method provided by the embodiment of the present disclosure, and the method flow may be implemented by a virtual machine monitor. As shown in FIG15, the method flow may include the following steps.
  • Step S41 obtaining the confidential computing command for the simulated device sent by the virtual machine.
  • the confidential computing command is used to instruct the secure cryptographic coprocessor to perform confidential computing on data.
  • Step S42 obtaining the use permission of the secure cryptographic coprocessor so as to obtain the confidential computing result of the secure cryptographic coprocessor according to the confidential computing command, and return the confidential computing result to the virtual machine.
  • virtual machine monitors of different virtual machines can synchronously negotiate the use of a secure cryptographic coprocessor.
  • the virtual machine monitor has a memory space, and the synchronization of the virtual machine monitors can be that one virtual machine monitor searches for the device status flag of the secure cryptographic coprocessor recorded in the memory space of another virtual machine monitor.
  • the secure cryptographic coprocessor If the device status flag indicates that the secure cryptographic coprocessor is not in use, the secure cryptographic coprocessor is currently in an idle state, so that the use permission of the secure cryptographic coprocessor can be obtained, and the virtual machine monitor can send a confidential computing command for performing confidential computing to the secure cryptographic coprocessor; after obtaining the confidential computing command for performing confidential computing, the secure cryptographic coprocessor can perform confidential computing on the data and send the confidential computing result to the virtual machine monitor, so that the virtual machine monitor can obtain the confidential computing result of the secure cryptographic coprocessor and return the confidential computing result to the virtual machine to complete the confidential computing of the virtual machine.
  • the data confidentiality computing method of the embodiment of the present disclosure can realize the use of the secure cryptographic coprocessor by multiple virtual machines, improve the utilization rate of the secure cryptographic coprocessor by the virtual machines, and improve the data processing performance of the virtual machines.
  • virtual machine monitors based on different virtual machines can synchronously negotiate the use of a secure cryptographic coprocessor and the configuration of a simulated device simulating a secure cryptographic coprocessor.
  • the device status of the secure cryptographic coprocessor corresponding to different simulated devices can be accessed, and when the device status of the secure cryptographic coprocessors corresponding to different simulated devices are all in an idle state, the permission to use the secure cryptographic coprocessor can be obtained, and the device status of the secure cryptographic coprocessor simulated by the corresponding simulated device can be adjusted to a busy state, thereby obtaining the permission to use the secure cryptographic coprocessor, avoiding the use of a direct pass-through method to pass the secure cryptographic coprocessor directly to any one of multiple virtual machines.
  • the secure cryptographic coprocessor corresponding to different simulated devices may be unique, that is, the number of secure cryptographic coprocessors is 1. Therefore, when the device states of the secure cryptographic coprocessors corresponding to different simulated devices are all in an idle state, the current secure cryptographic coprocessor is not in use, and the use permission of the secure cryptographic coprocessor can be obtained.
  • the confidential computing command sent by the virtual machine may carry a command ID and a command address parameter, where the command ID corresponds to the type of confidential computing to be performed, such as encryption operation, decryption operation, hash operation, etc.; the command address parameter may include the virtual machine physical address (GPA) of the data.
  • the command ID corresponds to the type of confidential computing to be performed, such as encryption operation, decryption operation, hash operation, etc.
  • the command address parameter may include the virtual machine physical address (GPA) of the data.
  • GPS virtual machine physical address
  • the secure cryptographic coprocessor can access confidential information.
  • Sources such as virtual machine ciphertext, secure storage (used to store highly confidential keys).
  • IOMMU host physical address
  • HPA host physical address
  • the command address parameter includes the virtual machine physical address.
  • the virtual machine monitor can convert the virtual machine physical address into the host physical address according to the confidential computing command, thereby obtaining the processed confidential computing command to obtain the target data to be calculated in the memory.
  • the virtual machine monitor can send the processed confidential computing command to the secure cryptographic coprocessor and obtain the confidential computing result of the secure cryptographic coprocessor.
  • the virtual machine monitor can create a nested page table, which can record the address mapping relationship between the virtual machine physical address and the host physical address, so as to convert the virtual machine physical address into the host physical address according to the confidential computing command. Specifically, according to the command address parameter, the nested page table is queried to convert the virtual machine physical address into the host physical address.
  • the nested page table can record the address mapping relationship of the virtual machine physical address in the register space of the encryption hardware, and in another optional example, the nested page table can record the address mapping relationship of the virtual machine physical address in the memory address space.
  • the security processor and the secure cryptographic coprocessor do not use IOMMU for address translation, and only process the host physical address (HPA).
  • the virtual machine monitor can query the nested page table that records the address mapping relationship of the virtual machine physical address in the memory address space, so as to convert the virtual machine physical address of the command address parameter in the confidential computing command into the host physical address, and the host physical address, that is, the virtual machine physical address, corresponds to the host physical address of the memory address space, so as to enable the secure cryptographic coprocessor to obtain data in the memory according to the host physical address and perform confidential computing.
  • the nested page table that records the address mapping relationship of the virtual machine physical address in the memory address space can be a secure processor that sends an address query command to the memory to obtain the address space of the memory; and then based on the obtained memory address space, establish a mapping relationship between the virtual machine physical address and the host physical address of the memory address space.
  • Figure 16 exemplarily shows an interactive schematic diagram of multiple virtual machines accessing a secure cryptographic coprocessor in an embodiment of the present disclosure.
  • virtual machines A and B correspond to virtual machine monitors a and b respectively, and the simulation device layer of virtual machine monitor a is provided with a simulation device A' configured to simulate a secure cryptographic coprocessor, and the simulation device layer of virtual machine monitor b is provided with a simulation device B' configured to simulate a secure cryptographic coprocessor; virtual machine monitor a corresponds to searching nested page table A", and virtual machine monitor b corresponds to searching nested page table B".
  • virtual machines A and B can be secure virtual machines.
  • nested page table A" and nested page table B" record the address mapping relationship from the virtual machine physical address (GPA) of the corresponding virtual machine to the host physical address (HPA) in the memory address space.
  • GPSA virtual machine physical address
  • HPA host physical address
  • virtual machines A and B can send data confidentiality computing commands to the corresponding simulated devices A' and B'. Then, virtual machine monitors a and b can obtain the data confidentiality computing commands sent by the corresponding virtual machines to the simulated devices, and query the corresponding nested page tables to convert the virtual machine physical addresses in the data confidentiality computing commands into host physical addresses. Further, virtual machine monitors a and b can synchronize the use rights of the secure cryptographic coprocessor with each other.
  • virtual machine monitor a when virtual machine monitor a synchronously accesses virtual machine monitor b, it is obtained that virtual machine monitor b does not use the secure cryptographic coprocessor, then virtual machine monitor a records the device status of the secure cryptographic coprocessor as the "busy status" used by the corresponding virtual machine A; then, virtual machine monitor a can send a data confidentiality computing command containing the host physical address to the secure cryptographic coprocessor through the security processor, so that the secure cryptographic coprocessor can obtain the target data in the memory according to the host physical address, perform confidential computing on the target data, and send the confidential computing result to virtual machine monitor a through the security processor; finally, virtual machine monitor a returns the confidential computing result to virtual machine A.
  • the data confidentiality computing method of the embodiment of the present disclosure can realize the use of the secure cryptographic coprocessor by multiple virtual machines, improve the utilization rate of the secure cryptographic coprocessor by the virtual machines, and improve the data processing performance of the virtual machines.
  • the secure cryptographic coprocessor since the secure cryptographic coprocessor processes confidential computing tasks in a confidential computing environment, the virtual machine needs to verify the transmission of confidential computing commands to determine the security of information interaction. In addition, based on data security considerations, it is necessary to convey messages to the secure cryptographic coprocessor through the secure processor.
  • the secure processor can be used to perform key coordination. The chip private key and the chip public key are generated by the security processor, and the security processor can transmit the chip public key to the virtual machine, and the chip public key is saved by the virtual machine. Therefore, as an optional implementation, the confidential computing command can also carry a signature file, and the signature file is used to sign the signature file using the chip private key by the security processor that forwards the confidential computing command to the secure cryptographic coprocessor.
  • the security processor encrypts the signature file using the chip private key, so that the virtual machine uses the chip public key that matches the chip private key to verify the signature file in the confidential computing result, so as to determine that the confidential computing command is conveyed to the secure cryptographic coprocessor for execution through the security processor.
  • the data confidentiality computing method of the embodiment of the present disclosure can realize the use of the secure cryptographic coprocessor by multiple virtual machines, improve the utilization rate of the secure cryptographic coprocessor by the virtual machines, and improve the data processing performance of the virtual machines.
  • the device content described below can be considered as the functional modules that the virtual machine monitor corresponding to the virtual machine needs to set in order to implement the data confidentiality computing method provided by the embodiment of the present disclosure.
  • the content described below can be referenced to the content described above.
  • FIG17 exemplarily shows an optional block diagram of a data confidentiality computing device provided in an embodiment of the present disclosure.
  • the device may be applied to a virtual machine monitor.
  • the device may include: a command acquisition logic 110 and a hardware usage logic 120 .
  • the command acquisition logic 110 is used to acquire a confidential computing command for a simulated device sent by a virtual machine, and the simulated device is used to simulate a program of a secure cryptographic coprocessor, and the secure cryptographic coprocessor is cryptographic hardware configured according to the configuration method of the cryptographic hardware as described above;
  • the hardware usage logic 120 is used to obtain the use permission of the secure cryptographic coprocessor, so as to obtain the confidential computing result of the secure cryptographic coprocessor according to the confidential computing command, and return the confidential computing result to the virtual machine.
  • the step of the hardware usage logic 120 for obtaining the right to use the secure cryptographic coprocessor includes:
  • the device status of the secure cryptographic coprocessor simulated by different simulation devices By accessing the device status of the secure cryptographic coprocessor simulated by different simulation devices, when the device status of the secure cryptographic coprocessor simulated by different simulation devices is idle, the permission to use the secure cryptographic coprocessor is obtained, and the device status of the secure cryptographic coprocessor simulated by the corresponding simulation device is adjusted to a busy state.
  • the confidential computing command carries a command ID and a command address parameter, the command ID corresponds to a confidential computing type to be executed, and the command address parameter includes a virtual machine physical address;
  • the step of obtaining the confidential computing result of the encryption hardware according to the confidential computing command includes:
  • the processed confidential computing command is sent to the secure cryptographic coprocessor, and the confidential computing result of the secure cryptographic coprocessor is obtained.
  • converting the virtual machine physical address into the host physical address according to the confidential computing command can be specifically performed by querying the nested page table according to the command address parameter, and converting the virtual machine physical address into the host physical address; the nested page table records the address mapping relationship from the virtual machine physical address to the host physical address.
  • the virtual machine monitor is provided with a simulation device layer
  • the simulation device layer is provided with a simulation device as described in the above-mentioned encryption hardware configuration method, or a simulation device as described in the above-mentioned data confidentiality computing method.
  • An embodiment of the present disclosure also provides an electronic device, which may include a memory and a processor, wherein the memory stores a computer program that can be executed by the processor, and when the processor runs the computer program, it executes the configuration method of encryption hardware as described above, or the steps in the data confidentiality computing method as described above.
  • the embodiments of the present disclosure also provide a storage medium, which stores one or more computer-executable instructions. When the one or more computer-executable instructions are executed, the configuration method of encryption hardware and/or the data confidentiality computing method of the embodiments of the present disclosure are implemented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

本公开的实施例提供一种加密硬件的配置方法、数据机密计算方法及相关设备,加密硬件的配置方法包括:维护多个模拟设备所绑定的加密硬件的设备状态,设备状态包括空闲状态和忙碌状态;其中,一个模拟设备对应一个虚拟机,并且多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;基于加密硬件的设备状态,通过虚拟机对应的模拟设备,处理虚拟机对加密硬件的使用请求,以使得虚拟机使用加密硬件,虚拟机为多个虚拟机中的任一个虚拟机。本公开的实施例能够提升虚拟机对于加密硬件的利用率。

Description

加密硬件的配置方法、数据机密计算方法及相关设备
本申请要求于2023年6月15日递交的中国专利申请第202310712879.1号的优先权,在此全文引用上述中国专利申请公开的内容以作为本申请的一部分。
技术领域
本公开实施例涉及一种加密硬件的配置方法、数据机密计算方法及相关设备。
背景技术
通过虚拟化技术(Virtualization),计算机可虚拟化出多台虚拟机(Virtual Machine,VM),从而高效利用计算机的硬件资源。虚拟机在进行数据的密码计算时,涉及到利用计算机中的加密硬件进行密码计算。在此背景下,如何提供技术方案,以提升虚拟机对于加密硬件的利用率,成为了本领域技术人员亟需解决的技术问题。
发明内容
有鉴于此,本公开实施例提供一种加密硬件的配置方法、数据机密计算方法及相关设备,以实现提升虚拟机对于加密硬件的利用率,提高虚拟机数据处理性能。
第一方面,本公开实施例提供一种加密硬件的配置方法,包括:
维护多个模拟设备所绑定的加密硬件的设备状态,所述设备状态包括空闲状态和忙碌状态;其中,一个模拟设备对应一个虚拟机,并且多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;
基于所述加密硬件器的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件器的使用请求,以使得虚拟机使用所述加密硬件,所述虚拟机为多个虚拟机中的任一个虚拟机。
第二方面,本公开实施例提供一种加密硬件的配置装置,包括:
状态维护逻辑,用于维护多个模拟设备所绑定的加密硬件的设备状态,所述设备状态包括空闲状态和忙碌状态;其中,一个模拟设备对应一个虚拟机,并且多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;
请求处理逻辑,用于基于所述加密硬件器的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件器的使用请求,以使得虚拟机使用所述加密硬件,所述虚拟机为多个虚拟机中的任一个虚拟机。
第三方面,本公开实施例提供一种数据机密计算方法,包括:
获取虚拟机发送的对于模拟设备的机密计算命令,模拟设备用于模拟安全密码协处理器的程序,所述安全密码协处理器为根据如上述所述的加密硬件的配置方法配置得到的加密硬件;
获取所述安全密码协处理器的使用权限,以使得根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至虚拟机。
第四方面,本公开实施例提供一种数据机密计算装置,包括:
命令获取逻辑,用于获取虚拟机发送的对于模拟设备的机密计算命令,模拟设备用于模拟安全密码协处理器的程序,所述安全密码协处理器为根据如上述所述的加密硬件的配置方法配置得到的加密硬件;
硬件使用逻辑,用于获取所述安全密码协处理器的使用权限,以使得根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至虚拟机。
第五方面,本公开实施例提供一种计算机系统,包括:虚拟机监视器、多个虚拟机,以及加密硬件;所述虚拟机监视器包括如上述所述的加密硬件的配置装置,或者,如上述所述的数据机密计算装置。
第六方面,本公开实施例提供一种电子设备,包括存储器和处理器,所述存储器上存储有可由所述处理器运行的计算机程序,所述处理器运行所述计算机程序时执行如上述所述的加密硬件的配置方法,或者,如上述所述的数据机密计算方法中的步骤。
第七方面,本公开实施例提供一种存储介质,所述存储介质存储一条或多条计算机可执行指令,所述一条或多条计算机可执行指令被执行时,实现 如上述所述的加密硬件的配置方法,和/或,如上述所述的数据机密计算方法。
本公开实施例所提供的加密硬件的配置方法中,通过维护多个模拟设备所绑定的密码协处理器的设备状态,所述设备状态包括空闲状态和忙碌状态,其中,一个模拟设备对应一个虚拟机,并且多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;进而,基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件的使用请求,以使得所述虚拟机使用所述加密硬件,所述虚拟机为多个虚拟机中的任一个虚拟机。
可见,本公开实施例通过多个模拟设备对加密硬件的设备状态维护,从而多个虚拟机能够共享加密硬件,在加密硬件为空闲状态时,多个虚拟机中的任一个虚拟机能够使用加密硬件进行计算处理,进而基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理虚拟机对所述加密硬件的使用请求,保障加密硬件在一个时刻被一个虚拟机使用,实现多个虚拟机共享加密硬件进行数据的密码计算处理,提升虚拟机对于加密硬件的利用率,提高虚拟机的数据处理性能。
附图说明
为了更清楚地说明本公开实施例的技术方案,下面将对实施例所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。
图1是计算机系统的可选架构示意图;
图2是计算机系统的另一可选架构示意图;
图3是计算机系统的又一可选架构示意图;
图4是加密硬件的可选架构示意图;
图5是加密硬件的可选配置方法;
图6是本公开实施例提供的加密硬件的配置方法的可选流程图;
图7是本公开实施例提供的多个虚拟机对加密硬件的访问示意图;
图8是本公开实施例提供的虚拟机访问加密硬件的交互示意图;
图9是本公开实施例提供的加密硬件的配置方法的另一可选流程图;
图10是本公开实施例提供的虚拟机访问加密硬件的地址映射示意图;
图11是本公开实施例提供的虚拟机通过模拟设备同步访问共享内存空间的交互示意图;
图12是本公开实施例提供的加密硬件访问内存的地址转换示意图;
图13是本公开实施例提供的多个虚拟机共享加密硬件的计算时序图;
图14是本公开实施例提供的加密硬件的配置装置的可选框图;
图15是本公开实施例提供的数据机密计算方法的可选流程图;
图16是本公开实施例提供的多个虚拟机同步访问安全密码协处理器的交互示意图;以及
图17是本公开实施例提供的数据机密计算装置的可选框图。
具体实施方式
下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本公开一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本公开保护的范围。
作为一种可选示例,图1示出了计算机系统的可选架构示意图,如图1所示,计算机系统的架构可以包括:CPU(Central Processing Unit,中央处理器)核心1,加密硬件2,内存3。
其中,CPU核心1可通过软件形式配置虚拟机监视器(Virtual Machine Monitor,VMM)11,并通过虚拟化技术虚拟化出多个虚拟机(Virtual Machine,VM)12,该多个虚拟机12可由虚拟机监视器11进行管理。
加密硬件2是进行密码计算处理的硬件设备,例如密码协处理器,利用加密硬件2能够优化密码学计算中频繁的数据操作,节省计算时间,提高计算速度,提升对数据的密码学计算性能。
在一个示例中,加密硬件2可以用于对虚拟机的虚拟机数据进行密码计算。当加密硬件被某一虚拟机调用时,加密硬件2可以获取该虚拟机的数据计算命令,从而根据该数据计算命令的地址信息,从内存中得到对应的数据,并进行数据的密码运算,所述密码运算可以是加密计算、解密计算或哈希计算等。其中,加密硬件的调用可以是通过加密硬件的驱动程序,来驱动加密 硬件工作。
需要说明的是,加密硬件在图1所述系统架构的运行环境为普通计算环境时,能够实现基础的密码计算功能。但是,由于普通计算环境下,加密硬件的硬件资源可以被虚拟机直接访问,并且,加密硬件不存在封闭的执行环境,导致其并不具备对数据的机密计算能力。
为提升数据的机密性和完整性,以及计算过程的机密性,计算机系统中还可以设置机密计算环境,图2示出了计算机系统的另一可选架构示意图,其中,纵向虚线用于区分机密计算环境和普通计算环境,实线框是机密计算环境的组件,虚线框是普通计算环境的组件。
如图2所示,计算机系统可以包括硬件层、系统软件层、服务层、应用层和跨层管理五个部分。其中,硬件层基于硬件隔离实现受保护的资源不被开放系统访问,并基于硬件安全功能为机密计算提供受信任的硬件基础;系统软件层为机密计算提供基于软件的隔离机制、必要的硬件资源和基础服务;服务层为上层应用程序提供统一的机密计算服务接口及安全服务,安全服务是由底层的系统软件和硬件以及管理模块交互形成,机密计算统一服务接口用以屏蔽底层硬件架构和软件的开发接口差异;应用层是直接面向结果需求方的应用程序,结果需求方通过应用程序执行计算操作;跨层管理为执行机密计算业务提供必要的管理模块。
在一个示例中,机密计算环境中的硬件层的组件可以主要包括可信执行控制单元、隔离内存空间、可信固件、硬件密码引擎、设备唯一密钥、随机数生成器、信任根;系统软件层的组件可以主要包括机密计算操作系统、机密计算虚拟化软件;服务层的组件可以主要包括机密计算统一服务接口、隔离计算、安全启动、远程证明、安全信道、密钥派生、存储保护、密码运算、数据封装;应用层的组件可以主要包括机密计算应用程序;跨层管理的组件可以主要包括密钥管理、日志管理、白名单管理、资源管理。
需要说明的是,在机密计算环境的硬件层的组件中,可信固件可以例如安全处理器。在以虚拟机为实现方式的可信执行环境中,图3示例性的示出了计算机系统的又一可选架构示意图。对应图1,结合图3所示,系统架构还可以包括:安全处理器4,安全处理器4是专门设置的负责处理与虚拟机的机密计算相关操作的处理器。例如,安全处理器4可进行内存加解密等操 作,从而避免物理主机、虚拟机监视器11对虚拟机的数据访问和篡改,保障虚拟机的数据安全。
图3所示系统架构的运行环境可以包括机密计算环境,安全处理器具有封闭的可执行环境,虚拟机监视器11可配置与安全处理器4相通信的API接口,实现虚拟机监视器11与安全处理器4的数据交互。
为进一步从硬件的角度保障虚拟机的数据安全,提升数据的机密性和完整性,在计算机系统包括机密计算环境和普通计算环境的情况下,可以对应存在不同的加密硬件。如图4所示加密硬件的可选架构示意图,可以进一步将加密硬件设置为相隔离的普通密码协处理器和安全密码协处理器。
所述普通密码协处理器也可以称为高性能密码协处理器,为针对虚拟机进行基础密码计算的硬件,普通密码协处理器的硬件资源能够被CPU核心直接访问,应用于普通计算环境下;安全密码协处理器为针对虚拟机进行机密计算的硬件,并且,安全密码协处理器与安全处理器能够使用封闭的执行环境,从而安全密码协处理器的硬件资源不能被虚拟机直接访问,其可以由安全处理器进行配置,能够在虚拟机进行安全等级要求高的机密计算任务时使用,实现虚拟机数据的机密计算,保证机密数据不被外泄。
需要说明的是,参考图3所示,CPU核心1中的虚拟机12可以包括虚拟机121和虚拟机122。其中,虚拟机121为在普通计算环境下,未使用安全保护机制的虚拟机,如使用普通内存的普通虚拟机;虚拟机122为在机密计算环境下,使用安全保护机制的虚拟机,如使用安全内存的安全虚拟机。并且,安全虚拟机的安全性可高于普通虚拟机,安全处理器4可为安全虚拟机分配安全内存,并维护安全虚拟机的嵌套页表,避免主机操作系统、虚拟机监视器等获取安全内存的使用情况,降低虚拟机被攻击的风险。
可以理解的是,通过虚拟化技术,计算机可虚拟化出多台虚拟机,而在以虚拟机为实现方式的可信执行环境(Trusted Execution Environment,TEE),即普通计算环境、机密计算环境,虽然加密硬件可以包括普通密码协处理器、安全密码协处理器,但是,加密硬件的硬件数量远远小于虚拟出的虚拟机数量,并且,多个虚拟机同时使用加密硬件将导致加密硬件的硬件资源冲突。
因此,为实现虚拟机利用加密硬件进行密码计算或机密计算,作为一种可选实现,如图5所示,可以将加密硬件直通给多个虚拟机中的任一虚拟机 使用,例如:在普通计算环境下,将一普通密码协处理器直通给一普通虚拟机使用,或者,在机密计算环境下,将安全密码协处理器直通给一安全虚拟机使用。直通给虚拟机的加密硬件获取并执行虚拟机发送的数据计算任务,并且,在计算结束后通过中断通知直通的虚拟机,从而节省CPU的计算带宽。
但是,在数据处理过程中,发明人发现:加密硬件只能由直通的虚拟机使用,其他虚拟机或主机操作系统无法使用,这将导致虚拟机无法高效利用加密硬件实现计算功能,降低了虚拟机的数据处理性能。
可见,如何实现提升虚拟机对于加密硬件的利用率,显得尤为重要。基于此,本公开实施例通过改进的技术方案,利用虚拟机监视器的多个模拟设备对加密硬件进行设备状态维护,从而多个虚拟机能够共享加密硬件,并且,基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理虚拟机对所述加密硬件的使用请求,以使得多个虚拟机中的任一个虚拟机使用所述加密硬件进行密码计算,实现提升虚拟机对于加密硬件的利用率,提高虚拟机的数据处理性能。
基于上述思路,图6示例性的示出了本公开实施例提供的加密硬件的配置方法的可选流程图,该方法流程可由虚拟机监视器实现。其中,虚拟机监视器可以通过模拟设备层,在虚拟机启动时创建多个模拟设备,所述模拟设备用于模拟加密硬件的配置,一个模拟设备对应一个虚拟机,虚拟机对加密硬件的使用需要通过对应的模拟设备建立使用关系,并且,虚拟机监视器能够指定模拟设备绑定的加密硬件。参照图6,该方法流程可以包括如下步骤。
步骤S21,维护多个模拟设备所绑定的加密硬件的设备状态。
本公开实施例中的虚拟机监视器增加了一层模拟设备层,通过模拟设备层实现多个虚拟机对密码协处理器的共享,使得多个虚拟机能够并发访问加密硬件,进行数据处理,避免采用直通的方式,将加密硬件直通给单个虚拟机。
基于所述模拟设备层,设置多个模拟设备,所述模拟设备可以是模拟加密硬件的配置,一个模拟设备对应一个虚拟机,多个模拟设备与加密硬件相绑定,从而虚拟机不再直接访问加密硬件,而是访问对应的模拟设备,使得多个虚拟机通过对应的模拟设备共享加密硬件。
其中,图7示例性的示出了本公开实施例中多个虚拟机对加密硬件的访问示意图。如图7所示,多个虚拟机访问对应的模拟设备,通过对应的模拟设备共享加密硬件。图7中,多个模拟设备之间相互同步操作,控制虚拟机对加密硬件的访问,当一虚拟机通过模拟设备对加密硬件进行使用时,另一虚拟机需等待加密硬件的执行完成。
在一些实施例中,虚拟机监视器可以对应有共享内存空间,其中,所述共享内存空间可以配置为允许多个模拟设备进行读写,则多个模拟设备可以将所绑定的加密硬件的设备状态存储在共享内存空间中,从而在共享内存空间中可以记录多个模拟设备所绑定的加密硬件的设备状态,而且,多个模拟设备可以基于对共享内存空间的访问,共享加密硬件的设备状态。
所述设备状态可以包括加密硬件的空闲状态和忙碌状态,其中,加密硬件处于空闲状态时,表示加密硬件未执行密码计算处理,可以被任一虚拟机使用;加密硬件处于忙碌状态时,表示加密硬件当前被某一虚拟机占用,正在执行密码计算处理,不能被除当前使用的虚拟机之外的其他虚拟机使用。基于虚拟机对加密硬件的使用需要通过对应的模拟设备,因此,通过维护多个模拟设备所绑定的加密硬件的设备状态,能够使得多个虚拟机通过对应的模拟设备共享加密硬件。
步骤S22,基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理虚拟机对所述加密硬件的使用请求。
基于加密硬件的设备状态包括空闲状态和忙碌状态,当多个虚拟机中的任一个虚拟机,具有使用加密硬件进行密码计算的需求时,虚拟监视器可以通过虚拟机对应的模拟设备,处理所述虚拟机对加密硬件的使用请求。
作为一种可选实现,虚拟机可以基于对应的模拟设备查询加密硬件的设备状态,从而确定对加密硬件的使用请求的发送时机。在一个示例中,如果模拟设备查询到所述加密硬件的设备状态为空闲状态,则可以通过虚拟机对应的模拟设备,获取虚拟机请求使用所述加密硬件的使用请求,进而通过虚拟机对应的模拟设备响应该使用请求,以使得所述虚拟机使用所述加密硬件,实现虚拟机对加密硬件的使用。
可以理解的是,在虚拟化技术中,加密硬件用于对虚拟机的虚拟机数据进行密码计算处理,由于虚拟机数据对应虚拟机地址空间内的虚拟机物理地 址(Guest Physical Address,GPA),而加密硬件处理的虚拟机数据对应的是内存地址空间的主机物理地址(Host Physical Address,HPA),加密硬件需要根据主机物理地址在内存中查找到对应数据。因此,在加密硬件获取虚拟机的计算命令前,需要得到虚拟机地址空间的虚拟机物理地址到内存地址空间的主机物理地址的映射关系,而该映射关系主要通过输入输出(I/O)页表进行记录。
需要说明的是,本公开实施例中的模拟设备可以维护,记录有虚拟机地址空间的虚拟机物理地址,到内存地址空间的主机物理地址的映射关系的I/O页表。从而,可以通过所述第一模拟设备响应所述使用请求,以使得第一虚拟机使用所述加密硬件。
在一个可选实现中,第一模拟设备对第一虚拟机的使用请求的响应可以是将第一虚拟机的I/O页表设置给输入输出内存管理单元(I/O Memory Management Unit,IOMMU),使得加密硬件能够获取虚拟机发送的计算命令。其中,所述计算命令可以携带虚拟机物理地址,加密硬件在获取所述计算命令后,通过IOMMU,能够将所述计算命令中的虚拟机物理地址翻译成主机物理地址,在内存中得到对应目标数据进行计算。
其中,图8示例性的示出了本公开实施例中虚拟机访问加密硬件的交互示意图。如图8所示,虚拟机01和02分别通过对应的模拟设备01'和02',访问共享内存空间中记录的加密硬件的设备状态;当模拟设备01'在共享内存空间中获取加密硬件的设备状态为“空闲状态”时,将共享内存空间中记录的加密硬件设备状态调整为“忙碌状态”并使用加密硬件,模拟设备02'需等待加密硬件的执行完成。进而,虚拟机01通过模拟设备01'对共享内存空间中记录的设备状态调整,能够实现对加密硬件的使用;模拟设备01'将I/O页表设置至IOMMU,加密硬件基于IOMMU将虚拟机物理地址翻译成主机物理地址,在内存中得到对应的数据,并进行计算。
可以看出,本公开实施例通过多个模拟设备对加密硬件的设备状态维护,从而多个虚拟机能够共享加密硬件,进而基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理虚拟机对所述加密硬件的使用请求,保障加密硬件在一个时刻被一个虚拟机使用,实现多个虚拟机共享加密硬件进行数据的密码计算处理,提升虚拟机对于加密硬件的利用率,提高虚拟机的数据 处理性能。
在一些实施例中,基于虚拟机不再直接访问加密硬件,而是访问对应的模拟设备,则虚拟机对加密硬件的使用可以通过对应的模拟设备实现。以多个虚拟机中的任一个虚拟机(例如:第一虚拟机)为例,在第一虚拟机得到对应的第一模拟设备查询到加密硬件的设备状态为空闲状态后,第一虚拟机能够向对应的第一模拟设备发送请求使用所述加密硬件的使用请求,进而能够通过第一虚拟机对应的第一模拟设备,获取第一虚拟机请求使用所述加密硬件的使用请求,并且,通过所述第一模拟设备响应所述使用请求,以使得第一虚拟机使用所述加密硬件。
进一步的,在一些实施例中,基于模拟设备对所绑定的加密硬件的设备状态的维护,当第一虚拟机使用加密硬件时,可以通过所述第一虚拟机对应的第一模拟设备,将所述加密硬件的设备状态调整为忙碌状态,以使得第二虚拟机停止发送使用请求,直至所述加密硬件的设备状态调整为空闲状态。其中,所述第二虚拟机可以为所述多个虚拟机中不同于所述第一虚拟机的虚拟机。
可以理解的是,第一模拟设备在响应第一虚拟机对加密硬件的使用请求后,第一虚拟机能够使用加密硬件进行数据的密码计算处理,为避免其他虚拟机同时使用加密硬件,而造成加密硬件的硬件资源冲突,可以通过第一模拟设备将处于空闲状态的加密硬件的设备状态调整为忙碌状态。进而,在第一虚拟机使用所述加密硬件时,其他虚拟机对应的模拟设备查询到的加密硬件的设备状态为忙碌状态,使得其他虚拟机停止向对应的模拟设备发送所述加密硬件的使用请求,直至第一虚拟机使用完毕。在第一虚拟机对加密硬件使用完毕时,可以通过第一虚拟机对应的第一模拟设备将所述加密硬件的设备状态调整为空闲状态,其他虚拟机在通过对应模拟设备查询到加密硬件为空闲状态时,才可以向对应的模拟设备发送对所述加密硬件的使用请求,从而在保障加密硬件在一个时刻被一个虚拟机使用的情况下,通过任一虚拟机在加密硬件为空闲状态时,使用加密硬件的方式,来实现多个虚拟机共享加密硬件进行数据的密码计算处理。
在一些实施例中,通过多个模拟设备对所绑定的加密硬件的设备状态的读写,多个模拟设备所绑定的加密硬件的设备状态的维护可以基于共享内存 空间实现。在共享内存空间中可以记录多个模拟设备所绑定的加密硬件的设备状态,从而多个虚拟机可以通过对应的模拟设备对共享内存空间的访问,共享加密硬件的设备状态,进而实现共享加密硬件,进行数据的密码计算处理。
基于所述共享内存空间,作为一种可选实现,通过第一虚拟机对应的第一模拟设备,将所述加密硬件的设备状态调整为忙碌状态可以是通过第一虚拟机对应的第一模拟设备,将所述共享内存空间中记录的加密硬件的设备状态,调整为忙碌状态,从而其他虚拟机能够停止发送对加密硬件的使用请求,避免其它虚拟机对加密硬件的无效使用请求的发送和资源冲突。
作为另一种可选实现,在第一虚拟机结束使用加密硬件时,通过所述第一虚拟机对应的第一模拟设备,可以将所述共享内存空间中记录的加密硬件的设备状态,调整为空闲状态,使得其他虚拟机能够发送对加密硬件的使用请求,利用加密硬件执行数据的密码计算处理。
在一些实施例中,为实现多个虚拟机对加密硬件的使用,需要将多个虚拟机的虚拟机物理地址映射至加密硬件的寄存器空间,因此,需要建立虚拟机在加密硬件的地址空间中的映射关系。其中,图9示例性的示出了本公开实施例中加密硬件的配置方法的另一可选流程图。如图9所示,在步骤S21之前,还可以包括:
步骤S20,在虚拟机启动时,通过虚拟机对应的模拟设备,为虚拟机映射加密硬件的寄存器地址空间。
可以理解的是,基于虚拟机不再直接访问密码协处理器,而是访问模拟设备,则可以通过虚拟机对应的模拟设备,为虚拟机映射加密硬件的寄存器地址空间。并且,由于模拟设备是虚拟机监视器在虚拟机启动时创建,则通过虚拟机对应的模拟设备,为虚拟机映射加密硬件的寄存器地址空间的时机也可以发生在虚拟机启动时,即在虚拟机启动时,通过虚拟机对应的模拟设备,为虚拟机映射加密硬件的寄存器地址空间。
作为一种可选实现,基于虚拟机不再直接访问加密硬件,而是访问模拟设备,虚拟机可以在启动时,向模拟设备发送加密硬件的寄存器地址查询请求,即,在虚拟机启动时,通过虚拟机对应的模拟设备,获取虚拟机对于加密硬件的寄存器地址空间的查询请求。进而,通过对应的模拟设备查询所述 寄存器地址空间的地址信息,以及,根据查询的所述寄存器地址空间的地址信息,为虚拟机映射加密硬件的寄存器地址空间。
进一步的在一个示例中,根据查询的所述寄存器地址空间的地址信息,为虚拟机映射加密硬件的寄存器地址空间,可以是根据所述寄存器地址空间的地址信息建立嵌套页表,所述嵌套页表用于记录虚拟机的虚拟机物理地址到密码协处理器的地址空间的映射。
需要说明的是,一虚拟机通过对应的模拟设备创建嵌套页表,以在虚拟机使用所述加密硬件前,根据所述嵌套页表,得到虚拟机物理地址在加密硬件的地址空间内对应的物理地址,进而虚拟机通过模拟设备能够在共享内存空间中查询加密硬件对应的设备状态,并使用加密硬件。其中,图10示例性的示出了虚拟机访问加密硬件的地址映射示意图。如图10所示,虚拟机监视器创建嵌套页表,将虚拟机的虚拟机物理地址映射到加密硬件的寄存器空间,从而虚拟机可以利用嵌套页表,查询虚拟机物理地址在加密硬件的寄存器空间中的物理地址,从而实现对加密硬件的访问。
基于创建的嵌套页表,图11示例性的示出了虚拟机通过模拟设备同步访问共享内存空间的交互示意图。如图11所示,虚拟机01和02分别查询对应的嵌套页表中记录的虚拟机的虚拟机物理地址到加密硬件的地址空间的映射关系,从而向对应的模拟设备01'和02'发送设备状态查询请求;通过对应的模拟设备01'和02',在共享内存空间中查询加密硬件的设备状态;当对应的模拟设备01'或02'查询到加密硬件的当前设备状态为"空闲状态"时,根据对应的嵌套页表01”或02”中记录的虚拟机的虚拟机物理地址到加密硬件的地址空间的映射关系,通过对应的模拟设备01'或02'将共享内存空间中的设备状态调整为“忙碌状态”,从而对应的虚拟机01或02能够使用加密硬件。
在一些实施例中,虚拟机使用加密硬件执行数据的计算时,加密硬件需要通过输入输出内存管理单元获取虚拟机的虚拟机物理地址对应的主机物理地址。因此,基于输入输出页表可以记录虚拟机的虚拟机物理地址到主机物理地址的映射关系,可以通过所述第一模拟设备将第一虚拟机的输入输出页表,写入输入输出内存管理单元,所述输入输出页表记录有虚拟机物理地址到主机物理地址的地址映射关系,以使得第一虚拟机在使用密码协处理器 进行计算时,根据所述输入输出页表,查询到主机物理地址,从而在内存中获取待处理的目标数据,并进行计算,将计算结果返回至第一虚拟机。
需要说明的是,虚拟机监视器可以开启IOMMU功能,为加密硬件建立I/O页表,提供虚拟机物理地址到主机物理地址的映射关系,从而加密硬件能够通过I/O页表访问主机物理内存。其中,图12示例性的示出了加密硬件访问内存的地址转换示意图。如图12所示,在虚拟机使用加密硬件启动计算时,由于加密硬件能够获取虚拟机发送的数据的虚拟机物理地址(GPA),从而加密硬件能够通过IOMMU查询I/O页表,将GPA翻译成主机物理地址(HPA),并访问内存数据。
为便于理解上述内容,图13示例性的示出了本公开实施例提供的多个虚拟机共享加密硬件的计算时序图。如图13所示,虚拟机启动时,执行步骤S310,向模拟设备发送对加密硬件的寄存器地址空间的查询请求;模拟设备获取虚拟机的查询请求,进而执行步骤S311,模拟设备向加密硬件查询寄存器地址空间,在一可选示例中,模拟设备在查询到加密硬件的寄存器地址空间后,可以向虚拟机反馈地址信息,以使虚拟机得到加密硬件的寄存器地址空间;模拟设备执行步骤S312,为虚拟机映射加密硬件的寄存器地址空间,完成虚拟机与加密硬件的寄存器地址空间的映射。在虚拟机运行时,虚拟机执行步骤S313,虚拟机向模拟设备查询加密硬件的设备状态;模拟设备获取该查询请求,执行步骤S314,模拟设备在共享内存空间中查询并调整加密硬件的设备状态,在一可选示例中,模拟设备在查询到加密硬件的设备状态后,能够向虚拟机反馈加密硬件的设备状态(图中虚线箭头所示步骤);当模拟设备查询到加密硬件的设备状态为空闲状态时,模拟设备执行步骤S315,向IOMMU设置记录有GPA到HPA的映射关系的I/O页表,使得虚拟机能够执行步骤S316,向加密硬件发送计算命令,其中计算命令中携带GPA;加密硬件获取所述计算命令,并执行步骤S317,向IOMMU查询GPA对应的HPA;基于对应的HPA,能够执行步骤S318,向内存请求目标数据;进而执行步骤S319,内存向加密硬件返回对应HPA的目标数据;加密硬件获取目标数据,并执行步骤S320,对目标数据进行计算处理;进而在得到计算结果后,执行步骤S321,加密硬件向虚拟机发送计算结果。
在一些实施例中,基于图2所示计算机系统架构的普通计算环境和机密 计算环境,所述加密硬件可以包括普通密码协处理器和/或安全密码协处理器。其中,所述普通密码协处理器用于执行在普通计算环境下的普通计算任务;所述安全密码协处理器用于执行在机密计算环境下的机密计算任务。
作为一种可选实现,所述普通计算环境可以与所述机密计算环境相隔离,所述普通计算环境用于执行普通计算任务,所述机密计算环境用于执行机密计算任务。
需要说明的是,本公开实施例的加密硬件的配置方法适用于普通密码协处理器,也适用于机密计算环境下具有一个或多个安全密码协处理器的情况;其中,在适用安全密码协处理器时,基于数据的安全性,需要通过安全处理器向安全密码协处理器进行消息的转达。
可以看出,本公开实施例通过多个模拟设备对加密硬件的设备状态维护,从而多个虚拟机能够共享加密硬件,在加密硬件为空闲状态时,多个虚拟机中的任一个虚拟机能够使用加密硬件进行计算处理,进而基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理虚拟机对所述加密硬件的使用请求,保障密码协处理器在一个时刻被一个虚拟机使用,实现多个虚拟机共享加密硬件进行数据的密码计算处理,提升虚拟机对于加密硬件的利用率,提高虚拟机的数据处理性能。
下面对本公开实施例提供的加密硬件的配置装置进行介绍,下文描述的装置内容可以认为是虚拟机监视器为实现本公开实施例提供的加密硬件的配置方法,所需设置的功能模块。下文描述的内容可与上文描述内容相互对应参照。
作为可选实现,图14示例性的示出了本公开实施例提供的加密硬件的配置装置的可选框图,该装置可应用于虚拟机监视器,参照图14,该装置可以包括:状态维护逻辑101和请求处理逻辑102。
其中,所述状态维护逻辑101,用于维护多个模拟设备所绑定的加密硬件的设备状态,所述设备状态包括空闲状态和忙碌状态;其中,一个模拟设备对应一个虚拟机,并且多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;
所述请求处理逻辑102,用于基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件的使用请求,以使得虚 拟机使用所述加密硬件,所述虚拟机为多个虚拟机中的任一个虚拟机。
可选的,所述请求处理逻辑102,用于基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件的使用请求的步骤包括:
如果所述加密硬件的设备状态为空闲状态,通过第一虚拟机对应的第一模拟设备,获取第一虚拟机请求使用所述加密硬件的使用请求;所述第一虚拟机为多个虚拟机中的任一个虚拟机;
通过所述第一模拟设备响应所述使用请求,以使得所述第一虚拟机使用所述加密硬件。
可选的,还包括:通过所述第一模拟设备,将所述加密硬件的设备状态调整为忙碌状态,以使得第二虚拟机停止发送使用请求,直至所述加密硬件的设备状态调整为空闲状态;其中,所述第二虚拟机为所述多个虚拟机中不同于第一虚拟机的虚拟机。
具体的,所述状态维护逻辑101用于执行前述的加密硬件的配置方法。
进一步的,对应前述的加密硬件的配置方法,加密硬件的配置装置还可进一步设置地址映射逻辑100,用于在虚拟机启动时,通过虚拟机对应的模拟设备,为虚拟机映射加密硬件的寄存器地址空间。
可选的,所述状态维护逻辑101中,维护多个模拟设备所绑定的加密硬件的设备状态的步骤包括:
在共享内存空间中记录多个模拟设备所绑定的加密硬件的设备状态,所述共享内存空间配置为允许所述多个模拟设备进行读写。
可选的,所述状态维护逻辑101,通过第一虚拟机对应的第一模拟设备,将加密硬件的设备状态调整为忙碌状态的步骤包括:
通过所述第一虚拟机对应的第一模拟设备,将所述共享内存空间中记录的加密硬件的设备状态,调整为忙碌状态。
可选的,所述状态维护逻辑101,还用于在所述第一虚拟机结束使用加密硬件时,通过所述第一虚拟机对应的第一模拟设备,将所述共享内存空间中记录的加密硬件的设备状态,调整为空闲状态。
可选的,所述地址映射逻辑100,用于在虚拟机启动时,通过虚拟机对应的模拟设备,为虚拟机映射加密硬件的寄存器地址空间的步骤可以包括;
通在虚拟机启动时,通过虚拟机对应的模拟设备,获取虚拟机对于加密硬件的寄存器地址空间的查询请求;
通过虚拟机对应的模拟设备查询所述寄存器地址空间的地址信息,以及,根据查询的所述寄存器地址空间的地址信息,为虚拟机映射加密硬件的寄存器地址空间。
可选的,所述根据查询的所述寄存器地址空间的地址信息,为虚拟机映射加密硬件的寄存器地址空间的步骤可以包括:
根据所述寄存器地址空间的地址信息建立嵌套页表,所述嵌套页表用于记录虚拟机的虚拟机物理地址到加密硬件的地址空间的映射。
可选的,所述状态维护逻辑101,通过所述第一模拟设备响应所述使用请求,以使得所述第一虚拟机使用所述加密硬件的步骤可以包括:
通过所述第一模拟设备将所述第一虚拟机的输入输出页表,写入输入输出内存管理单元,所述输入输出页表记录有虚拟机物理地址到主机物理地址的地址映射关系。
本公开实施例在机密计算环境下,还提出一种数据机密计算方法,其中,该机密计算环境下的安全密码协处理器可以是根据上述所述加密硬件的配置方法配置得到的加密硬件,出于本公开的技术思路,图15示出了本公开实施例提供的数据机密计算方法的可选流程图,该方法流程可由虚拟机监视器实现。如图15所示,该方法流程可以包括如下步骤。
步骤S41,获取虚拟机发送的对于模拟设备的机密计算命令。
本公开实施例中的虚拟机监视器增加了一层模拟设备层,通过模拟设备层创建用于模拟安全密码协处理器对应配置的模拟设备,所述安全密码协处理器可以是根据前述加密硬件的配置方法配置得到的加密硬件。从而,虚拟机能够将机密计算命令直接发送至模拟设备,避免采用直通的方式,将安全密码协处理器直通给虚拟机,则虚拟机监视器能够获取虚拟机发送的对于模拟设备的机密计算命令。
所述机密计算命令用于指示安全密码协处理器对数据进行机密计算。
步骤S42,获取安全密码协处理器的使用权限,以使得根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至虚拟机。
本公开实施例中,不同虚拟机的虚拟机监视器可以同步协商对安全密码协处理器的使用。在一个示例中,虚拟机监视器具有内存空间,虚拟机监视器的同步可以是一虚拟机监视器对应查找另一虚拟机监视器的内存空间中,记录的安全密码协处理器的设备状态标志位,若所述设备状态标志位指示未使用安全密码协处理器,则安全密码协处理器当前为空闲状态,从而能够获取安全密码协处理器的使用权限,则虚拟机监视器能够向安全密码协处理器发送用于进行机密计算的机密计算命令;安全密码协处理器在获得用于进行机密计算的机密计算命令后,能够对数据进行机密计算,并将机密计算结果发送至虚拟机监视器,从而虚拟机监视器能够得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至虚拟机,完成虚拟机的机密计算。
可以看出,本公开实施例的数据机密计算方法能够实现多个虚拟机对安全密码协处理器的使用,提升了虚拟机对于安全密码协处理器的利用率,提高了虚拟机的数据处理性能。
在一些实施例中,基于不同虚拟机的虚拟机监视器可以同步协商对安全密码协处理器的使用,以及模拟设备模拟安全密码协处理器的配置,则可以通过访问不同的模拟设备对应安全密码协处理器的设备状态,在不同的模拟设备对应安全密码协处理器的设备状态均为空闲状态时,获取安全密码协处理器的使用权限,并将对应的模拟设备模拟的安全密码协处理器的设备状态,调整为忙碌状态,从而获取安全密码协处理器的使用权限,避免采用直通的方式,将安全密码协处理器直通给多个虚拟机中的任一个虚拟机。
需要说明的是,不同的模拟设备对应的安全密码协处理器可以是唯一的,即安全密码协处理器的数量是1。从而,当不同的模拟设备对应安全密码协处理器的设备状态均为空闲状态时,当前安全密码协处理器未使用,可以获取安全密码协处理器的使用权限。
在一些实施例中,虚拟机发送的机密计算命令中可以携带有命令ID和命令地址参数,所述命令ID对应于需执行的机密计算类型,例如:加密运算、解密运算、哈希运算等;所述命令地址参数可以包括数据的虚拟机物理地址(GPA)。
需要说明的是,在机密计算环境下,安全密码协处理器能够访问机密资 源,例如:虚拟机的密文、安全存储(用于存储高度机密的密钥)。但是,在访问内存时,安全处理器、安全密码协处理器并不使用IOMMU进行地址翻译,只处理对应于内存地址空间的主机物理地址(HPA)。因此,需要将机密计算命令中命令地址参数的虚拟机物理地址转换为主机物理地址。
命令地址参数中包括虚拟机物理地址,为获取进行机密计算的目标数据,需要得到数据对应于内存地址空间的主机物理地址。作为一种可选实现,虚拟机监视器在通过模拟设备获取机密计算命令后,能够根据所述机密计算命令,将虚拟机物理地址转换为主机物理地址,从而得到处理后的机密计算命令,以在内存中获取待计算的目标数据。进而,虚拟机监视器能够向安全密码协处理器发送所述处理后的机密计算命令,并获取安全密码协处理器的机密计算结果。
在一些实施例中,虚拟机监视器可以创建嵌套页表,所述嵌套页表可以记录有虚拟机物理地址到主机物理地址的地址映射关系,从而根据所述机密计算命令,将所述虚拟机物理地址转换为主机物理地址,可以具体为,根据所述命令地址参数,查询嵌套页表,将所述虚拟机物理地址转换为主机物理地址。
需要说明的是,在一个可选示例中,嵌套页表可以记录虚拟机物理地址在加密硬件的寄存器空间中的地址映射关系,在另一个可选示例中,嵌套页表可以记录虚拟机物理地址在内存地址空间中的地址映射关系。本公开实施例中,基于安全处理器、安全密码协处理器不使用IOMMU做地址翻译,只处理主机物理地址(HPA)。因此,虚拟机监视器可以查询记录有虚拟机物理地址在内存地址空间中的地址映射关系的嵌套页表,从而将机密计算命令中命令地址参数的虚拟机物理地址转换为主机物理地址,该主机物理地址即虚拟机物理地址对应于内存地址空间的主机物理地址,以实现安全密码协处理器根据该主机物理地址在内存中获取数据并进行机密计算。其中,记录有虚拟机物理地址在内存地址空间中的地址映射关系的嵌套页表可以是通过安全处理器向内存发送地址查询命令,获取内存的地址空间;进而基于获取的内存地址空间,建立虚拟机物理地址与内存地址空间的主机物理地址映射关系。
需要进一步说明的是,基于虚拟机监视器通过模拟设备模拟安全密码协 处理器的配置,虚拟机向模拟设备发送机密计算命令,并且,通过虚拟机监视器得到返回的机密计算结果后,能够进入虚拟机退出模式。
其中,图16示例性的示出了本公开实施例中多个虚拟机访问安全密码协处理器的交互示意图。如图16所示,虚拟机A和B分别对应虚拟机监视器a和b,并且,虚拟机监视器a的模拟设备层设置有模拟安全密码协处理器配置的模拟设备A',虚拟机监视器b的模拟设备层设置有模拟安全密码协处理器配置的模拟设备B';虚拟机监视器a对应查找嵌套页表A”,虚拟机监视器b对应查找嵌套页表B”。并且,虚拟机A和B可以是安全虚拟机。其中,嵌套页表A”和嵌套页表B”记录有对应虚拟机的虚拟机物理地址(GPA)到内存地址空间内的主机物理地址(HPA)的地址映射关系。
基于模拟设备A'和B'对安全密码协处理器的配置模拟,虚拟机A和B可以向对应的模拟设备A'和B'发送数据机密计算命令。进而,虚拟机监视器a和b能够获取对应的虚拟机对于模拟设备发送的数据机密计算命令,并查询对应的嵌套页表,将数据机密计算命令中的虚拟机物理地址转换为主机物理地址。进一步,虚拟机监视器a和b可以相互同步对安全密码协处理器的使用权限,例如:当虚拟机监视器a同步访问虚拟机监视器b时,得到虚拟机监视器b未使用安全密码协处理器的结果,则虚拟机监视器a将安全密码协处理器的设备状态记录为对应虚拟机A使用的“忙碌状态”;进而,虚拟机监视器a能够通过安全处理器向安全密码协处理器发送包含有主机物理地址的数据机密计算命令,使得安全密码协处理器能够根据主机物理地址在内存中获取目标数据,对目标数据进行机密计算,并将机密计算结果通过安全处理器发送给虚拟机监视器a;最后,虚拟机监视器a向虚拟机A返回该机密计算结果。
可以看出,本公开实施例的数据机密计算方法能够实现多个虚拟机对安全密码协处理器的使用,提升了虚拟机对于安全密码协处理器的利用率,提高了虚拟机的数据处理性能。
在一些实施例中,由于机密计算环境下,安全密码协处理器处理的是机密计算任务,虚拟机需要对机密计算命令的传输进行验证,以确定信息交互的安全性。并且,基于数据的安全性考虑,需要通过安全处理器向安全密码协处理器进行消息的转达。在一个示例中,利用安全处理器可以进行密钥协 商生成密钥对,得到芯片私钥和芯片公钥,并且,安全处理器能够将芯片公钥传输给虚拟机,由虚拟机对芯片公钥进行保存。因此,作为一种可选实现,所述机密计算命令还可以携带签名文件,所述签名文件用于通过向安全密码协处理器转发所述机密计算命令的安全处理器,利用芯片私钥对所述签名文件进行签名,例如:安全处理器对所述签名文件利用芯片私钥进行加密,以使虚拟机利用与所述芯片私钥相匹配的芯片公钥,对所述机密计算结果中的签名文件进行验签,以确定机密计算命令为通过安全处理器转达至安全密码协处理器进行执行处理。
可以看出,本公开实施例的数据机密计算方法能够实现多个虚拟机对安全密码协处理器的使用,提升了虚拟机对于安全密码协处理器的利用率,提高了虚拟机的数据处理性能。
下面对本公开实施例提供的数据机密计算装置进行介绍,下文描述的装置内容可以认为是虚拟机对应的虚拟机监视器为实现本公开实施例提供的数据机密计算方法,所需设置的功能模块。下文描述的内容可与上文描述内容相互对应参照。
作为可选实现,图17示例性的示出了本公开实施例提供的数据机密计算装置的可选框图,该装置可应用于虚拟机监视器,参照图17,该装置可以包括:命令获取逻辑110和硬件使用逻辑120。
其中,所述命令获取逻辑110,用于获取虚拟机发送的对于模拟设备的机密计算命令,模拟设备用于模拟安全密码协处理器的程序,所述安全密码协处理器为根据如上述的加密硬件的配置方法配置得到的加密硬件;
所述硬件使用逻辑120,用于获取所述安全密码协处理器的使用权限,以使得根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至虚拟机。
可选的,所述硬件使用逻辑120用于获取安全密码协处理器的使用权限的步骤,包括:
通过访问不同模拟设备模拟的安全密码协处理器的设备状态,在不同模拟设备模拟的安全密码协处理器的设备状态为空闲状态时,获取安全密码协处理器的使用权限,并将对应的模拟设备模拟的安全密码协处理器的设备状态,调整为忙碌状态。
可选的,所述机密计算命令携带有命令ID和命令地址参数,所述命令ID对应于需执行的机密计算类型,所述命令地址参数包括虚拟机物理地址;
所述硬件使用逻辑120中,根据所述机密计算命令,得到所述加密硬件的机密计算结果的步骤,包括:
根据所述机密计算命令,将所述虚拟机物理地址转换为主机物理地址,得到处理后的机密计算命令;
向安全密码协处理器发送所述处理后的机密计算命令,并获取安全密码协处理器的机密计算结果。
可选的,所述根据所述机密计算命令,将所述虚拟机物理地址转换为主机物理地址,可以具体为,根据所述命令地址参数,查询嵌套页表,将所述虚拟机物理地址转换为主机物理地址;所述嵌套页表记录有虚拟机物理地址到主机物理地址的地址映射关系。
本公开实施例还提供一种计算机系统,所述计算机系统可以包括:虚拟机监视器、多个虚拟机,以及加密硬件,所述虚拟机监视器包括如上述所述的加密硬件的配置装置,或者,如上述所述的数据机密计算装置。
可选的,所述虚拟机监视器设置有模拟设备层,所述模拟设备层设置有如上述加密硬件的配置方法中所述的模拟设备,或者,如上述所述数据机密计算方法中所述的模拟设备。
本公开实施例还提供一种电子设备,所述电子设备可以包括存储器和处理器,所述存储器上存储有可由所述处理器运行的计算机程序,所述处理器运行所述计算机程序时执行如上述所述的加密硬件的配置方法,或者,如上述所述的数据机密计算方法中的步骤。
本公开实施例还提供一种存储介质,所述存储介质存储一条或多条计算机可执行指令,所述一条或多条计算机可执行指令被执行时,实现如本公开实施例的加密硬件的配置方法和/或数据机密计算方法。
上文描述了本公开实施例提供的多个实施例方案,各实施例方案介绍的各可选方式可在不冲突的情况下相互结合、交叉引用,从而延伸出多种可能的实施例方案,这些均可认为是本公开实施例披露、公开的实施例方案。
虽然本公开实施例披露如上,但本公开并非限定于此。任何本领域技术人员,在不脱离本公开的精神和范围内,均可作各种更动与修改,因此本公 开的保护范围应当以权利要求所限定的范围为准。

Claims (24)

  1. 一种加密硬件的配置方法,包括:
    维护多个模拟设备所绑定的加密硬件的设备状态,所述设备状态包括空闲状态和忙碌状态;其中,一个模拟设备对应一个虚拟机,并且多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;以及
    基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件的使用请求,以使得所述虚拟机使用所述加密硬件,所述虚拟机为所述多个虚拟机中的任一个虚拟机。
  2. 根据权利要求1所述的加密硬件的配置方法,其中,所述基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件的使用请求,包括:
    如果所述加密硬件的设备状态为空闲状态,通过第一虚拟机对应的第一模拟设备,获取所述第一虚拟机请求使用所述加密硬件的使用请求;所述第一虚拟机为所述多个虚拟机中的任一个虚拟机;以及
    通过所述第一模拟设备响应所述使用请求,以使得所述第一虚拟机使用所述加密硬件。
  3. 根据权利要求2所述的加密硬件的配置方法,还包括:
    通过所述第一模拟设备,将所述加密硬件的设备状态调整为忙碌状态,以使得第二虚拟机停止发送使用请求,直至所述加密硬件的设备状态调整为空闲状态;其中,所述第二虚拟机为所述多个虚拟机中,不同于所述第一虚拟机的虚拟机。
  4. 根据权利要求1-3任一项所述的加密硬件的配置方法,其中,所述维护多个模拟设备所绑定的加密硬件的设备状态包括:
    在共享内存空间中记录多个模拟设备所绑定的加密硬件的设备状态,所述共享内存空间配置为允许所述多个模拟设备进行读写。
  5. 根据权利要求4所述的加密硬件的配置方法,其中,通过第一虚拟机对应的第一模拟设备,将所述加密硬件的设备状态调整为忙碌状态包括:
    通过所述第一虚拟机对应的第一模拟设备,将所述共享内存空间中记录 的加密硬件的设备状态,调整为忙碌状态。
  6. 根据权利要求5所述的加密硬件的配置方法,还包括:
    在所述第一虚拟机结束使用加密硬件时,通过所述第一虚拟机对应的第一模拟设备,将所述共享内存空间中记录的加密硬件的设备状态,调整为空闲状态。
  7. 根据权利要求1-6任一项所述的加密硬件的配置方法,还包括:
    在所述虚拟机启动时,通过所述虚拟机对应的模拟设备,为所述虚拟机映射加密硬件的寄存器地址空间。
  8. 根据权利要求7所述的加密硬件的配置方法,其中,所述在所述虚拟机启动时,通过所述虚拟机对应的模拟设备,为所述虚拟机映射加密硬件的寄存器地址空间包括:
    在所述虚拟机启动时,通过所述虚拟机对应的模拟设备,获取所述虚拟机对于加密硬件的寄存器地址空间的查询请求;以及
    通过所述虚拟机对应的模拟设备查询所述寄存器地址空间的地址信息,以及,根据查询的所述寄存器地址空间的地址信息,为所述虚拟机映射加密硬件的寄存器地址空间。
  9. 根据权利要求8所述的加密硬件的配置方法,其中,所述根据查询的所述寄存器地址空间的地址信息,为所述虚拟机映射加密硬件的寄存器地址空间,包括:
    根据所述寄存器地址空间的地址信息建立嵌套页表,所述嵌套页表被配置为记录所述虚拟机的虚拟机物理地址到加密硬件的地址空间的映射。
  10. 根据权利要求2-6任一项所述的加密硬件的配置方法,其中,所述通过所述第一模拟设备响应所述使用请求,以使得所述第一虚拟机使用所述加密硬件包括:
    通过所述第一模拟设备将所述第一虚拟机的输入输出页表,写入输入输出内存管理单元,所述输入输出页表记录有虚拟机物理地址到主机物理地址的地址映射关系。
  11. 根据权利要求1-10任一项所述的加密硬件的配置方法,其中,所述加密硬件包括普通密码协处理器和/或安全密码协处理器;其中,所述普通密码协处理器被配置为执行在普通计算环境下的普通计算任务;所述安全密码 协处理器被配置为执行在机密计算环境下的机密计算任务。
  12. 根据权利要求11所述的加密硬件的配置方法,其中,所述普通计算环境与所述机密计算环境相隔离,所述普通计算环境被配置为执行普通计算任务,所述机密计算环境被配置为执行机密计算任务。
  13. 一种加密硬件的配置装置,包括:
    状态维护逻辑,被配置为维护多个模拟设备所绑定的加密硬件的设备状态,所述设备状态包括空闲状态和忙碌状态;其中,一个模拟设备对应一个虚拟机,并且所述多个模拟设备与加密硬件相绑定,以使得多个虚拟机通过对应的模拟设备共享加密硬件;以及
    请求处理逻辑,被配置为基于所述加密硬件的设备状态,通过虚拟机对应的模拟设备,处理所述虚拟机对所述加密硬件的使用请求,以使得所述虚拟机使用所述加密硬件,所述虚拟机为所述多个虚拟机中的任一个虚拟机。
  14. 根据权利要求13所述的加密硬件的配置装置,还包括:
    地址映射逻辑,被配置为在所述虚拟机启动时,通过所述虚拟机对应的模拟设备,为所述虚拟机映射加密硬件的寄存器地址空间。
  15. 一种数据机密计算方法,包括:
    获取虚拟机发送的对于模拟设备的机密计算命令,所述模拟设备被配置为模拟安全密码协处理器的配置,所述安全密码协处理器为根据如权利要求1所述的加密硬件的配置方法配置得到的加密硬件;以及
    获取所述安全密码协处理器的使用权限,以使得根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至所述虚拟机。
  16. 根据权利要求15所述的数据机密计算方法,其中,所述获取所述安全密码协处理器的使用权限,包括:
    通过访问不同模拟设备模拟的安全密码协处理器的设备状态,在不同模拟设备模拟的安全密码协处理器的设备状态均为空闲状态时,获取安全密码协处理器的使用权限,并将对应的模拟设备模拟的安全密码协处理器的设备状态,调整为忙碌状态。
  17. 根据权利要求15或16所述的数据机密计算方法,其中,所述机密计算命令携带有命令ID和命令地址参数,所述命令ID对应于需执行的机密计 算类型,所述命令地址参数包括虚拟机物理地址;
    所述根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,包括:
    根据所述机密计算命令,将所述虚拟机物理地址转换为主机物理地址,得到处理后的机密计算命令;以及
    向所述安全密码协处理器发送所述处理后的机密计算命令,并获取所述安全密码协处理器的机密计算结果。
  18. 根据权利要求17所述的数据机密计算方法,其中,所述根据所述机密计算命令,将所述虚拟机物理地址转换为主机物理地址,包括:根据所述命令地址参数,查询嵌套页表,将所述虚拟机物理地址转换为所述主机物理地址;所述嵌套页表记录有所述虚拟机物理地址到所述主机物理地址的地址映射关系。
  19. 根据权利要求17或18所述的数据机密计算方法,其中,所述机密计算命令还携带签名文件,所述签名文件被配置为通过向所述安全密码协处理器转发所述机密计算命令的安全处理器,利用芯片私钥对所述签名文件进行签名,以使虚拟机利用与所述芯片私钥相匹配的芯片公钥,对所述机密计算结果中的签名文件进行验签。
  20. 一种数据机密计算装置,包括:
    命令获取逻辑,被配置为获取虚拟机发送的对于模拟设备的机密计算命令,模拟设备被配置为模拟安全密码协处理器的程序,所述安全密码协处理器为根据如权利要求1所述的加密硬件的配置方法配置得到的加密硬件;以及
    硬件使用逻辑,被配置为获取所述安全密码协处理器的使用权限,以使得根据所述机密计算命令,得到所述安全密码协处理器的机密计算结果,并将所述机密计算结果返回至所述虚拟机。
  21. 一种计算机系统,包括:虚拟机监视器、多个虚拟机,以及加密硬件,所述虚拟机监视器包括如权利要求13至14任一项所述的加密硬件的配置装置,或者,如权利要求20所述的数据机密计算装置。
  22. 根据权利要求21所述的计算机系统,其中,所述虚拟机监视器设置有模拟设备层,所述模拟设备层设置有如权利要求1至12任一项所述的加 密硬件的配置方法中的模拟设备,或者,如权利要求15至19任一项所述的数据机密计算方法中的模拟设备。
  23. 一种电子设备,包括存储器和处理器,所述存储器上存储有可由所述处理器运行的计算机程序,所述处理器运行所述计算机程序时执行如权利要求1至12任一项所述的加密硬件的配置方法,或者,如权利要求15至19任一项所述的数据机密计算方法中的步骤。
  24. 一种存储介质,其中,所述存储介质存储一条或多条计算机可执行指令,所述一条或多条计算机可执行指令被执行时,实现如权利要求1至12任一项所述的加密硬件的配置方法,和/或,如权利要求15至19任一项所述的数据机密计算方法。
PCT/CN2024/097172 2023-06-15 2024-06-04 加密硬件的配置方法、数据机密计算方法及相关设备 Ceased WO2024255640A1 (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP24822591.4A EP4621568A4 (en) 2023-06-15 2024-06-04 A METHOD FOR CONFIGURING CRYPTOGRAPHIC HARDWARE, A CONFIDENTIAL COMPUTER METHOD FOR DATA, AND ASSOCIATED DEVICE

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310712879.1A CN116841691B (zh) 2023-06-15 2023-06-15 加密硬件的配置方法、数据机密计算方法及相关设备
CN202310712879.1 2023-06-15

Publications (1)

Publication Number Publication Date
WO2024255640A1 true WO2024255640A1 (zh) 2024-12-19

Family

ID=88169744

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/097172 Ceased WO2024255640A1 (zh) 2023-06-15 2024-06-04 加密硬件的配置方法、数据机密计算方法及相关设备

Country Status (3)

Country Link
EP (1) EP4621568A4 (zh)
CN (1) CN116841691B (zh)
WO (1) WO2024255640A1 (zh)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116841691B (zh) * 2023-06-15 2024-07-26 海光信息技术股份有限公司 加密硬件的配置方法、数据机密计算方法及相关设备
CN118101201B (zh) * 2024-04-19 2024-07-19 麒麟软件有限公司 一种基于DICE和pKVM的隐私数据保护系统和方法
CN119167329B (zh) * 2024-08-28 2025-10-31 海光云芯集成电路设计(上海)有限公司 密钥调用、备份、迁移方法及相关设备
CN120104254A (zh) * 2025-02-27 2025-06-06 北京志凌海纳科技股份有限公司 一种基于vfio-mdev的密码协处理器虚拟化方法和系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236039A1 (en) * 2005-04-19 2006-10-19 International Business Machines Corporation Method and apparatus for synchronizing shared data between components in a group
CN101176100A (zh) * 2005-05-13 2008-05-07 英特尔公司 提供基于软件的安全协处理器的方法和装置
CN101267334A (zh) * 2007-03-13 2008-09-17 联想(北京)有限公司 一种动态分配设备的方法及装置
CN104951688A (zh) * 2014-03-24 2015-09-30 国家计算机网络与信息安全管理中心 适用于Xen虚拟化环境下的专用数据加密方法及加密卡
US20200257547A1 (en) * 2019-02-08 2020-08-13 Microsoft Technology Licensing, Llc Updating Hardware with Reduced Virtual Machine Downtime
CN116841691A (zh) * 2023-06-15 2023-10-03 海光信息技术股份有限公司 加密硬件的配置方法、数据机密计算方法及相关设备

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2804478B2 (ja) * 1988-05-26 1998-09-24 株式会社日立製作所 タスク制御方式及びオンライン・トランザクション・システム
JPH07281925A (ja) * 1994-04-06 1995-10-27 Fujitsu Ltd マルチプロセッサシミュレーション装置
US6446149B1 (en) * 1998-03-03 2002-09-03 Compaq Information Technologies Group, L.P. Self-modifying synchronization memory address space and protocol for communication between multiple busmasters of a computer system
US7353515B1 (en) * 2001-02-04 2008-04-01 Cisco Technology, Inc. Method and apparatus for dynamic allocation and management of semaphores for accessing shared resources
US7971203B2 (en) * 2004-03-05 2011-06-28 Intel Corporation Method, apparatus and system for dynamically reassigning a physical device from one virtual machine to another
US7454756B2 (en) * 2004-03-05 2008-11-18 Intel Corporation Method, apparatus and system for seamlessly sharing devices amongst virtual machines
CN100399274C (zh) * 2005-09-19 2008-07-02 联想(北京)有限公司 一种虚拟机系统输入/输出设备动态分配的方法及其设备
US20120167082A1 (en) * 2010-12-23 2012-06-28 Sanjay Kumar Direct sharing of smart devices through virtualization
EP3089035A1 (en) * 2015-04-30 2016-11-02 Virtual Open Systems Virtualization manager for reconfigurable hardware accelerators
CN105354090B (zh) * 2015-10-16 2019-04-16 安一恒通(北京)科技有限公司 虚拟设备的管理方法和装置
KR101716715B1 (ko) * 2016-12-27 2017-03-15 주식회사 티맥스클라우드 가상 머신 환경의 네트워크 입출력 장치 가상화 방법 및 장치
US10956197B2 (en) * 2017-12-13 2021-03-23 Citrix Systems, Inc. Virtual machine with an emulator manager for migration of synchronized streams of state data
CN110162397B (zh) * 2018-05-28 2022-08-23 腾讯科技(深圳)有限公司 资源分配方法、装置及系统
CN114780248B (zh) * 2022-05-18 2026-02-10 芯来智融半导体科技(上海)有限公司 资源访问方法、装置、计算机设备及存储介质
CN114662162B (zh) * 2022-05-25 2022-09-20 广州万协通信息技术有限公司 实现动态分配vf的多算法核高性能sr-iov加解密系统及方法
CN115150396B (zh) * 2022-06-27 2024-04-23 联想(北京)有限公司 共享设备的处理方法及服务端

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236039A1 (en) * 2005-04-19 2006-10-19 International Business Machines Corporation Method and apparatus for synchronizing shared data between components in a group
CN101176100A (zh) * 2005-05-13 2008-05-07 英特尔公司 提供基于软件的安全协处理器的方法和装置
CN101267334A (zh) * 2007-03-13 2008-09-17 联想(北京)有限公司 一种动态分配设备的方法及装置
CN104951688A (zh) * 2014-03-24 2015-09-30 国家计算机网络与信息安全管理中心 适用于Xen虚拟化环境下的专用数据加密方法及加密卡
US20200257547A1 (en) * 2019-02-08 2020-08-13 Microsoft Technology Licensing, Llc Updating Hardware with Reduced Virtual Machine Downtime
CN116841691A (zh) * 2023-06-15 2023-10-03 海光信息技术股份有限公司 加密硬件的配置方法、数据机密计算方法及相关设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP4621568A1

Also Published As

Publication number Publication date
CN116841691A (zh) 2023-10-03
CN116841691B (zh) 2024-07-26
EP4621568A1 (en) 2025-09-24
EP4621568A4 (en) 2026-04-01

Similar Documents

Publication Publication Date Title
WO2024255640A1 (zh) 加密硬件的配置方法、数据机密计算方法及相关设备
CN110928646B (zh) 一种访问共享内存的方法、装置、处理器和计算机系统
CN102110196B (zh) 并行运行多用户操作系统间的数据安全传输方法及系统
CN113614722A (zh) 网络功能虚拟化基础设施中的进程到进程安全数据移动
CN111949369B (zh) 面向图形处理器的可信执行环境构建方法及系统
CN112099903B (zh) 一种虚拟机的内存管理方法、装置、cpu芯片及服务器
US10331591B2 (en) Logical-to-physical block mapping inside the disk controller: accessing data objects without operating system intervention
CN101876954B (zh) 一种虚拟机控制系统及其工作方法
US11748135B2 (en) Utilizing virtual input/output memory management units (IOMMU) for tracking encryption status of memory pages
US9424205B2 (en) System and method for SATA virtualization and domain protection
US12393440B2 (en) Safe entropy source for encrypted virtual machines
CN116340243B (zh) 一种双核可信执行的安全芯片架构
US11449434B2 (en) Reverse shadow page tables for firewalled nested encrypted virtual machines
CN118886043A (zh) 数据传输方法、装置、设备及存储介质
US7840964B2 (en) Mechanism to transition control between components in a virtual machine environment
CN116070239A (zh) 文件加密、解密方法、装置、设备及存储介质
EP4394628B1 (en) Code protection system and method, virtual system architecture, chip and electronic device
CN117632811A (zh) 直接存储访问请求处理方法、装置及相关设备
US12159157B2 (en) Reverse shadow page tables for nested virtual machines
CN117473530A (zh) 基于可信执行环境的轻量级可信度量系统及方法
Dhar et al. Empowering data centers for next generation trusted computing
Wang et al. SEGIVE: A practical framework of secure GPU execution in virtualization environment
US11604673B2 (en) Memory encryption for virtual machines by hypervisor-controlled firmware
CN114491607A (zh) 云平台数据处理方法、装置、计算机设备及存储介质
US20230221982A1 (en) Enabling communication between virtual machines and virtual devices by hypervisor-controlled firmware

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24822591

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2024822591

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2024822591

Country of ref document: EP

Effective date: 20250618

WWP Wipo information: published in national office

Ref document number: 2024822591

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE