HK40047524B - Information configuration method, direct storage and access method and related device - Google Patents
Information configuration method, direct storage and access method and related device Download PDFInfo
- Publication number
- HK40047524B HK40047524B HK42021038071.3A HK42021038071A HK40047524B HK 40047524 B HK40047524 B HK 40047524B HK 42021038071 A HK42021038071 A HK 42021038071A HK 40047524 B HK40047524 B HK 40047524B
- Authority
- HK
- Hong Kong
- Prior art keywords
- information
- key
- configuration
- encrypted
- virtual machine
- Prior art date
Links
Description
Technical Field
The embodiment of the application relates to the technical field of virtual machines, in particular to an information configuration method, a direct storage access method and a related device.
Background
Through Virtualization technology (VM), a host can virtualize a plurality of Virtual Machines (VMs), thereby efficiently utilizing hardware resources of the host; the virtualized virtual machines can allocate virtual machine memory space and the like in the physical host, and the virtual machine memory space of each virtual machine is mainly used for task consumption and supporting virtualization.
To improve the security of the virtual machine, the memory space of the virtual machine may be encrypted, where the encrypted memory space of the virtual machine may be referred to as an encrypted memory space, and the corresponding virtual machine may be referred to as an encrypted virtual machine.
In a computer system, an encryption virtual machine has a requirement for reading and writing data to and from a Direct Memory Access (DMA) device, for example, the DMA device is a hard disk, and the encryption virtual machine can read and write data to and from the hard disk in a DMA manner; however, under the condition that the DMA device also has a data encryption requirement (for example, there is an encryption requirement due to security of data in the hard disk), since the encrypted memory space of the encrypted virtual machine and the data in the DMA device are both in an encrypted state, and a key used by the encrypted virtual machine may be different from a key used by the DMA device for encryption, the encrypted virtual machine cannot directly and efficiently read and write data from and to the DMA device. Therefore, how to provide an improved scheme to enable the encryption virtual machine to directly and efficiently read and write data to the DMA device becomes a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of this, embodiments of the present disclosure provide an information configuration method, a direct memory access method, and a related apparatus, so that an encryption virtual machine can directly and efficiently read and write data from and to a DMA device.
In order to achieve the above object, the embodiments of the present application provide the following technical solutions:
an information configuration method applied to a secure processor, the method comprising:
acquiring a configuration request of an encrypted virtual machine, wherein the configuration request at least comprises a virtual physical address GPA of encrypted data to be accessed by the encrypted virtual machine, a device identifier of Direct Memory Access (DMA) equipment for transmitting the encrypted data and key information of the encrypted data;
based on the configuration request, creating a key page table entry corresponding to the GPA, and storing key information of the encrypted data to a memory space pointed by the key page table entry;
generating configuration information, wherein the configuration information at least comprises the GPA, key address information corresponding to the key page table entry and the device identifier;
sending the configuration information to an input/output memory management unit (IOMMU) corresponding to the DMA device, so that the IOMMU configures the key address information in a data item corresponding to the device identifier.
The embodiment of the present application further provides another information configuration method, which is applied to an input/output memory management unit IOMMU, and the method includes:
acquiring configuration information sent by a security processor, wherein the configuration information at least comprises: the method comprises the steps that a virtual physical address GPA of encrypted data accessed by a virtual machine to be encrypted, key address information corresponding to a key page table entry of the GPA and a device identifier of Direct Memory Access (DMA) equipment for storing the encrypted data are obtained; the key information of the encrypted data is stored in the memory space pointed by the key page table entry;
determining a data item corresponding to the device identification;
configuring the key address information in the data item.
An embodiment of the present application further provides a direct memory access method, where the information configuration method applied to the IOMMU is applied to an input/output memory management unit IOMMU, and the method includes:
obtaining a DMA request aiming at a direct memory access DMA device, wherein the DMA request at least comprises a device identification and a virtual physical address GPA of the DMA device to be accessed;
determining key address information configured in a data item of the DMA device;
inquiring key information corresponding to the DMA equipment according to the key address information and the GPA;
and configuring the key information for the memory controller so that the memory controller encrypts and decrypts the data read and written by the DMA equipment aiming at the encryption virtual machine based on the key information.
An embodiment of the present application further provides an information configuration apparatus, including:
a configuration request obtaining module, configured to obtain a configuration request of an encrypted virtual machine, where the configuration request at least includes a virtual physical address GPA of encrypted data to be accessed by the encrypted virtual machine, a device identifier of a direct memory access DMA device used for transmitting the encrypted data, and key information of the encrypted data;
a page table entry creating module, configured to create a key page table entry corresponding to the GPA based on the configuration request, and store key information of the encrypted data to a memory space pointed by the key page table entry;
a configuration information generating module, configured to generate configuration information, where the configuration information at least includes the GPA, key address information corresponding to the key page table entry, and the device identifier;
a configuration information sending module, configured to send the configuration information to an input/output memory management unit IOMMU corresponding to the DMA device, so that the IOMMU configures the key address information in a data entry corresponding to the device identifier.
An embodiment of the present application further provides another information configuration apparatus, including:
a configuration information obtaining module, configured to obtain configuration information sent by the security processor, where the configuration information at least includes: the method comprises the steps that a virtual physical address GPA of encrypted data accessed by a virtual machine to be encrypted, key address information corresponding to a key page table entry of the GPA and a device identifier of direct memory access DMA equipment for storing the encrypted data are obtained; the key information of the encrypted data is stored in the memory space pointed by the key page table entry;
a data item determination module for determining a data item corresponding to the device identifier;
an address information configuration module, configured to configure the key address information in the data item.
An embodiment of the present application further provides a direct storage access device, including:
an access request obtaining module, configured to obtain a DMA request for a DMA device accessed by a direct memory, where the DMA request at least includes a device identifier and a virtual physical address GPA of the DMA device to be accessed;
an address information determination module for determining key address information configured in a data item of the DMA device;
the key page table query module is used for querying the key information corresponding to the DMA equipment according to the key address information and the GPA;
and the key information configuration module is used for configuring the key information for the memory controller so that the memory controller encrypts and decrypts the data read and written by the DMA equipment aiming at the encrypted virtual machine based on the key information.
The embodiment of the present application further provides a security processor, and the security processor is configured to execute the information configuration method applied to the security processor as described above.
An embodiment of the present application further provides an input/output memory management unit IOMMU, where the IOMMU is configured to execute the information configuration method applied to the IOMMU as described above, and/or execute the direct memory access method applied to the IOMMU as described above.
An embodiment of the present application further provides an electronic device, which includes the security processor described above, and the input/output memory management unit IOMMU described above.
In the information configuration method provided by the embodiment of the application, a security processor can obtain a configuration request for information configuration of an encryption virtual machine, where the configuration request at least includes a virtual physical address GPA of encrypted data to be accessed by the encryption virtual machine, a device identifier of a direct memory access DMA device storing the encrypted data, and key information of the encrypted data; therefore, the security processor creates a key page table entry corresponding to the GPA based on the configuration request, stores key information of the encrypted data to a memory space pointed by the key page table entry, and further generates configuration information, where the configuration information at least includes the GPA, key address information corresponding to the key page table entry, and the device identifier; in turn, the secure processor may send the configuration information to the IOMMU to cause the IOMMU to configure the key address information in a data entry corresponding to the device identification.
It can be seen that, in the device information configuration method provided in this embodiment of the present application, when performing information configuration, the IOMMU may configure key address information in a data item of the IOMMU under the control of the security processor, so that when the encryption virtual machine performs data read/write on the DMA device, the IOMMU may query key information corresponding to the DMA device based on the GPA and the key address information configured in the data item, and further configure the key information in the memory controller, so that the memory controller encrypts and decrypts the data read/written by the encryption virtual machine for the DMA device based on the key information, thereby implementing direct data read/write on the DMA device by the encryption virtual machine, avoiding a process of storing the data to be read/written into a common memory space after encrypting and decrypting the data, and implementing direct and efficient data read/write on the DMA device by the encryption virtual machine, and improving DMA transmission efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a diagram of a cloud service architecture based on virtualization technology;
FIG. 2 is a diagram of a secure virtualization technology architecture for a cloud service scenario;
FIG. 3 is a schematic diagram of the architecture of a linux system based on secure virtualization technology;
FIG. 4 is an alternative schematic diagram of an initialization process for encrypted files;
FIG. 5 is a block diagram of a virtualization technology architecture according to an embodiment of the present application;
FIG. 6 is a schematic structural diagram of an IOMMU provided in the present application;
FIG. 7 is a flowchart of an information configuration method provided by an embodiment of the present application;
FIG. 8 is a schematic diagram illustrating a data structure of a device table entry in an IOMMU according to an embodiment of the present application;
FIG. 9 is a flow chart of a DMA method provided by an embodiment of the present application;
FIG. 10 is a diagram illustrating an example of a memory controller reading and writing data according to an embodiment of the present application;
FIG. 11 is a schematic diagram of a page table walk according to an embodiment of the present application;
fig. 12 is another alternative flow of an information configuration method provided in an embodiment of the present application;
fig. 13 is a block diagram of an information configuration apparatus according to an embodiment of the present application;
fig. 14 is another block diagram of an information configuring apparatus according to an embodiment of the present application;
fig. 15 is a further block diagram of an information configuring apparatus according to an embodiment of the present application;
fig. 16 is a block diagram of a direct memory access device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The virtualization technology can be applied to various scenes, and particularly, along with the development of cloud services, the virtualization technology is more and more widely applied to the scene of the cloud services; for the convenience of understanding the virtualization technology, the virtualization technology will be described below by taking a cloud service based on the virtualization technology as an example.
Referring to an alternative architecture of a cloud service based on virtualization technology shown in fig. 1, the architecture of the cloud service may include: a cloud host 10, a network 20, users 31 to 3n;
the cloud host 10 is a host device (which may be in the form of a server) that is deployed on a network side for a cloud service provider (such as a cloud service vendor) to provide a cloud service; based on the requirements of different users, the cloud host can create one or more virtual machines for different users through a virtualization technology, for example, a user can request the cloud host to create a plurality of virtual machines which adapt to the service requirements of the user according to the service requirements, so that the user can respectively run applications on the plurality of virtual machines belonging to the user, and the application run by the plurality of virtual machines is used for cooperatively completing a user-specific service;
the network 20 may be considered as the internet, or other forms of networks with communication functions, and the cloud host and the user implement communication and data transmission through the network, and the embodiment of the present application does not limit the specific network form of the network 20;
the users 31 to 3n are registered users using cloud services, the number of the registered users may be multiple, and the embodiment of the application does not limit the specific value of n; in a cloud service scenario, each user may own one or more virtual machines belonging to the user in the cloud host, so as to complete a user-specific service by using the virtual machines belonging to the user.
To facilitate a further clear understanding of the virtualization technology of the cloud service scenario, referring to the secure virtualization technology architecture of the cloud service scenario shown in fig. 2, the cloud host may include: a Central Processing Unit (CPU) 11, a memory controller 12, and a physical memory 13;
the CPU 11 may configure a virtual machine manager in a software form, in a cloud service scenario, the virtual machine manager may create one or more virtual machines for a user based on user requirements obtained by a cloud host, and a part or all of the physical memory 13 may be used as a virtual machine memory space allocated to the virtual machine;
the memory controller 12 is hardware that controls the physical memory 13 and causes data exchange between the physical memory 13 and the CPU 11.
In order to improve the data security of the cloud service, the memory spaces of the virtual machines of part or all the virtual machines can be encrypted by a secure virtualization technology, and the memory spaces of the virtual machines of different virtual machines are encrypted by different keys, so that even if a host operating system cannot access the keys, the physical host and other virtual machines are prevented from accessing and tampering the virtual machine data in the memory space of the currently running virtual machine, and the data security of the virtual machines is improved;
optionally, with continued reference to fig. 2, the cloud host may further include a security Processor (PSP) 14, and a cryptographic coprocessor 15 configured in the memory controller 12; the secure processor 14 is a processor specially configured for secure virtualization technology and responsible for data security of the virtual machine, and the cryptographic coprocessor 15 is a device in the memory controller for encrypting and decrypting a memory space of the virtual machine;
the secure processor 14 may allocate different virtual machine keys to different virtual machines, and store the virtual machine keys of the virtual machines in the memory controller 12, where the memory controller 12 encrypts and decrypts the virtual machine memory space of the virtual machines based on the stored virtual machine keys, so as to implement data security isolation between the virtual machines and the host operating system and between different virtual machines;
the virtual machine for distributing the virtual machine key can be called an encrypted virtual machine, the memory space of the encrypted virtual machine is called an encrypted memory space, and the memory page in the encrypted memory space is called an encrypted memory page; the virtual machine without the virtual machine key can be called as a common virtual machine, the memory space of the virtual machine without encryption is called as a common memory space, and the memory page in the common memory space is called as a common memory page; as can be seen from fig. 2, the data of the application process and the normal virtual machine are stored in the normal memory space, and the data of the encrypted virtual machine is stored in the encrypted memory space.
Therefore, the safety virtualization technology can encrypt the encrypted memory space of the encrypted virtual machine, and the data safety of the encrypted virtual machine is improved; on this basis, the DMA device (e.g. a hard disk) of the host may also have a data encryption requirement, so as to perform security protection on data in the DMA device, taking the DMA device as a hard disk and the encrypted data in the DMA device as an encrypted file in the hard disk as an example, referring to an architecture diagram of a linux system based on a secure virtualization technology shown in fig. 3, an encryption mechanism for a hard disk is specifically as follows:
referring to fig. 3, a linux system architecture based on secure virtualization technology may include a hardware layer, a kernel space, and a user space. The hardware layer is used for providing corresponding hardware for system operation, the kernel space can be understood as the operation space of an operating system kernel, and the virtual machine kernel and the host kernel operate in the operation space; the user space may be understood as the running space of the user application, where the application layer of the virtual machine runs.
The kernel space includes a file system and a Virtual File System (VFS) for managing the file system; an encrypted file management layer (for example, eCryptfs and the like) is configured between the virtual file system and the file system, and is used for realizing operations such as encryption and decryption of encrypted files in the hard disk based on a key stored in the key storage and a kernel cryptographic algorithm interface; it should be noted that the key referred to herein is used for implementing encryption and decryption of an encrypted file in a hard disk, and is different from a virtual machine key allocated by the security processor for an encrypted virtual machine;
the user space comprises an application program and an encryption application program for realizing encrypted file management, wherein the encryption application program can realize man-machine interaction, configure information such as user passwords and key parameters input by users, and store the information in the key storage of the kernel space.
The hardware layer may include the hardware devices shown in the architecture of fig. 2 and other necessary devices for implementing the operation of the system, and for convenience of description, only a CPU, a physical memory, and a hard disk are shown in this example.
It should be noted that DMA is an interface technology that can directly exchange data with a physical Memory without a CPU, and a hard disk is an optional form of a DMA device, and can implement data transmission with the physical Memory based on an IOMMU (Input/Output Memory Management Unit).
Referring to fig. 4, an alternative schematic diagram of an initialization process of an encrypted file in a hard disk, which may be executed by an application layer and a host kernel invoked by an encryption virtual machine, as shown in fig. 4, the initialization process of the encrypted file includes:
s01, the application layer generates key information of the encrypted file based on a user password input by a user and an encryption algorithm parameter;
optionally, the key information may include an encryption key and/or an initial vector of the encrypted file. Specifically, the encryption application may generate a series of random numbers as the key information based on a user password input by a user and an encryption algorithm parameter.
Wherein the user password may be obtained based on user input, and the encryption algorithm parameters may be pre-stored and read at the time of use.
It should be noted that the generation method of the encryption key of the encrypted file is not limited to the password input by the user, and in other alternative examples, the encryption key may be directly generated by using the PSP.
After the key information is obtained, the host kernel (e.g., an operating system kernel) may encrypt the file of the hard disk based on the key information, and specifically, the encrypted file management layer may encrypt the file to be encrypted to obtain an encrypted file.
S02, encrypting the key information by the application layer based on the user password to obtain encrypted file metadata;
the key information is encrypted, so that the security of the key information can be improved, and the key information is protected from being leaked.
In other alternative examples, the key information may also be encrypted based on the chip vendor public key to form encrypted file metadata.
S03, the application layer writes the metadata of the encrypted file into the head of the encrypted file;
optionally, steps S01 to S03 may be specifically executed by an encryption application program of an application layer in the user space.
Step S04: storing the metadata of the encrypted file to a preset position by the host kernel;
after writing the encrypted file metadata into the encrypted file header, the host kernel may further store the encrypted file metadata to a preset location; in an optional specific implementation, since the metadata of the encrypted file is encrypted, the host kernel may store the metadata of the encrypted file in a common memory space, and write the metadata of the encrypted file into a sector position specified by a hard disk in an Input/output (IO) or DMA (direct memory access) manner.
Furthermore, before the encrypted file is read and written, the encrypted file metadata is written into the head of the encrypted file, so that the encrypted file metadata at the head of the encrypted file can be read out, the encrypted file metadata is decrypted through a user password, key information such as a key/initial vector of the encrypted file is obtained, and the encrypted file is decrypted based on the key information such as the key/initial vector.
In a safe virtualization scene, taking a DMA device as a hard disk as an example, because an encrypted file and an encrypted memory space in the hard disk are both in an encrypted state, and a key used by an encrypted file in the hard disk may be different from a virtual machine key used by an encrypted virtual machine, which results in the prior IOMMU scheme for the virtual machine, when the encrypted virtual machine reads and writes data in the hard disk, encryption and decryption of the encrypted data in the hard disk cannot be supported, and the encrypted virtual machine first applies for a non-encrypted common memory space outside the encrypted memory space to perform data transfer, so that the data reading and writing of the hard disk by the encrypted virtual machine can be realized; specifically, after applying for a common memory space, the following process is as shown in fig. 3 with reference numbers:
(1) when the encryption virtual machine initiates a read request to an encrypted file in the hard disk (namely, the encryption virtual machine reads the encrypted file in the hard disk to an encryption memory space), the encryption virtual machine needs to execute a hard disk IO operation in an inner core space layer, so that the hard disk transmits encrypted data in the hard disk to a common memory (namely, a common memory space) by DMA; (2) because data transmitted in the common memory is in an encrypted state and cannot be directly transmitted to an encrypted memory (namely an encrypted memory space) of the encrypted virtual machine, the encrypted file management layer needs to call a kernel cryptographic algorithm interface to decrypt an encrypted file in the common memory and copy the decrypted file into the encrypted memory space of the encrypted virtual machine, and it can be understood that the encrypted file is encrypted by a virtual machine key of the encrypted virtual machine managed by the security processor and then stored into the encrypted memory space after being decrypted;
correspondingly, when the encryption virtual machine initiates a write request to the hard disk (that is, the encryption virtual machine writes data in the encrypted memory space to the hard disk), after the data in the encrypted memory space is decrypted by using the virtual machine key, the encryption file management layer also needs to call the kernel cryptographic algorithm interface to decrypt the decrypted data in the encrypted memory space, and then the encryption file management layer performs an encryption operation by using the key information of the encrypted file and copies the encrypted data to the ordinary memory (as shown in fig. 3, (2)); the hard disk IO operation is then performed so that the normal memory encrypted data is transferred to the sector of the encrypted file in the hard disk (see fig. 3, (1)).
Through the introduction, under the safe virtualization technology, when the encryption virtual machine reads and writes data to the DMA device each time, the encryption virtual machine needs to transfer the read and written data through a common memory space and call an encryption and decryption algorithm to encrypt and decrypt the data, which undoubtedly greatly reduces the DMA efficiency and has the problem that the encryption virtual machine cannot directly and efficiently read and write the data to the DMA device; in order to solve the problem, the inventor of the present application provides an improved scheme after research, so that the encryption virtual machine can directly and efficiently perform data reading and writing on the DMA device, and the transmission efficiency of the DMA is improved.
The inventor of the present application finds that, in the process of performing data read-write on the DMA device by the encryption virtual machine, data needs to be transmitted by the IOMMU, and because the IOMMU only supports data transmission at present, encryption and decryption of an encrypted file of the DMA device cannot be synchronously implemented, so that the encryption virtual machine is required to transfer the read-write data through a common memory space every time, and the encryption virtual machine cannot directly and efficiently perform data read-write on the DMA device; in this case, a virtual machine key of the virtual machine can be encrypted by the aid of a password coprocessor in the memory controller, and data written in or read out of the encrypted memory space is encrypted and decrypted.
The following describes in detail an information configuration scheme provided in an embodiment of the present application.
In an optional implementation, fig. 5 shows a schematic diagram of an optional virtualization technology architecture provided in an embodiment of the present application, and as shown in fig. 5, the virtualization technology architecture is implemented based on a secure virtualization technology, and specifically may include: the system comprises a CPU, a memory controller, a physical memory, a safety processor PSP, an IOMMU and a DMA device;
the basic descriptions of the CPU, memory controller, physical memory, PSP, IOMMU, and DMA device refer to the descriptions of the corresponding parts above, and the improvement and relationship of these parts in the embodiments of the present application will be further described below.
Specifically, in order to enable the secure processor to configure key address information in a Device Table Entry DTE (Device Table Entry) in the IOMMU, in the embodiment of the present application, an interaction interface between the secure processor and the IOMMU is further configured in the technical architecture shown in fig. 5, so that the secure processor can interact with the IOMMU;
in addition, in order to enable the IOMMU to configure the memory controller, in the embodiment of the present application, an interaction interface between the IOMMU and the memory controller is further provided in the technical architecture shown in fig. 5, so that the IOMMU can interact with the memory controller;
with further reference to the IOMMU structural diagram shown in fig. 6, the data item for configuring the key address information may be a device table entry DTE of the IOMMU device table, where optionally, the key address information may be a key page table root directory base address, and a key page table root directory key pointer field may be added in the DTE to store the key page table root directory base address pointing to the key page table root directory, so that the IOMMU queries the key information (such as an encryption key, an encryption algorithm, and the like) corresponding to the GPA.
To implement the key information query, the IOMMU in the embodiment of the present application, with reference to the schematic structural diagram of the IOMMU shown in fig. 6, includes an IO page table query device to implement the translation from GPA to HPA, and also includes a key page table query device to query corresponding key information according to the root directory base address of the key page table and the GPA.
Based on the optional architectures shown in fig. 5 and fig. 6, in an optional implementation, fig. 7 shows an optional flow of the information configuration method provided in the embodiment of the present application, and as shown in fig. 7, the flow may include:
step S10, the encryption virtual machine sends a configuration request to a security processor, wherein the configuration request at least comprises a virtual physical address GPA of encrypted data to be accessed by the encryption virtual machine, a device identifier of a Direct Memory Access (DMA) device for transmitting the encrypted data and key information of the encrypted data.
When the encryption virtual machine reads and writes data of the DMA device, the encryption virtual machine can initiate a configuration request for key information configuration to the security processor so as to trigger a subsequent information configuration flow; in an optional implementation, the configuration request may include a virtual physical address GPA of encrypted data to be accessed by the encrypted virtual machine, a Device identifier of a direct storage access DMA Device used to transfer the encrypted data, and key information of the encrypted data, where the direct storage access DMA Device used to transfer the encrypted data may be a hard disk storing the encrypted data, and correspondingly, the Device identifier of the direct storage access DMA Device used to transfer the encrypted data may be a hard disk identifier (Device ID).
As can be seen from the foregoing description, when creating an encrypted file, an encryption application of an encryption virtual machine may encrypt key information such as a key/initial vector based on a user password to obtain encrypted file metadata, and further store the encrypted file metadata in a common memory space. Correspondingly, when the encrypted file is accessed, the encrypted virtual machine can read the metadata of the encrypted file at the head of the encrypted file, and decrypt the metadata through a user password to obtain key information such as a key/initial vector of the encrypted file, so that the key information of the encrypted file to be accessed can be obtained before the configuration request is sent. When the encrypted data is other types of data, the encryption information of the encrypted data may be obtained through other ways, and the embodiment of the present invention is not limited in this way.
The virtual physical address GPA of the encrypted data to be accessed by the encrypted virtual machine may be a virtual physical address allocated to the encrypted data by the virtual machine kernel of the encrypted virtual machine, where when it is determined that the encrypted data is not stored in the encrypted memory space (i.e., the GPA corresponding to the encrypted data is missing), the DMA device is required to transmit the encrypted data to the encrypted memory space allocated by the encrypted virtual machine, and correspondingly, before executing the transmission flow, a configuration request is sent to the secure processor, so that the encrypted virtual machine directly and efficiently reads and writes data from and to the DMA device.
In a further optional implementation, in order to prevent the configuration request from being tampered, the configuration request may further carry integrity check data for integrity check, and specifically, the encrypted virtual machine may calculate first integrity check data of the configuration request (in the embodiment of the present application, the integrity check data of the configuration request of the encrypted virtual machine computer may be referred to as first integrity check data), and carry the first integrity check data in the configuration request.
It should be noted that, under the virtualization technology, the encrypted virtual machine operates in the virtual machine mode, and the host memory and the secure processor operate in the host mode; wherein the virtual machine mode can be used to run a virtualized guest operating system, and in the virtual machine mode, part of the instructions will change their characteristics to facilitate the implementation of virtualization; the host mode corresponds to the virtual machine mode, when the CPU is reset or the virtual machine mode exits, the host mode is in, and the host kernel can enter the virtual machine mode through a VMRUN (virtual machine running) instruction; therefore, under the virtualization technology, the interaction between the encryption virtual machine and the security processor can be performed through the encryption memory page applied by the encryption virtual machine, the encryption virtual machine accesses the encryption memory page by GPA in the virtual machine mode, and the security processor accesses the encryption memory page by HPA in the host machine mode; thus, the encrypted virtual machine sends data to the secure processor: the encryption virtual machine writes the data into an encryption memory page corresponding to the GPA, and the security processor reads the data in the encryption memory page corresponding to the HPA to realize the data writing; wherein, the translation between GPA and HPA can be realized by inquiring the nested page table.
Specifically, the encrypted virtual machine can write the configuration request into an encrypted memory page corresponding to the GPA of the encrypted virtual machine in the virtual machine mode, and then the encrypted virtual machine exits the virtual machine mode, and after entering the host mode, the secure processor reads the configuration request from the encrypted memory page corresponding to the HPA; it should be noted that, the data in the encrypted memory page is encrypted by the key of the encryption virtual machine, so the configuration request written by the encryption virtual machine is in an encrypted state, and the configuration request read by the secure processor is decrypted information.
Step S11, the security processor creates a key page table entry corresponding to the GPA based on the configuration request, and stores the key information of the encrypted data in a memory space pointed by the key page table entry.
After obtaining the configuration request, the security processor may create a key page table entry corresponding to the GPA based on the configuration request, and store the key information of the encrypted data to a memory space pointed by the key page table entry, so that the IOMMU starts DMA data transmission when the encrypted virtual machine reads and writes data from and to the DMA device, and further queries corresponding key information based on corresponding key address information and GPA information.
Optionally, the secure processor may first create a key page table within the key page table page, and create a key page table entry corresponding to the GPA in the key page table. The method comprises the steps that a key page table page is used for storing a key page table, whether a key table page (key table page) has a free page or not can be determined before a key page table entry of the GPA, if not, a memory page is applied to a host kernel to serve as the key page table page to serve as the free page of the key page table page, and a key page table entry corresponding to the GPA is established in the free page of the key page table page; and if so, creating a key page table entry corresponding to the GPA in a free page of the key page table page.
After a key page table entry corresponding to the GPA is created, key information of the encrypted data may be stored in a memory space to which the key page table entry points, so that the IOMMU may query corresponding key information based on the key address information corresponding to the key page table entry and the GPA.
In a further optional implementation, after the configuration request, the security processor may check the integrity of the configuration request, and execute step S11 only when the integrity of the configuration request is checked; specifically, if the configuration request carries first integrity check data, after obtaining the configuration request, the security processor may calculate second integrity check data of the configuration request (to distinguish the first integrity check data of the configuration request of the encrypted virtual machine computer, in the embodiment of the present application, the integrity check data of the configuration request calculated by the security processor is referred to as second integrity check data), so that the security processor may check whether the configuration request is complete based on the second integrity check data and the first integrity check data, determine that the configuration request is complete if the second integrity check data is equal to the first integrity check data, and enter execution step S11, and determine that the configuration request is incomplete if the second integrity check data is not equal to the first integrity check data;
optionally, the integrity check data of the configuration request, for example, the digest value of the configuration request, may be calculated by using an algorithm such as hash (hash), for example, the first integrity check data may be a first digest value of the configuration request of the cryptographic virtual machine computer, and the second integrity check data may be a second digest value of the configuration request calculated by the secure processor.
Step S12, the security processor generates configuration information, wherein the configuration information at least comprises the GPA, the key address information corresponding to the key page table entry and the device identifier.
After storing the key information of the encrypted data in the memory space pointed by the key page table entry, the security processor may obtain the key address information, so that the IOMMU data entry configured based on the configuration information includes the key address information.
Optionally, the security processor should notify the DMA apparatus that performs apparatus configuration to the IOMMU, so that the configuration information should carry an apparatus identifier of the DMA apparatus for direct memory access; meanwhile, in the device information configuration process of the DMA device, the embodiment of the application aims to configure at least key address information corresponding to the encrypted data key information in the data item of the DMA device so that the encryption virtual machine can encrypt and decrypt the data read and written by the DMA device conveniently, and therefore the configuration information also carries the key address information corresponding to the key page table entry;
further, the configuration information also needs to carry a virtual physical address GPA of encrypted data accessed by the virtual machine to be encrypted, so that when DMA is performed subsequently, key information is configured based on the key address information and an HPA corresponding to the GPA;
based on the above description, in the embodiment of the present application, the configuration information may carry a virtual physical address GPA including encrypted data that is accessed by a virtual machine to be encrypted, a device identifier of a direct memory access DMA device that is used to transmit the encrypted data, and key information of the encrypted data, where the encrypted data is encrypted with a key generated by an encryption application program of the encrypted virtual machine.
And step S13, the security processor sends the configuration information to the IOMMU.
After the security processor generates the configuration information, the configuration information may be sent to the IOMMU through an interface between the security processor and the IOMMU, so that the IOMMU configures the key address information in a data item corresponding to the device identifier.
Step S14, the IOMMU determines the data item corresponding to the device identification.
Step S15, the IOMMU configures the key address information in the data item.
After the IOMMU acquires the configuration information, the IOMMU may determine a data item corresponding to the device identifier based on the device identifier in the configuration information, and based on the data item determined by the IOMMU, the IOMMU may record key address information carried in the configuration information in the data item.
Optionally, the data entry may be, for example, a Device Table entry DTE of a Device Table (Device Table) in the IOMMU, as shown in fig. 6, where the Device Table has multiple DTEs, and each DTE stores Device basic information of a DMA Device connected to the IOMMU and is indexed by a Device identifier (e.g., a Device number) of the DMA Device; therefore, the IOMMU may search, from the device table in the IOMMU, a device table entry corresponding to the device identifier carried in the configuration information, and configure the key address information in the searched device table entry;
in an example, taking key address information as a key page table root directory base address as an example, the IOMMU may record the key page table root directory base address in a preset field, such as a key page table root directory root pointer field, in a found device table entry, so as to configure the key address information in the device table entry; of course, in the embodiment of the present application, the key address information may also be recorded by expanding the data structure of the device table entry, for example, by expanding the field of the device table entry, the IOMMU may record the key address information in the expanded field;
referring to the data structure diagram of the device table entry shown in fig. 8, a 64-bit key table root pointer field is added in the device table entry, where bit0 and P bit indicate whether a current page table entry exists, P =1 indicates valid, and P =0 indicates invalid; bit [ 51.
It should be noted that, taking the device table entry as the data item of the DMA device is only an optional implementation, and in the embodiment of the present application, other data forms may also be set in the IOMMU as the data item to implement the configuration key address information.
It can be understood that, in the embodiment of the present application, the IOMMU configures key address information in a data item (e.g., a device table entry) of the DMA device under the control of the secure processor, so that the key address information in the data item only supports access by the secure processor and the IOMMU, and only supports write operation by the secure processor, and even if the host operating system cannot access the key address information in the data item, the key information corresponding to the key address information cannot be stolen, and the security of the key information is greatly ensured.
Optionally, after configuring the key address information in the data item, the IOMMU may send a configuration success notification to the security processor to notify the security processor of successful configuration of the key address information in the data item, so that the security processor may feed back configuration result information indicating successful configuration to the encryption virtual machine, so that the encryption virtual machine determines that the information configuration of the DMA device is successful; it can be understood that, since the secure processor and the encrypted virtual machine interact through the encrypted memory page, the secure processor can feed back to the encrypted virtual machine by writing configuration result information (encryption status) in the encrypted memory page.
In the information configuration method provided by the embodiment of the application, a security processor can obtain a configuration request for information configuration of an encryption virtual machine, where the configuration request at least includes a virtual physical address GPA of encrypted data to be accessed by the encryption virtual machine, a device identifier of a direct memory access DMA device storing the encrypted data, and key information of the encrypted data; therefore, the security processor creates a key page table entry corresponding to the GPA based on the configuration request, stores key information of the encrypted data to a memory space pointed by the key page table entry, and further generates configuration information, where the configuration information at least includes the GPA, key address information corresponding to the key page table entry, and the device identifier; in turn, the secure processor may send the configuration information to the IOMMU to cause the IOMMU to configure the key address information in a data entry corresponding to the device identification.
It can be seen that, in the device information configuration method provided in this embodiment of the present application, when performing information configuration, the IOMMU may configure key address information in a data item of the IOMMU under the control of the security processor, so that when the encryption virtual machine performs data read/write on the DMA device, the IOMMU may query key information corresponding to the DMA device based on the GPA and the key address information configured in the data item, and further configure the key information in the memory controller, so that the memory controller encrypts and decrypts the data read/written by the encryption virtual machine for the DMA device based on the key information, thereby implementing direct data read/write on the DMA device by the encryption virtual machine, avoiding a process of storing the data to be read/written into a common memory space after encrypting and decrypting the data, and implementing direct and efficient data read/write on the DMA device by the encryption virtual machine, and improving DMA transmission efficiency.
In an alternative implementation, fig. 9 shows an alternative flow of the DMA method provided in the embodiment of the present application, where the flow of the method may be implemented by the IOMMU, and as shown in fig. 9, the flow may include:
and step S20, obtaining a DMA request aiming at the direct memory access DMA device.
When the encryption virtual machine reads and writes data of the DMA device, the encryption virtual machine can initiate a DMA request to the DMA device connected with the IOMMU, so that the DMA device and the encryption memory page of the encryption virtual machine transmit the encryption data in the DMA device to the encryption memory page of the virtual machine in a DMA mode, and at the moment, the IOMMU can acquire the DMA request aiming at the DMA device. The DMA request at least comprises a device identification of the DMA device to be accessed and a virtual physical address GPA of encrypted data accessed by the virtual machine to be encrypted.
And S21, determining a host physical address HPA corresponding to the GPA.
After the IOMMU obtains the DMA request, it may determine a GPA in the DMA request, and then may determine, based on the IO page table lookup apparatus, a host physical address HPA corresponding to the GPA, where the GPA may be obtained from the DMA request and the HPA may be translated based on the GPA. The HPA is an encrypted memory page address for data transmission of the DMA device in a DMA mode. In an optional implementation, the IOMMU may obtain the HPA corresponding to the GPA by looking up the IO page.
Optionally, the HPA may further include a virtual machine identifier ASID and a cryptographic identifier c-bit of the cryptographic virtual machine, where the cryptographic identifier c-bit is used to identify a cryptographic memory page of the HPA, where the memory page corresponding to the HPA is in a cryptographic state. The value of the encryption flag in the HPA is set to a first value indicating encryption or a second value indicating no encryption, for example, a value of "1" may be set to indicate encryption, and a value of "0" may be set to indicate no encryption.
It should be noted that step S21 is an optional step in this embodiment, and in the information configuration method described in this example, step S21 may be executed after the key information is configured for the memory controller, so that the data read and written by the encrypted virtual machine to the DMA device is transmitted to the encrypted memory page corresponding to the HPA.
And S22, determining the key address information configured in the data item of the DMA device.
In the case that the IOMMU has configured the key address information in the data item (such as the device table entry), the IOMMU may determine the device identifier of the DMA device based on the DMA request in step S20, and may determine the corresponding key address information from the data item of the DMA device; for example, the IOMMU may determine the key address information from a device table entry of the DMA device.
And S23, inquiring key information according to the key address information and the GPA.
Optionally, after the key address information is obtained, the PSP may be queried for a corresponding key page table according to the key address information and the GPA to obtain a storage address of the key information, and further obtain the key information corresponding to the GPA based on the storage address.
Alternatively, step S23 may be implemented by a key page table lookup apparatus disposed in the IOMMU, where the key page table lookup apparatus may be as shown in fig. 6, and the key page table lookup apparatus queries a key page table of the corresponding DMA device according to the key address information configured in the DTE and the GPA, and obtains the key information corresponding to the GPA.
Step S24, configuring the key information for the memory controller, so that the memory controller encrypts and decrypts the data read and written by the DMA device with respect to the encrypted virtual machine based on the key information.
Optionally, the key information is configured for the memory controller, specifically, the key information is configured for a password coprocessor of the memory controller; after the key information is obtained, the key information can be configured for the memory controller through an interface between the IOMMU and the password coprocessor.
After determining the key information corresponding to the GPA, the IOMMU may configure the key information in the memory controller, so that the memory controller may encrypt and decrypt the data read and written by the DMA device for the encrypted virtual machine based on the key information, thereby avoiding a process in which the encrypted virtual machine needs to encrypt and decrypt the data first and then store the data in a common memory space, and improving the transmission efficiency of the DMA.
Optionally, the DMA request may further include a virtual machine identifier, so that when the key information is configured, the IOMMU may bind the key information with the virtual machine identifier of the encrypted virtual machine, so as to enable the memory controller to determine the corresponding key information based on the virtual machine identifier.
Optionally, the IOMMU may send the HPA obtained by translating the GPA to the memory controller, so that the memory controller encrypts and decrypts the data read and written by the DMA device for the encrypted virtual machine based on the key bound by the virtual machine identifier in the HPA; in a more specific optional implementation, the process of reading and writing data from and to the DMA device by the encryption virtual machine may be divided into a process of writing data and a process of reading data, and it can be understood that, since the encrypted data is in an encrypted state, when an application program initiates a read request for the encrypted data of the hard disk, the data in the hard disk needs to be decrypted by the key of the encryption virtual machine and then copied to the encrypted memory page; when an application program initiates a write request to the encrypted data of the hard disk, the data in the encrypted memory page needs to be copied to the sector of the encrypted data of the hard disk after being encrypted by the key of the encrypted virtual machine.
When DMA equipment carries out DMA, the IOMMU can inquire the IO page table to obtain the HPA corresponding to the GPA, and the memory controller is controlled to encrypt and decrypt the data of the encrypted memory page according to the ASID configured in the HPA, so that the encrypted virtual machine directly and efficiently carries out data reading and writing on the DMA equipment, and the transmission efficiency of the DMA is improved.
In an example, as shown in fig. 10, when reading data, after obtaining an HPA obtained by converting the GPA by the IOMMU, the memory controller may parse the HPA, and after determining that the c-bit in the HPA is a first value, the memory controller may call a key bound to the ASID, decrypt the encrypted data, and copy the decrypted data to an encrypted memory page corresponding to the HPA; when writing data, after the memory controller acquires the HPA, the data can be copied from the encrypted memory page corresponding to the HPA, and the data is encrypted by using the key bound with the ASID and then transmitted to the DMA device.
In an alternative implementation, the key page table structure may be similar to the CPU page table, for example, may be a 4-level page table, which is denoted as pgd/pud/pmd/pte, respectively, where the last-level page table entry pte.
A key page table query device of the IOMMU acquires a GPA, acquires a DTE of the DMA equipment from a device table according to the GPA, and takes out a key table root pointer field from the DTE; if the key table root pointer is illegal, the data of the current DMA equipment does not need to be encrypted and decrypted by the password coprocessor, the inquiry of a key page table is quitted, and the encryption and decryption operations of the password coprocessor are not executed; then, bit [47 ] of GPA is taken as an index, pgd is obtained from a key page table, if pgd.p is equal to 0, the address is invalid, the key page table is exited, and the encryption and decryption operations of the password coprocessor are not executed; then, obtaining the memory page table address of the pud by using pgd.addr, taking bit [38 ] of the GPA as an index, obtaining the pud from the key page table, if pud.p is equal to 0, indicating that the address is invalid, exiting the key page table query, and not executing the encryption and decryption operation of the password coprocessor; then, obtaining the memory page table address of pmd by the pud.addr, taking bit [29 ] of GPA as an index, obtaining pmd from the key page table, if pmd.p is equal to 0, indicating that the address is invalid, exiting the key page table inquiry, and not executing the encryption and decryption operation of the password coprocessor; then, obtaining the memory page table address of the pt by pmd.addr, taking bit [20 ] of GPA as an index, obtaining the pt from the key page table, if pt.p is equal to 0, exiting the key page table query, and not executing the information configuration process; and then acquiring the encryption key information of the current gpa page by pt.
After the encryption key information is obtained, the key information can be configured into a password coprocessor, and the password coprocessor function of the DMA channel is started (namely, the encryption and decryption operations of the password coprocessor are executed); when the DMA is transmitted, the password coprocessor can encrypt and decrypt the data of the DMA to finish the read-write operation of the encrypted data of the hard disk.
In a further alternative implementation, an access process of encrypted data is provided, where an encryption virtual machine interacts with a security processor through an encrypted memory page, the encryption virtual machine operates in a virtual machine mode, and the security processor operates in a host machine mode, and accordingly, fig. 12 shows another alternative process of the information configuration method provided in this embodiment, as shown in fig. 12, the process may include:
and S31, acquiring the key information and GPA of the encrypted data in the virtual machine mode.
In the virtual machine mode, step S30 may be executed when read/write operation of encrypted data needs to be executed, and in the embodiment of the present application, when read/write operation of encrypted data is executed, corresponding information is configured first, so as to implement direct data read/write of the DMA device by the encrypted virtual machine, and improve DMA transmission efficiency.
Optionally, the encrypted data is an encrypted file, and the application layer may obtain the key information of the encrypted file by reading metadata of the encrypted file and decrypting the metadata of the encrypted file by using a user password.
Optionally, the application layer may read and write a file by using MMAP operation, so as to map the encrypted data to a virtual address space of the application program, where a virtual machine kernel of the encrypted virtual machine may allocate a virtual address space for the encrypted data; correspondingly, the application layer may obtain a virtual physical address corresponding to the virtual address space of the encrypted data.
And step S32, determining whether the GPA is out of page.
Alternatively, when a page fault occurs, step S33 is executed, and when a page fault does not occur, step S49 is executed;
step S33, allocating a cache (page cache) memory page to the virtual physical address, generating a configuration request corresponding to the DMA device, encrypting the configuration request, and writing the encrypted configuration request into an encrypted memory page corresponding to the encrypted virtual machine.
When the virtual machine kernel determines that the virtual physical address is out of page, a cache (page cache) memory page may be allocated for the virtual machine physical address. Based on the page missing state of the GPA, corresponding data needs to be copied from a hard disk to an encrypted memory space of the encrypted virtual machine, so that a configuration request corresponding to the DMA device can be generated
The encrypted virtual machine may carry, in a configuration request, contents such as the GPA, the device identifier of the DMA device, the key information of the encrypted data, and the first integrity check data according to a preset format, and encrypt the configuration request and write the encrypted configuration request into an encrypted memory page corresponding to the encrypted virtual machine, where a virtual physical address of the encrypted memory page into which the configuration request is written may be referred to as a first virtual physical address GPA1.
And step S34, the encryption virtual machine exits the virtual machine mode to enter the host machine mode.
And step S35, the host kernel sends the host physical address of the encrypted memory page written in the configuration request to the security processor.
In the virtual machine mode, the virtual machine carries out interaction of memory pages by GPA, and in the host machine mode, a host kernel and a security processor carry out interaction of the memory pages by HPA; therefore, after the encrypted virtual machine exits the virtual machine mode, in the host mode, the host kernel needs to acquire the corresponding HPA based on the GPA of the encrypted memory page applied by the encrypted virtual machine, so that the host and the security processor can interact with each other on the encrypted memory page based on the HPA; in an optional implementation, a virtual physical address of the encrypted memory page written in the configuration request may be referred to as a first virtual physical address GPA1, and correspondingly, a host physical address of the encrypted memory page written in the configuration request may be referred to as a first host physical address HPA1, where a host kernel may obtain an HPA1 corresponding to the GPA1 by searching a virtual machine Nested page table of the encrypted virtual machine, where the Nested Page Table (NPT) is a device introduced in the CPU architecture for implementing memory virtualization and is used for converting a virtual machine physical address (GPA) into a Host Physical Address (HPA).
After the host kernel acquires the HPA1, the host kernel can send the HPA1 to a security processor, and the security processor performs subsequent processing; it should be noted that, because the data in the encrypted memory page applied by the encrypted virtual machine is in an encrypted state, the host kernel cannot tamper the configuration request in the encrypted memory page, and even if the host kernel tampers HPA1, the security processor can also find that HPA1 sent by the host kernel is incorrect in time through the first integrity check data in the configuration request in the subsequent process, thereby ensuring the correctness and security of the information configuration work.
And step S36, the security processor reads the decrypted configuration request from the encrypted memory page written in the configuration request.
After obtaining an HPA1 sent by a host kernel, a security processor can access an encrypted memory page corresponding to the HPA1 and read decrypted initial information from the encrypted memory page corresponding to the HPA 1; optionally, since the key of the encrypted virtual machine is managed by the security processor, the security processor may control the memory controller to decrypt the virtual machine key of the virtual machine, and decrypt and read the encrypted configuration request in the encrypted memory page corresponding to HPA 1.
Optionally, after reading the decrypted configuration request, the security processor may trigger a subsequent process based on information carried in the configuration request, where the specific situation is as follows.
Step S37, the secure processor calculates second integrity check data of the configuration request.
Step S38, the security processor checks whether the configuration request is complete based on the first integrity check data and the second integrity check data, if not, step S39 is executed, and if so, step S41 is executed.
After the secure processor reads the decrypted configuration request, in order to prevent the configuration request from being tampered, the secure processor may calculate second integrity check data of the configuration request, so that the secure processor may check whether the configuration request is complete based on the second integrity check data and the first integrity check data carried in the configuration request.
In an optional implementation, the security processor may compare the first integrity check data with the second integrity check data to check whether the configuration request is complete; if the first integrity check data is not equal to the second integrity check data, checking that the configuration request is incomplete, which indicates that the configuration request is tampered or the HPA is incorrect, and the security processor cannot continue the subsequent flow of configuring the data item of the IOMMU, at this time, the security processor may determine that the information configuration work fails in the subsequent control encryption virtual machine by executing step S39; if the first integrity check data is equal to the second integrity check data, the configuration request is verified to be complete, and the secure processor may perform step S41 to normally implement configuring the data item of the IOMMU.
Step S39, the security processor writes encrypted first configuration result information in the encrypted memory page, where the first configuration result information includes response information indicating that the configuration has failed.
Under the condition that the configuration request is verified to be incomplete by the security processor, in order to enable the subsequent encrypted virtual machine to determine that the information configuration work fails, the security processor can write first configuration result information into an encrypted memory page interacted with the encrypted virtual machine, and the first configuration result information written into the encrypted memory page by the security processor is encrypted because data in the encrypted memory page is in an encrypted state; in this embodiment of the present application, because the configuration of the data item of the IOMMU fails, the first configuration result information expressing the configuration result of the IOMMU should carry response information indicating that the configuration failed at this time; since the secure processor performs page access with HPA1, the secure processor writes the encrypted first configuration result information in the encrypted memory page corresponding to HPA 1.
And S40, the safety processor controls the kernel of the host to execute the virtual machine operation instruction, and returns to the virtual machine mode to operate the encrypted virtual machine.
Under the condition that the configuration verification request is not complete, the encryption virtual machine needs to be returned to the node of the virtual machine mode exit of the encryption virtual machine, so that the encryption virtual machine can determine that the information configuration fails. It can be understood that the data in the encrypted memory page corresponding to the HPA is in an encrypted state, and the host kernel cannot be read or tampered with, and at this time, the host kernel can execute a VMRUN instruction under the control of the secure processor to exit the host mode and return to the virtual machine mode.
It should be noted that step S39 and step S40 are processing flows of the secure processor in the case where the verification configuration request is incomplete; in the case that the security processor verifies that the configuration request is complete, the security processor may implement normal configuration of data items of the IOMMU by performing step S41.
Step S41, the security processor creates a key page table entry corresponding to the GPA based on the configuration request, and stores the key information of the encrypted data to the memory space pointed by the key page table entry;
step S42, the security processor generates configuration information, wherein the configuration information at least comprises the GPA, key address information corresponding to the key page table entry and the device identifier;
step S43, the security processor sends the configuration information to the IOMMU, so that the IOMMU configures the key address information in the data item corresponding to the device identifier.
Step S44, the IOMMU configures the key address information in the data item.
Step S45, the IOMMU sends a configuration success notice to the security processor.
Step S46, the security processor writes encrypted second configuration result information in the corresponding encrypted memory page, where the second configuration result information includes response information indicating that the configuration is successful.
After the IOMMU configures (records) the key information in the data item, the IOMMU may send a configuration success notification to the secure processor to notify the secure processor that the configuration of the data item by the DMA device was successful.
Optionally, the successfully configuring the key address information in the data item includes: and acquiring a configuration success notification sent by the IOMMU, or defaulting the key address information successfully configured in the data item after checking that the configuration request is complete and sending the configuration information to the IOMMU.
And S47, controlling the host kernel to execute the virtual machine operation instruction by the security processor, and returning to the virtual machine mode to operate the encrypted virtual machine.
And step S48, the encrypted virtual machine reads the decrypted configuration result information from the encrypted memory page corresponding to the GPA.
Based on the above flow, the embodiment of the present application may return to the virtual machine mode by executing the VMRUN (virtual machine running) instruction by the host kernel after executing step S38 (i.e. in case of failed configuration of the data item of the DMA device) and after executing step S46 (i.e. in case of successful configuration of the data item of the DMA device), and enter the node when the encrypted virtual machine exits from the virtual machine mode last time; after returning to the virtual machine mode, the encryption virtual machine needs to determine whether the information configuration work is successful, so that the encryption virtual machine can read from the encryption memory page corresponding to the GPA1, and the security processor writes configuration result information in the host mode; it is to be understood that, in the case where the data item configuration of the DMA device fails, the encryption virtual machine reads out the first configuration result information written by the secure processor, and in the case where the data item configuration of the DMA device succeeds, the encryption virtual machine reads out the second configuration result information written by the secure processor.
And step S49, the encryption virtual machine sends a DMA request so that the encryption virtual machine reads and writes the DMA device.
According to the information configuration method provided by the embodiment of the application, the key address information corresponding to the key information of the encrypted data can be configured in the data item of the DMA device in the information configuration process of the DMA device, so that the encryption virtual machine can directly and efficiently read and write the data of the DMA device.
While various embodiments have been described above in connection with what are presently considered to be the embodiments of the disclosure, the various alternatives described in the various embodiments can be readily combined and cross-referenced without conflict to extend the variety of possible embodiments that can be considered to be the disclosed and disclosed embodiments of the disclosure.
In the following, from the perspective of the security processor, the information configuration apparatus provided in the embodiment of the present application is introduced, and the information configuration apparatus described below may be considered as a functional module that is required to be provided by the security processor to implement the information configuration method provided in the embodiment of the present application; the content of the information configuration device described below may be referred to in correspondence with the content of the method described above.
In an alternative implementation, fig. 13 shows an alternative block diagram of an information configuration apparatus provided in an embodiment of the present application, where the information configuration apparatus is applicable to a secure processor, and as shown in fig. 13, the information configuration apparatus may include:
a configuration request obtaining module 100, configured to obtain a configuration request of an encrypted virtual machine, where the configuration request at least includes a virtual physical address GPA of encrypted data to be accessed by the encrypted virtual machine, a device identifier of a direct memory access DMA device used to transmit the encrypted data, and key information of the encrypted data;
a page table entry creating module 110, configured to create, based on the configuration request, a key page table entry corresponding to the GPA, and store key information of the encrypted data to a memory space pointed by the key page table entry;
a configuration information generating module 120, configured to generate configuration information, where the configuration information at least includes the GPA, key address information corresponding to the key page table entry, and the device identifier;
a configuration information sending module 130, configured to send the configuration information to an input/output memory management unit IOMMU corresponding to the DMA device, so that the IOMMU configures the key address information in a data entry corresponding to the device identifier.
Optionally, the secure processor sends the configuration information through an interface between the secure processor and the IOMMU;
optionally, the data entry is specifically a device table entry DTE in the device table, where one DTE is used to record basic device information of a DMA device connected to the IOMMU, and is indexed by a device identifier of the DMA device.
Optionally, a 64-bit key table root directory key table pointer field is set in the DTE, and the key address information is configured in the key table root pointer field.
Optionally, the key address information configured in the data item supports only secure processor and IOMMU access.
Optionally, the configuration request further includes: encrypting first integrity check data of the configuration request of the virtual machine computer; correspondingly, fig. 14 shows another alternative block diagram of the information configuration apparatus provided in the embodiment of the present application, and in combination with fig. 13 and fig. 14, the information configuration apparatus may further include:
an integrity check module 140, configured to calculate second integrity check data of the configuration request before the configuration information generation module 120 generates the configuration information; and checking whether the configuration request is complete or not based on the first integrity check data and the second integrity check data, and if the configuration request is checked to be complete, entering the step of generating configuration information based on the configuration request.
Optionally, the integrity check module 140 may further be configured to: and if the initialization information is not verified to be complete, feeding back first configuration result information to the encryption virtual machine, wherein the first configuration result information at least comprises response information of failed configuration, so that the encryption virtual machine determines that the information configuration fails.
Optionally, as further shown in fig. 14, the information configuring apparatus may further include:
a configuration result feedback module 150, configured to feed back second configuration result information to the encryption virtual machine if the key address information is successfully configured in the data item, where the second configuration result information at least includes response information that the configuration is successful, so that the encryption virtual machine determines that the information configuration is successful.
Optionally, the successfully configuring the key address information in the data item includes: and acquiring a configuration success notification sent by the IOMMU, or defaulting the key address information successfully configured in the data item after checking that the configuration request is complete and sending the configuration information to the IOMMU.
Optionally, the secure processor interacts with the encrypted virtual machine through the encrypted memory page;
the encryption virtual machine runs in a virtual machine mode, a virtual machine physical address GPA is used for accessing the memory encryption memory page, the security processor runs in a host mode, the HPA is used for accessing the memory encryption memory page, and the GPA and the HPA are converted through a nested page table NPT; and the encryption virtual machine enters a host mode by exiting the virtual machine mode, and in the host mode, the security processor executes the virtual machine operation instruction by controlling the host kernel to return to the virtual machine mode.
Embodiments of the present application also provide a security processor, and the security processor may be configured to execute the method for configuring information in terms of security processor provided in the embodiments of the present application, and specific contents may refer to the description of the corresponding parts above, and will not be further described here.
In the following, from the perspective of the IOMMU, the information configuration apparatus provided in the embodiment of the present application is introduced, and the information configuration apparatus described below may be considered as a functional module that is required to be configured by the IOMMU to implement the information configuration method provided in the embodiment of the present application; the content of the information configuration device described below may be referred to in correspondence with the content of the method described above.
In an alternative implementation, fig. 15 shows a further alternative block diagram of an information configuration apparatus provided in this embodiment of the present application, where the information configuration apparatus is applicable to an IOMMU, and as shown in fig. 15, the information configuration apparatus may include:
a configuration information obtaining module 200, configured to obtain configuration information sent by a security processor, where the configuration information at least includes: the method comprises the steps that a virtual physical address GPA of encrypted data accessed by a virtual machine to be encrypted, key address information corresponding to a key page table entry of the GPA and a device identifier of Direct Memory Access (DMA) equipment for storing the encrypted data are obtained; the key information of the encrypted data is stored in the memory space pointed by the key page table entry;
a data item determination module 210 for determining a data item corresponding to the device identification;
an address information configuration module 220, configured to configure the key address information in the data item.
Optionally, the secure processor sends the configuration information through an interface between the secure processor and the IOMMU.
Optionally, the data entry is specifically a device table entry DTE in the device table, where one DTE is used to record basic device information of a DMA device connected to the IOMMU, and is indexed by a device identifier of the DMA device.
Optionally, a 64-bit key table root directory key table root pointer field is set in the DTE, and the key address information is configured in the key table root pointer field.
Optionally, the key address information configured in the data item supports only secure processor and IOMMU access.
Optionally, the information configuring apparatus provided in the embodiment of the present application may be further configured to: and if the key address information is successfully configured in the data item, sending a configuration success notification to the security processor.
In the following, from the perspective of the IOMMU, the direct memory access device provided in the embodiment of the present application is introduced, and the direct memory access device described below may be considered as a functional module that is required to be configured by the IOMMU to implement the direct memory access method provided in the embodiment of the present application; the contents of the direct memory access device described below may be referred to in correspondence with the contents of the method described above.
In an alternative implementation, fig. 16 shows an alternative block diagram of a direct memory access apparatus provided in an embodiment of the present application, where the direct memory access apparatus is applicable to an IOMMU, and as shown in fig. 16, the direct memory access apparatus may include:
an access request obtaining module 300, configured to obtain a DMA request for a DMA device accessed by a direct memory, where the DMA request includes at least a device identifier and a virtual physical address GPA of the DMA device to be accessed;
an address information determining module 310, configured to determine key address information configured in a data item of the DMA device;
a key page table query module 320, configured to query, according to the key address information and the GPA, key information corresponding to the DMA device;
a key information configuring module 330, configured to configure the key information for the memory controller, so that the memory controller encrypts and decrypts the data read and written by the DMA device for the encrypted virtual machine based on the key information.
Optionally, the direct storage access apparatus provided in the embodiment of the present application may further include:
an IO page table inquiry device, configured to determine a host physical address HPA corresponding to the GPA;
the key information configuration module 330 is configured to configure the key information for the memory controller, and specifically, to enable the memory controller to encrypt and decrypt data transmitted between the DMA device and the encrypted memory page corresponding to the HPA based on the key information.
Optionally, the HPA includes a virtual machine identifier and a cryptographic identifier of the cryptographic virtual machine, and a value of the cryptographic identifier in the HPA is set to a first value indicating encryption or a second value indicating non-encryption.
Optionally, the key information configuring module 330 is configured to, in the step of configuring the key information for the memory controller, bind the key information with the virtual machine identifier in the HPA.
Optionally, the key information configuring module 330 is configured to configure the key information for the memory controller, specifically, configure the key information for a password coprocessor of the memory controller.
Optionally, the IOMMU configures the key information for the cryptographic coprocessor through an interface between the IOMMU and the cryptographic coprocessor.
The embodiment of the present application further provides an IOMMU, which may be configured to execute the IOMMU-oriented information configuration method provided in the embodiment of the present application, or refer to the description of the corresponding part above for specific content of the IOMMU-oriented DMA method provided in the embodiment of the present application, and this is not further described here.
Embodiments of the present application further provide an electronic device, for example, a cloud host, where the electronic device may include the security processor and the IOMMU described above, and an alternative structure of the electronic device may be as shown in fig. 5, which is not further described herein.
Although the embodiments of the present application are disclosed above, the present application is not limited thereto. Various changes and modifications may be effected therein by one of ordinary skill in the pertinent art without departing from the scope or spirit of the present disclosure, and it is intended that the scope of the present disclosure be defined by the appended claims.
Claims (29)
1. An information configuration method applied to a secure processor, the method comprising:
acquiring a configuration request of an encrypted virtual machine, wherein the configuration request at least comprises a virtual physical address GPA of encrypted data to be accessed by the encrypted virtual machine, a device identifier of a Direct Memory Access (DMA) device for transmitting the encrypted data and key information of the encrypted data;
based on the configuration request, creating a key page table entry corresponding to the GPA, and storing key information of the encrypted data to a memory space pointed by the key page table entry;
generating configuration information, wherein the configuration information at least comprises the GPA, key address information corresponding to the key page table entry and the device identifier;
sending the configuration information to an input/output memory management unit IOMMU corresponding to the DMA device, so that the IOMMU configures the key address information in the data item corresponding to the device identifier, and when the DMA device directly stores and accesses, inquiring the key information corresponding to the DMA device according to the key address information and the GPA, and configuring the key information for a memory controller, so that the memory controller encrypts and decrypts the data read and written by the DMA device for an encryption virtual machine based on the key information.
2. The information configuration method of claim 1, wherein the security processor sends the configuration information through an interface of the security processor and the IOMMU.
3. The information configuration method according to claim 1, wherein the data entry is a device table entry DTE in a device table, and wherein one DTE is used to record basic device information of a DMA device connected to the IOMMU and is indexed by a device identifier of the DMA device.
4. The information configuration method according to claim 3, wherein a 64-bit key table root directory key table pointer field is set in the DTE, and the key address information is configured in the key table root pointer field.
5. The information configuration method of claim 1, wherein the key address information configured in the data item supports only secure processor and IOMMU access.
6. The information configuration method according to claim 1, wherein the configuration request further comprises: encrypting first integrity check data of the configuration request of the virtual machine computer;
prior to generating the configuration information, the method further comprises:
calculating second integrity check data of the configuration request;
and checking whether the configuration request is complete or not based on the first integrity check data and the second integrity check data, and if the configuration request is checked to be complete, entering the step of generating configuration information based on the configuration request.
7. The information configuration method according to claim 6, further comprising:
and if the configuration request is not verified to be complete, feeding back first configuration result information to the encrypted virtual machine, wherein the first configuration result information at least comprises response information of failed configuration, so that the encrypted virtual machine determines that the information configuration fails.
8. The information configuration method according to claim 6, further comprising:
and if the key address information is successfully configured in the data item, feeding back second configuration result information to the encryption virtual machine, wherein the second configuration result information at least comprises response information of successful configuration, so that the encryption virtual machine determines that the information configuration is successful.
9. The information configuration method according to claim 8, wherein successfully configuring the key address information in the data item comprises: and acquiring a configuration success notification sent by the IOMMU, or defaulting the key address information successfully configured in the data item after checking that the configuration request is complete and sending the configuration information to the IOMMU.
10. The information configuration method according to any one of claims 1 to 9, wherein the secure processor interacts with the encrypted virtual machine through an encrypted memory page, and the encrypted memory page is a memory page in a memory space of the encrypted virtual machine;
the encryption virtual machine runs in a virtual machine mode, a virtual machine physical address GPA is used for accessing the encryption memory page, the security processor runs in a host mode, an HPA is used for accessing the encryption memory page, and the GPA and the HPA are converted through a nested page table NPT; and the encryption virtual machine enters a host mode by exiting the virtual machine mode, and in the host mode, the security processor executes the virtual machine operation instruction by controlling the host kernel to return to the virtual machine mode.
11. An information configuration method applied to an input/output memory management unit (IOMMU), the method comprising:
acquiring configuration information sent by a security processor, wherein the configuration information at least comprises: the method comprises the steps that a virtual physical address GPA of encrypted data accessed by a virtual machine to be encrypted, key address information corresponding to a key page table entry of the GPA and a device identifier of direct memory access DMA equipment for storing the encrypted data are obtained; the key information of the encrypted data is stored in the memory space pointed by the key page table entry;
determining a data item corresponding to the device identification;
and configuring the key address information in the data item so as to inquire the key information corresponding to the DMA equipment according to the key address information and the GPA when the DMA equipment is accessed in a direct storage mode, and configuring the key information for a memory controller so that the memory controller can encrypt and decrypt the data read and written by the DMA equipment aiming at an encrypted virtual machine based on the key information.
12. The information configuring method of claim 11, wherein the secure processor sends the configuration information through an interface of the secure processor and the IOMMU.
13. The information configuration method according to claim 11, wherein the data entry is specifically a device table entry DTE in a device table, and wherein one DTE is used to record basic device information of a DMA device connected to the IOMMU and is indexed by a device identifier of the DMA device.
14. The information configuration method according to claim 13, wherein a 64-bit key page table root directory key table root pointer field is set in the DTE, and the key address information is configured in the key table root pointer field.
15. The information configuration method of claim 11, wherein the key address information configured in the data item supports only secure processor and IOMMU access.
16. The information configuration method according to claim 11, further comprising:
and if the key address information is successfully configured in the data item, sending a configuration success notification to the security processor.
17. A direct memory access method applied to an input output memory management unit IOMMU based on the information configuration method as claimed in any one of claims 11 to 16, comprising:
obtaining a DMA request aiming at Direct Memory Access (DMA) equipment, wherein the DMA request at least comprises an equipment identifier of the DMA equipment to be accessed and a virtual physical address GPA of encrypted data accessed by a virtual machine to be encrypted;
determining key address information configured in a data item of the DMA device;
inquiring key information corresponding to the DMA equipment according to the key address information and the GPA;
and configuring the key information for the memory controller so that the memory controller encrypts and decrypts the data read and written by the DMA equipment aiming at the encryption virtual machine based on the key information.
18. The direct memory access method of claim 17, wherein after obtaining the DMA request for the direct memory access DMA device, further comprising:
determining a Host Physical Address (HPA) corresponding to the GPA;
the configuring of the key information for the memory controller is specifically configured to enable the memory controller to encrypt and decrypt data transmitted between the DMA device and the encrypted memory page corresponding to the HPA based on the key information.
19. The direct memory access method of claim 18, wherein the HPA includes a virtual machine identifier and a cryptographic identifier for the cryptographic virtual machine, and wherein the value of the cryptographic identifier in the HPA is set to either a first value representing encryption or a second value representing no encryption.
20. The method of claim 19, wherein the step of configuring the key information for the memory controller binds the key information to the virtual machine identifier in the HPA.
21. The direct memory access method of claim 17, wherein the querying the key information storage address corresponding to the GPA is performed by a key page table querying device of the IOMMU.
22. The dma method according to claim 17, wherein the key information is configured for the memory controller, specifically for a cryptographic coprocessor of the memory controller.
23. The direct memory access method of claim 22, wherein the IOMMU configures the cryptographic coprocessor with the key information for the cryptographic coprocessor via an interface of the IOMMU with the cryptographic coprocessor.
24. An information configuring apparatus, comprising:
a configuration request obtaining module, configured to obtain a configuration request of an encrypted virtual machine, where the configuration request at least includes a virtual physical address GPA of encrypted data to be accessed by the encrypted virtual machine, a device identifier of a direct memory access DMA device used for transmitting the encrypted data, and key information of the encrypted data;
a page table entry creating module, configured to create a key page table entry corresponding to the GPA based on the configuration request, and store key information of the encrypted data to a memory space pointed by the key page table entry;
a configuration information generating module, configured to generate configuration information, where the configuration information at least includes the GPA, key address information corresponding to the key page table entry, and the device identifier;
and the configuration information sending module is used for sending the configuration information to an input/output memory management unit IOMMU (input/output memory management unit) corresponding to the DMA device, so that the IOMMU configures the key address information in a data item corresponding to the device identifier, and when the DMA device directly stores and accesses, the IOMMU inquires the key information corresponding to the DMA device according to the key address information and the GPA, and configures the key information for a memory controller, so that the memory controller encrypts and decrypts the data read and written by the DMA device aiming at the encrypted virtual machine based on the key information.
25. An information configuration apparatus, comprising:
a configuration information obtaining module, configured to obtain configuration information sent by the security processor, where the configuration information at least includes: the method comprises the steps that a virtual physical address GPA of encrypted data accessed by a virtual machine to be encrypted, key address information corresponding to a key page table entry of the GPA and a device identifier of direct memory access DMA equipment for storing the encrypted data are obtained; the key information of the encrypted data is stored in the memory space pointed by the key page table entry;
a data item determination module for determining a data item corresponding to the device identifier;
and the address information configuration module is used for configuring the key address information in the data item so as to query the key information corresponding to the DMA device according to the key address information and the GPA when the DMA device directly accesses the memory, and configuring the key information for the memory controller so that the memory controller can encrypt and decrypt the data read and written by the DMA device aiming at the encryption virtual machine based on the key information.
26. A direct memory access apparatus, characterized in that, based on the information configuration apparatus of claim 25, comprising:
an access request obtaining module, configured to obtain a DMA request for a DMA device, where the DMA request at least includes a device identifier and a virtual physical address GPA of the DMA device to be accessed;
an address information determination module for determining key address information configured in a data item of the DMA device;
the key page table query module is used for querying the key information corresponding to the DMA equipment according to the key address information and the GPA;
and the key information configuration module is used for configuring the key information for the memory controller so that the memory controller encrypts and decrypts the data read and written by the DMA equipment aiming at the encrypted virtual machine based on the key information.
27. A secure processor, characterized in that the secure processor is configured to perform the information configuration method of any of claims 1-10.
28. An input output memory management unit, IOMMU, configured to perform the information configuration method of any of claims 11-16 and/or perform the direct memory access method of any of claims 17-23.
29. An electronic device comprising a security processor according to claim 27 and an input output memory management unit IOMMU according to claim 28.
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK40047524A HK40047524A (en) | 2021-11-19 |
| HK40047524B true HK40047524B (en) | 2023-03-17 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112433817B (en) | Information configuration method, direct storage access method and related device | |
| JP7428770B2 (en) | Computer programs, computer readable storage media and devices | |
| CN110928646B (en) | A method, device, processor and computer system for accessing shared memory | |
| US7107459B2 (en) | Secure CPU and memory management unit with cryptographic extensions | |
| US9529735B2 (en) | Secure data encryption in shared storage using namespaces | |
| JP6414863B2 (en) | Encryption and decryption method and apparatus and system in virtualization system | |
| CN109800050B (en) | Memory management method, device, related equipment and system of virtual machine | |
| CN115758420B (en) | File access control method, device, equipment and medium | |
| CN113342473B (en) | Data processing method, secure virtual machine migration method and related devices and architecture | |
| CN102404314A (en) | Remote resources single-point sign on | |
| CN111241564B (en) | Memory page exchange method and security processor | |
| CN112416526B (en) | A direct storage access method, device and related equipment | |
| CN109725983B (en) | A data exchange method, device, related equipment and system | |
| JP2011048661A (en) | Virtual server encryption system | |
| US11960737B2 (en) | Self-deploying encrypted hard disk, deployment method thereof, self-deploying encrypted hard disk system and boot method thereof | |
| US12425206B2 (en) | Method of dynamically loading encryption engine | |
| JP2021090151A (en) | Storage system and data protection method thereof | |
| CN108521424B (en) | Distributed data processing method for heterogeneous terminal equipment | |
| CN116108454B (en) | Memory page management method and device | |
| US20240267210A1 (en) | Preventing Password Cracking Based on Combined Server/Client Salted Passwords | |
| CN112416525B (en) | Device driver initialization method, direct storage access method and related device | |
| HK40047524B (en) | Information configuration method, direct storage and access method and related device | |
| HK40047524A (en) | Information configuration method, direct storage and access method and related device | |
| US12074982B2 (en) | Authentication of process execution in virtual environments | |
| CN116820680A (en) | Migration method of secure virtual machine, and related device and system |