Intel Corporation
HYPERVISOR-MANAGED LINEAR ADDRESS TRANSLATION AND MEMORY INTEGRITY

Abstract:

An apparatus provides a processor configured to execute instructions of a hypervisor to provide hypervisor-managed linear address translation (HLAT) with integrity protection. The processor is to execute the instructions to select a first key identifier for a first virtual machine to run on the hypervisor, invoke a first platform configuration instruction to configure the first key identifier in the processor including generating an encryption key for the first key identifier and setting an integrity mode for the first key identifier, instantiate the first virtual machine including a first guest kernel, the first guest kernel to allocate a plurality of HLAT paging structures to be used to translate a guest virtual address to a guest physical address of a first memory page allocated for the first virtual machine, mark the plurality of HLAT paging structures with read-only permission, and assign the first key identifier to the first memory page.