Method and system for integrity protection for accelerator device firmware using virtualization-based security

A method and system for security protection for firmware of an accelerator by leveraging Virtualization-Based Security (VBS). A memory space is allocated for firmware of an accelerator from a Kernel Data Protection (KDP)-protected region of a system memory. The KDP-protected region is a specific are...

Full description

Saved in:
Bibliographic Details
Main Authors GOKULRANGAN, Venkat, MUSUNURI, Satyanantha, MEHTA, Kunal, GODAVARTHI, Vinupama
Format Patent
LanguageEnglish
Published 24.10.2024
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:A method and system for security protection for firmware of an accelerator by leveraging Virtualization-Based Security (VBS). A memory space is allocated for firmware of an accelerator from a Kernel Data Protection (KDP)-protected region of a system memory. The KDP-protected region is a specific area of the system memory that is protected by KDP. The firmware of the accelerator is placed in the KDP-protected region. A device memory management unit (MMU) page table corresponding to the memory space allocation for the firmware of the accelerator may be generated and placed in the KDP-protected region. A device driver of the accelerator sets attributes of page table entries of the device MMU page table appropriately, and accesses to the system memory may be controlled based on the attributes of the page table entries of the device MMU page table.
Bibliography:Application Number: US202418757621