BATTLE OF SKM AND IUM
1MHMIxh
1MHMIxh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
HOW DOES IT ALL WORK?<br />
• Hypervisor now associates a Virtual Trust Level (VTL) with each Virtual Processor (VP)<br />
• Two VTLs defined today (higher is more privileged) – more are supported by the architecture<br />
• VTL 0, which is the Normal World<br />
• VTL 1, which is the Secure World<br />
• Hypervisor uses Enhanced Page Tables (EPT) which now have essentially a “VTL” associated with them<br />
• VTL 0 access to VTL 1 pages can be controlled<br />
• Blocking +R -> allows hiding cryptographic secrets (Credential Guard)<br />
• Blocking +RX (or +RWX) -> allows preventing execution of code, or modification of code (Device Guard)<br />
• Blocking +W -> allows preventing modification of executable pages shared with VTL 1