IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12265606 B1

PDFFull Text
Date of Patent:
Apr. 01, 2025

Filed:

Sep. 26, 2022

Direct assignment of physical devices to confidential virtual machines

Applicant:

Microsoft Technology Licensing, Llc, Redmond, WA (US);

Inventors:

Jin Lin, Seattle, WA (US);

Jason Stewart Wohlgemuth, Seattle, WA (US);

Michael Bishop Ebersol, Woodinville, WA (US);

Aditya Bhandari, Seattle, WA (US);

Steven Adrian West, Redmond, WA (US);

Emily Cara Clemens, Snohomish, WA (US);

Michael Halstead Kelley, Redmond, WA (US);

Dexuan Cui, Sammamish, WA (US);

Attilio Mainetti, Bellevue, WA (US);

Sarah Elizabeth Stephenson, Boston, MA (US);

Carolina Cecilia Perez-Vargas, Seattle, WA (US);

Antoine Jean Denis Delignat-Lavaud, Cambridge, GB;

Kapil Vaswani, Karnataka, IN;

Alexander Daniel Grest, Redmond, WA (US);

Steve Michel Pronovost, Redmond, WA (US);

David Alan Hepkin, Redmond, WA (US);

Assignee:

Microsoft Technology Licensing, LLC, Redmond, WA (US);

Attorney:

Workman Nydegger

Primary Examiner:

Ellen Tran

Int. Cl.
CPC ...
G06F 21/53 (2013.01); G06F 21/60 (2013.01); G06F 21/79 (2013.01); G06F 9/455 (2018.01); G06F 11/30 (2006.01);
U.S. Cl.
CPC ...
G06F 21/53 (2013.01); G06F 21/602 (2013.01); G06F 21/79 (2013.01); G06F 9/45533 (2013.01); G06F 9/45558 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01); G06F 11/301 (2013.01);
Abstract

Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.

Find Patent Forward Citations

Loading…