CN120301713B - Secure communication method, computing device and medium suitable for confidential virtual machine and PCIe device - Google Patents
Secure communication method, computing device and medium suitable for confidential virtual machine and PCIe deviceInfo
- Publication number
- CN120301713B CN120301713B CN202510780014.8A CN202510780014A CN120301713B CN 120301713 B CN120301713 B CN 120301713B CN 202510780014 A CN202510780014 A CN 202510780014A CN 120301713 B CN120301713 B CN 120301713B
- Authority
- CN
- China
- Prior art keywords
- confidential
- virtual machine
- data
- pcie device
- control bridge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
本申请涉及机密计算技术领域,特别涉及一种适用于机密虚拟机与PCIe设备的安全通信方法、计算设备及介质。所述方法应用计算设备,计算设备包括机密虚拟机、PCIe设备和控制桥,控制桥实现对PCIe设备的安全围栏,PCIe设备通过控制桥与机密虚拟机相互通信,所述方法包括控制桥获取PCIe设备与机密虚拟机间的目标数据;控制桥对目标数据进行加密/解密,以使得目标数据以密文形式在PCIe设备和所述机密虚拟机间传输。本申请通过设置用于实现对所述PCIe设备的安全围栏的控制桥,并通过控制桥与机密虚拟机进行加密传输,使得PCIe设备可以与机密虚拟机联合使用,并且通过控制桥与机密虚拟机间的加密传输,实现安全可信计算的能力。
The present application relates to the field of confidential computing technology, and in particular to a secure communication method, computing device, and medium suitable for confidential virtual machines and PCIe devices. The method applies a computing device, which includes a confidential virtual machine, a PCIe device, and a control bridge. The control bridge implements a security fence for the PCIe device. The PCIe device communicates with the confidential virtual machine through the control bridge. The method includes the control bridge obtaining target data between the PCIe device and the confidential virtual machine; the control bridge encrypts/decrypts the target data so that the target data is transmitted in ciphertext between the PCIe device and the confidential virtual machine. The present application sets a control bridge for implementing a security fence for the PCIe device, and performs encrypted transmission with the confidential virtual machine through the control bridge, so that the PCIe device can be used in conjunction with the confidential virtual machine, and realizes the capability of secure and trusted computing through encrypted transmission between the control bridge and the confidential virtual machine.
Description
Technical Field
The present application relates to the field of confidential computing technologies, and in particular, to a secure communication method, a computing device, and a medium suitable for a confidential virtual machine and a PCIe device.
Background
With the rapid development of Artificial Intelligence (AI) and large models, there is an increasing demand for computing resources. To meet these demands, heterogeneous acceleration power cards are currently commonly employed as devices for performing AI and large model computing tasks, and are equipped with a large number of special acceleration devices, such as FPGA acceleration cards, ASIC acceleration cards, and the like. However, the existing heterogeneous acceleration computing power and special acceleration equipment cannot be used together with a confidential virtual machine level Trusted Execution Environment (TEE), which limits effective protection of data security inside a computing power card and cannot achieve safe and trusted computing purposes.
There is thus a need for improvements and improvements in the art.
Disclosure of Invention
The application aims to solve the technical problem of providing a secure communication method, a computing device and a medium suitable for confidential virtual machines and PCIe devices aiming at the defects of the prior art.
To solve the above technical problem, a first aspect of the present application provides a secure communication method applicable to a confidential virtual machine and a PCIe device, and an application computing device, where the computing device includes a confidential virtual machine, a PCIe device, and a control bridge, where the control bridge implements a secure fence for the PCIe device, and where the PCIe device communicates with the confidential virtual machine through the control bridge, the method includes:
The control bridge obtains target data between the PCIe device and the confidential virtual machine;
The control bridge encrypts/decrypts the target data such that the target data is transmitted in ciphertext form between the PCIe device and the confidential virtual machine.
The secure communication method suitable for the confidential virtual machine and the PCIe device, wherein the target data comprises first data transmitted to the PCIe device from the confidential virtual machine and second data transmitted to the confidential virtual machine from the PCIe device, and the control bridge encrypts/decrypts the target data so that the target data is transmitted between the PCIe device and the confidential virtual machine in a ciphertext form specifically comprises:
When the target data is first data transmitted to the PCIe device from the confidential virtual machine, the control bridge decrypts the first data so that the PCIe device knows the decrypted first data;
When the target data is second data transmitted from the PCIe device to the confidential virtual machine, the control bridge encrypts the second data and transmits the encrypted second data to the confidential virtual machine.
The secure communication method suitable for the confidential virtual machine and the PCIe device is characterized in that the confidential virtual machine is used for encrypting data to be transmitted to obtain first data and decrypting encrypted second data.
The secure communication method suitable for a confidential virtual machine and a PCIe device, wherein the obtaining, by the control bridge, target data between the PCIe device and the confidential virtual machine specifically includes:
The control bridge acquires a triggering reason for triggering the target data transmission;
When the trigger is that the confidential virtual machine actively accesses the PCIe device, the control bridge acquires first data formed by the confidential virtual machine through writing operation and/or second data determined by the PCIe device based on reading operation of the confidential virtual machine so as to obtain target data between the PCIe device and the confidential virtual machine;
When the trigger is that the PCIe device actively performs DMA, the control bridge obtains first data moved by the PCIe device from a preset shared memory and/or obtains second data formed by the PCIe device based on DMA write operation so as to obtain target data between the PCIe device and the confidential virtual machine, wherein the first data is written into the preset shared memory by the confidential virtual machine based on DMA read operation.
The secure communication method suitable for a confidential virtual machine and a PCIe device, wherein when the target data is second data formed by the PCIe device based on DMA write operation, the control bridge encrypts/decrypts the target data, so that the target data is transmitted between the PCIe device and the confidential virtual machine in a ciphertext form as follows:
The control bridge encrypts the second data and transmits the encrypted second data to the preset shared memory, so that the confidential virtual machine moves the encrypted second data from the preset shared memory.
The secure communication method suitable for the confidential virtual machine and the PCIe device is characterized in that the preset shared memory is outside a TEE side, so that the confidential virtual machine and the PCIe device can both move memory data in the preset shared memory.
The secure communication method suitable for the confidential virtual machine and the PCIe device, wherein the method further comprises the following steps:
when the triggering reason is interruption of the PCIe equipment, the control bridge is used for interrupting data of the PCIe equipment and transmitting the interrupting data in a plaintext form.
The method for secure communication between a confidential virtual machine and a PCIe device, wherein before the control bridge obtains target data between the PCIe device and the confidential virtual machine, the method further includes:
the confidential virtual machine performs identity authentication on the control bridge;
And when the identity authentication is successful, the confidential virtual machine negotiates a communication key with the control bridge, so that the confidential virtual machine and the control bridge encrypt/decrypt target data by adopting the communication key.
A second aspect of the application provides a computing device, wherein the computing device comprises a processor and a memory, the processor of the computing device being configured to execute instructions stored in the memory of the computing device to cause the computing device to perform a secure communication method as described above for a confidential virtual machine and a PCIe device.
A third aspect of the application provides a computer-readable storage medium comprising computer program instructions which, when executed by a computing device, perform a secure communication method as described above for a confidential virtual machine and a PCIe device.
Compared with the prior art, the method has the beneficial effects that the method is suitable for secure communication between the confidential virtual machine and the PCIe device, the computing device is applied to the method, the computing device comprises the confidential virtual machine, the PCIe device and the control bridge, the control bridge realizes the secure fence of the PCIe device, the PCIe device is communicated with the confidential virtual machine through the control bridge, the method comprises the steps that the control bridge obtains target data between the PCIe device and the confidential virtual machine, and the control bridge encrypts/decrypts the target data so that the target data can be transmitted between the PCIe device and the confidential virtual machine in a ciphertext mode. The application realizes the secure and credible computing capacity by setting the control bridge for realizing the secure fence of the PCIe device and carrying out encryption transmission with the confidential virtual machine through the control bridge, so that the PCIe device can be used in combination with the confidential virtual machine and the encryption transmission between the control bridge and the confidential virtual machine is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a functional block diagram of one example of a computing device provided by an embodiment of the present application.
FIG. 2 is a functional block diagram of another example of a computing device provided by an embodiment of the present application.
Fig. 3 is a flowchart of a secure communication method suitable for a confidential virtual machine and PCIe device according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a secure communication method, computing equipment and medium suitable for confidential virtual machines and PCIe equipment, and in order to make the purposes, technical schemes and effects of the application clearer and more definite, the application is further described in detail below by referring to the accompanying drawings and the embodiments. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.
It will be understood by those skilled in the art that all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs unless defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
It should be understood that the sequence number and the size of each step in this embodiment do not mean the sequence of execution, and the execution sequence of each process is determined by the function and the internal logic of each process, and should not be construed as limiting the implementation process of the embodiment of the present application.
The application will be further described by the description of embodiments with reference to the accompanying drawings.
In order to make the technical scheme provided by the application clearer, explanation of related terms is firstly carried out.
(1) Virtual machine refers to a complete computer system with complete hardware system functions simulated by software and running in a completely isolated environment. The work that can be done in the server can be done in the virtual machine. Each virtual machine has an independent hard disk and operating system, and users of the virtual machines can operate the virtual machines like using servers.
(2) PCIe devices, devices conforming to the PCIe bus standard, are referred to as PCIe devices, which may also be referred to as end devices (end devices), external devices, or I/O devices, at the end of the PCIe bus system topology, typically as initiators or terminators of bus operations. The PCIe bus architecture may include a plurality of PCIe devices, such as graphics cards, network cards, sound cards, acceleration devices (e.g., GPU, NPU), magnetic disks, and so forth.
(3) Direct memory access (direct memory access, DMA) is an interface technique whereby an external device exchanges data directly with the system memory without passing through the processor (also referred to as a central processing unit (central processing unit, CPU). The external device can transfer data to memory in bulk by DMA and then send an interrupt notification to the processor without passing through the processor, thereby reducing the processor's burden.
Next, application scenarios to which the present application relates are described.
The present application relates to a secure communication scenario applicable to confidential virtual machines and PCIe devices, in which a computing device (e.g., a server) includes a hardware layer and a software layer, the hardware layer being a conventional configuration of the computing device, where the PCIe device may be, for example, a network card, a GPU, an NPU, an offload card, or the like, that may be plugged into a PCIe slot of the server. However, the existing heterogeneous acceleration computing power and special acceleration devices cannot be used together with a confidential virtual machine level Trusted Execution Environment (TEE), so that data inside the heterogeneous acceleration computing power and the special acceleration devices need to be sent to a REE side (also called a non-secure world (normal world)), and the REE side cannot secure the data inside the heterogeneous acceleration computing power and the special acceleration devices, which causes security threat to the data inside the heterogeneous acceleration computing power and the special acceleration devices, and cannot achieve the purpose of secure and trusted computing.
Therefore, how to make PCIe devices capable of being used in combination with confidential virtual machines, and meet the security requirements of users on heterogeneous acceleration computing power and data devices inside special acceleration devices, has become a problem to be solved in the art.
In order to solve the problems, the application provides a secure communication method, a computing device and a medium suitable for a confidential virtual machine and a PCIe device, wherein the method uses the computing device, the computing device comprises the confidential virtual machine, the PCIe device and a control bridge, the control bridge realizes a secure fence for the PCIe device, the PCIe device and the confidential virtual machine are communicated with each other through the control bridge, the method comprises the steps that the control bridge obtains target data between the PCIe device and the confidential virtual machine, and the control bridge encrypts/decrypts the target data so that the target data can be transmitted between the PCIe device and the confidential virtual machine in a ciphertext mode. The application realizes the secure and credible computing capacity by setting the control bridge for realizing the secure fence of the PCIe device and carrying out encryption transmission with the confidential virtual machine through the control bridge, so that the PCIe device can be used in combination with the confidential virtual machine and the encryption transmission between the control bridge and the confidential virtual machine is realized.
Specifically, as shown in FIG. 1, the computing device 100 includes a PCIe device, a confidential virtual machine, which may be one or more confidential virtual machines, and a control bridge, which may be deployed on the TEE side in FIG. 1 by taking the example that the computing device includes one confidential virtual machine. The control bridge is used for realizing the security fence of the PCIe device, and the PCIe device and the confidential virtual machine are communicated with the control bridge so as to realize the joint use of the PCIe device and the confidential virtual machine through the control bridge, namely, the PCIe device and the confidential virtual machine are communicated with each other through the control bridge. Wherein the confidential virtual machine may include an operating system kernel and one or more application programs (APPs) (not shown in fig. 1). The operating system kernel in the confidential virtual machine and the common confidential virtual machine may be powerful general-purpose operating system kernel such as linux, which is not particularly limited in the present application. Moreover, FIG. 1 is merely provided as an example for the present application, and computing device 100 may have more or fewer components than shown in FIG. 1, or may have a different configuration implementation of the components, etc., without limitation.
Further, the control bridge cooperates with the confidential virtual machine to realize safe and trusted computing so as to realize safe and trusted technology of the PCIe device. Wherein the control bridge does not change the logic layer behavior of the PCIe device and has control capability over the data of the PCIe device. Specifically, the control bridge may be a hardware board that implements secure fencing for PCIe devices using a PCIe transparent bridge that does not change the logical layer behavior of the connected PCIe devices, so that no modifications to the device's own drivers are required within the confidential virtual machine. The control bridge is positioned between the PCIe device and the confidential virtual machine, data of the PCIe device is transmitted to the confidential virtual machine through the control bridge, the control bridge realizes the safety enhancement of the data of the PCIe device, and the joint use of the PCIe device and the confidential virtual machine on the TEE side is realized.
The following describes in detail the procedure of the secure communication method applicable to the confidential virtual machine and the PCIe device according to the flowchart of the secure communication method applicable to the confidential virtual machine and the PCIe device provided by the present application in conjunction with fig. 3.
As shown in fig. 3, the secure communication method suitable for the confidential virtual machine and the PCIe device specifically includes:
S10, the control bridge acquires target data between the PCIe device and the confidential virtual machine;
s20, the control bridge encrypts/decrypts the target data so that the target data is transmitted between the PCIe device and the confidential virtual machine in a ciphertext mode.
Specifically, in step S10, the target data is the IO data between the PCIe device and the confidential virtual machine, where the IO data may include the first data transmitted from the confidential virtual machine to the PCIe device, or may be the second data transmitted from the PCIe device to the confidential virtual machine. That is, when the confidential virtual machine transmits first data to the PCIe device, the first data is acquired by the control bridge, and when the PCIe device transmits second data to the confidential virtual machine, the PCIe device transmits the second data to the control bridge.
In one embodiment, since all data of the PCIe device interacts with the confidential virtual machine through the control bridge, in order to ensure security of communication between the control bridge and the confidential virtual machine, identity authentication needs to be performed on the control bridge before secure communication between the PCIe device and the confidential virtual machine is achieved through the control bridge. Based on this, before the control bridge obtains the target data between the PCIe device and the confidential virtual machine, the method further includes:
the confidential virtual machine performs identity authentication on the control bridge;
And when the identity authentication is successful, the confidential virtual machine negotiates a communication key with the control bridge, so that the confidential virtual machine and the control bridge encrypt/decrypt target data by adopting the communication key.
In particular, identity authentication is used to verify a control bridge to ensure the security of the control bridge, wherein the identity authentication may include remote authentication and identity authentication. The remote authentication is that the confidential virtual machine determines the identity validity of the control bridge in a remote authentication mode, and the identity authentication is that the confidential virtual machine performs identity authentication on the control bridge with legal identity, wherein the identity authentication method can be completed by adopting the existing method, such as national standard GB/T15843.3-2016 and the like.
Further, after the identity of the control bridge passes, the control bridge negotiates a communication key with the confidential virtual machine, and the communication key is used for encrypting/decrypting the target data between the control bridge and the confidential virtual machine. That is, the secret virtual machine and the control bridge both encrypt/decrypt the target data using the communication key, specifically, the control bridge decrypts the first data from the secret virtual machine and encrypts the second data to be transmitted to the secret virtual machine using the communication key, and similarly, the secret virtual machine decrypts the second data from the control bridge and encrypts the data to be transmitted to the control bridge using the communication key to obtain the first data. The communication key can be obtained by negotiating the control bridge and the confidential virtual machine together, such as DH algorithm, SM2 key exchange protocol and the like, or can be directly distributed by the confidential virtual machine, and when the communication key is distributed by the confidential virtual machine, the confidential virtual machine can encrypt the communication key by using the authentication public key of the control bridge and send the encrypted communication key to the control bridge, and the control bridge decrypts the encrypted communication key by using the authentication private of the control bridge so as to obtain the communication key, thereby avoiding leakage of the communication key in the process of transmitting the communication key from the confidential virtual machine to the control bridge, improving the security of the communication key, and further improving the security degree of the security and credibility of the control bridge and the confidential virtual machine.
In one implementation, since the target data is IO data between the PCIe device and the confidential virtual machine, the IO data between the PCIe device and the confidential virtual machine may include IO data generated by the confidential virtual machine actively accessing the PCIe device (e.g., CPU actively accessing the computing device, etc.), IO data generated by the PCIe device interrupt, IO data generated by the PCIe device actively DMA, etc. The confidential virtual machine actively accesses the PCIe devices, wherein the confidential virtual machine actively accesses the PCIe devices, comprises software for accessing a PCIe device configuration space and a PCIe device memory mapping space, the PCIe device configuration space and the PCIe devices are unified, data do not need to be encrypted/decrypted, the memory mapping space is set for each PCIe device and is related to task data, and the data need to be encrypted/decrypted, so that the confidential virtual machine actively accesses the data called by the PCIe devices and needs to be encrypted/decrypted. IO data generated by the PCIe device interrupt is irrelevant to task data, so that the IO data generated by the PCIe device interrupt does not need encryption/decryption protection. IO data generated by active DMA of PCIe equipment is closely related to task data, and encryption/decryption protection is needed.
For this reason, when the control bridge acquires the target data between the PCIe device and the confidential virtual machine, it determines whether the target data needs to be encrypted/decrypted according to the trigger reason of the target data. Correspondingly, the obtaining, by the control bridge, the target data between the PCIe device and the confidential virtual machine specifically includes:
The control bridge acquires a triggering reason for triggering the target data transmission;
When the trigger is that the confidential virtual machine actively accesses the PCIe device, the control bridge acquires first data formed by the confidential virtual machine through writing operation and/or second data determined by the PCIe device based on reading operation of the confidential virtual machine so as to obtain target data between the PCIe device and the confidential virtual machine;
When the trigger is that the PCIe device actively performs DMA, the control bridge obtains first data moved by the PCIe device from a preset shared memory and/or obtains second data formed by the PCIe device based on DMA write operation so as to obtain target data between the PCIe device and the confidential virtual machine, wherein the first data is written into the preset shared memory by the confidential virtual machine based on DMA read operation.
Specifically, the triggering reason is the reason that the data transmission between the PCIe device and the confidential virtual machine is required, and as can be seen from the foregoing, the triggering reason includes that the confidential virtual machine actively accesses the PCIe device, the PCIe device interrupts, and the PCIe device actively DMA. When the trigger is that the confidential virtual machine actively accesses the PCIe device, the control bridge may acquire first data (i.e., the first data is write data formed by a write operation based on the confidential virtual machine) that the confidential virtual machine needs to write into the PCIe device, and also acquire second data (i.e., the second data is return data formed by a read operation based on the confidential virtual machine) that the PCIe device returns based on the read operation of the confidential virtual machine. That is, when the confidential virtual machine actively accesses the PCIe device, the confidential virtual machine performs read-write operation on the PCIe device, when performing read operation, the PCIe device can feed back second data to the confidential virtual machine based on the read operation and transmit the second data to the control bridge, and when performing write operation, the confidential virtual machine transmits first data to be written to the PCIe device to the control bridge.
Further, when the trigger is a PCIe device interrupt, the control bridge may directly obtain interrupt data formed by the PCIe device interrupt.
Further, when the trigger is that the PCIe device is actively DMA, the DMA of the PCIe device is initiated by a device driver software (such as an application software call) in the confidential virtual machine, as shown in fig. 2, the driver may apply for a shared memory (denoted as a preset shared memory) for the DMA, and the PCIe device and the confidential virtual machine implement data transmission through the preset shared memory. The PCIe device encrypts data formed by the DMA into second data through the control bridge and then shares the second data into a preset shared memory, so that the confidential virtual machine can move the second data from the preset shared memory, meanwhile, the PCIe device can move the first data stored in the preset shared memory by the virtual set based on the DMA of the PCIe device from the preset shared memory, and the control bridge can read the first data moved by the PCIe device and decrypt the first data. The first data is written into a preset shared memory by the confidential virtual machine based on DMA reading operation, and the second data is formed by PCIe equipment based on DMA writing operation.
The above description of step S10 is completed, and step S20 is described below.
In step S20, the control bridge encrypts/decrypts the obtained target data, specifically, when the target data is first data transmitted from the confidential virtual machine to the PCIe device, the first data is ciphertext data encrypted by the confidential virtual machine, the control bridge decrypts the first data, and when the target data is second data transmitted from the PCIe device to the confidential virtual machine, the second data is plaintext data, the control bridge encrypts the second data, and transmits the decrypted second data to the confidential virtual machine.
Further, as can be seen from the explanation of step S10, when the first data and the second data are interrupt data according to the trigger cause of the target data, the first data and the second data can be directly transmitted between the control bridge and the confidential virtual machine in a plaintext form without encrypting/decrypting the first data and the second data. Therefore, when the trigger source is that the confidential virtual machine actively accesses the PCIe device and the PCIe device actively DMA, the control bridge encrypts/decrypts the target data and transmits the target data to the confidential virtual machine in a ciphertext mode, and the confidential virtual machine encrypts/decrypts the target data generated by the confidential virtual machine actively accessing the PCIe device and the PCIe device actively DMA so as to transmit the target data in a ciphertext mode. Of course, in practical applications, the control bridge and the confidential virtual machine may also encrypt/decrypt the target data generated by interruption of the PCIe device according to the user's needs.
The following describes a process of encrypting/decrypting the target data formed by the confidential virtual machine actively accessing the PCIe device and a process of encrypting/decrypting the target data formed by the PCIe device actively DMA, respectively.
In the process that the confidential virtual machine actively accesses target data formed by the PCIe device to encrypt/decrypt, the software accesses the memory mapping space mainly by using iowrite ()/ioread () and other system functions, therefore, only the system functions need to be modified so that when the confidential virtual machine accesses the PCIe device, the control bridge decrypts first data which needs to be written into the PCIe device and encrypts second data read from the PCIe device.
In the process of encrypting/decrypting the target data formed by the active DMA of the PCIe device, since the memory space in the TEE is protected by the TEE, the data in the memory space in the TEE is formed by the ciphertext, and the key corresponding to the ciphertext is only known by the TEE, so that the PCIe device cannot know the key and further cannot decrypt the data in the memory space in the TEE. Therefore, in order to make the control bridge DMA operation corresponding to the data apply for the preset shared memory outside the TEE side, the control bridge and the confidential virtual machine write the data in the ciphertext form into the preset shared memory, the confidential virtual machine moves the data from the preset shared memory and decrypts the moved data, the PCIe device moves the data from the preset shared memory, and the control bridge decrypts the data moved by the PCIe device. Specifically, the confidential virtual machine encrypts data to obtain first data, writes the first data into a preset shared memory, and simultaneously moves encrypted second data from the preset shared memory and decrypts the encrypted second data; the control bridge encrypts the second data and writes the encrypted second data into the preset shared memory, the PCIe device moves the first data from the preset shared memory, and the control bridge decrypts the moved first data of the PCIe device.
In a specific implementation manner, when the PCIe device actively performs DMA read operation by using DMA, a write operation of writing data into a preset shared memory by using a confidential virtual machine is intercepted, the write data formed by the write operation is encrypted to obtain first data, and the first data is written into the preset shared memory. The PCIe device initiates a MemRd request through the PCIe bus, moves the first data in the preset memory into the memory of the PCIe device, and the control bridge decrypts the first data moved into the memory of the PCIe device. In this way, the problem that the data to be transmitted is easily snooped and stolen by a high-authority user or a confidential virtual machine monitor (hypervisor) in the process that the PCIe device initiates a MemRd request to move the data in the preset shared memory to the device memory through the PCIe bus by writing the data to be transmitted into the preset shared memory in a plaintext form can be avoided.
Similarly, when the PCIe device actively DMA performs DMA write operation, the control bridge encrypts data (i.e., second data) of the device MemWr, and transmits the encrypted second data to the preset shared memory, and then notifies the confidential virtual machine (e.g., using an interrupt mode, etc.), where the confidential virtual machine moves the encrypted second data in the preset shared memory to the secure memory, and then decrypts the encrypted second data (if using technologies such as GCM, etc., the integrity of the data may also be checked).
According to the embodiment of the application, the shared memory is applied in advance, and then the data which needs to be written with the preset shared content is encrypted through the control bridge and the confidential virtual machine, so that the data is stored in the preset shared memory in the form of the ciphertext, and the data in the preset shared memory is prevented from being snooped and stolen. Meanwhile, the preset shared memory, the confidential virtual machine, the PCIe device and the control bridge are transmitted in a ciphertext mode, so that the data security of a transmission link is ensured, and the data leakage in the transmission process is avoided. In addition, the data is in a secure state in the memory space of the PCIe device and the memory space of the confidential virtual machine. Therefore, the application ensures the full-link safety protection of the DMA data and further improves the safety of the DMA data.
In addition, after decrypting the first data, the control bridge can verify the integrity of the decrypted first data, if the first data passes the verification, the first data is legal data, and if the first data does not pass the verification, the first data is illegal data. The control bridge intercepts illegal data (i.e., decrypted first data that is not verified) to ensure that all decrypted first data is from a legitimate confidential virtual machine. Meanwhile, the confidential virtual machine end uses the same mode, and all second data can be ensured to come from legal PCIe equipment, so that the security of memory data of the PCIe equipment end can be protected.
Based on the above secure communication method applicable to the confidential virtual machine and the PCIe device, the present embodiment provides a computer readable storage medium storing one or more programs, where the one or more programs may be executed by one or more processors, so as to implement some or all of the steps in the secure communication method applicable to the confidential virtual machine and the PCIe device described in the above embodiment.
Based on the secure communication method applicable to the confidential virtual machine and the PCIe device, the application further provides a computing device, wherein the computing device comprises a processor and a memory, and the processor of the computing device is used for executing instructions stored in the memory of the computing device so that the computing device executes the secure communication method applicable to the confidential virtual machine and the PCIe device.
In addition, the specific processes that the storage medium and the plurality of instruction processors in the computing device load and execute are described in detail in the above method, and are not stated here.
It should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same, and although the present application has been described in detail with reference to the above-mentioned embodiments, it should be understood by those skilled in the art that the technical solution described in the above-mentioned embodiments may be modified or some technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the spirit and scope of the technical solution of the embodiments of the present application.
Claims (8)
1. A secure communication method suitable for a confidential virtual machine and a PCIe device is characterized in that a computing device is applied, the computing device comprises a confidential virtual machine, the PCIe device and a control bridge, the control bridge uses the PCIe transparent bridge to realize a secure fence for the PCIe device, the PCIe transparent bridge does not change the logic layer behavior of the connected PCIe device, so that the device self-driving is not required to be modified in the confidential virtual machine, and the PCIe device is communicated with the confidential virtual machine through the control bridge, the method comprises the following steps:
The control bridge obtains target data between the PCIe device and the confidential virtual machine, wherein the target data comprises first data transmitted to the PCIe device from the confidential virtual machine and second data transmitted to the confidential virtual machine from the PCIe device;
The control bridge encrypts/decrypts the target data so that the target data is transmitted between the PCIe device and the confidential virtual machine in a ciphertext form;
the method for obtaining the target data between the PCIe device and the confidential virtual machine by the control bridge specifically includes:
The control bridge acquires a triggering reason for triggering the target data transmission;
When the trigger is that the confidential virtual machine actively accesses the PCIe device, the control bridge acquires first data formed by the confidential virtual machine through writing operation and/or second data determined by the PCIe device based on reading operation of the confidential virtual machine so as to obtain target data between the PCIe device and the confidential virtual machine;
When the trigger is that the PCIe device actively performs DMA, the control bridge obtains first data which is moved by the PCIe device from a preset shared memory and/or obtains second data which is formed by the PCIe device based on DMA write operation so as to obtain target data between the PCIe device and the confidential virtual machine, wherein the first data is written into the preset shared memory by the confidential virtual machine based on DMA read operation, the first data is obtained by intercepting write operation of writing data into the preset shared memory by the confidential virtual machine and encrypting the write data formed by the write operation, and the preset shared memory is outside the confidential virtual machine so that the confidential virtual machine and the PCIe device can move memory data in the preset shared memory.
2. The secure communication method of claim 1, wherein the control bridge encrypts/decrypts the target data such that the target data is transferred between the PCIe device and the confidential virtual machine in ciphertext form comprises:
When the target data is first data transmitted to the PCIe device from the confidential virtual machine, the control bridge decrypts the first data so that the PCIe device knows the decrypted first data;
When the target data is second data transmitted from the PCIe device to the confidential virtual machine, the control bridge encrypts the second data and transmits the encrypted second data to the confidential virtual machine.
3. The secure communication method of claim 2, wherein the confidential virtual machine is configured to encrypt data to be transmitted to obtain first data and decrypt the encrypted second data.
4. The method of claim 1, wherein when the target data is second data formed by the PCIe device based on DMA write operations, the control bridge encrypts/decrypts the target data such that target data is transferred in ciphertext form between the PCIe device and the confidential virtual machine as:
The control bridge encrypts the second data and transmits the encrypted second data to the preset shared memory, so that the confidential virtual machine moves the encrypted second data from the preset shared memory.
5. The method for secure communications between a confidential virtual machine and a PCIe device according to claim 1, characterized in that the method further comprises:
when the triggering reason is interruption of the PCIe equipment, the control bridge is used for interrupting data of the PCIe equipment and transmitting the interrupting data in a plaintext form.
6. The method of claim 1, wherein prior to the control bridge obtaining target data between the PCIe device and the confidential virtual machine, the method further comprises:
the confidential virtual machine performs identity authentication on the control bridge;
And when the identity authentication is successful, the confidential virtual machine negotiates a communication key with the control bridge, so that the confidential virtual machine and the control bridge encrypt/decrypt target data by adopting the communication key.
7. A computing device comprising a processor and a memory, wherein the processor of the computing device is configured to execute instructions stored in the memory of the computing device to cause the computing device to perform the secure communication method of any of claims 1-6 adapted for use with a confidential virtual machine and a PCIe device.
8. A computer-readable storage medium comprising computer program instructions which, when executed by a computing device, perform the secure communication method of any of claims 1 to 6 applicable to a confidential virtual machine and a PCIe device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510780014.8A CN120301713B (en) | 2025-06-12 | 2025-06-12 | Secure communication method, computing device and medium suitable for confidential virtual machine and PCIe device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510780014.8A CN120301713B (en) | 2025-06-12 | 2025-06-12 | Secure communication method, computing device and medium suitable for confidential virtual machine and PCIe device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN120301713A CN120301713A (en) | 2025-07-11 |
| CN120301713B true CN120301713B (en) | 2025-09-05 |
Family
ID=96267528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510780014.8A Active CN120301713B (en) | 2025-06-12 | 2025-06-12 | Secure communication method, computing device and medium suitable for confidential virtual machine and PCIe device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120301713B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118445223A (en) * | 2024-05-06 | 2024-08-06 | 深圳市机密计算科技有限公司 | A device virtualization method, system, terminal and storage medium across bus domains |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20240095059A1 (en) * | 2020-03-19 | 2024-03-21 | Red Hat, Inc. | Secure virtual machine and peripheral device communication |
| US20240072995A1 (en) * | 2022-08-31 | 2024-02-29 | Red Hat, Inc. | Secured peripheral device communication via bridge device in virtualized computer system |
| US20240143363A1 (en) * | 2022-10-26 | 2024-05-02 | Intel Corporation | Virtual machine tunneling mechanism |
| CN118445231B (en) * | 2024-05-06 | 2025-02-18 | 深圳市机密计算科技有限公司 | DMA access method for cross-bus domain device to host space and related equipment |
| CN118673496B (en) * | 2024-05-06 | 2025-06-17 | 深圳市机密计算科技有限公司 | Method, system, terminal and medium for secure use of virtual devices across bus domains |
-
2025
- 2025-06-12 CN CN202510780014.8A patent/CN120301713B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118445223A (en) * | 2024-05-06 | 2024-08-06 | 深圳市机密计算科技有限公司 | A device virtualization method, system, terminal and storage medium across bus domains |
Also Published As
| Publication number | Publication date |
|---|---|
| CN120301713A (en) | 2025-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102105760B1 (en) | Heterogeneous isolated execution for commodity gpus | |
| US9734355B2 (en) | System and method for an efficient authentication and key exchange protocol | |
| US12199959B2 (en) | Network bound encryption for orchestrating workloads with sensitive data | |
| CN104335548B (en) | A secure data processing device and method | |
| EP1761837B1 (en) | System and method for secure inter-platform and intra-platform communications | |
| US10360369B2 (en) | Securing sensor data | |
| EP2947594A2 (en) | Protecting critical data structures in an embedded hypervisor system | |
| CN104335549A (en) | Secure data processing | |
| CN113591135B (en) | Method and system for processing medical data | |
| CN101551784A (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| CN114238185B (en) | Direct storage access and command data transmission method, device and related equipment | |
| CN107391232A (en) | A kind of system level chip SOC and SOC systems | |
| CN116823585A (en) | Construction method of GPU trusted execution environment, GPU trusted computing execution method and device | |
| Ren et al. | Accshield: a new trusted execution environment with machine-learning accelerators | |
| US20210126776A1 (en) | Technologies for establishing device locality | |
| US20240073013A1 (en) | High performance secure io | |
| CN116048716A (en) | Direct storage access method and device and related equipment | |
| CN112257092B (en) | Data transmission control method, key management method, configuration method and related devices | |
| CN120301713B (en) | Secure communication method, computing device and medium suitable for confidential virtual machine and PCIe device | |
| CN117708832A (en) | High-performance heterogeneous trusted execution environment implementation method and system | |
| CN107609405B (en) | External secure memory device and system-on-chip SOC | |
| US12306767B2 (en) | Data transfer encryption mechanism | |
| CN118101201B (en) | DICE and pKVM-based privacy data protection system and method | |
| CN116226870B (en) | Security enhancement system and method | |
| WO2025011040A1 (en) | Data processing method, host machine, and virtual machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |