The present invention relates to a method for generating a memory dump comprising data being generated by a virtual system in a trustable computing environment.
Computer system virtualization allows executing virtual systems in a protected environment of a virtual machine monitor. The virtual machine monitor is also called hypervisor. The virtual system is generated by a client system and provided for execution to the virtual machine monitor. The virtual machine monitor facilitates the protected environment provided from a trusted component as a runtime environment for the virtual system. Furthermore, the virtual machine monitor provides a guest memory as a logical portion of a memory of a system on which the virtual machine monitor is installed.
The data generated by the virtual system are stored in the guest memory. The data comprises non-accessible for the virtual machine monitor. Therefore, at least parts of the data are encrypted with a program key of the virtual system. Alternatively, or additionally, the non-accessible data may be stored in protected memory areas which are protected against access by the virtual machine monitor.
In summary, the virtual system is executed on the virtual machine monitor but the data managed and generated by the virtual system are protected against access of the virtual machine monitor. Therefore, a virtual system can be executed without having trust to the virtual machine monitor. The virtual machine monitor has no access permission to the data managed and processed by the virtual system.
In case an error or a problem occurs during execution of the virtual system, a copy of the data stored in the guest memory should be generated and provided to the client system in order to analyze the error or problem. The client system realizes that an error occurs and starts a minimal operating system in place. This operating system is configured for initiating a memory dump process. The memory dump is then provided to the client system.
Since the data are at least partly accessible by the hypervisor, the hypervisor is not able to generate a complete copy of the memory. Therefore, the memory dump has to be generated by the virtual machine system. If the virtual machine system is not able to start the minimal operation system for generating a memory dump, the memory dump cannot be generated.
Furthermore, there is no out-of-band control to the dump, for example via a user interface of the client system, the hypervisor or a service provider.
The above mentioned reasons lead to a degraded serviceability of the system compared to traditional system not using such protected schemes.