Virtualization solutions, such as Intel® Virtualization Technology, allow a platform to run multiple operating systems and applications as independent virtual machines. Using virtualization capabilities, one computer system can function as multiple “virtual” systems. A key component of virtualization is the hypervisor (i.e. virtual machine manager). The hypervisor runs at a lower level in the software stack than each of the one or more virtual machines running on the platform. The hypervisor launches virtual machines and then, after launch, manages the virtual machines and their respective portions of platform resources.
Information within computer platforms are commonly subjected to attacks from hackers. Both the sophistication and frequency of computer attacks on computer systems have grown steadily in recent years. While firewall software, virus scanners, encryption software and other security software offer some protection, these software solutions can only do so much to protect against other, possibly malicious, software that is running at potentially a higher privilege level. Intel® Corporation's Safer Computing Initiative has been developed to address these security risks by providing a hardware hardened framework of security in a computer platform. A key to this hardware framework is Intel® Trusted Execution Technology, which provides hardware support for the creation of parallel, protected environments that enable a much higher level of protection for code execution and confidential information in software environments.
The hypervisor is a crucial component within a virtualized computer platform. Therefore, it is important to maintain the hypervisor's integrity and not allow a hypervisor compromised by an attack manage the virtual machines on a computer platform. Currently, a hypervisor could have its integrity measured at system boot, but this would not account for a runtime attack on the system that occurred well after boot.