1. Field
The present invention relates generally to computer security and trusted computing, and more specifically, to expanding locality in a computing system environment.
2. Description
Current security co-processor modules (such as trusted platform modules (TPMs), for example), provide support for the concept of locality. Locality typically means that there is an identification of a software environment present in a computing system corresponding with a “machine mode” of the system. Machine modes can include one or more of the version of microcode running on the system, regular macrocode (e.g., the Basic Input/Output System (BIOS), and a static operating system (OS)), a trusted operational environment (e.g., a hypervisor from a third party to support trusted execution technologies), and other hardware-driven indicia.
The security co-processor module is typically used to provide security operations for software running on the computing system. Binding of the software environment with the machine mode can be used to provide additional security. However, limiting system operations using only the machine mode binding may be insufficient in some circumstances.