In many computer systems, a booting of the system occurs through a series of steps in which initialization is performed, self testing occurs, a basic input/output system (BIOS) is loaded and executed, and finally control may be passed off to an operating system (OS). In some systems, a so-called hypervisor (HV), which is a virtualization tool to enable execution of virtual machines on the platform hardware, can be present.
Some of these hypervisors may be third-party trusted hypervisors. In current late-launch trusted environments, several issues are raised. Specifically, such environments still depend on original equipment manufacturer (OEM) firmware, the trusted hypervisor is launched typically from an untrusted source, and the hypervisor is often not the first agent to launch. Oftentimes, hypervisors are launched from disk across a network, or other vulnerable media such that the HV image can be damaged or untrusted code inserted. Furthermore, a late launch from an untrusted disk does not offer delete protection.