Various mechanisms exist for displaying data or graphics on a video console, or monitor, coupled to a computing device. Computing devices having virtualization technology architecture enable some applications to run in higher or lower privileged virtual machines, or virtual appliances.
Various mechanisms exist for enabling virtualization on a platform. Virtualization Technology (VT) may be implemented in a variety of ways on platforms, for instance, available from Intel Corporation. VT enables hardware based virtualization of operating systems. One platform is implemented such that the architecture is split into two virtualized operating systems: a service operating system (SOS) and a capability operating system (COS). The COS is typically the user environment, and the SOS typically executes operating system (OS) services, and the like. The SOS typically will run at the same privilege level as the COS OS. The SOS may also be called a “virtual appliance.” The COS represents the conventional user OS where the user runs applications. The SOS is typically a more constrained/contained partition which is protected against inadvertent software modifications, for instance, via downloads, etc. Hence the SOS is generally considered more secure than the COS. In a VT model having a SOS and COS, the platform may be limited to only one partition beyond the virtual appliance, or SOS, i.e., the COS. The SOS and COS may be the only partitions on this type of architecture. An Intel® vPRO™ Desktop PC supports a virtual appliance based architecture. All of the virtual appliances are secure, isolated virtual machines running on top of a virtual machine monitor (VMM). For performance reasons, the physical graphics driver in the vPRO™ platform runs in the user OS (COS) virtual machine. The virtual appliance sends data to the COS for display. In this type of system, the virtual appliance does not have a secure path to the display output. An approach taken using conventional software virtualization techniques is subject to COS-based mal-ware attacks when the physical graphics driver remains in the COS. Another approach is to achieve higher security by moving the physical graphics driver into the SOS and have all COS apps send graphics data through the SOS for display. In this scenario, all COS applications are subject to the potential performance degradation