CN113342467B - Virtual machine snapshot saving, reading methods, devices and related equipment - Google Patents

Abstract

Embodiments of the present application provide a virtual machine snapshot saving and reading method, device, and related equipment. The virtual machine snapshot saving method includes: generating TEK, and generating KEK; encrypting at least the TEK based on the KEK to obtain key encryption information; And, encrypt the snapshot content of the target virtual machine based on TEK to obtain the encrypted snapshot content of the target virtual machine; save the key encryption information and the encrypted snapshot content in the virtual machine snapshot of the target virtual machine, and the virtual machine snapshot Write to the virtual machine image file of the target virtual machine. The embodiments of this application can improve the security of virtual machine snapshots.

Description

Virtual machine snapshot saving, reading methods, devices and related equipment

Technical field

The embodiments of the present application relate to the field of virtual machine technology, and specifically relate to a method, device and related equipment for saving and reading virtual machine snapshots.

Background technique

Through virtualization technology (Virtualization), a physical host can virtualize multiple virtual machines (VirtualMachine, VM), thereby efficiently utilizing the hardware resources of the physical host. The virtualized virtual machine can allocate virtual machine memory in physical memory. The virtual machine memory of each virtual machine is mainly used for task consumption and support for virtualization.

The state of a virtual machine at a certain point in time can be saved through virtual machine snapshots for backup and recovery of virtual machine data. Therefore, when saving a virtual machine snapshot, a security protection solution for the virtual machine snapshot needs to be provided to improve the security of the virtual machine snapshot.

Contents of the invention

In view of this, embodiments of the present application provide a method, device, and related equipment for saving and reading virtual machine snapshots to improve the security of virtual machine snapshots.

To achieve the above objectives, embodiments of the present application provide the following technical solutions.

In the first aspect, embodiments of the present application provide a method for saving a virtual machine snapshot, which is applied to a security processor. The method includes:

Generate TEK, and generate KEK;

Encrypt at least TEK based on KEK to obtain key encryption information; and encrypt snapshot content of the target virtual machine based on TEK to obtain encrypted snapshot content of the target virtual machine;

The key encryption information and the encrypted snapshot content are saved in the virtual machine snapshot of the target virtual machine, and the virtual machine snapshot is written into the virtual machine image file of the target virtual machine.

In the second aspect, embodiments of the present application provide a method for reading a virtual machine snapshot, which is applied to a security processor. The method includes:

Obtain a virtual machine snapshot of the target virtual machine, where the virtual machine snapshot includes encrypted snapshot content and key encryption information;

Restore KEK;

Decrypt the key encryption information based on KEK to obtain TEK;

Decrypt the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine.

In a third aspect, embodiments of the present application provide a device for saving virtual machine snapshots, which is applied to a security processor. The device includes:

Key generation module, used to generate TEK and KEK;

The encryption module is used to encrypt at least TEK based on KEK to obtain key encryption information; and to encrypt the snapshot content of the target virtual machine based on TEK to obtain the encrypted snapshot content of the target virtual machine;

A saving module, configured to save the key encryption information and the encrypted snapshot content in a virtual machine snapshot of the target virtual machine, and write the virtual machine snapshot into the virtual machine image file of the target virtual machine.

In the fourth aspect, embodiments of the present application provide a virtual machine snapshot reading device, which is applied to a security processor. The device includes:

An acquisition module, configured to acquire a virtual machine snapshot of the target virtual machine, where the virtual machine snapshot includes encrypted snapshot content and key encryption information;

Recovery module, used to recover KEK;

A key decryption module, used to decrypt the key encryption information based on KEK to obtain TEK;

A snapshot decryption module is used to decrypt the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine.

In the fifth aspect, embodiments of the present application provide a security processor configured to perform the virtual machine snapshot saving method as described in the first aspect, and the virtual machine snapshot reading as described in the second aspect. method.

In a sixth aspect, embodiments of the present application provide an electronic device, including the security processor described in the fifth aspect.

The virtual machine snapshot saving method provided by the embodiment of the present application can use the security processor to generate the TEK used to encrypt the snapshot content, and the KEK used to encrypt the TEK; thus, when it is necessary to save the virtual machine snapshot of the target virtual machine, the security processor The snapshot content of the target virtual machine can be encrypted based on TEK to obtain the encrypted snapshot content of the target virtual machine. In order to realize the encryption protection of TEK, the security processor can also encrypt at least TEK based on KEK to obtain key encryption information. Furthermore, the encrypted snapshot content and key encryption information can be saved in the virtual machine snapshot of the target virtual machine, and the virtual machine snapshot can be written into the virtual machine image file of the target virtual machine, so as to save the virtual machine snapshot of the target virtual machine. It can be seen that the virtual machine snapshot saving method provided by the embodiment of the present application can save the snapshot content in the form of ciphertext in the virtual machine snapshot, reducing the situation of stealing virtual machine-related configuration and data through the virtual machine snapshot content, and effectively reducing the number of virtual machine snapshots. The virtual machine data has been tampered with. At the same time, by saving at least the encryption key information obtained by encrypting the TEK in the virtual machine snapshot, the security protection of the TEK can be achieved, and when the virtual machine snapshot is subsequently read, the TEK can be restored by decrypting the encryption key information, so as to Implement decryption and reading of encrypted snapshot content.

Description of drawings

In order to explain the embodiments of the present application or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only This is an embodiment of the present application. For those of ordinary skill in the art, other drawings can be obtained based on the provided drawings without exerting creative efforts.

Figure 1a is a schematic diagram of the system architecture of virtualization technology.

Figure 1b is a schematic diagram of the system architecture of secure virtualization technology.

Figure 2a is a flow chart of a virtual machine snapshot saving method provided by an embodiment of the present application.

Figure 2b is a schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application.

Figure 3a is a flow chart for generating KEK provided by the embodiment of the present application.

Figure 3b is another schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application.

Figure 3c is another schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application.

Figure 3d is a flow chart for integrity protection of key encryption information according to an embodiment of the present application.

Figure 3e is another schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application.

Figure 4a is a flow chart for integrity protection of policy information of a target virtual machine according to an embodiment of the present application.

Figure 4b is another schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application.

Figure 4c is yet another schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application.

Figure 5 is another flowchart of a virtual machine snapshot saving method provided by an embodiment of the present application.

Figure 6a is a flow chart of a virtual machine snapshot reading method provided by an embodiment of the present application.

Figure 6b is another flow chart of a virtual machine snapshot reading method provided by an embodiment of the present application.

Figure 7 is a block diagram of a virtual machine snapshot saving device provided by an embodiment of the present application.

Figure 8 is a block diagram of a virtual machine snapshot reading device provided by an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, rather than all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this application.

Figure 1a exemplarily shows a schematic diagram of the system architecture of virtualization technology. As shown in Figure 1a, the system architecture may include: CPU (Central Processing Unit, central processing unit) 110, memory controller 120, physical memory 130 and storage Media 140 (storage media such as disks).

The CPU 110 can configure the virtual machine platform 111 (such as a virtual machine manager) through software, and virtualize multiple virtual machines 112 through virtualization technology. The multiple virtual machines can be managed by a virtual machine platform. For example, the virtual machine platform manages the virtual machine memory of the virtual machines in the physical memory 130 .

The memory controller 120 is hardware that controls the physical memory 130 and enables data exchange between the physical memory 130 and the CPU 110 . Some or all of the physical memory 130 may serve as virtual machine memory allocated for the virtual machine.

The storage medium 140 may store a virtual machine snapshot of the virtual machine to save the state of the virtual machine 120 at a certain point in time. In some embodiments, the virtual machine snapshot mainly includes snapshot content, which can describe the state of the virtual machine at a certain point in time; and the virtual machine snapshot can be included in the virtual machine image file of the storage medium 140, that is, the virtual machine A snapshot is the snapshot part of a virtual machine image file.

When saving a virtual machine snapshot, the snapshot content of the virtual machine snapshot is mainly saved to the virtual machine image file; when reading the virtual machine snapshot, the snapshot content of the virtual machine snapshot is mainly read from the virtual machine image file. . In some embodiments, the storage medium 140 can store the image header (Image Header) of the virtual machine image file. The virtual machine platform 111 can obtain the snapshot header (snapshot header) by parsing the image file header, and then parsing the snapshot header (snapshot header). header) to obtain a virtual machine snapshot.

In some embodiments, the image file header may be saved at the beginning of the virtual machine image file. In other embodiments, the image file header may not be stored at the beginning of the virtual machine image file, but the image file header may be stored separately from the virtual machine image file. When the image file header and the virtual machine image file are stored separately, you can use database files, configuration files and other files to record the mapping relationship or correspondence between the image file header and the virtual machine image file, so that when reading the virtual machine snapshot , the image file header of the virtual machine image file can be found through the mapping relationship or correspondence relationship recorded in the file. That is to say, in a possible implementation, the image file header can be obtained by reading the image file header from the beginning of the virtual machine image file or other storage locations (in the case where the image file header is stored separately from the virtual machine image file). The format, version, size, disk sector mapping information, disk sector reference information, number of virtual machine snapshots, snapshot header offset and other information of the corresponding virtual machine image file.

It can be seen that the virtual machine platform 111 can obtain the snapshot header offset by parsing the image file header; thereby finding the snapshot header in the storage medium based on the snapshot header offset; and then further obtaining the virtual file based on the content of the snapshot header. Machine snapshot. Among them, the snapshot header can correspond to the virtual machine snapshot format, size, version, disk sector mapping information, disk sector reference information, virtual machine status information, etc.

It should be noted that in the same way that the image file header and the virtual machine image file can be stored separately, the snapshot header offset and other contents can also be stored separately from the image file header, and the snapshot header offset can be recorded through database files, configuration files and other files. The mapping relationship or corresponding relationship between the quantity and the image file header. Similarly, the content corresponding to the snapshot header, the content corresponding to the virtual machine snapshot, etc. can also be stored separately from the snapshot header and virtual machine snapshot, and the mapping relationship or corresponding relationship can be recorded through similar files.

In another possible implementation, the virtual machine snapshot may also be stored in the physical memory 130 and is not limited to being stored in the storage medium 140 . For example, to speed up reading and writing, the virtual machine image file may be stored in the physical memory 130 .

Since a virtual machine snapshot saves the state of the virtual machine at a certain point in time (such as the virtual machine's hardware status, software status, operating system status, file system status, memory status, etc.) at a certain point in time, if the virtual machine snapshot is If stored in clear text, attackers (such as malware in the physical host) can easily obtain the configuration and data related to the virtual machine through the virtual machine snapshot, thereby monitoring, copying, stealing or tampering with the virtual machine data. It can be seen that saving virtual machine snapshots in plain text has great security risks. It is necessary to provide a security protection solution for virtual machine snapshots to encrypt and save virtual machine snapshots to improve the security of virtual machine snapshots.

In some embodiments, secure virtualization technology can be used to securely protect virtual machine data in the virtual machine memory. On the basis of secure virtualization technology, embodiments of the present application can achieve encrypted storage of virtual machine snapshots through technical improvements. Figure 1b exemplarily shows a schematic diagram of the system architecture of the secure virtualization technology. Combined with what is shown in Figure 1a and Figure 1b, compared with the system architecture shown in Figure 1a, the system architecture shown in Figure 1b can also include: a security processor (Platform SecureProcessor, PSP) 150. The security processor 150 is specially configured for security virtualization technology. The processor responsible for data security.

As shown in Figure 1b, the virtual machine platform 111 can configure an API (Application Programming Interface, application program interface) interface to communicate with the security processor 150 to realize data interaction between the virtual machine platform 111 and the security processor 150. At the same time, the memory controller 120 can be configured with an encryption and decryption engine 121. The encryption and decryption engine 121 can store the VEK (VM Encryption Key, virtual machine encryption key) corresponding to each virtual machine to store the virtual machine encryption key of each virtual machine in the virtual machine memory. Data is encrypted and decrypted to achieve security protection of virtual machine data. For example, when the virtual machine data of the virtual machine needs to be read into the memory, the encryption and decryption engine 121 can use the corresponding VEK to encrypt, and when the virtual machine data of the virtual machine needs to be sent from the memory to the CPU for processing, the encryption and decryption engine 121 The corresponding VEK can be used for decryption.

In secure virtualization technology, different virtual machines can correspond to different VEKs, and the VEKs corresponding to each virtual machine can be allocated and managed by the security processor 150 and stored in the encryption and decryption engine 121 . For example, the security firmware running in the security processor 150 can complete the management of VEK to ensure that after the virtual machine data in the physical memory is encrypted, only the virtual machine itself can access it, and neither the virtual machine platform nor other virtual machines can access it.

Secure virtualization technology is a technology used to securely protect virtual machine data in virtual machine memory. It is currently not suitable for encrypting and protecting virtual machine snapshots. Based on this, the embodiment of the present application is based on the secure virtualization technology and improves the technology, so that the secure virtualization technology supports encryption and protection of virtual machine snapshots.

As an optional implementation, FIG. 2a exemplarily shows an optional flow chart of the virtual machine snapshot saving method provided by the embodiment of the present application. In some embodiments, this process may be executed by a secure processor (eg, secure firmware in the secure processor) in conjunction with the virtual machine platform. As shown in Figure 2a, the process may include the following steps.

In step S210, the security processor generates a TEK (Transport Encryption Key).

TEK is an encryption key used in this embodiment of the present application to encrypt the snapshot content of a virtual machine. It can encrypt and protect data transmission between the security processor and the virtual machine user. The TEK can be generated by the security processor. It should be noted that TEK is not equivalent to the VEK allocated by the security processor to the virtual machine. In some embodiments, the embodiments of the present application can use TEK to encrypt the snapshot contents of multiple virtual machines respectively, and the virtual machine data in the memory of the virtual machine is encrypted using the VEK corresponding to the virtual machine.

In some embodiments, the security processor may generate the TEK via a hardware true random number generator. A hardware true random number generator is a device that generates random numbers from a physical process rather than a computer program. For example, the security processor can generate TEK based on random numbers generated by a hardware true random number generator. In some optional implementations, the TEK can be in the form of an SM4 key. For example, the security processor can generate an SM4 key based on the random number generated by the hardware true random number generator to obtain the TEK.

In step S211, the security processor generates a KEK (Key Encryption Key).

KEK is a key used to encrypt the key in this embodiment of the application to ensure the security of the key. The TEK can be generated by a security processor. In this embodiment of the present application, the KEK can at least encrypt the TEK generated in step S210 to ensure the security of the TEK.

In some embodiments, the security processor may generate a KEK based at least on the key agreement information. The key agreement information may be information used by the security processor to negotiate keys.

As an optional implementation, step S210 and step S211 can be executed simultaneously, and the two steps can be executed in no particular order.

In step S212, the security processor encrypts at least TEK based on KEK to obtain key encryption information (WRAP_TK).

In some embodiments, the security processor may directly encrypt at least TEK based on KEK to obtain key encryption information (WRAP_TK). In other embodiments, the security processor may encrypt at least the TEK based on the KEK and the first random number (WARP_IV) generated by the hardware true random number generator to obtain the key encryption information (WRAP_TK). Optionally, the first random number (WARP_IV) is different from the random number used to generate TEK.

In step S213, the security processor encrypts the snapshot content of the target virtual machine based on the TEK to obtain the encrypted snapshot content of the target virtual machine.

The target virtual machine can be considered as the virtual machine that currently needs to save the virtual machine snapshot. In some embodiments, the security processor can directly encrypt the snapshot content of the target virtual machine based on TEK to obtain the encrypted snapshot content of the target virtual machine. In other embodiments, the security processor may encrypt the snapshot content of the target virtual machine based on the TEK and the first random number (WARP_IV) to obtain the encrypted snapshot content of the target virtual machine. In an optional implementation, the snapshot contents of the target virtual machine may be transmitted by the virtual machine platform to the security processor. For example, the virtual machine platform can determine the status of the target virtual machine at a certain point in time, thereby obtaining snapshot content describing the status, and transmit the snapshot content to the security processor.

When saving the virtual machine snapshot of the target virtual machine, the security processor not only uses TEK to encrypt the snapshot content of the target virtual machine to obtain the encrypted snapshot content of the target virtual machine, but also provides TEK security protection. That is, the security processor can also use KEK to encrypt at least TEK to obtain key encryption information. For the convenience of subsequent explanation, the key encryption information can be referred to as WRAP_TK.

It should be noted that after the embodiment of this application completes saving the virtual machine snapshot and destroying the TEK, due to the randomness of the hardware true random number generator, the security processor may not be able to repeat the generation and steps through the hardware true random number generator. The same TEK in S210. Therefore, in order to ensure that the encrypted snapshot content of the target virtual machine can be decrypted when reading the virtual machine snapshot of the target virtual machine later, the embodiment of this application can combine the key encryption information (WRAP_TK) and the encrypted snapshot. The content is saved in the virtual machine snapshot of the target virtual machine; thus, the subsequent security processor can decrypt the key encryption information (WRAP_TK) in the virtual machine snapshot by restoring the KEK, and obtain the TEK used to encrypt the snapshot content, and then Use TEK to decrypt the contents of encrypted snapshots. For the above considerations, in addition to encrypting the snapshot content of the target virtual machine based on TEK, the embodiment of the present application also encrypts at least TEK based on KEK, and subsequently saves the key encryption information (WRAP_TK) and the encrypted snapshot content in the target. In the virtual machine snapshot of the virtual machine. In some further embodiments, if the first random number (WARP_IV) is used in combination when obtaining the key encryption information (WRAP_TK) and/or obtaining the encrypted snapshot content, then the embodiment of the present application may also use the first random number ( WARP_IV) is saved in clear text in the virtual machine snapshot.

In some embodiments, when the target virtual machine needs to save a virtual machine snapshot, the virtual machine platform can pause the running target virtual machine, and then the security processor encrypts the snapshot content of the target virtual machine and stores it in the target virtual machine. After the virtual machine snapshot is saved, the virtual machine platform resumes running the target virtual machine.

As an optional implementation, step S212 and step S213 can be executed simultaneously, and the two steps can be executed in no particular order.

In step S214, the security processor transmits at least the key encryption information (WRAP_TK) and the encrypted snapshot content to the virtual machine platform.

In step S215, the virtual machine platform saves at least the key encryption information (WRAP_TK) and the encrypted snapshot content in the virtual machine snapshot of the target virtual machine.

After the security processor obtains the key encryption information (WRAP_TK) and the encrypted snapshot content, embodiments of the present application may save the key encryption information (WRAP_TK) and the encrypted snapshot content in the virtual machine snapshot of the target virtual machine. In some embodiments, the security processor may transmit the key encryption information (WRAP_TK) and the encrypted snapshot content to the virtual machine platform, so that the virtual machine platform saves the key encryption information (WRAP_TK) and the encrypted snapshot content in the target virtual machine. in the virtual machine snapshot. In some further embodiments, the virtual machine platform can write the virtual machine snapshot of the target virtual machine into the virtual machine image file of the target virtual machine to save the virtual machine snapshot.

Of course, it is only an optional method for the virtual machine platform to save the key encryption information (WRAP_TK) and the encrypted snapshot content in the virtual machine snapshot of the target virtual machine. The security processor supports physical memory and storage media (such as disks). In the case of data reading, in the embodiment of the present application, the security processor can also directly save the key encryption information (WRAP_TK) and the encrypted snapshot content in the virtual machine snapshot of the target virtual machine, without having to save it by the virtual machine platform; Furthermore, in this embodiment of the present application, the security processor can also write the virtual machine snapshot into the virtual machine image file to achieve saving of the virtual machine snapshot.

That is to say, in the embodiment of the present application, the data (such as key encryption information and encrypted snapshot content, etc.) is saved in the virtual machine snapshot. The security processor can save the data in the virtual machine snapshot through the virtual machine platform, or it can be The security processor saves data directly in the virtual machine snapshot.

In some embodiments, when the virtual machine snapshot is written into the virtual machine image file to save the virtual machine snapshot, the embodiment of the present application can update the image file header of the virtual machine image file (for example, update the snapshot number and snapshot header offset). ), and generate a snapshot header.

To facilitate understanding, Figure 2b shows an optional schematic diagram of the data structure of a virtual machine snapshot provided by an embodiment of the present application. Combining Figure 2b and Figure 1a, it can be seen that the virtual machine snapshot saved in the embodiment of the present application at least includes encrypted snapshot content and key encryption information (WRAP_TK); where the encrypted snapshot content can be the snapshot content of the target virtual machine. Encryption protection reduces the theft of virtual machine-related configuration and data caused by the snapshot content of the target virtual machine being saved in clear text, which can effectively reduce the tampering of virtual machine data of the target virtual machine; key encryption information At least the TEK of the encrypted snapshot content can be encrypted and protected, so that when reading the virtual machine snapshot later, the TEK can be obtained by decrypting the key encryption information, so as to realize the decryption and reading of the subsequent encrypted snapshot content.

The virtual machine snapshot saving method provided by the embodiment of the present application can use the security processor to generate the TEK used to encrypt the snapshot content, and the KEK used to encrypt the TEK; thus, when it is necessary to save the virtual machine snapshot of the target virtual machine, the security processor The snapshot content of the target virtual machine can be encrypted based on TEK to obtain the encrypted snapshot content of the target virtual machine. In order to realize the encryption protection of TEK, the security processor can also encrypt at least TEK based on KEK to obtain key encryption information. Furthermore, the encrypted snapshot content and key encryption information can be saved in the virtual machine snapshot of the target virtual machine, and the virtual machine snapshot can be written into the virtual machine image file of the target virtual machine, so as to save the virtual machine snapshot of the target virtual machine. It can be seen that the virtual machine snapshot saving method provided by the embodiment of the present application can save the snapshot content in the form of ciphertext in the virtual machine snapshot, reducing the situation of stealing virtual machine-related configuration and data through the virtual machine snapshot content, and effectively reducing the number of virtual machine snapshots. The virtual machine data has been tampered with. At the same time, by saving at least the encryption key information obtained by encrypting the TEK in the virtual machine snapshot, the security protection of the TEK can be achieved, and when the virtual machine snapshot is subsequently read, the TEK can be restored by decrypting the encryption key information, so as to Implement decryption and reading of encrypted snapshot content.

In some embodiments, the security processor may generate a KEK based at least on the key agreement information. As an optional implementation, Figure 3a shows an optional implementation flow chart for generating a KEK. This process can be implemented by the security processor, as shown in Figure 3a. The process can include the following steps.

In step S310, the security processor determines the public key based on the key agreement information and using the key agreement standard.

In some embodiments, the key agreement information may include key agreement private key information, and key agreement public key information. The key agreement private key information may be a private key used for key agreement that is privately used by the security processor, and the key agreement public key information may be a public key used for key agreement that can be disclosed to the outside world.

In some embodiments, the key agreement private key information may include at least the security certificate private key of the security processor, and the key agreement public key information may at least include the security certificate public key of the security processor. For example, the security certificate of the security processor may be a PDH (Platform Diffie-Hellman key exchange protocol/algorithm) certificate; the PDH certificate may include the PDH certificate private key and the PDH certificate public key used for key negotiation. The PDH certificate private key can be considered as an optional form of the above-mentioned security certificate private key, and the PDH certificate public key can be considered as an optional form of the above-mentioned security certificate public key. In an optional implementation, the security processor may determine the public key using a key agreement standard based on at least the security processor's security certificate private key (such as the PDH certificate private key) and the security certificate public key (such as the PDH certificate public key). .

In some further embodiments, the security processor can also combine the random private key and the random public key of the key agreement standard to determine the public key; thus, the key agreement private key information can also include the random private key of the key agreement standard. The private key and key agreement public key information may also include a random public key of the key agreement standard. In an optional implementation example, the security processor can negotiate the public key based on key agreement standards such as SM2; taking the SM2 key agreement standard as an example, the random private key of the key agreement standard can be an SM2 random private key. The key, the random public key of the key agreement standard can be the SM2 random public key.

As an optional implementation, in the case where the public key is determined based on the security certificate of the security processor and the key agreement standard (such as the SM2 key agreement standard), the key agreement private key information in the key agreement information may include the security process The security certificate private key of the security processor and the random private key of the key agreement standard; the key agreement public key information in the key agreement information may include the security certificate public key of the security processor and the random public key of the key agreement standard. For example, taking the use of PDH certificate and SM2 key agreement standard as an example, the security processor can use the SM2 key agreement standard to determine the public key based on the PDH certificate private key, PDH certificate public key, SM2 random private key and SM2 random public key. key.

In step S311, the security processor derives a master secret based on the public key.

In some embodiments, the security processor may use a key derivation algorithm (Key Derivation Function, KDF) to derive the master key from the public key.

In step S312, the security processor derives a KEK based on the master key.

In the embodiment of this application, KEK is a key used to encrypt the key to ensure the security of the key. In some embodiments, the KEK may be an SM4 key. For example, the security processor can derive the SM4 key from the master key to generate the KEK.

As can be seen from the process shown in Figure 3a, the security processor can first determine the public key based on the key agreement information and the key agreement standard; then, derive the master key based on the public key; thus, based on the master key Derive KEK. That is to say, generating a KEK can cover the process of negotiating a public key based on key agreement information, deriving a master key based on the public key, and deriving a KEK based on the master key. Of course, the process of generating KEK shown in Figure 3a is only an optional implementation, and the embodiment of the present application can also support other possible processes of generating KEK based on key agreement information.

In some embodiments, since the embodiments of the present application store the encryption key information in the virtual machine snapshot, and the encryption key information is obtained by encrypting at least TEK by KEK, the KEK is generated based on the key agreement information. In this case, the embodiment of the present application can save the public key information of the key agreement in the key agreement information that can be disclosed to the outside world (such as the security certificate public key of the security processor and the random public key of the key agreement standard) in the virtual machine snapshot. middle. Based on the above operations, when reading the virtual machine snapshot later, by deriving the key negotiation public key information from the virtual machine snapshot, the security processor can restore the KEK in combination with the key negotiation private key information saved by itself, thereby realizing the use of the KEK The encryption key information in the virtual machine snapshot is decrypted to recover the TEK; the recovered TEK can then be used to decrypt the encrypted snapshot content in the virtual machine snapshot to decrypt and read the encrypted snapshot content.

Based on the above considerations, in some embodiments, embodiments of the present application may save the key agreement public key information in the virtual machine snapshot of the target virtual machine. In an optional implementation, the security processor may transmit the key negotiation public key information to the virtual machine platform, and the virtual machine platform saves the key negotiation public key information in a virtual machine snapshot of the target virtual machine. Of course, embodiments of the present application may also support the security processor to save the key negotiation public key information in the virtual machine snapshot of the target virtual machine. As an implementation example, when the virtual machine snapshot already has encrypted snapshot content and encryption key information saved in ciphertext, the key negotiation public key information can be saved in the virtual machine snapshot in clear text. For example, the virtual machine snapshot can be further set with additional information that saves the information in plain text, and the key agreement public key information can be written into the additional information to be saved in the virtual machine snapshot.

To facilitate understanding, FIG. 3b shows another optional schematic diagram of the data structure of the virtual machine snapshot provided by the embodiment of the present application. Combining Figure 2b and Figure 3b, it can be seen that in addition to the encrypted snapshot content and key encryption information in the form of ciphertext, the virtual machine snapshot saved in the embodiment of the present application also includes additional information in the form of plaintext; key negotiation Public key information can be written into additional information to save the key negotiation public key information in the virtual machine snapshot.

In some further embodiments, if the security processor is based on the KEK and the first random number (WARP_IV) generated by the hardware true random number generator, at least the TEK is encrypted to obtain the key encryption information (WRAP_TK); due to the hardware To ensure the randomness of the true random number generator, the embodiment of this application can also save the first random number (WARP_IV) in the additional information of the virtual machine snapshot, so that the subsequent security processor can write it in the KEK and additional information restored by itself. The first random number (WARP_IV) is used to decrypt the key encryption information (WRAP_TK). In some possible embodiments, the first random number (WARP_IV) can also be used in combination with TEK to encrypt the snapshot content of the target virtual machine to obtain the encrypted snapshot content. It is worth noting that the first random number (WARP_IV) is different from the random number used to generate the TEK, so saving the first random number (WARP_IV) in clear text in the virtual machine snapshot will not lead to the leakage of the information used to generate the TEK.

Figure 3c shows another optional schematic diagram of the data structure of the virtual machine snapshot provided by the embodiment of the present application. The data structure shown in Figure 3c is based on Figure 3b, and further writes a first random number in the additional information. (WARP_IV). In an optional implementation, the security processor may transmit the first random number (WARP_IV) to the virtual machine platform, and the virtual machine platform saves the first random number (WARP_IV) in additional information of the virtual machine snapshot. Of course, the embodiment of the present application can also support the security processor to directly write the first random number (WARP_IV) into the additional information of the virtual machine snapshot. It should be noted that when the security processor supports reading and writing of physical memory and storage media (such as disks), any data reading and writing of virtual machine snapshots implemented by the virtual machine platform in the embodiment of this application can be replaced by the security processor. Implementation, alternative implementations of the same nature will not be further described below. That is to say, in the embodiment of this application, data is written into the virtual machine snapshot, which can be implemented by the security processor through the virtual machine platform, or directly by the security processor.

In some embodiments, the embodiments of the present application can also support integrity protection of the key encryption information (WRAP_TK), so that when the virtual machine snapshot is read later, it can be detected whether the key encryption information saved in the virtual machine snapshot is Complete. If it is detected that the key encryption information is incomplete, the embodiment of the present application can confirm that the key encryption information is damaged when saving in the virtual machine snapshot, and the reading of the virtual machine snapshot can be terminated. Based on this, embodiments of the present application can achieve integrity protection of the key encryption information (WRAP_TK) by generating a KIK (KeyIntegrity Key). As an optional implementation, Figure 3d shows an optional implementation flow chart for integrity protection of key encryption information according to the embodiment of the present application. The process shown in Figure 3d can be implemented by the security processor. As shown in Figure 3d, the process can include the following steps.

In step S320, the security processor generates a KIK.

In the embodiment of this application, KIK is a key used to ensure key integrity.

As an optional implementation, the security processor may derive the KIK based on the master key generated in step S311. In some embodiments, although both KEK and KIK can be derived from the master key, the key types of KEK and KIK can be different; the security processor can derive different types of keys through the master key to obtain KEK and KIK. For example, the KEK can be an SM4 key, and the KIK can be an HMAC (Hash-based Message Authentication Code)-SM3 key; the security processor can derive the SM4 key through the master key to generate the KEK; Security The processor can derive the HMAC-SM3 key from the master key and generate the KIK.

Of course, the embodiment of the present application can also support other methods of generating KIK, and is not limited to deriving KIK from the master key. Essentially, KIK is a key used to ensure key integrity. The embodiment of the present application can support any key that can ensure key integrity as a KIK.

In step S321, the security processor performs integrity protection on the key encryption information (WRAP_TK) based on the KIK to obtain the key integrity protection information (WRAP_MAC).

Due to the need for integrity protection of key encryption information in virtual machine snapshots, the security processor can use KIK to perform integrity protection on the key encryption information (WRAP_TK) to obtain the key corresponding to the key encryption information (WRAP_TK). Integrity protection information (WRAP_MAC). In some embodiments, the security processor may calculate the HMAC of the key encryption information (WRAP_TK) based on the KIK to obtain the key integrity protection information (WRAP_MAC).

In some further embodiments, the key integrity protection information (WRAP_MAC) may be saved in the virtual machine snapshot of the target virtual machine in clear text form. For example, the security processor may transmit the key integrity protection information (WRAP_MAC) to the virtual machine platform, and the virtual machine platform writes the key integrity protection information (WRAP_MAC) into additional information of the virtual machine snapshot. To facilitate understanding, Figure 3e shows another optional schematic diagram of the data structure of the virtual machine snapshot provided by the embodiment of the present application. Combining Figure 3e and Figure 3c, it can be seen that the key integrity protection information (WRAP_MAC) is also written in the additional information of the virtual machine snapshot, so that when the virtual machine snapshot is read later, the key integrity protection information in the virtual machine snapshot can be read. Check the integrity of the saved key encryption information (WRAP_TK).

In some embodiments, the policy information of the target virtual machine is valid throughout the entire life cycle of the target virtual machine and cannot be changed. Therefore, it is necessary to ensure that the policy information of the target virtual machine is not changed when the virtual machine snapshot is saved and read. . Based on this, embodiments of the present application can also perform integrity protection on the policy information of the target virtual machine. Then, when reading the virtual machine snapshot of the target virtual machine later, if the policy information of the target virtual machine is detected to be incomplete, it can be confirmed that the policy information of the target virtual machine was changed during the process of saving the virtual machine snapshot to reading, and it can be confirmed that the policy information of the target virtual machine was changed. Terminates subsequent reads of the virtual machine snapshot of the target virtual machine. It should be noted that the policy information of the virtual machine may be enforced by the security processor (for example, security firmware in the security processor) and restrict the configuration and operation commands that the virtual machine management program is allowed to execute on the virtual machine.

As an optional implementation, the security processor can generate a TIK (Transport Integrity Key) to achieve integrity protection of the policy information of the target virtual machine. Figure 4a shows an optional implementation flow chart for integrity protection of the policy information of the target virtual machine according to this embodiment of the present application. The process shown in Figure 4a can be implemented by the security processor. As shown in Figure 4a, the process can include the following steps.

In step S410, the security processor generates a TIK.

TIK is a key used in the embodiment of this application to ensure data integrity.

In some embodiments, the security processor may generate the TIK via a hardware true random number generator. For example, the security processor can generate a TIK based on random numbers generated by a hardware true random number generator. In an optional implementation, although both the TEK generated by the security processor in step S210 and the TIK generated in step S410 can be generated by a hardware true random number generator, the key types of the TEK and TIK can be different; the security processor can use A hardware true random number generator generates different types of keys to derive TEK and TIK. For example, the TEK can be an SM4 key, and the security processor can generate the SM4 key through a hardware true random number generator to obtain the TEK. For example, the TIK can be an HMAC-SM3 key, and the security processor can generate the HMAC-SM3 key through a hardware true random number generator to obtain the TIK.

Of course, the embodiments of the present application may also support other methods of generating TIK, and are not limited to generating TIK by the security processor through a hardware true random number generator. TIK is essentially a key used to ensure data integrity. Any key that can support data integrity protection can be used as a TIK.

In step S411, the security processor obtains policy information of the target virtual machine.

In some embodiments, policy information for the target virtual machine may be transmitted by the virtual machine platform to the security processor.

In step S412, the security processor performs integrity protection on the policy information based on TIK to obtain policy integrity protection information (POLICY_MAC).

In some embodiments, the security processor may calculate the HMAC of the policy information of the target virtual machine based on the TIK to obtain the policy integrity protection information (POLICY_MAC).

In some further embodiments, the policy integrity protection information (POLICY_MAC) may be stored in the virtual machine snapshot of the target virtual machine in clear text form. For example, the security processor may transmit the policy integrity protection information (POLICY_MAC) to the virtual machine platform, and the virtual machine platform writes the policy integrity protection information (POLICY_MAC) into additional information of the virtual machine snapshot. To facilitate understanding, Figure 4b shows yet another optional schematic diagram of the data structure of the virtual machine snapshot provided by the embodiment of the present application. Combining Figure 3e and Figure 4b, it can be seen that the additional information of the virtual machine snapshot also contains policy integrity protection information (POLICY_MAC), so that when the virtual machine snapshot is read later, the policy of the target virtual machine can be verified. Check the integrity of the information.

In some further embodiments, the security processor can also perform integrity protection on the encrypted snapshot content based on the TIK to obtain the integrity protection information of the encrypted snapshot. For example, the security processor calculates the HMAC corresponding to the encrypted snapshot content based on TIK to obtain the integrity protection information of the encrypted snapshot. This encrypted snapshot integrity protection information may also be stored in additional information. Further combined with what is shown in Figure 4b, the encrypted snapshot integrity protection information can also be stored in the additional information.

In some further embodiments, the embodiments of the present application may also save the policy information of the target virtual machine in the virtual machine snapshot of the target virtual machine. For example, the security processor may transmit the policy information of the target virtual machine to the virtual machine platform, and the virtual machine platform writes the policy information of the target virtual machine into additional information of the virtual machine snapshot.

In some further embodiments, the embodiments of the present application can also encrypt and protect the TIK, so that when the virtual machine snapshot is subsequently read, the encrypted TIK can be restored to detect the integrity of the policy information of the target virtual machine. Encrypts the integrity of snapshot contents. In an optional implementation, since both TEK and TIK are generated by the security processor using a hardware true random number generator, the TIK can be used as part of the encrypted content in the key encryption message (WRAP_TK). In some embodiments, when generating the key encryption information (WRAP_TK), the security processor may encrypt the entire TEK and TIK based on the KEK to obtain the key encryption information (WRAP_TK). For example, the security processor can encrypt the TEK and TIK as a whole based on the KEK and the first random number (WARP_IV) generated by the hardware true random number generator to obtain the key encryption information (WRAP_TK). Based on this, the key encryption information (WRAP_TK) saved in the virtual machine snapshot of the target virtual machine may be the encrypted information of TEK and TIK as a whole. To facilitate understanding, Figure 4c shows yet another optional schematic diagram of the data structure of the virtual machine snapshot provided by the embodiment of the present application. Combining Figure 4c and Figure 4b, it can be seen that the key encryption information (WRAP_TK) of the virtual machine snapshot is the encrypted information of TEK and TIK as a whole. Correspondingly, the key integrity protection information (WRAP_MAC) may be the key encryption information (WRAP_TK) that encrypts the TEK and TIK as a whole for integrity protection.

It should be noted that, on the basis of the process shown in Figure 2a, the embodiment of this application further provides means for generating a KEK based on key agreement information, means for protecting the integrity of key encryption information, and means for ensuring the integrity of the policy information of the target virtual machine. Sexual protection means can be regarded as optional means. The embodiments of the present application can choose to use one or more of the above means according to the actual situation. Correspondingly, the information saved in the virtual machine snapshot can be adjusted accordingly. For example, if you choose an integrity protection method that does not use key encryption information, the key integrity protection information (WRAP_MAC) does not need to be saved in the virtual machine snapshot. The same derivation can be made in other cases, which will not be further elaborated here. Of course, the use of integrity protection means for key encryption information, integrity protection means for policy information of the target virtual machine, etc. can make the solution provided by the embodiments of this application more complete and improve the security of virtual machine snapshot saving and subsequent reading. nature, but this is only a further technical improvement method based on the process shown in Figure 2a, rather than a necessary means.

In some further embodiments, after the virtual machine snapshot of the target virtual machine is saved, for example, after the virtual machine snapshot of the target virtual machine is written to the virtual machine image file, the security processor can destroy the relevant data generated during the process of saving the virtual machine snapshot. Keys, such as TEK, TIK, KEK and KIK, can be destroyed by the secure processor.

In some further embodiments, if the security processor generates a KEK during the key negotiation process based on the key agreement information, the security processor may convert the key digest generated during the key negotiation (e.g., according to the SM2 key The key digest calculated by the negotiation standard) is transmitted to the virtual machine platform; the virtual machine platform checks the security processor's key negotiation process based on the key digest, and then the security processor takes a snapshot of the target virtual machine. The content is encrypted and the encrypted snapshot content is saved to the virtual machine snapshot. For example, the virtual machine platform can recalculate the key digest and compare the recalculated key digest with the key digest transmitted by the security processor. If the comparison is consistent, the key negotiation process of the security processor is successful. If the pair is inconsistent, the key negotiation process of the security processor fails. When the key negotiation process of the security processor fails, embodiments of the present application can terminate subsequent operations such as encrypting the snapshot content and saving the encrypted snapshot content to the virtual machine snapshot.

As an optional implementation, FIG. 5 shows another optional flow chart of the virtual machine snapshot saving method provided by the embodiment of the present application. The process shown in Figure 5 can describe the virtual machine snapshot saving solution in technical details. The steps shown in Figure 5 can be considered as steps that can be set to save virtual machine snapshots. The order of the steps shown in Figure 5 can be adjusted, and the steps do not necessarily need to be executed according to the sequence numbers shown in Figure 5 . As shown in Figure 5, the process may include the following steps.

In step S510, the virtual machine platform reads and parses the virtual machine image file of the target virtual machine to start the target virtual machine.

In some embodiments, when starting the target virtual machine, the virtual machine platform can read the virtual machine image file of the target virtual machine and parse the read virtual machine image file to obtain the startup information required to start the target virtual machine. Data (such as the BIOS, hardware configuration, partition information, boot program, etc.) of the target virtual machine, so that the target virtual machine can be started through the startup data.

In step S511, the virtual machine platform suspends the target virtual machine and requests the security processor for information such as the PDH certificate public key and the SM2 random public key.

In step S512, the security processor transmits the PDH certificate public key, SM2 random public key and other information to the virtual machine platform.

After the virtual machine platform starts the target virtual machine, if it needs to save the virtual machine snapshot of the target virtual machine (for example, write the virtual machine snapshot into the virtual machine image file), the virtual machine platform will initiate the process of saving the virtual machine snapshot. When key digest to check whether the security processor's key negotiation process was successful. In some further embodiments, in step S511, the virtual machine platform may also request the security processor to export the PDH certificate chain. It should be noted that the embodiment of the present application does not set a limit on the timing when the virtual machine platform initiates saving of the virtual machine snapshot. For example, the process of the embodiment of the present application can be triggered according to the conventional timing of saving the virtual machine snapshot.

In step S513, the security processor calculates the public key based on the PDH certificate private key, the PDH certificate public key, the SM2 random private key, the SM2 random public key, and using the SM2 key agreement standard.

In step S514, the security processor uses a key derivation algorithm to derive the master key from the public key.

In step S515, the security processor derives KEK and KIK from the master key.

In step S516, the security processor generates a first random number (WARP_IV) through a hardware true random number generator.

In step S517, the security processor generates TEK and TIK through a hardware true random number generator.

In step S518, the security processor uses KEK and the first random number to encrypt the entire TEK and KIK to obtain key encryption information (WRAP_TK).

In step S519, the security processor uses KIK to calculate the HMAC of the key encryption information (WRAP_TK) and obtains the key integrity protection information (WRAP_MAC).

In step S520, the security processor uses TIK to calculate the HMAC of the policy information of the target virtual machine, and obtains the policy integrity protection information (POLICY_MAC).

In some embodiments, after the virtual machine platform requests information such as the PDH certificate public key and SM2 random public key from the security processor, the security processor can confirm that the virtual machine platform initiated the virtual machine snapshot saving process of the target virtual machine. The security processor KEK, KIK, TEK and TIK can be generated to facilitate the data encryption and data integrity protection operations of the embodiment of the present application.

In step S521, the security processor transmits the key digest generated by the SM2 key negotiation process to the virtual machine platform.

In step S522, the virtual machine platform recalculates the key digest. If the recalculated key digest is consistent with the key digest transmitted by the security processor, the snapshot content of the target virtual machine is transmitted to the security processor.

After obtaining the key digest transmitted by the security processor, the virtual machine platform can recalculate the key digest generated by the SM2 key negotiation process based on the PDH certificate public key, SM2 random public key and other information obtained in step S512, and will recalculate Compare the key digest with the key digest transmitted by the security processor to check whether the key negotiation process of the security processor is successful; if the two are consistent, the snapshot content of the target virtual machine can be transmitted to the security processor. This allows the security processor to encrypt the snapshot content; if the two are inconsistent, the virtual machine platform can terminate subsequent processes. It can be understood that the snapshot content of the target virtual machine can also be sent to the security processor in advance, and is not limited to after the target virtual machine checks the security processor's key negotiation process. For example, the target virtual machine platform checks the security processor after the key negotiation process is successful. After the key negotiation process is successful, an indication message can be transmitted to the security processor to instruct the security processor to perform subsequent operations.

In step S523, the security processor uses the TEK and the first random number to encrypt the snapshot content to obtain the encrypted snapshot content.

In step S524, the security processor uses TIK to perform integrity protection on the encrypted snapshot content, and obtains the integrity protection information of the encrypted snapshot.

In some further embodiments of the embodiments of the present application, after encrypting the snapshot content, the security processor may also provide an integrity protection solution for encrypting the snapshot content. For example, the security processor can use TIK to calculate the HMAC of the encrypted snapshot content to obtain the integrity protection information of the encrypted snapshot, thereby achieving integrity protection for the encrypted snapshot content.

In step S525, the security processor encrypts the snapshot content, key encryption information (WRAP_TK), key integrity protection information (WRAP_MAC), policy integrity protection information (POLICY_MAC), encrypted snapshot integrity protection information, and the first random The number (WARP_IV) is transferred to the virtual machine platform.

It should be noted that the encrypted snapshot content, key encryption information (WRAP_TK), key integrity protection information (WRAP_MAC), policy integrity protection information (POLICY_MAC), encrypted snapshot integrity protection information, and the first random number (WARP_IV) It is not necessarily transmitted to the virtual machine platform by the security processor at the same time. For example, the security processor can also transmit a certain piece of information to the virtual machine platform after generating it, and the security processor can encrypt the snapshot content later than other stages, and the security processor can finally transmit the encrypted snapshot content. to the virtual machine platform.

In step S526, the virtual machine platform encrypts the snapshot content, key encryption information (WRAP_TK), key integrity protection information (WRAP_MAC), policy integrity protection information (POLICY_MAC), encrypted snapshot integrity protection information, first random (WARP_IV), policy information, PDH certificate public key, SM2 random public key and other information are saved to the virtual machine snapshot of the target virtual machine, and the virtual machine snapshot is written into the virtual machine image file.

In some embodiments, the encrypted snapshot content and key encryption information (WRAP_TK) belong to the ciphertext information, and the key integrity protection information (WRAP_MAC), policy integrity protection information (POLICY_MAC), encrypted snapshot integrity protection information, policy Information, first random number (WARP_IV), PDH certificate public key, SM2 random public key and other information are plain text information. Additional information in plain text form can be set in the virtual machine snapshot, thereby saving these plain text information to the additional information of the virtual machine snapshot. middle.

In step S527, the security processor destroys TEK, TIK, KEK and KIK.

In step S528, the virtual machine platform continues to run the target virtual machine.

After the virtual machine snapshot of the target virtual machine is saved, the security processor can destroy related keys such as TEK, TIK, KEK, and KIK, and the virtual machine platform can resume running the target virtual machine so that the target virtual machine continues to run.

Based on the foregoing description, it can be seen that in some embodiments, the information saved in the virtual machine snapshot of the target virtual machine according to the embodiment of the present application may at least include: encrypted snapshot content and key encryption information (WRAP_TK). The key encryption information (WRAP_TK) may be obtained by encrypting TEK, or may be obtained by encrypting TEK and TIK as a whole.

In another possible embodiment or embodiments, the information saved in the virtual machine snapshot of the target virtual machine may include: encrypted snapshot content, key encryption information (WRAP_TK), and additional information. Additional information may include at least one of the following information (i.e. one or more of the following information):

Key agreement public key information (for example, PDH certificate public key and SM2 random public key);

Key integrity protection information (WRAP_MAC);

Policy integrity protection information (POLICY_MAC), policy (policy) information of the target virtual machine;

The first random number (WARP_IV);

Encrypted snapshot integrity protection information.

It should be noted that saving the above additional information in the virtual machine snapshot is only an optional implementation. Embodiments of the present application may also support saving the above additional information outside the virtual machine snapshot or in other storage locations.

The embodiment of the present application can save the snapshot content in the form of ciphertext in the virtual machine snapshot, which improves the security of the virtual machine snapshot; and can save the encryption key information in the form of ciphertext in the virtual machine snapshot, and the encryption key information can At least it is obtained by encrypting the TEK used to encrypt the snapshot content, which can realize the security protection of the TEK and facilitate the subsequent reading of the virtual machine snapshot. The TEK can be restored by decrypting the encryption key information to realize the encrypted snapshot content. Decrypt and read. Further, the embodiment of the present application can also set additional information in plain text form to preserve the key integrity protection information used for integrity protection of encryption key information and the policy integrity used for integrity protection of virtual machine policy information. The security protection information and other information can be used to facilitate the integrity detection of relevant data when reading virtual machine snapshots later, which can further improve the security of virtual machine snapshots when saving them.

After saving the virtual snapshot of the target virtual machine based on the virtual machine snapshot saving solution described above, embodiments of the present application also provide a reading solution for the virtual machine snapshot. The reading scheme of the virtual machine snapshot is introduced below. It can be understood that the reading scheme of the virtual machine snapshot described below involves parts related to the previous saving scheme and can be referred to each other.

As an optional implementation, Figure 6a shows an optional flow chart of the virtual machine snapshot reading method provided by the embodiment of the present application. As shown in Figure 6a, the process may include the following steps.

In step S610, the virtual machine platform obtains a virtual machine snapshot from the virtual machine image file of the target virtual machine, where the virtual machine snapshot includes encrypted snapshot content and key encryption information.

In step S611, the virtual machine platform transmits the virtual machine snapshot to the security processor.

In some embodiments, the security processor can obtain the virtual machine snapshot from the virtual machine image file of the target virtual machine through the virtual machine platform. For example, the security processor obtains the virtual machine snapshot through steps S610 and S611. In other embodiments, the security processor may also directly obtain the virtual machine snapshot from the virtual machine image file of the target virtual machine.

Reading the virtual machine snapshot of the target virtual machine actually reads the snapshot content and restores the state of the target virtual machine according to the snapshot content. Based on the virtual machine snapshot saving solution provided by the embodiment of the present application, the virtual machine snapshot at least includes encrypted snapshot content and key encryption information. Therefore, reading the snapshot content involves decrypting the encrypted snapshot content.

In step S612, the security processor restores the KEK.

In step S613, the security processor decrypts the key encryption information based on the KEK to obtain the TEK.

In some embodiments, the key encryption information is obtained by encrypting at least TEK based on KEK, and TEK is used to encrypt the snapshot content to obtain the encrypted snapshot content. Therefore, in order to decrypt the encrypted snapshot content, the target virtual machine can be read. According to the snapshot content of the computer, the embodiment of the present application can restore the KEK, and use the KEK to decrypt the key encryption information to obtain the TEK.

In some embodiments, the virtual machine snapshot may also include additional information in clear text (the additional information may also be stored in other storage locations), and the additional information may include at least key agreement public key information; thus, security The processor can obtain the additional information through the virtual machine platform or itself, recover the KEK based on the key negotiation public key information in the additional information and the security processor's own key negotiation private key information, and then use the restored KEK to verify the encryption key. Decrypt the key-encrypted information to obtain the TEK.

In some further embodiments, if the security processor combines the KEK and the first random number (WARP_IV) to encrypt at least the TEK to obtain the key encryption information, the additional information may also include the first random number. (WARP_IV); furthermore, after recovering the KEK, the security processor can decrypt the key encryption information based on the KEK and the first random number (WARP_IV) in the additional information to obtain the TEK.

In step S614, the security processor decrypts the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine.

After the security processor recovers the TEK, it can use the TEK to decrypt the encrypted snapshot content in the virtual machine snapshot, thereby obtaining the snapshot content of the target virtual machine and reading the virtual machine snapshot of the target virtual machine. In some embodiments, the security processor can directly decrypt the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine. In some other embodiments, if the security processor combines the TEK and the first random number (WARP_IV) to encrypt the snapshot content to obtain the encrypted snapshot content, the security processor may use the recovered TEK and the first random number in the additional information to obtain the encrypted snapshot content. A random number (WARP_IV) to decrypt the encrypted snapshot content to obtain the snapshot content of the target virtual machine.

In some further embodiments, the security processor may transmit the obtained snapshot content of the target virtual machine to the virtual machine platform, so that the virtual machine platform uses the snapshot content to restore the state of the target virtual machine.

In some embodiments, on the basis of providing an integrity protection scheme for key encryption information, embodiments of the present application can check the integrity of the key encryption information through the key integrity protection information in the additional information, and then check the integrity of the key encryption information. Only when the key encryption information is complete can the key encryption information be decrypted. As an optional implementation, Figure 6b shows another optional flow chart of the virtual machine snapshot reading method provided by the embodiment of the present application. As shown in Figure 6b, the process may include the following steps.

In step S620, the security processor obtains a virtual machine snapshot of the target virtual machine and additional information. The virtual machine snapshot includes encrypted snapshot content and key encryption information. The additional information includes key integrity protection information, key negotiation Public key information, first random number.

In some embodiments, the security processor may obtain a virtual machine snapshot of the target virtual machine and additional information through the virtual machine platform. Optionally, additional information can be saved in the virtual machine snapshot.

In step S621, the security processor restores the KEK and KIK based on the key negotiation public key information and its own key negotiation private key information.

As an optional implementation, the security processor may use the key agreement standard to determine the public key based on the key agreement public key information in the additional information and the security processor's own key agreement private key information; based on the public key The master key is derived from the key; KEK and KIK are derived based on the master key, thereby realizing the recovery of KEK and KIK.

In step S622, the security processor calculates the HMAC of the key encryption information based on the KIK to obtain recalculated key integrity protection information.

In step S623, the security processor compares the recalculated key integrity protection information with the key integrity protection information stored in the additional information.

In step S624, if the security processor determines that the comparison results are consistent, it decrypts the key encryption information based on the KEK and the first random number to obtain the TEK.

In step S625, the security processor decrypts the encrypted snapshot content based on the TEK and the first random number to obtain the snapshot content of the target virtual machine.

It should be noted that after the comparison in step S623, if the security processor determines that the comparison results are inconsistent, the security processor may determine that the key encryption information is incomplete, and the security processor may terminate the subsequent process, that is, terminate the reading of the target virtual machine. A virtual machine snapshot of the machine.

In some embodiments, on the basis of providing an integrity protection solution for the policy information of the target virtual machine, the additional information also includes the policy information and policy integrity protection information of the target virtual machine; the security processor passes the virtual machine platform Or after obtaining the additional information, the policy information of the target virtual machine can be integrity checked, and the encrypted snapshot content can be decrypted only after checking that the policy information of the target virtual machine is complete.

On the basis of the above, as an optional implementation, the key encryption information in the virtual machine snapshot can be obtained by encrypting the entire TIK and TEK, so that after the security processor decrypts the key encryption information, TEK and TIK can be recovered; furthermore, the security processor can use TIK to calculate the HMAC corresponding to the policy information in the additional information to obtain recalculated policy integrity protection information. The security processor compares the recalculated policy integrity protection information with the policy integrity protection information in the additional information; if the comparison results are consistent, it means that the policy information of the target virtual machine has not changed, and the security processor can continue to process the policy integrity protection information. Decrypt the encrypted snapshot content to obtain the snapshot content of the target virtual machine; if the comparison results are inconsistent, it means that the policy information of the target virtual machine has been changed. This embodiment of the application can terminate the subsequent process and terminate the reading of the virtual machine snapshot of the target virtual machine. .

In some embodiments, on the basis of providing an integrity protection solution for encrypted snapshot content, the additional information also includes encrypted snapshot integrity protection information; after the security processor obtains the additional information through the virtual machine platform or itself , the encrypted snapshot content in the virtual machine snapshot can be integrity checked, and the encrypted snapshot content can be decrypted only after checking that the encrypted snapshot content is complete.

On the basis of the above, as an optional implementation, after the security processor recovers the TIK, it can use the TIK to calculate the HMAC corresponding to the encrypted snapshot content to obtain the recalculated integrity protection information of the encrypted snapshot. The security processor compares the recalculated integrity protection information of the encrypted snapshot with the integrity protection information of the encrypted snapshot in the additional information; if the comparison results are consistent, the security processor can confirm that the content of the encrypted snapshot is complete and the security processor can continue Decrypt the encrypted snapshot content to obtain the snapshot content of the target virtual machine; if the comparison results are inconsistent, it means that the encrypted snapshot content is incomplete. The embodiment of the present application can terminate the subsequent process and terminate the reading of the virtual machine snapshot of the target virtual machine.

In some further embodiments, the virtual machine platform can first pause the running target virtual machine, and then initiate reading of the virtual machine snapshot of the target virtual machine, and then complete the reading of the virtual machine snapshot in the embodiment of this application and process it safely. After the server destroys related keys (such as TEK, TIK, KEK, and KIK), the virtual machine platform can resume running the target virtual machine. It should be noted that reading a virtual machine snapshot is essentially restoring the snapshot content of the virtual machine snapshot and restoring the virtual machine to the virtual machine state described by the snapshot content. Therefore, in this embodiment of the application, after reading the virtual machine snapshot is completed, Running a virtual machine on a virtual machine platform is actually a process of loading data into memory and restoring it. On this basis, as some further embodiments, after reading the snapshot content of the target virtual machine, the security processor can further use the VEK of the target virtual machine to encrypt the snapshot content so that the target virtual machine can be run. When using a virtual machine, it is guaranteed that the data loaded from the memory is encrypted data required by secure virtualization technology.

In some further embodiments, the virtual machine platform pauses the running target virtual machine, and before initiating reading of the snapshot content of the target virtual machine, the image file header (Image Header) of the target virtual machine can be parsed and checked. If the image file header (Image Header) contains the snapshot header, the virtual machine platform can request the security processor to unbind the target virtual machine from the ASID (Address Space ID, address space tag) of the target virtual machine. It can be understood that if the image file header (Image Header) contains a snapshot header (that is, the snapshot header is not empty), it means that there is a virtual machine snapshot in the snapshot header indicated by the image file header. ASID is the address space tag of the virtual machine. When starting the virtual machine, the security processor can assign an ASID to the virtual machine; under normal circumstances, or in some implementations, different virtual machines have different ASIDs.

On the basis of providing an encrypted storage solution for virtual machine snapshots, the embodiments of this application also provide a corresponding reading solution for virtual machine snapshots, realizing the decryption and reading of the encrypted snapshot content in the virtual machine snapshots, and improving the secure virtualization technology. Application in virtual machine snapshot saving and reading scenarios. It should be noted that the virtual machine snapshot reading scheme is actually an adaptive implementation based on the virtual machine snapshot saving scheme. Therefore, the parts related to the virtual machine snapshot reading scheme and the virtual machine snapshot saving scheme can be referred to each other.

The above describes multiple embodiment solutions provided by the embodiments of the present application. The optional methods introduced in each embodiment solution can be combined and cross-referenced with each other without conflict, thereby extending a variety of possible embodiment solutions. These can be considered as embodiments disclosed and disclosed in the embodiments of this application.

Embodiments of the present application also provide a virtual machine snapshot saving device, which can be considered as a functional module required by the security processor to implement the virtual machine snapshot saving method provided by the embodiment of the present application. The device content described below may be mutually referenced with the method content described above.

As an optional implementation, FIG. 7 shows an optional block diagram of a virtual machine snapshot saving device provided by an embodiment of the present application. The device may be applied to a secure processor, such as secure firmware applied to a secure processor. As shown in Figure 7, the device may include:

Key generation module 710, used to generate TEK and KEK;

The encryption module 711 is configured to encrypt at least TEK based on KEK to obtain key encryption information; and encrypt the snapshot content of the target virtual machine based on TEK to obtain the encrypted snapshot content of the target virtual machine;

The saving module 712 is configured to save the key encryption information and the encrypted snapshot content in the virtual machine snapshot of the target virtual machine, and write the virtual machine snapshot into the virtual machine image file of the target virtual machine.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 7, to further: save additional information of plain text , the additional information includes at least one of the following information:

Key negotiation public key information, the key negotiation public key information is used to generate KEK;

Key integrity protection information that integrity-protects the key encryption information;

Policy integrity protection information that integrity protects the policy information of the target virtual machine;

Encrypted snapshot integrity protection information that integrity-protects the contents of the encrypted snapshot.

In some embodiments, the key generation module 710 for generating a KEK includes:

Based on the key agreement information, a KEK is generated; the key agreement information includes key agreement private key information and key agreement public key information.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 7, to further: convert the key The negotiated public key information is stored in the additional information.

In some embodiments, the key generation module 710 is used to generate a KEK based on the key agreement information, including:

Based on the key agreement information, use the key agreement standard to determine the public key;

deriving a master key based on the public key;

A KEK is derived based on the master key.

In some embodiments, the key agreement private key information includes: the security certificate private key of the security processor, and the random private key of the key agreement standard; the key agreement public key information includes: the security processor's security Certificate public key, and key agreement standard random public key.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 7, to further be used for:

Generate KIK;

Based on KIK, calculate the HMAC of the key encryption information to obtain the key integrity protection information;

The key integrity protection information is stored in the additional information.

In some embodiments, generating KIK includes:

Based on the key agreement information, use the key agreement standard to determine the public key;

deriving a master key based on the public key;

A KIK is derived based on the master key; where the key types of KIK and KEK are different.

In some embodiments, the key generation module 710 for generating TEK includes:

TEK is generated through a hardware true random number generator.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 7, to further be used for:

Generate TIK;

Obtain the policy information of the target virtual machine;

Based on TIK, calculate the HMAC of the policy information of the target virtual machine to obtain the policy integrity protection information;

The policy integrity protection information, or the policy integrity protection information and the policy information, are stored in the additional information.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 7, to further be used for:

Generate TIK;

Use TIK to protect the integrity of the encrypted snapshot content and obtain the integrity protection information of the encrypted snapshot;

The encrypted snapshot integrity protection information is stored in the additional information.

Optionally, generating TIK includes:

TIK is generated through a hardware true random number generator; TIK and TEK have different key types; the key encryption information is at least obtained by encrypting the entirety of TIK and TEK with KEK.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 7, to further be used for:

Transmit the key digest generated by the key negotiation process to the virtual machine platform, so that the virtual machine platform can check whether the key negotiation process of the security processor is successful; wherein, after the virtual machine platform checks whether the key negotiation process of the security processor is successful, The security processor executes the step of encrypting the snapshot content of the target virtual machine based on TEK to obtain the encrypted snapshot content of the target virtual machine.

In some further embodiments, the additional information also includes:

The first random number generated by a hardware true random number generator; wherein the first random number is used to encrypt at least TEK in combination with KEK to obtain the key encryption information; and/or the first random number The number is used to encrypt the snapshot content of the target virtual machine in combination with TEK to obtain the encrypted snapshot content.

Embodiments of the present application also provide a virtual machine snapshot reading device, which can be considered as a functional module required by the security processor to implement the virtual machine snapshot reading method provided by the embodiment of the present application. The device content described below may be mutually referenced with the method content described above.

As an optional implementation, FIG. 8 shows an optional block diagram of a virtual machine snapshot reading device provided by an embodiment of the present application. The device may be applied to a secure processor, such as secure firmware applied to a secure processor. As shown in Figure 8, the device may include:

Obtaining module 810 is used to obtain a virtual machine snapshot of the target virtual machine, where the virtual machine snapshot includes encrypted snapshot content and key encryption information;

Recovery module 811, used to recover KEK;

Key decryption module 812, used to decrypt the key encryption information based on KEK to obtain TEK;

The snapshot decryption module 813 is used to decrypt the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 8, to further: obtain additional information, so The above additional information includes at least one of the following information:

Key negotiation public key information, which is used to restore the KEK;

Key integrity protection information that integrity-protects the key encryption information;

Policy integrity protection information that integrity protects the policy information of the target virtual machine;

Encrypted snapshot integrity protection information that integrity-protects the contents of the encrypted snapshot.

In some embodiments, the recovery module 811 for recovering the KEK includes:

The KEK is restored based on the key negotiation private key information of the security processor and the key negotiation public key information in the additional information.

In some embodiments, the key agreement private key information includes: the security certificate private key of the security processor, and the random private key of the key agreement standard; the key agreement public key information includes: the security processor's security Certificate public key, and key agreement standard random public key.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 8, to further be used for:

Restore KIK;

Based on KIK, calculate the HMAC of the key encryption information to obtain recalculated key integrity protection information;

Compare the recalculated key integrity protection information with the key integrity protection information stored in the additional information;

Wherein, if the comparison results are consistent, the security processor performs the step of decrypting the key encryption information based on the KEK to obtain the TEK; if the comparison results are inconsistent, the reading of the virtual machine snapshot is terminated.

In some embodiments, restoring the KIK includes:

Based on the key negotiation private key information of the security processor and the key negotiation public key information in the additional information, the KIK is restored; the key types of KIK and KEK are different.

In some further embodiments, the additional information also includes policy information of the target virtual machine; the device can further set one or more functional modules, or based on one or more functional modules shown in Figure 8 Add functionality for further use in:

Restore TIK;

Calculate the HMAC corresponding to the policy information in the additional information based on TIK to obtain the recalculated policy integrity protection information;

Compare the recalculated policy integrity protection information with the policy integrity protection information in the additional information;

Among them, if the comparison results are consistent, the security processor performs the step of decrypting the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine; if the comparison results are inconsistent, the reading of the virtual machine snapshot is terminated. .

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 8, to further be used for:

Restore TIK;

Calculate the HMAC corresponding to the encrypted snapshot content based on TIK to obtain the recalculated integrity protection information of the encrypted snapshot;

Compare the recalculated integrity protection information of the encrypted snapshot with the integrity protection information of the encrypted snapshot in the additional information;

Among them, if the comparison results are consistent, the security processor performs the step of decrypting the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine; if the comparison results are inconsistent, the reading of the virtual machine snapshot is terminated. .

In some embodiments, restoring the TIK includes:

After the key encryption information is decrypted based on KEK, TIK is obtained from the decryption result; wherein the key encryption information is at least obtained by encrypting the entirety of TIK and TEK with KEK.

In some further embodiments, the additional information also includes: a first random number; the first random number is used to decrypt the key encryption information in combination with KEK, and/or, the first random number Used to decrypt the encrypted snapshot content in conjunction with TEK.

In some further embodiments, the device can further be provided with one or more functional modules, or add functions based on the one or more functional modules shown in Figure 8, to further be used for:

When the virtual machine platform checks that the snapshot header of the target virtual machine is not empty, based on the request of the virtual machine platform, unbinds the target virtual machine from the ASID of the target virtual machine;

And/or, after obtaining the snapshot content of the target virtual machine, use the VEK of the target virtual machine to encrypt the snapshot content.

Embodiments of the present application also provide a security processor. The security processor (for example, security firmware in the security processor) can execute the virtual machine provided by the embodiments of the present application by loading the above-mentioned virtual machine snapshot saving device. Snapshot saving method: The security processor (for example, the security firmware in the security processor) can implement the virtual machine snapshot reading method provided by the embodiment of the present application by loading the above-mentioned virtual machine snapshot reading device. In this embodiment of the present application, the security processor may be configured to execute the virtual machine snapshot saving method and the virtual machine snapshot reading method performed by the security processor provided in the embodiment of the present application.

An embodiment of the present application also provides an electronic device (such as a physical host). The structure of the electronic device can be shown in conjunction with FIG. 1b and includes the security processor provided above.

Although the embodiments of the present application are disclosed as above, the present application is not limited thereto. Any person skilled in the art can make various changes and modifications without departing from the spirit and scope of the present application. Therefore, the protection scope of the present application shall be subject to the scope defined by the claims.

Claims (27)

1. A method for saving a snapshot of a virtual machine, the method being applied to a secure processor, the method comprising:

generating a Transmission Encryption Key (TEK), and generating a Key Encryption Key (KEK) based on key negotiation information, wherein the key negotiation information comprises key negotiation private key information and key negotiation public key information, the key negotiation private key information at least comprises a security certificate private key of a security processor, and the key negotiation public key information at least comprises a security certificate public key of the security processor;

encrypting at least the TEK based on the KEK to obtain key encryption information; encrypting the snapshot content of the target virtual machine based on the TEK to obtain the encrypted snapshot content of the target virtual machine;

And storing the key encryption information and the encryption snapshot content in a virtual machine snapshot of the target virtual machine, wherein the virtual machine snapshot is written into a virtual machine image file of the target virtual machine.

2. The method according to claim 1, wherein the method further comprises: saving additional information of a plaintext, the additional information including at least one of the following information:

key negotiation public key information, wherein the key negotiation public key information is used for generating a KEK;

key integrity protection information for integrity protecting the key encryption information;

policy integrity protection information for performing integrity protection on policy information of the target virtual machine;

and the encryption snapshot integrity protection information is used for carrying out integrity protection on the encryption snapshot content.

3. The method according to claim 2, wherein the method further comprises:

and storing the key negotiation public key information in the additional information.

4. The method of claim 3, wherein generating the KEK based on the key agreement information comprises:

determining a public key using key negotiation criteria based on the key negotiation information;

deriving a master key based on the public key;

Deriving a KEK based on the master key.

5. The method of claim 4, wherein the key agreement private key information further comprises: a random private key of a key agreement standard; the key agreement public key information further includes: the key negotiates a standard random public key.

6. The method according to claim 2, wherein the method further comprises:

generating a Key Integrity Key (KIK);

based on the KIK, calculating a hash operation message authentication code HMAC of the key encryption information to obtain key integrity protection information;

and storing the key integrity protection information in the additional information.

7. The method of claim 6, wherein generating a key integrity key, KIK, comprises:

determining a public key using key negotiation criteria based on the key negotiation information;

deriving a master key based on the public key;

deriving a KIK based on the master key; wherein the key types of the KIK and the KEK are different.

8. The method of claim 2, wherein generating the transport encryption key TEK comprises:

and generating the TEK through a hardware true random number generator.

9. The method as recited in claim 2, further comprising:

Generating a transmission integrity key TIK;

acquiring policy information of a target virtual machine;

based on the TIK, calculating HMAC of the policy information of the target virtual machine to obtain policy integrity protection information;

and storing the strategy integrity protection information or the strategy integrity protection information and the strategy information in the additional information.

10. The method as recited in claim 2, further comprising:

generating a transmission integrity key TIK;

performing integrity protection on the encrypted snapshot content by using the TIK to obtain encrypted snapshot integrity protection information;

and storing the encryption snapshot integrity protection information in the additional information.

11. The method according to claim 9 or 10, wherein the generating a transmission integrity key, TIK, comprises:

generating TIK through a hardware true random number generator; wherein, the key types of TIK and TEK are different; the key encryption information is obtained by encrypting the TIK and the TEK integrally at least by the KEK.

12. The method of any one of claims 3-5, further comprising:

transmitting the key abstract generated in the key negotiation process to the virtual machine platform so that the virtual machine platform can check whether the key negotiation process of the security processor is successful or not; after the virtual machine platform checks that the key negotiation process of the secure processor is successful, the secure processor executes the step of encrypting the snapshot content of the target virtual machine based on the TEK to obtain the encrypted snapshot content of the target virtual machine.

13. The method of claim 2, wherein the additional information further comprises:

a first random number generated by a hardware true random number generator; the first random number is used for encrypting at least the TEK in combination with the KEK to obtain the key encryption information; and/or the first random number is used for encrypting the snapshot content of the target virtual machine in combination with the TEK to obtain the encrypted snapshot content.

14. A method for virtual machine snapshot reading, applied to a secure processor, the method comprising:

obtaining a virtual machine snapshot of a target virtual machine, wherein the virtual machine snapshot comprises encrypted snapshot content and key encryption information;

restoring a Key Encryption Key (KEK), wherein the KEK is generated by a security processor based on key negotiation information, the key negotiation information comprises key negotiation private key information and key negotiation public key information, the key negotiation private key information at least comprises a security certificate private key of the security processor, and the key negotiation public key information at least comprises a security certificate public key of the security processor;

decrypting the key encryption information based on the KEK to obtain a transmission encryption key TEK;

and decrypting the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine.

15. The method as recited in claim 14, further comprising: acquiring additional information, wherein the additional information comprises at least one of the following information:

key negotiation public key information, wherein the key negotiation public key information is used for recovering the KEK;

key integrity protection information for integrity protecting the key encryption information;

policy integrity protection information for performing integrity protection on policy information of the target virtual machine;

and the encryption snapshot integrity protection information is used for carrying out integrity protection on the encryption snapshot content.

16. The method of claim 15, wherein the recovery key encryption key KEK comprises:

and recovering the KEK based on the key negotiation private key information of the security processor and the key negotiation public key information in the additional information.

17. The method of claim 16, the key agreement private key information further comprising: a random private key of a key agreement standard; the key agreement public key information further includes: the key negotiates a standard random public key.

18. The method as recited in claim 15, further comprising:

recovering a Key Integrity Key (KIK);

based on the KIK, calculating a hash operation message authentication code HMAC of the key encryption information to obtain recalculated key integrity protection information;

Comparing the recalculated key integrity protection information with the key integrity protection information stored in the additional information;

if the comparison result is consistent, the security processor executes the step of decrypting the key encryption information based on the KEK to obtain the TEK; and if the comparison results are inconsistent, terminating reading the virtual machine snapshot.

19. The method of claim 18, wherein the recovering the key integrity key KIK comprises:

recovering the KIK based on the key negotiation private key information of the security processor and the key negotiation public key information in the additional information; the key types of the KIK and the KEK are different.

20. The method of claim 15, wherein the additional information further comprises policy information of the target virtual machine; the method further comprises the steps of:

recovering a transmission integrity key TIK;

calculating HMAC corresponding to the strategy information in the additional information based on the TIK to obtain recalculated strategy integrity protection information;

comparing the recalculated policy integrity protection information with the policy integrity protection information in the additional information;

if the comparison result is consistent, the security processor executes the step of decrypting the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine; and if the comparison results are inconsistent, terminating reading the virtual machine snapshot.

21. The method as recited in claim 15, further comprising:

recovering a transmission integrity key TIK;

calculating HMAC corresponding to the encrypted snapshot content based on the TIK to obtain recalculated encrypted snapshot integrity protection information;

comparing the recalculated encrypted snapshot integrity protection information with the encrypted snapshot integrity protection information in the additional information;

if the comparison result is consistent, the security processor executes the step of decrypting the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine; and if the comparison results are inconsistent, terminating reading the virtual machine snapshot.

22. The method according to any of claims 20-21, wherein recovering the transmission integrity key, TIK, comprises:

after decrypting the key encryption information based on the KEK, acquiring a TIK from a decryption result; the key encryption information is obtained by encrypting the TIK and the TEK integrally at least by the KEK.

23. The method of claim 15, wherein the additional information further comprises: a first random number; the first random number is used to decrypt the key encryption information in conjunction with the KEK and/or the first random number is used to decrypt the encrypted snapshot content in conjunction with the TEK.

24. The method as recited in claim 14, further comprising:

when the virtual machine platform checks that the snapshot head of the target virtual machine is not empty, unbinding the target virtual machine and the address space mark ASID of the target virtual machine based on the request of the virtual machine platform;

and/or after obtaining the snapshot content of the target virtual machine, encrypting the snapshot content by using the virtual machine encryption key VEK of the target virtual machine.

25. A virtual machine snapshot preservation device, for application to a secure processor, the device comprising:

the key generation module is used for generating a transmission encryption key TEK and generating a key encryption key KEK based on key negotiation information, wherein the key negotiation information comprises key negotiation private key information and key negotiation public key information, the key negotiation private key information at least comprises a security certificate private key of the security processor, and the key negotiation public key information at least comprises a security certificate public key of the security processor;

the encryption module is used for encrypting at least the TEK based on the KEK to obtain key encryption information; encrypting the snapshot content of the target virtual machine based on the TEK to obtain the encrypted snapshot content of the target virtual machine;

And the storage module is used for storing the key encryption information and the encryption snapshot content in a virtual machine snapshot of the target virtual machine, wherein the virtual machine snapshot is written into a virtual machine image file of the target virtual machine.

26. A virtual machine snapshot reading device, for application to a secure processor, the device comprising:

the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a virtual machine snapshot of a target virtual machine, and the virtual machine snapshot comprises encrypted snapshot content and key encryption information;

the recovery module is used for recovering a key encryption key KEK, the KEK is generated by the security processor based on key negotiation information, the key negotiation information comprises key negotiation private key information and key negotiation public key information, the key negotiation private key information at least comprises a security certificate private key of the security processor, and the key negotiation public key information at least comprises a security certificate public key of the security processor;

the key decryption module is used for decrypting the key encryption information based on the KEK to obtain a transmission encryption key TEK;

and the snapshot decryption module is used for decrypting the encrypted snapshot content based on the TEK to obtain the snapshot content of the target virtual machine.

27. A secure processor configured to perform the virtual machine snapshot saving method of any of claims 1-13 and the virtual machine snapshot reading method of any of claims 14-24.