Described herein are methods, device, and systems that provide security to various computing systems, such as, smartphones, tablets, personal computers, computing servers, or the like. Security is provided to computing systems at various stages of their operational cycles. For example, a secure boot of a base computing platform (BCP) may be performed, and security processor (SecP) may be instantiated on the BCP. Using the SecP, an integrity of the OS of the BCP may be verified, and an integrity of a hypervisor may be verified. A virtual machine (VM) may be created on the BCP. The VM is provided with virtual access to the SecP on the BCP. Using the virtual access to the TAM, an integrity of the guest OS of the VM is verified and an integrity of applications running on the guest OS are verified.

Technologies for performing flexible code acceleration on a computing device includes initializing an accelerator virtual device on the computing device. The computing device allocates memory-mapped input and output (I/O) for the accelerator virtual device and also allocates an accelerator virtual device context for a code to be accelerated. The computing device accesses a bytecode of the code to be accelerated and determines whether the bytecode is an operating system-dependent bytecode. If not, the computing device performs hardware acceleration of the bytecode via the memory-mapped I/O using an internal binary translation module. However, if the bytecode is operating system-dependent, the computing device performs software acceleration of the bytecode.

A method and an electronic device for starting an application are disclosed. The method includes: receiving, by a first virtual machine, startup information and creating a startup identifier associated with the startup information; receiving, via the first virtual machine, a startup instruction for starting an application on a second virtual machine; acquiring startup information corresponding to the startup instruction, the startup information including information of the second virtual machine and information of the application on the second virtual machine; starting the second virtual machine according to the information of the second virtual machine; and starting the application on the second virtual machine according to the information of the application on the second virtual machine.

There is provided a method for coordinated scheduling between real-time processes. The method is performed by a central scheduler. The method comprises acquiring information on runtimes and deadlines for real-time processes of tasks for local schedulers to be executed on shared computing resources. The method comprises scheduling the real-time processes based on the runtimes and deadlines so as to keep the deadlines during execution of the real-time processes. There is also provided a central scheduler configured to perform such a method. There is also provided a computer program comprising computer program code which, when run on a processing unit of a central scheduler causes the processing unit to execute such a method.

Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.

According to aspects of the disclosure a method is provided, comprising: generating a live execution trace log corresponding to a live execution of a computer program, the live execution being performed by using both hardware emulation and hardware acceleration; generating a first trace entry corresponding to a replay execution of the computer program, the replay execution being performed by using hardware emulation without hardware acceleration, the replay execution being performed based on a set of events that are recorded during the live execution of the computer program; detecting whether the first trace entry is valid based on the live execution trace log; and in response to detecting that the first trace entry is not valid, transitioning into a safe state.

A container image is received at a host device. The container image includes a container application compatible with a first operating system, and the host device includes a second operating system, different from the first operating system. A container engine on a processing device executes a container corresponding to the container image. The container engine includes an emulator configured to translate a request from the container application that is directed to the first operating system into a request to the second operating system.

A system is provided and includes a plurality of machines. The plurality of machines includes a first generation machine and a second generation machine. Each of the plurality of machines includes a machine version. The first generation machine executes a first virtual machine and a virtual architecture level. The second generation machine executes a second virtual machine and the virtual architecture level. The virtual architecture level provides a compatibility level for a complex interruptible instruction to the first and second virtual machines. The compatibility level is architected for a lowest common denominator machine version across the plurality of machines. The compatibility level includes a lowest common denominator indicator identifying the lowest common denominator machine version.

An interrupt signal is provided to a first guest operating system. A bus attachment device receives an interrupt signal from a bus connected module with an interrupt target ID identifying a processor assigned for use by the guest operating system as a target processor for handling the interrupt signal. The bus attachment device translates the received interrupt target ID to a logical processor ID of the target processor using an interrupt table entry stored in a memory section assigned to a second guest operating system hosting the first operating system and forwards the interrupt signal to the target processor for handling. The logical processor ID of the target processor is used to address the target processor directly.

A secondary pool of VMs is used to run secondary services or jobs, which may be evicted upon failure of a corresponding primary VM. Upon detection of a failure of a primary resource, the secondary services or jobs are evicted from secondary pool resources, and the secondary pool resources can be automatically allocated to the jobs of the failed primary resource. In this regard, a secondary job may be thought of as a preemptible job and comprises services or jobs that are lower priority than the service or job on the primary resource. By using computing resources in the secondary pool to run secondary or preemptible jobs, this technology makes use of what would be otherwise idle resources. This beneficially avoids having to allocate additional and separate computing resources for secondary jobs, leads to more efficient use of network resources, and reduces costs.