Technique for supporting multiple secure enclaves
First Claim
Patent Images
1. A system comprising:
- hardware logic to generate a platform-level key to provide for a secure enclave corresponding to a plurality of processors, wherein the platform-level key is to be derived from a plurality of processor-level keys corresponding to the plurality of processors, wherein each of the plurality of processors is to store a plurality of package-unique symmetric keys (PUSKs) and a plurality of package-specific asymmetric keys (PASKs), and wherein the secure enclave is to be executed from an enclave page cache in which data is to be protected using access control mechanisms to be provided by at least one processor of the plurality of processors having an instruction set architecture including a plurality of secure enclave instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
68 Citations
4 Claims
-
1. A system comprising:
hardware logic to generate a platform-level key to provide for a secure enclave corresponding to a plurality of processors, wherein the platform-level key is to be derived from a plurality of processor-level keys corresponding to the plurality of processors, wherein each of the plurality of processors is to store a plurality of package-unique symmetric keys (PUSKs) and a plurality of package-specific asymmetric keys (PASKs), and wherein the secure enclave is to be executed from an enclave page cache in which data is to be protected using access control mechanisms to be provided by at least one processor of the plurality of processors having an instruction set architecture including a plurality of secure enclave instructions. - View Dependent Claims (2, 3)
-
4. A method comprising:
-
generating, by hardware logic, a multi-package secure enclave key, common to a plurality of processors; storing the multi-package secure enclave key; storing a package-unique symmetric key (PUSK) into the plurality of processors to be used in a multi-package secure enclave, and creating a plurality of package-specific asymmetric keys (PASKs) for each of the plurality of processors, wherein a secure enclave is to be executed from an enclave page cache in which data is to be protected using access control mechanisms to be provided by at least one processor of the plurality of processors having an instruction set architecture including a plurality of secure enclave instructions.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsJohnson, Simon P., Savagaonkar, Uday R., Scarlata, Vincent R., McKeen, Francis X., Rozas, Carlos V.
-
Primary Examiner(s)Pwu, Jeffrey
-
Assistant Examiner(s)AMORIN, CARLOS E
-
Application NumberUS12/972,406Publication NumberTime in Patent Office1,537 DaysField of SearchUS Class Current713/189CPC Class CodesG06F 12/1466 Key-lock mechanismG06F 21/53 by executing in a restricte...G06F 21/6218 to a system of files or obj...G06F 21/64 Protecting data integrity, ...G06F 21/645 using a third party
