Technique for supporting multiple secure enclaves
First Claim
Patent Images
1. A processor comprising:
- a first processor-level key;
instruction hardware to support an instruction set architecture including a plurality secure enclave instructions, the plurality of secure enclave instructions including a first instruction to create a secure enclave and at least a second instruction to manage an enclave page cache;
execution hardware to execute the secure enclave from the enclave page cache;
access control hardware to protect data in the enclave page cache; and
key generation hardware to generate a platform-level key to provide for the secure enclave to correspond to a plurality of processors including the processor, wherein the platform-level key is to be derived from a plurality of processor-level keys corresponding to the plurality of processors and including the first processor-level key, wherein each of the plurality of processors is to store a plurality a package-unique symmetric keys (PUSKs) and a plurality of package-specific asymmetric keys (PASKs).
0 Assignments
0 Petitions
Accused Products
Abstract
A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
-
Citations
3 Claims
-
1. A processor comprising:
- a first processor-level key;
instruction hardware to support an instruction set architecture including a plurality secure enclave instructions, the plurality of secure enclave instructions including a first instruction to create a secure enclave and at least a second instruction to manage an enclave page cache;
execution hardware to execute the secure enclave from the enclave page cache;
access control hardware to protect data in the enclave page cache; and
key generation hardware to generate a platform-level key to provide for the secure enclave to correspond to a plurality of processors including the processor, wherein the platform-level key is to be derived from a plurality of processor-level keys corresponding to the plurality of processors and including the first processor-level key, wherein each of the plurality of processors is to store a plurality a package-unique symmetric keys (PUSKs) and a plurality of package-specific asymmetric keys (PASKs). - View Dependent Claims (2, 3)
- a first processor-level key;
Specification