Platform migration of secure enclaves
First Claim
1. A processor comprising:
- a memory controller unit to access secure enclaves; and
a processor core coupled to the memory controller unit, the processor core to;
identify a control structure associated with a secure enclave, the control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core;
associate a version of data from the secure enclave with the plurality of data slots;
generate migratable keys as a replacement for the keys associated with the control structure, the migratable keys to control access to the secure enclave; and
migrate the control structure to a second platform to enable access to the secure enclave on the second platform.
1 Assignment
0 Petitions
Accused Products
Abstract
A processor to support platform migration of secure enclaves is disclosed. In one embodiment, the processor includes a memory controller unit to access secure enclaves and a processor core coupled to the memory controller unit. The processor core to identify a control structure associated with a secure enclave. The control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core. A version of data from the secure enclave is associated with the plurality of data slots. Migratable keys are generated as a replacement for the keys associated with the control structure. The migratable keys control access to the secure enclave. Thereafter, the control structure is migrated to a second platform to enable access to the secure enclave on the second platform.
12 Citations
20 Claims
-
1. A processor comprising:
-
a memory controller unit to access secure enclaves; and a processor core coupled to the memory controller unit, the processor core to; identify a control structure associated with a secure enclave, the control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core; associate a version of data from the secure enclave with the plurality of data slots; generate migratable keys as a replacement for the keys associated with the control structure, the migratable keys to control access to the secure enclave; and migrate the control structure to a second platform to enable access to the secure enclave on the second platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
identifying, by a processing device, a control structure associated with a secure enclave, the control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core; associating a version of data from the secure enclave with the plurality of data slots; generating, using the processing device, migratable keys as a replacement for the keys associated with the control structure, the migratable keys to control access to the secure enclave; and migrating, using the processing device, the control structure to a second platform to enable access to the secure enclave on the second platform. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable non-transitory storage medium comprising executable instructions that, when executed by a processing device, cause the processing device to:
-
identify, using the processing device, a control structure associated with a secure enclave, the control structure comprises a plurality of data slots and keys associated with a first platform comprising the memory controller unit and the processor core; associate a version of data from the secure enclave with the plurality of data slots; generate migratable keys as a replacement for the keys associated with the control structure, the migratable keys to control access to the secure enclave; and migrate the control structure to a second platform to enable access to the secure enclave on the second platform. - View Dependent Claims (18, 19, 20)
-
Specification