Cryptographic certification of secure hosted execution environments

摘要

Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.

主权项

1. A method of persistence of an execution state, the method comprising:
providing, by a host operating system of a computing system, an instruction that causes a security-enabled processor of the computing system to initialize a hardware-protected memory area established in an initial state to include software and data identified by a request from a client system, the security-enabled processor configured to mediate access to the hardware-protected memory area by code that executes outside of the hardware-protected memory area via one or more entry gates, the software included in the hardware-protected memory area being non-kernel mode code, the software identified by the request and included in the hardware-protected memory area including a loader module configured, upon execution, to instruct the security-enabled processor to generate cryptographic certification that the hardware-protected memory area includes only the software and data identified in the request in the initial state, the software further including a persistence module; providing, by the host operating system of the computing system, the hardware-protected memory area with an encrypted checkpoint, the encrypted checkpoint including at least execution state information of an execution state from another hardware-protected memory area established, by the security-enabled processor or by another security-enabled processor, in another initial state to include the software, the security-enabled processor or the other security-enabled processor configured to mediate access to the other hardware-protected memory area via the one or more entry gates or one or more other entry gates, the encrypted checkpoint encrypted with a persistence key, the persistence key sealed with a public key of the client system; and causing, by the host operating system, the persistence module in the hardware-protected memory area to execute, the persistence module configured, upon execution, to perform acts comprising: receiving the persistence key sealed with the public key, providing the persistence key sealed with the public key to the client system, receiving an unsealed persistence key from the client system, decrypting the encrypted checkpoint using the unsealed persistence key to generate the execution state information, and populating the hardware-protected memory area with the execution state information to recreate the execution state from the other hardware-protected memory area.