摘要 |
Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement. |
主权项 |
1. A processor comprising:
instruction hardware to receive a first instruction and a second instruction, the first instruction associated with one of a build and a rebuild of a secure enclave, wherein the first instruction, when associated with the rebuild, provides an expected hash; and execution hardware to execute the first instruction and the second instruction, wherein execution of the first instruction, when associated with the build, includes calculation of a calculated hash of the secure enclave and calculation of a message authentication code of the secure enclave, and when associated with the rebuild, includes obtaining the message authentication code calculated during the build, calculation of the message authentication code without calculation of the calculated hash, and comparing the message authentication code calculated during the rebuild to the message authentication code calculated during the build, and wherein execution of the second instruction includes attesting to content of the secure enclave using one of the calculated hash and the expected hash. |