发明名称 |
System and method for implementing a trusted dynamic launch and trusted platform module (TPM) using secure enclaves |
摘要 |
An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave. |
申请公布号 |
US9059855(B2) |
申请公布日期 |
2015.06.16 |
申请号 |
US201313843954 |
申请日期 |
2013.03.15 |
申请人 |
Intel Corporation |
发明人 |
Johnson Simon P.;Scarlata Vincent R.;Wiseman Willard M. |
分类号 |
G06F21/00;H04L9/32;G06F21/10;G06F21/57 |
主分类号 |
G06F21/00 |
代理机构 |
Nicholson De Vos Webster & Elliott LLP |
代理人 |
Nicholson De Vos Webster & Elliott LLP |
主权项 |
1. A method implemented on a computing platform
comprising: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of hardware platform control registers (pPCR) in a native processor or chipset component into a memory region allocated to the secure enclave, wherein executing the TPM includes storing pages in a protected enclave page cache in a physically contiguous range of on-die memory that is coupled to and reserved for the processor. |
地址 |
Santa Clara CA US |