System and method for implementing a trusted dynamic launch and trusted platform module (TPM) using secure enclaves

摘要

An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

主权项

1. A method implemented on a computing platform
comprising: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of hardware platform control registers (pPCR) in a native processor or chipset component into a memory region allocated to the secure enclave, wherein executing the TPM includes storing pages in a protected enclave page cache in a physically contiguous range of on-die memory that is coupled to and reserved for the processor.