| 主权项 |
1. A processor in a computer system, said processor comprising a mechanism supporting a Secure Object that comprises information that is cryptographically protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, wherein said mechanism comprises:
a crypto engine that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the processor from an external memory and encrypts and updates an integrity value for portions of the Secure Object information as the Secure Object information moves out of the processor to the external memory; a protected key storage area, that is not accessible by software, used to store keys used for decryption and integrity-checking of Secure Object information when this information is moved into the processor from the external memory and for encryption of Secure Object information and generation of an integrity value as the information is moved out of the processor back to the external memory; and a machine instruction that is used to run a Secure Object as associated with a handle that is not usable with other software, the machine instruction using the handle to load a crypto key into the key storage area used by the crypto engine for decrypting the Secure Object. |
