Technologies for dynamic loading of integrity protected modules into secure enclaves
US10511598B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 29, 2016 |
| Grant date | Dec 17, 2019 |
| Priority date | — |
| Expiry date | Apr 16, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/123
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Technologies for dynamic loading of integrity protected modules into a secure enclave include a computing device having a processor with secure enclave support. The computing device divides an executable image into multiple chunks, hashes each of the chunks with corresponding attributes that affect security to generate a corresponding hash value, and generates a hash tree as a function of the hash values. The computing device generates an initial secure enclave memory image that includes the root value of the hash tree. At runtime, the computing device accesses a chunk of the executable image from within the secure enclave, which generates a page fault. In response to the page fault, the secure enclave verifies the associated chunk based on the hash tree and accepts the chunk into the secure enclave in response to successful verification. The root value of the hash tree is integrity-protected. Other embodiments are described and claimed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.