Instructions and logic to suspend/resume migration of enclaves in a secure enclave page cache

Assignee

• Intel Corporation · US

Inventors

• Carlos V. Rozas · Portland, US
• Ilya Alexandrovich · Haifa, IL
• Gilbert Neiger · Hillsboro, US
• Francis X. McKeen · Portland, US
• Ittai Anati · Ramat HaSharon, IL
• Vedvyas Shanbhogue · Austin, US
• Mona Vij · Hillsboro, US
• Rebekah M. Leslie-Hurd · Portland, US
• Krystof C. Zmudzinski · Forest Grove, US
• Somnath Chakrabarti · Portland, US
• Vincent R. Scarlata · Beaverton, US
• Simon P. Johnson · Beaverton, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2212/60
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Instructions and logic support suspending and resuming migration of enclaves in a secure enclave page cache (EPC). An EPC stores a secure domain control structure (SDCS) in storage accessible by an enclave for a management process, and by a domain of enclaves. A second processor checks if a corresponding version array (VA) page is bound to the SDCS, and if so: increments a version counter in the SDCS for the page, performs an authenticated encryption of the page from the EPC using the version counter in the SDCS, and writes the encrypted page to external memory. A second processor checks if a corresponding VA page is bound to a second SDCS of the second processor, and if so: performs an authenticated decryption of the page using a version counter in the second SDCS, and loads the decrypted page to the EPC in the second processor if authentication passes.