Deploying enclaves on different tee backends using a universal enclave binary

Assignee

• VMware LLC · US

Inventors

• Ye Li · Newton, US
• Anoop Jaishankar · Cupertino, US
• John L. Manferdelli · San Francisco, US
• David Ott · Chandler, US
• Andrei Warkentin · Palo Alto, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/54
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The disclosure herein describes deploying a Virtual Secure Enclave (VSE) using a universal enclave binary and a Trusted Runtime (TR). A universal enclave binary is generated that includes a set of binaries of Instruction Set Architectures (ISAs) associated with Trusted Execution Environment (TEE) hardware backends. A TEE hardware backend is identified in association with a VSE-compatible device. A VSE that is compatible with the identified TEE hardware backend is generated on the VSE-compatible device and an ISA binary that matches the TEE hardware backend is selected from the universal enclave binary. The selected binary is linked to a runtime library of the TR and loads the linked binary into memory of the generated VSE. The execution of a trusted application is initiated in the generated VSE using a set of interfaces of the TR. The trusted application depends on the TR interfaces rather than the selected ISA binary.