HARDWARE MECHANISM TO EXTEND MKTME PROTECTIONS TO SGX DATA OUTSIDE EPC

Organization Name

Intel Corporation

Inventor(s)

KRYSTOF Zmudzinski of Forest Grove OR (US)

HARDWARE MECHANISM TO EXTEND MKTME PROTECTIONS TO SGX DATA OUTSIDE EPC - A simplified explanation of the abstract

This abstract first appeared for US patent application 17819862 titled 'HARDWARE MECHANISM TO EXTEND MKTME PROTECTIONS TO SGX DATA OUTSIDE EPC

Simplified Explanation

The apparatus described in the patent application is designed to enhance security for a secure enclave by generating unique encryption keys for specific linear address regions outside of the established address range.

• The hardware processor defines a linear address (LA) region outside the established address range for the secure enclave.
• A unique encryption key is generated for the LA region, accessible only to the enclave.
• A key identifier is assigned to the unique encryption key.
• The LA region and unique encryption key are stored in an enclave control structure.
• The key identifier and unique encryption key are programmed into memory encryption circuitry.

• • Potential Applications:**

- Data security in secure enclaves - Protection of sensitive information in memory encryption

• • Problems Solved:**

- Enhancing security for secure enclaves - Preventing unauthorized access to sensitive data

• • Benefits:**

- Improved data protection - Enhanced security measures for sensitive information - Access control for encryption keys

Original Abstract Submitted

An apparatus comprises a hardware processor to define a linear address (LA) region outside an established address range for a secure enclave, generate, for the linear address (LA) region, a unique encryption key accessible only to the enclave, assign a key identifier to the unique encryption key, store the linear address (LA) region and the unique encryption key in an enclave control structure, and program the key identifier and the unique encryption key into a memory encryption circuitry.