| CPC G06F 21/72 (2013.01) [G06F 9/45533 (2013.01); G06F 21/57 (2013.01); G06F 21/602 (2013.01)] | 14 Claims |
|
1. An information handling system comprising:
at least one processor; and
a memory coupled to the at least one processor;
wherein the information handling system is configured to:
execute an application within a guest operating system (OS) on the at least one processor, wherein at least a portion of data of the application is stored encrypted in a secure enclave region of the memory; and
securely transfer execution of the application to a second information handling system by:
performing first measurements relating to the information handling system by a physical cryptoprocessor of the information handling system,
performing second measurements relating to the guest OS by a virtual cryptoprocessor of the guest OS,
determining platform configuration register (PCR) measurement data that is based on the first and second measurements,
transmitting the PCR measurement data to the second information handling system, and
transmitting the at least a portion of data of the application to the second information handling system;
wherein the PCR measurement data is usable by the second information handling system to perform a remote attestation, the remote attestation including:
verification of the PCR measurement data to confirm that the at least a portion of data of the application has not been changed, and
verification that the guest OS and a physical cryptoprocessor of the second information handling system are bound and associated with a single physical platform.
|