US 12,067,111 B2
Liveness guarantees in secure enclaves using health tickets
Stefan Saroiu, Redmond, WA (US); Varun Gandhi, Boston, MA (US); Alastair Wolman, Seattle, WA (US); and Landon Prentice Cox, Seattle, WA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 8, 2021, as Appl. No. 17/545,716.
Prior Publication US 2023/0177148 A1, Jun. 8, 2023
Int. Cl. G06F 21/54 (2013.01); G06F 11/07 (2006.01); G06F 21/55 (2013.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01); G06F 21/10 (2013.01)
CPC G06F 21/54 (2013.01) [G06F 11/0757 (2013.01); G06F 21/554 (2013.01); G06F 21/572 (2013.01); G06F 21/602 (2013.01); G06F 21/107 (2023.08)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method executed on a computing device, comprising:
providing an authenticated watchdog timer that executes as a trusted process on the computing device in which the authenticated watchdog timer generates an interrupt;
providing an SMI (secure management interrupt) handler executing in a runtime of a Unified Extensible Firmware Interface (UEFI) enclave that, responsive to the interrupt being generated by the authenticated watchdog timer, reboots the computing device and re-images the computing device from a trusted recovery operating system into a known good state;
initializing a secure health ticket minting enclave on the computing device that is configured to host a process for minting a cryptographically-protected health ticket, in which presence of the health ticket causes the SMI handler to defer the rebooting and re-imaging of the computing device, wherein the UEFI enclave and the secure health ticket minting enclave share a common enclave author to enable provisioning, using a software versioning protocol, of a common symmetric key providing cryptographic protection for the health ticket; and
executing one or more processes associated with an application in parallel with the health ticket minting process in the secure health ticket minting enclave, wherein the health ticket is minted responsively to the executing application processes.