US 12,147,530 B2
Deploying enclaves on different tee backends using a universal enclave binary
Ye Li, Newton Highlands, MA (US); Anoop Jaishankar, Fremont, CA (US); John Manferdelli, San Francisco, CA (US); David Ott, Chandler, AZ (US); and Andrei Warkentin, South Elgin, IL (US)
Assigned to VMware LLC, Palo Alto, CA (US)
Filed by VMware, Inc., Palo Alto, CA (US)
Filed on Oct. 5, 2022, as Appl. No. 17/960,738.
Prior Publication US 2024/0119138 A1, Apr. 11, 2024
Int. Cl. G06F 21/53 (2013.01); G06F 21/12 (2013.01); G06F 21/54 (2013.01)
CPC G06F 21/53 (2013.01) [G06F 21/121 (2013.01); G06F 21/54 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a processor; and
a memory comprising computer program code, the memory and the computer program code configured to cause the processor to:
generate a universal enclave binary that includes a set of binaries of instruction set architectures (ISAs) associated with a plurality of trusted execution environment (TEE) hardware backends;
identify a TEE hardware backend of the plurality of TEE hardware backends associated with a virtual secure enclave (VSE)-compatible device;
generate a (VSE) compatible with the identified TEE hardware backend on the VSE-compatible device;
select a binary of an ISA from the set of binaries of the universal enclave binary, wherein the selected binary matches the identified TEE hardware backend with which the generated VSE is compatible;
link the selected binary to a runtime library of a trusted runtime (TR) of the generated VSE;
load the linked binary into memory of the generated VSE; and
initiate execution of a trusted application in the generated VSE using a set of interfaces of the TR.