US 12,147,580 B2
Provisioning secure/encrypted virtual machines in a cloud infrastructure
Guerney D. H. Hunt, Yorktown Heights, NY (US); Dimitrios Pendarakis, Westport, CT (US); Kenneth Alan Goldman, Norwalk, CT (US); Elaine R. Palmer, Hanover, NH (US); and Ramachandra Pai, Beaverton, OR (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Dec. 22, 2020, as Appl. No. 17/130,238.
Prior Publication US 2022/0198064 A1, Jun. 23, 2022
Int. Cl. G06F 21/62 (2013.01); G06F 9/30 (2018.01); G06F 9/38 (2018.01); G06F 9/455 (2018.01); G06F 21/57 (2013.01)
CPC G06F 21/6281 (2013.01) [G06F 9/30192 (2013.01); G06F 9/3836 (2013.01); G06F 9/455 (2013.01); G06F 21/57 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for provisioning a computation into a trusted execution environment, comprising:
verifying the trusted execution environment;
generating integrity information of the computation by generating hashes of a kernel, a kernel command line, an initial random-access memory filesystem (initramfs), and a run-time abstraction service (RTAS) area;
generating sealed data that specifies via a policy whether the trusted execution environment is authorized to execute the computation;
sending information of the computation, the sealed data, and the integrity information to the trusted execution environment;
confirming the sealed data;
verifying integrity of the computation from the integrity information and the information of the computation;
in response to successfully verifying the integrity of the computation, provisioning the computation into the trusted execution environment; and
executing the computation in the trusted execution environment.