Alibaba Group Holding Limited
Methods and devices for executing trusted applications on processor with support for protected execution environments

Abstract:

Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for executing applications. One of the methods includes: establishing an enclave in a first physical processing unit of a processor; recording a first trust declaration declared by a first application, the first trust declaration declaring whether the first application trusts any application to execute with the first application on the first physical processing unit; assigning the first application to a first logical processing unit hosted on the first physical processing unit; providing a set of enclave entry instructions for the first logical processing unit to execute, to cause the first logical processing unit to enter the enclave when a predefined entering condition is satisfied; and providing a set of enclave exit instructions for the first logical processing unit to execute, to cause the first logical processing unit to exit the enclave when a predefined exiting condition is satisfied.