Intel Corporation
FILE SYSTEM SUPPORTING REMOTE ATTESTATION-BASED SECRETS

Abstract:

An operating system kernel receives a request from an application to access a secret, the application and the operating system kernel executing in a first trust domain; and an attestation-based secrets manager receives the request from the operating system kernel, validates the request using remote attestation, gets the secret from a secure storage in the second trust domain when the request is validated, and sends the secret from the second trust domain to the operating system kernel, the attestation-based secrets manager executing in a second trust domain; wherein the operating system kernel then sends the secret to the application.