Hardware support for interruptible and reentrant Sancus modules, described in the Nemesis paper:
The original Sancus architecture presumes uninterruptible isolated execution. Secure interruption of hardware-enforced embedded software modules was pioneered by the TrustLite [41] PMA. More specifically, TrustLite modifies the processor to push all CPU registers onto the private call stack of the interrupted module, before clearing them and vectoring to the untrusted ISR. Subsequent research [15] has since implemented a comparable hardware-level interrupt mechanism for a prototypic Sancus-like PMA with a single secure domain, and recent work-in-progress [73] reports on hardware and compiler support for fully interruptible and reentrant Sancus enclaves. For the work presented in this paper, we have implemented TrustLite’s secure interrupt mechanism as an extension to the original Sancus architecture.
Hardware support for interruptible and reentrant Sancus modules, described in the Nemesis paper: