A method and a mechanism for securely storing and executing a program in a computer
system processing unit, including a storage unit for storing an encrypted version
of the program and a loader/decryption mechanism responsive to a request and a
decryption key for decrypting the encrypted version of the program, writing the
un-encrypted version into a memory for execution, and deleting the un-encrypted
version from the memory when execution is completed. The encrypted version is constructed
as encrypted code blocks that are decrypted and loaded into the memory only as
required, and the encrypted version of the program includes a clear text header
identifying the encrypted version as an encrypted program. The processor unit includes
a context store for storing the context of a process in which the program is being
executed, and a context switching mechanism for performing context switching operations
wherein the context switching mechanism is responsive to a context switch of the
process in which the program is being executed for storing the clear text header
in the context store when the process is suspended in a context switch and returning
the clear text header to the memory when the process is resumed.
