Method for executing a computer program by means of an electronic apparatus

The invention claimed is: 1. A method for executing a computer program with an electronic apparatus comprising a microprocessor, an unencrypted memory, an encrypted memory, and a hardware security module, wherein, during the execution of the computer program, lines of code are transferred between the unencrypted memory and the encrypted memory in whole blocks of a plurality of encrypted and authenticated lines of code, said method comprising: storing, in the encrypted memory, a block of the encrypted and authenticated lines of code, which contain a line of code to be accessed using a pointer, said block of the encrypted and authenticated lines of code containing: a cryptogram of all of the lines of code of said block, said cryptogram having to be decrypted in its entirety to obtain a block of cleartext lines of code, an authentication code computed from the block of cleartext lines of codes or from the cryptogram of the block of cleartext lines of code, and metadata, obtaining, with the microprocessor, the pointer, which contains an address at which the line of code to be accessed is stored, loading the block containing the line of code to be accessed from the encrypted memory into the microprocessor, decrypting the cryptogram contained in the loaded block to obtain the block of cleartext lines of code, and storing the obtained block of cleartext lines of code in the unencrypted memory and storing the metadata of the loaded block, verifying, with the hardware security module and using the authentication code contained in the loaded block, an integrity of the block of cleartext lines of code obtained from the cryptogram contained in the loaded block, or of the cryptogram contained in the loaded block, and when said verification fails, inhibiting processing, by the microprocessor, of the lines of code of said loaded block and, when said verification succeeds, permitting processing, by the microprocessor, of the lines of code of said loaded block, wherein: the storing step comprises incorporating, into the metadata of the block containing the line of code to be accessed, a first pointer identifier associated with the line of code to be accessed, said first pointer identifier alone allowing one pointer to be uniquely identified among a set containing a plurality of different pointers employed in a same execution of the computer program by the microprocessor, the obtaining step comprises obtaining the pointer, which includes a first range of bits containing the address of the line of code to be accessed, and a different second range of bits containing a second pointer identifier, and the method further comprises verifying, with the hardware security module, that the second pointer identifier contained in the obtained pointer corresponds to the first pointer identifier associated with the line of code to be accessed and contained in the metadata of the loaded block, and when the first and second pointer identifiers do not correspond, the security module triggers signalling of an execution fault and, in a contrary case, the security module inhibits triggering of signalling of an execution fault and the microprocessor processes the line of code to be accessed. 2. The method according to claim 1 , wherein the decrypting step comprises storing the first pointer identifier contained in the metadata of the loaded block in a memory solely accessible by the hardware security module. 3. The method according to claim 1 , wherein, before the storing step, the authentication code of the block of encrypted and authenticated lines of code to be stored is also computed from the metadata. 4. The method according to claim 1 , wherein, before the storing step, the method further comprises: encrypting the block of cleartext lines of code using an initialization vector and generating a new initialization vector before each encryption of the block of cleartext lines of code, incorporating, into the metadata of the block of the encrypted and authenticated lines of code, the initialization vector used to obtain the cryptogram of said block of the encrypted and authenticated lines of code, and during the decryption of the cryptogram, the hardware security module extracts, from the metadata of the block of the encrypted and authenticated lines of code, the initialization vector to be used to perform the decryption. 5. The method according to claim 4 , wherein: during the encryption of the block of cleartext lines of code, the cleartext lines of code are encrypted using a stream cipher initialized using the initialization vector, the initialization vector is stored in the block of the encrypted and authenticated lines of code before the cryptogram of all of the lines of code of said block, and during the decryption of the cryptogram, the hardware security module first extracts the initialization vector to be used to perform the decryption and then immediately starts decrypting the first line of code of the cryptogram, said line of code being received before the complete cryptogram is received. 6. The method according to claim 1 , wherein, in the storing step, a block address at which the block of the encrypted and authenticated lines of code is stored is related, by a bijective function, to an address @ BDCi defined by the following relationship: @ BDCi =@ BDi ·T b /T BD , where: @ BDi is an address at which starts, in an address space of the computer program, the block of cleartext lines of code, T b is a size, in number of bytes, of the block of the encrypted and authenticated lines of code, and T BD is a size, in number of bytes, of the block of cleartext lines of code. 7. The method according to claim 6 , wherein: after the obtaining step and before the loading step, the hardware security module determines the address @ BDCi using the following first relationship: @ BDCi =E(@D i,j /T BD )·T b , where E( ) is a function that returns an integer part of a number located between the parentheses, @ Di,j is the address contained in the pointer obtained in the obtaining step, and T b and T BD are both powers of two, a division and multiplication of the first relationship being executed by shift registers of the hardware security module during said determining operation, and in the loading step, the block containing the line of code to be accessed is loaded, from the encrypted memory, from the block address related, by the bijective function, to the determined address @ BDCi . 8. The method according to claim 6 , wherein: after the obtaining step and before the loading step, the hardware security module determines the address @ BDCi using the following second relationship: @ BDCi =E(@ Di,j /T BD )·T BD +E(@ Di,j /T BD )·(T b −T BD ), where E( ) is a function that returns an integer part of a number located between the parentheses, @ Di,j is the address contained in the pointer obtained in the obtaining step, and (T b −T BD ) and T BD are both powers of two, each division and each multiplication of the second relationship are executed by shift registers of the hardware security module during said determining operation, and in the loading step, the block containing the line of code to be accessed is loaded, from the encrypted memory, from the block address related, by the bijective function, to the determined address @ BDCi . 9. The method according to claim 1 , wherein the cryptogram of all of the lines of code of the stored block of encrypted and authenticated lines of code: may solely be decrypted in its entirety to obtain the block of cleartext line of code, and not line of code by line of code, or may solely be decrypted in a predetermined order to obtain the block of cleartext line of code, and does not permit the lines of code to be