Methods and apparatus for protecting software from unauthorized copying

What is claimed is: 1. A data processing system with features to provide protection against unauthorized copying, the data processing system comprising: a processor; a machine accessible memory responsive to the processor; a secure enclave loader which is to enable the data processing system: (a) to use an operating system component to convert an unprotected region of the memory into a secure enclave, wherein the secure enclave comprises protected storage that is inaccessible from outside of the secure enclave; and (b) to include virtualization software in the secure enclave, wherein the virtualization software is to create a virtual runtime environment (VRE) in the secure enclave; a protected application loader which, when executed in the secure enclave, is to enable the data processing system: (a) to use a key that is tied to the secure enclave to automatically decrypt an encrypted version of a program in the secure enclave, thereby generating a decrypted version of the program; (b) to store the decrypted version of the program in the protected storage in the secure enclave; and (c) after automatically decrypting the encrypted version of the program in the secure enclave, to automatically execute the decrypted version of the program in the secure enclave; and at least one intermediary component which is to enable interaction between (a) the decrypted version of the program that executes within the secure enclave and (b) software outside of the secure enclave, wherein the at least one intermediary component comprises: (a) a call-out proxy module that is to enable the decrypted version of the program that executes within the secure enclave to call the software outside of the secure enclave; and (b) a VRE native interface in the virtualization software that is to enable the software which executes outside of the secure enclave to call the decrypted version of the program in the secure enclave; and wherein the VRE is to enable the decrypted version of the program to execute in the secure enclave when called by the software which executes outside of the secure enclave. 2. A data processing system according to claim 1 , further comprising a call-out manager which is to enable the data processing system to automatically generate a native function stub in response to a call from inside the secure enclave to the software outside of the secure enclave. 3. A data processing system according to claim 1 , wherein the call-out proxy module is to enable the data processing system to automatically generate a call-out proxy routine, in response to detection of a call-out statement in the program. 4. A data processing system according to claim 1 , wherein: the key that is tied to the secure enclave comprises a program key; the secure enclave comprises an execution enclave; the secure enclave loader is to enable the data processing system to create a different secure enclave to serve as an installation enclave; and the data processing system further comprises a protected application provisioner which, when executed in the installation enclave, is to enable the data processing system to perform operations comprising: obtaining the program key from within the installation enclave; and sealing the program key in a way that ties the sealed program key to the execution enclave. 5. A data processing system according to claim 4 , wherein the protected application provisioner is to enable the data processing system to perform operations comprising: using a measurement associated with the execution enclave to obtain an enclave key for the execution enclave; and using the enclave key to decrypt the program key; and wherein the operation of using the key that is tied to the secure enclave to automatically decrypt the encrypted version of the program comprises using the decrypted program key to decrypt the encrypted version of the program in the execution enclave. 6. A data processing system according to claim 4 , wherein: the installation enclave and the execution enclave have matching enclave measurements; and the sealed program key is tied to the measurement of the installation enclave. 7. A data processing system according to claim 4 , wherein: the installation enclave and the execution enclave have different enclave measurements; and the sealed program key is tied to a signing key for the execution enclave. 8. A method to provide protection against unauthorized copying, the method comprising: using an operating system component to convert an unprotected region in a memory of a processing device into a secure enclave, wherein the secure enclave comprises protected storage that is inaccessible from outside of the secure enclave; including virtualization software in the secure enclave; using the virtualization software to create a virtual runtime environment (VRE) in the secure enclave; in response to a request to execute a program in the processing device, performing operations comprising: using a key that is tied to the secure enclave to automatically decrypt an encrypted version of the program in the secure enclave, thereby generating a decrypted version of the program; storing the decrypted version of the program in the protected storage in the secure enclave; and after automatically decrypting the encrypted version of the program in the secure enclave, automatically executing the decrypted version of the program in the secure enclave; and using at least one intermediary component to enable interaction between (a) the decrypted version of the program that executes within the secure enclave and (b) software outside of the secure enclave, wherein the at least one intermediary component comprises (a) a call-out proxy module that enables the decrypted version of the program that executes within the secure enclave to call the software outside of the secure enclave and (b) a VRE native interface in the virtualization software that enables the software which executes outside of the secure enclave to call the decrypted version of the program in the secure enclave; and wherein the VRE enables the decrypted version of the program to execute in the secure enclave when called by the software which executes outside of the secure enclave. 9. A method according to claim 8 , further comprising: using a call-out manager to automatically generate a native function stub in response to a call from inside the secure enclave to the software outside of the secure enclave. 10. A method according to claim 8 , wherein the call-out proxy module enables the processing device to automatically generate a call-out proxy routine, in response to detection of a call-out statement in the program. 11. A method according to claim 8 , wherein: the key that is tied to the secure enclave comprises a program key; the secure enclave comprises an execution enclave; and the method further comprising, before decrypting the encrypted version of the program in the secure enclave: saving the encrypted version of the program in unprotected storage; creating a different secure enclave to serve as an installation enclave; obtaining the program key from within the installation enclave; and sealing the program key in a way that ties the sealed program key to the execution enclave. 12. A method according to claim 11 , further comprising: using a measurement associated with the execution enclave to obtain an enclave key for the execution enclave; and using the enclave key to decrypt the program key; and wherein the operation of using the key that is tied to the secure enclave to automatically decrypt the encrypted version of the program comprises using the decrypted prog