Brussels / 2 & 3 February 2019


Updates from the RISC-V TEE Group

Working on a Trusted Execution Environment spec for RISC-V

In this talk, I'll try to provide an overview of the RISC-V Trusted Execution Environment working group, and what we are working on.

A Trusted Execution Environment guarantees the integrity and confidentiality of code and data, ARM has TrustZone, Intel has SGX, and we are working on a similar spec for RISC-V. Our main tool is Physical Memory Protection (PMP) functionality of RISC-V (part of the Privilege spec) for isolating the execution environment's hart (hardware thread) from the rest of the harts on the system, and an implementation of a Physical Memory Attributes (PMA) verification hw block for protecting the environment's memory from other devices. The goal is to provide a flexible and salable architecture, that can work from 32bit embedded devices without MMU, to large 64bit systems with virtual machines etc, and keep it as simple and RISCy as possible.


Nick Kossifidis