Online / 6 & 7 February 2021


Penglai Enclave: Verifiable and Scalable RISC-V TEE System

Emerging applications like artificial intelligence and autonomous car require high security-assurance, which stimulates the wide-spread deployment of trusted execution environment (TEE). However, prior enclave systems are far from the ideal for three reasons. 1) Scalability: only support limited secure memory or limited number of instances; 2) Performance: not well-fit the requirements of high-performance application, e.g., poor secure communication performance; 3) Security: many still have security flaws, e.g., suffering cache-based side channels attacks.

Penglai-Enclave is proposed to overcome these challenges. The Penglai open-source project aims to build a scalable and efficient TEE system based on RISC-V, which is made powerful through hardware-assisted scalable physical memory isolation extensions. Our evaluations show that Penglai can achieve more than 1,000 concurrently running instances even in a resource-restricted device. We also have supported libraries like ARM PSA on Penglai to ease the development of trusted applications, and applied formal methods to validate its software TCB.


Photo of Dong Du Dong Du