Trusted Hart for Mobile RISC-V Security
Vladimir Ushakov, Sampo Sovio, Qingchao Qi, Vijayanand Nayani,, Valentin Manea, Philip Ginzboorg, Jan Erik Ekberg
TL;DR
This paper explores porting mobile security frameworks to RISC-V architecture, proposing a new architecture with a Trusted Hart and verifying it experimentally on a RISC-V development board.
Contribution
It identifies gaps in Keystone for RISC-V TEEs and introduces a security architecture with a Trusted Hart supporting GlobalPlatform API.
Findings
Verified architecture on HiFive Unleashed board
Supported GlobalPlatform TEE API in RISC-V environment
Enhanced security functions with Trusted Hart
Abstract
The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware. We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Real-Time Systems Scheduling · Distributed systems and fault tolerance