On Securing the Software Development Lifecycle in IoT RISC-V Trusted Execution Environments
Annika Wilde, Samira Briongos, Claudio Soriente, Ghassan Karame
TL;DR
This paper introduces a toolkit that enhances RISC-V Trusted Execution Environments by enabling secure enclave updates, migrations, and state management, with minimal performance impact, supporting IoT and automotive applications.
Contribution
It presents a modular toolkit extending RISC-V TEEs to support secure enclave lifecycle management, compatible with existing implementations like Keystone and CURE.
Findings
Negligible performance overhead (<1.5%)
Enclave downtime as low as 0.8%
Supports secure updates and migrations
Abstract
RISC-V-based Trusted Execution Environments (TEEs) are gaining traction in the automotive and IoT sectors as a foundation for protecting sensitive computations. However, the supporting infrastructure around these TEEs remains immature. In particular, mechanisms for secure enclave updates and migrations - essential for complete enclave lifecycle management - are largely absent from the evolving RISC-V ecosystem. In this paper, we address this limitation by introducing a novel toolkit that enables RISC-V TEEs to support critical aspects of the software development lifecycle. Our toolkit provides broad compatibility with existing and emerging RISC-V TEE implementations (e.g., Keystone and CURE), which are particularly promising for integration in the automotive industry. It extends the Security Monitor (SM) - the trusted firmware layer of RISC-V TEEs - with three modular extensions that…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsReal-Time Systems Scheduling · Security and Verification in Computing · Safety Systems Engineering in Autonomy