The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware. We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the management of secure peripherals. The proposed security architecture for RISC-V platform is verified experimentally using the HiFive Unleashed RISC-V development board.
@article{arxiv.2211.10299,
title = {Trusted Hart for Mobile RISC-V Security},
author = {Vladimir Ushakov and Sampo Sovio and Qingchao Qi and Vijayanand Nayani and Valentin Manea and Philip Ginzboorg and Jan Erik Ekberg},
journal= {arXiv preprint arXiv:2211.10299},
year = {2023}
}
Comments
This is an extended version of a paper that has been published in Proceedings of TrustCom 2022