In this talk, I'll try to provide an overview of the RISC-V Trusted Execution Environment working group, and what we are working on.
A Trusted Execution Environment guarantees the integrity and confidentiality of code and data, ARM has TrustZone, Intel has SGX, and we are working on a similar spec for RISC-V. Our main tool is Physical Memory Protection (PMP) functionality of RISC-V (part of the Privilege spec) for isolating memory regions of the execution environment's hart (hardware thread) from the rest of the harts on the system. We are also working on a proposal for an I/O PMP hw block for providing similar memory isolation between the different devices on the system (bus masters). The goal is to provide a flexible and scalable solution, that can work from 32bit embedded devices without MMU, to large 64bit systems with virtual machines etc, and keep it as simple and RISCy as possible.
Speakers: Nick Kossifidis