Hi! Good morning!
The security mechanisms we studied before were all based on ARM, but the momentum of RISCV has been very strong recently, so today I will introduce a RISCV TEE. Here is a brief introduction. If you are interested, you can get more details in the Resources at the end of the article. data of. Let’s take a look below~
Multi-zone security for RISC-V
The first Trusted Execution Environment (TEE) for RISC-V processors
For RISC-V applications that require strong hardware security, MultiZone® security provides hardware-enforced software-defined separation of multiple equally secure domains with complete control over data, programs and peripherals.
Contrary to traditional solutions, MultiZone® Security does not require additional IP blocks or changes to existing firmware. Open source libraries, third-party binaries, and legacy code can be configured in minutes for unprecedented security and safety.
MultiZone® Security is based on free and open standards, open source on GitHub, free for evaluation licenses, and royalty-free for commercial use.
MultiZone Security, the first Trusted Execution Environment for RISC-V, develops a lightweight, policy-based security environment for RISC-V that scales from small single-core IoT devices to multi-core SMP Linux applications.
MultiZone®Security consists of the following components:
-
MultiZone® nanoKernel – Lightweight, formally verifiable bare kernel offering policy-driven hardware-enforced separation of ram, rom, i/o, and interrupts.
-
MultiZone® Messenger – Communication infrastructure for exchanging secure messages across zones without shared memory .
-
MultiZone® Configurator – Combines a fully linked zone executable with policy and kernel to generate a secure boot firmware image.
-
MultiZone® Secure Boot – two-stage secure bootloader to verify firmware image integrity and authenticity (sha-256/sha-512/ECC)
(I feel like this algorithm is almost meaningless)
How does MultiZone Security work?
MultiZone Security can be seamlessly integrated into existing IDEs such as Eclipse or command-line based toolsets.
- Application blocks are written, compiled and linked separately for each region , resulting in a set of elf or hex files.
- The multi-region strategy is set to achieve the ram, rom, i/o and interrupt isolation required for each region - RWX, with a granularity as low as 4 bytes .
- Finally, the MultiZone Configurator is invoked to merge the zone elf/hex files with the MultiZone runtime into a signed firmware image.
- The whole system can be written, compiled and debugged using existing GNU or Eclipse tool sets .
Function
- Preemptive real-time scheduler: loop/collaboration, configurable time scale, cpu overhead <1%
- Formally verifiable, written entirely in assembly, self-contained - no third-party library dependencies
- Unlimited number of isolated trusted execution environments (zones) - hardware enforcement, policy definition
- Each area has up to 32 memory mapped resources, namely flash memory, ram, I/O, uart, gpio, timer, etc.
- Any combination of top-level and naturally aligned configurations—minimum granularity is 4 bytes
- Any combination of read, write, and execute policies—overlapping resources are allowed but not recommended
- Built-in support for fences configured by region, i.e. cache/pipeline/instruction/load/store
- Full support for PLIC and CLIC interrupts – fully configurable region/interrupt mapping
- Full support for safe user-mode interrupt handlers, even without the "N" extension
- Full support for low-latency vectored interrupts, preemptible interrupts, and wait-for-interrupt-suspend modes
- Built-in traps and emulation for most protected instructions, i.e. CSR read-only
- Secure inter-zone communication infrastructure based on messaging—no shared memory/buffers
- C library wrapper for protected mode execution - via ECALL exception handling mechanism
- Signed boot works with two-stage bootroom and/or public key/root of trust/PUF–SHA-256/ECC
- Command-line configuration tool compatible with any operating system capable of running Java 1.8
development environment
- Eclipse IDE, including MCU and GNU toolchain plugins and OpenOCD/JTAG/GDB real-time debugging
- AndeSight™ IDE with ICE or OpenOCD
- SiFive FreedomStudio IDE including MCU and GNU toolchain plugins and OpenOCD/JTAG/GDB real-time debugging
- Linux and Windows command line tools (make, gcc, gdb, etc.) – Java 1.8 required for native Linux, Windows
- Built-in board support package for X300 (Rocket), Andes N(X)25, SiFive E31 and S51
System Requirements
- 32-bit or 64-bit RISC-V ISA with "S" or "U" extensions
- Physical memory protection compliant with version 1.10
- 4KB Flash and 1KB RAM
Resources
The following is relevant information