The First Trusted Execution Environment for RISC-V Processors: MultiZone Security

News 2023-09-08 22:31:40 views: null

Hi! Good morning!

The security mechanisms we studied before were all based on ARM, but the momentum of RISCV has been very strong recently, so today I will introduce a RISCV TEE. Here is a brief introduction. If you are interested, you can get more details in the Resources at the end of the article. data of. Let’s take a look below~

Multi-zone security for RISC-V

The first Trusted Execution Environment (TEE) for RISC-V processors

For RISC-V applications that require strong hardware security, MultiZone® security provides hardware-enforced software-defined separation of multiple equally secure domains with complete control over data, programs and peripherals.

Contrary to traditional solutions, MultiZone® Security does not require additional IP blocks or changes to existing firmware. Open source libraries, third-party binaries, and legacy code can be configured in minutes for unprecedented security and safety.

MultiZone® Security is based on free and open standards, open source on GitHub, free for evaluation licenses, and royalty-free for commercial use.

MultiZone Security, the first Trusted Execution Environment for RISC-V, develops a lightweight, policy-based security environment for RISC-V that scales from small single-core IoT devices to multi-core SMP Linux applications.

MultiZone Security

MultiZone®Security consists of the following components:

  • MultiZone® nanoKernel – Lightweight, formally verifiable bare kernel offering policy-driven hardware-enforced separation of ram, rom, i/o, and interrupts.

  • MultiZone® Messenger – Communication infrastructure for exchanging secure messages across zones without shared memory .

  • MultiZone® Configurator – Combines a fully linked zone executable with policy and kernel to generate a secure boot firmware image.

  • MultiZone® Secure Boot – two-stage secure bootloader to verify firmware image integrity and authenticity (sha-256/sha-512/ECC)

(I feel like this algorithm is almost meaningless)

How does MultiZone Security work?

MultiZone Security can be seamlessly integrated into existing IDEs such as Eclipse or command-line based toolsets.

  • Application blocks are written, compiled and linked separately for each region , resulting in a set of elf or hex files.
  • The multi-region strategy is set to achieve the ram, rom, i/o and interrupt isolation required for each region - RWX, with a granularity as low as 4 bytes .
  • Finally, the MultiZone Configurator is invoked to merge the zone elf/hex files with the MultiZone runtime into a signed firmware image.
  • The whole system can be written, compiled and debugged using existing GNU or Eclipse tool sets .

Function

  • Preemptive real-time scheduler: loop/collaboration, configurable time scale, cpu overhead <1%
  • Formally verifiable, written entirely in assembly, self-contained - no third-party library dependencies
  • Unlimited number of isolated trusted execution environments (zones) - hardware enforcement, policy definition
  • Each area has up to 32 memory mapped resources, namely flash memory, ram, I/O, uart, gpio, timer, etc.
  • Any combination of top-level and naturally aligned configurations—minimum granularity is 4 bytes
  • Any combination of read, write, and execute policies—overlapping resources are allowed but not recommended
  • Built-in support for fences configured by region, i.e. cache/pipeline/instruction/load/store
  • Full support for PLIC and CLIC interrupts – fully configurable region/interrupt mapping
  • Full support for safe user-mode interrupt handlers, even without the "N" extension
  • Full support for low-latency vectored interrupts, preemptible interrupts, and wait-for-interrupt-suspend modes
  • Built-in traps and emulation for most protected instructions, i.e. CSR read-only
  • Secure inter-zone communication infrastructure based on messaging—no shared memory/buffers
  • C library wrapper for protected mode execution - via ECALL exception handling mechanism
  • Signed boot works with two-stage bootroom and/or public key/root of trust/PUF–SHA-256/ECC
  • Command-line configuration tool compatible with any operating system capable of running Java 1.8

development environment

  • Eclipse IDE, including MCU and GNU toolchain plugins and OpenOCD/JTAG/GDB real-time debugging
  • AndeSight™ IDE with ICE or OpenOCD
  • SiFive FreedomStudio IDE including MCU and GNU toolchain plugins and OpenOCD/JTAG/GDB real-time debugging
  • Linux and Windows command line tools (make, gcc, gdb, etc.) – Java 1.8 required for native Linux, Windows
  • Built-in board support package for X300 (Rocket), Andes N(X)25, SiFive E31 and S51

System Requirements

  • 32-bit or 64-bit RISC-V ISA with "S" or "U" extensions
  • Physical memory protection compliant with version 1.10
  • 4KB Flash and 1KB RAM

Resources

The following is relevant information

Guess you like

Origin blog.csdn.net/weixin_45264425/article/details/132703332
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com