Our systematization of knowledge publication „In Hardware We Trust? From TPM to Enclave Computing on RISC-V“ which discusses RISC-V security architectures is published at the VLSI-SoC 2021 conference!
At Sanctuary, we have a close bond to security research and thus are always investigating the newest security trends on Arm, the x86 architecture and also on emerging computing platforms. One technology that gained a lot of momentum in recent years is the Instruction Set Architecture (ISA) RISC-V. The open licensing model of RISC-V makes it especially interesting for the research community and start-ups to explore the design of completely new processors, whereby some of them already include advanced features such as out-of-order execution like the BOOM processor core. Moreover, even some big players of the semiconductor industry developed custom RISC-V processor cores. A list of all RISC-V processors taped out today can be found on the RISC-V Github.
On the security front, the RISC-V standard offers only some basic security mechanisms but the openness of RISC-V motivated security researchers around the globe to design and develop novel security architectures and mechanisms for the RISC-V platform across the full stack, both hardware and software. This brought rise to a number of novel enclave security architectures which attempt to address the shortcomings of existing industry solutions, and steer the future for upcoming industry solutions. Enclave architectures like our Sanctuary platform, which are also called Trusted Execution Environments (TEE), are a specific type of security architecture which offer execution contexts, called enclaves, that are strongly isolated from the rest of the software on a system, e.g., the operating system. Thus, enclaves are predestined to protect the most security-sensitive applications on a system. In this publication, we provide a brief overview of the most-known RISC-V based enclave architectures in academia, while highlighting their features, advantages and limitations.
You can download the full publication here: