Basic secure services for standard RISC-V architectures

Abstract

Trusted Execution Environments (TEEs) have gained prominence as a means to enhance the security of complex system designs. However, TEE implementations such as ARM TrustZone and Intel SGX have been plagued by numerous vulnerabilities, prompting the research community to focus on identifying and resolving existing design flaws. Concurrently, the emergence of the RISC-V processor architecture presents an opportunity for widespread usage and customization.This research paper delves into the potential of the RISC-V architecture to incorporate TEE functionality, emphasizing the need to identify and mitigate possible pitfalls and vulnerabilities during the design phase. By examining current issues present in established TEE frameworks, we implemented and evaluated real-world services utilized by user applications and operating systems that leverage common TEE features on an up-to-date version of the standard RISC-V Instruction Set Architecture (ISA).Our findings reveal that the existing RISC-V ISA can successfully support secure file storage, cryptographic key management, and remote attestation services, employing standard-compliant unmodified RISC-V cores. However, our results also highlight the absence of mechanisms within RISC-V to ensure secure communication between the system and peripherals, thereby lacking means to interact safely with the user in the event of an operating system compromise. In conclusion, we discuss potential solutions to address this remaining challenge and suggest improvements for future research in securing communication channels and user interaction within the RISC-V architecture.