Evaluating Secure Enclave Firmware Development for Contemporary RISC-V Workstations

Abstract

The emergence of the open-source RISC-V ISA empowers developers and engineers, device manufactures, industry leaders, nation-states, adversaries and allies alike with the unique opportunity to re-evaluate existing Trusted Computing paradigms. Emerging open-source security mechanisms facilitate the proliferation of Confidential Computing principles. These technology standards aim to provide secure enclave computing as a fundamental computing attribute, inherent within the RISC-V ISA specification. Security enforcement within these enclaves are handled by performing computation in memory-isolated, hardware-based, software-defined TEEs. This research evaluates the firmware development procedures required to implement Keystone Enclave on new unsupported hardware. Expressly, this effort extends Keystone SM firmware components for use on the HiFive Unmatched development platform as a demonstration of Keystone Enclaves device portability claims. Furthermore, it proposes Keystone SDK and Eapp development recommendations to supplement contemporary ASICRISC-V workstations with TEEs. Moreover, this research asserts that for the wide-spread adoption of Confidential Computing principles to occur, significant hardware, firmware, and software development advancements are required by all constituent parties.

Document Details

Document Type

Technical Report

Publication Date

Mar 01, 2022

Accession Number

AD1166832

Entities

Tags