Hardware-assisted Isolated Execution Environment to run trusted OS and applications on RISC-V
1 like1,526 views
This document discusses hardware-assisted isolated execution environments (HIEE) and trusted execution environments (TEE) on RISC-V processors. It describes how TEEs are implemented using privileges worlds on ARM TrustZone and Intel SGX. For RISC-V, it summarizes proposals for TEEs including Sanctum, MultiZone, and using seL4 microkernel to implement OP-TEE. It also briefly discusses TEE implementations on FPGAs, GPUs, virtualization, and the IETF's TEE provisioning protocol.
![HIEE: Hardware-assisted Isolated Execution Environments*
• HIEE is used for important process which is independent of OS.
• Current CPU has HIEE.
– SMM: System Management Mode
• Used by BIOS/UEFI for ACPI, etc.
– Intel’s ME: Management Engine.
• Run MINIX. Used for remote wakeup.
– Intel SGX
– ARM TrustZone
3
* SoK:A Study of Using Hardware-assisted Isolated Execution Environments for Security[HASP16]
On RISC-V
⇒ Machine Mode
⇒ ???
⇒・ Sanctum of MIT
・ Keystone of UCB
⇒・ MultiZone of Hex-Fife
・ TEE WG of RISC-V
Foundation
They are not
programmable for a
user.
They are
programmable for a
user.
They are used for
TEE.](https://image.slidesharecdn.com/micro51-risc-v-workshop-2018-suzaki-181020051726/85/Hardware-assisted-Isolated-Execution-Environment-to-run-trusted-OS-and-applications-on-RISC-V-3-320.jpg)
![Sanctum [USENIX Sec’16]
• Figure of software stack
– Enclave is created o User Mode.
– Secure Monitor on Machine
mode helps the secure creation
of enclave.
12
https://www.usenix.org/sites/default/files/conference/protected-files/security16_slides_costan.pdf](https://image.slidesharecdn.com/micro51-risc-v-workshop-2018-suzaki-181020051726/85/Hardware-assisted-Isolated-Execution-Environment-to-run-trusted-OS-and-applications-on-RISC-V-12-320.jpg)
![Other Implementation of TEE
• Hardware
– FPGA TEE “Iso-X” (SUNY at Binghamton) [Micro47 2014]
– GPU TEE “Graviton” (Microsoft Research) [OSDI’18]
• Requires NVIDIA GPU extension
• Software
– TrustZone virtualization “vTZ” (Shanghai Jiao Tong University) [USENIX Sec’17]
• Virtualize TrustZone for VMs
– TEE delegation “DelegaTEE” (ETH Zurich) [USENIX Sec’18]
• DelegaTEE is implemented by Intel SGX
– TEE Migration (INRIA) [IFIP WISTP’15]
• privacy-preserving TEE profile migration protocol
13](https://image.slidesharecdn.com/micro51-risc-v-workshop-2018-suzaki-181020051726/85/Hardware-assisted-Isolated-Execution-Environment-to-run-trusted-OS-and-applications-on-RISC-V-13-320.jpg)
Hardware-assisted Isolated Execution Environment to run trusted OS and applications on RISC-V
- 1. Hardware-assisted Isolated Execution Environment to run trusted OS and applications on RISC-V (@MICRO51 RISC-V Workshop) 1 National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki, Akira Tsukamoto
- 2. Contents • What is HIEE? What is TEE? • Implementation of Trusted OS on TEE • Different implementation of TEE hardware – TEE Differences on ARM Cortex-M, Cortex-A 32, and Cortex-A 64. – RISC-V’s TEE – Other (FPGA, GPU, virtualization, etc) • IETF’s TEEP • Conclusions 2 The difference from RISC-V Day Tokyo 2018. Software view (RISC-V day Tokyo), Hardware view (Micro51 workshop) Slides will be opened at https://www.slideshare.net/suzaki
- 3. HIEE: Hardware-assisted Isolated Execution Environments* • HIEE is used for important process which is independent of OS. • Current CPU has HIEE. – SMM: System Management Mode • Used by BIOS/UEFI for ACPI, etc. – Intel’s ME: Management Engine. • Run MINIX. Used for remote wakeup. – Intel SGX – ARM TrustZone 3 * SoK:A Study of Using Hardware-assisted Isolated Execution Environments for Security[HASP16] On RISC-V ⇒ Machine Mode ⇒ ??? ⇒・ Sanctum of MIT ・ Keystone of UCB ⇒・ MultiZone of Hex-Fife ・ TEE WG of RISC-V Foundation They are not programmable for a user. They are programmable for a user. They are used for TEE.
- 4. What is TEE? • TEE: Trusted Execution Environment. – TEE separates computing world into “normal” and “secure”. • Secure world is used to run a critical code (e.g., authentication, DRM, etc). – GlobalPlatform defines TEE specification. • https://globalplatform.org/technical-committees/trusted-execution-environment-tee-committee/ 4 CPU TEE Secure World Normal World App Normal OS
- 5. Privileges for TEE • Global Platform's TEE specification assumes plural privileges on both worlds. – Normal world runs normal applications on a normal OS. – Secure world runs trusted applications (TAs) on a trusted OS. • ARM Trust Zone offers same privileges to normal and secure world. • Intel SGX has only one privilege (enclave). – Enclave is different from Ring architecture. 5 CPU Trusted OS Secure World Normal World App Normal OS Trusted Application (TA) POSIX APIGP TEE API
- 6. ARM Trusted OS on ARM Trust Zone • GlobalPlatform model 6 Secure world Normal world Normal Applications Normal OS NIC Core Trusted OS Trusted Applications (TA) Core Secure Monitor Hard eMMCUART Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure SMC (Secure Monitor Call) instruction Memory Static allocate Dynamic allocate
- 7. ARM Trusted OS on ARM Trust Zone • GlobalPlatform model – Interrupt is also separated. (depending on configurations) – 7 Secure world Normal world Normal Applications Normal OS NIC Core Trusted OS Trusted Applications (TA) Core Secure Monitor Hard eMMCUART Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure SMC (Secure Monitor Call) instruction Memory Static allocate Dynamic allocate FIQ IRQ IRQ
- 8. Difference of Implementation of Trusted OS https://www.slideshare.net/linaroorg/arm-trusted-firmareforarmv8alcu13 • Cortex-A 32bit and 64bit Different EL Layered Architecture Security is important Same EL Response is important for safety
- 9. Comparing Cortex-A and Cortex-M • Cortex-A follows the layer architecture of GlobalPlatform TEE. • Cortex-M’s mode (thread or handler) can be privilege or unprivileged. • Cortex-M TrustZone doesn’t provide monitor mode, because latency is important for safety. Cortex-MCortex-A Bernard Ngabonziza, Daniel Martin, Anna Bailey, Haehyun Cho and Sarah Martin, “TrustZone Explained: Architectural Features and Use Cases”,IEEE International Conference on Collaboration and Internet Computing (2016)
- 10. OP-TEE on RISC-V using seL4 • Rahul Mahadev’s Google Summer of Code • http://mahadevrahul.blogspot.com/ – The TrustZone features and secure monitor must be implemented as a seL4 library. – OPTEE is paravirtualized, all calls referencing ARM Trusted Firmware and secure monitor are replaced with new calls. 10 seL4 Rich OS (Linux) Library to emulate TrustZone VMM Paravirtualized OPTEE TAApp
- 11. MultiZone of Hex-Five • MultiZone is announced • MultiZone is based on nanokernel. – https://hex-five.com/wp- content/uploads/2018/09/hex_five_multizone_datasheet.20180920.pdf – System Requirements • 32 bit or 64 bit RISC-V ISA with ‘S’ or ‘U’ extensions • Physical Memory Protection compliant with Ver. 1.10 • 4KB FLASH and 1KB RAM 11
- 12. Sanctum [USENIX Sec’16] • Figure of software stack – Enclave is created o User Mode. – Secure Monitor on Machine mode helps the secure creation of enclave. 12 https://www.usenix.org/sites/default/files/conference/protected-files/security16_slides_costan.pdf
- 13. Other Implementation of TEE • Hardware – FPGA TEE “Iso-X” (SUNY at Binghamton) [Micro47 2014] – GPU TEE “Graviton” (Microsoft Research) [OSDI’18] • Requires NVIDIA GPU extension • Software – TrustZone virtualization “vTZ” (Shanghai Jiao Tong University) [USENIX Sec’17] • Virtualize TrustZone for VMs – TEE delegation “DelegaTEE” (ETH Zurich) [USENIX Sec’18] • DelegaTEE is implemented by Intel SGX – TEE Migration (INRIA) [IFIP WISTP’15] • privacy-preserving TEE profile migration protocol 13
- 14. IETF’s TEEP • Trusted Execution Environment Provisioning – https://datatracker.ietf.org/wg/teep/about/ – Protocol to mange TA: Trusted Application. • TAM(Trusted Application Manager) controls life cycle of TA (create, update, and delete). • TEE’s API (Trusted OS) is important. 14
- 15. Conclusions • RISC-V TEE from the view of hardware • Hardware TEE has many implementations and software implementation follows them. • We must evaluate the security cost for assets. 15 See RISC-V Day Tokyo 2018 for software view Slide of RISC-V Day Tokyo 2018 and Micro51 RISC-V workshop will be opened at https://www.slideshare.net/suzaki