Secure Services for Standard RISC-V Architectures

In systems security Trusted Execution Environments have been developed as a mean to offer additional security to existing complex system designs. In the past multiple vulnerabilities have affected TEE implementations like ARM TrustZone and Intel SGX, which is why the research community has been looking to identify and solve existing design flaws. Another branch of computer science looks at RISC-V, a modern processor architecture that allows everyone to use and extend it. In this work, we analyze the current possibilities of the RISC-V architecture to provide TEE-related functionality while avoiding potential pitfalls and vulnerabilities early on in the design process. By looking at the current problems in established TEE frameworks, we implemented and tested actual services used by user applications and operating systems that implement common TEE features on a recent version of the standard RISC-V ISA. We found that the current technology can be used to implement file storage and cryptographic key management services without modifications to the standard. Unfortunately, our results show that RISC-V offers no solution to secure I/O communication with peripherals on a system, and therefore also no safe way to interact with the user in case of an OS compromise. We discuss potential solutions to this remaining problem.