RISC-V

A Trusted Execution Environment guarantees the integrity and confidentiality of code and data, ARM has TrustZone, Intel has SGX, and we are working on a similar spec for RISC-V. Our main tool is Physical Memory Protection (PMP) functionality of RISC-V (part of the Privilege spec) for isolating memory regions of the execution environment's hart (hardware thread) from the rest of the harts on the system. We are also working on a proposal for an I/O PMP hw block for providing similar memory isolation between the different devices on the system (bus masters). The goal is to provide a flexible and scalable solution, that can work from 32bit embedded devices without MMU, to large 64bit systems with virtual machines etc, and keep it as simple and RISCy as possible.