| 2:00 PM | RISC-V Welcome - Kim McMahon, RISC-V International | |
| 2:05 PM | RISC-V International Security Overview - Helena Handschuh, Rambus Inc. | |
| 2:25 PM | On the Efficiency of RISC-V Cryptographic Instruction Set Extensions - Tolga Yalcin & Gorkem Nisanci, Northern Arizona University | Cryptography and bit-manipulation instruction set extensions have been proposed for RISC-V. However, their efficiency in terms of code size and execution time reduction have not been thoroughly investigated on different algorithms except AES and SHA. In this study, we have implemented various algorithm with and without the proposed extensions and compared them. We have also implemented the supporting hardware for the proposed instructions and integrated it into a generic RISC-V core and included the results in our comparison. |
| 2:45 PM | Lightning Talk: Timesecbench: A Work in Progress Benchmark Suite to Assess Timing Leakages - Ronan Lashermes, INRIA | Timing leakage in the microarchitecture is a pervasive threat against the confidentiality of our data. In order to design more secure devices, we must first be able to evaluate the leakage. We present timesecbench, an ongoing work to develop a security benchmark suite to assess timing leakage in microarchitectural components. We will discuss the goals, the challenges, and give a glimpse of how the benchmarks work. |
| 2:55 PM | Trusted RV: Trusted Execution Environment, Secure Coprocessor, and their Programming - Kuniyasu Suzaki, AIST: National Institute of Advanced Industrial Science and Technology | We have developed the Trusted RV which is a combination of 4 core 64bit RISC-V (namely, AC: Application Core) and 1 core 32bit RISC-V Secure Coprocessor (namely, SU: Secure Unit). The AC runs Keystone as Trusted Execution Environment and the SU works as a "Root of Trust" to keep and process critical information (e.g., Device Key, Certificate). The Trusted RV is implemented on an FPGA (Xilinx VC707) and a simulator. To make a Trusted Application (TA) on the Trusted RV, we offer a programing and management environment. We developed a library for GlobalPlatform TEE internal APIs on Keystone. The communication from the AC to the SU is limited for Keystone's Enclave only and keeps security. A TA is managed by TEEP (Trusted Execution Environment Provisioning) and can be installed/updated/deleted from a server securely. In this talk, we explain the total secure implementation of TEE. |
| 3:15 PM | Lightning Talk: What in RISC-V IOPMP - Shan-Chyun Ku, Andes Technology | We all know in a secure platform, all transactions from bus masters should be regulated. RISC-V processors have PMPs and sPMPs, and the other bus masters, e.g., DMA and non-RISC-V processors, should have IOPMPs. But, what exactly does an IOPMP do? After months’ discussion, the TEE Task Group comes out with several major functions and features that an IOPMP should be capable of. We will discuss them in this talk. The diversity of platforms is realized; some are optimized for performance, some for cost, and some for scalability. Thus, a certain number of options in the current IOPMP proposal are provided, including illegal access handling, sizes of tables, the number of look-up layers, and so on. One can imagine that cost-sensitive platforms and performance-driven platforms have quite different options. On the other hand, to avoid confusing users due to the detail of these options, the concept of profiles is introduced. A profile represents a kind of optimization target or a type of platforms. TheTEE Task Group works on a couple of commonly-used profiles to help platform-developers select the above options for ease of adoption. In this talk, the following items will be presented: the major functions and features that RISC-V IOPMP would have, the options and the applicable scenarios, and the commonly-used profiles that the TEE Task Group is working on. |
| 3:25 PM | RISC-V Based Secure Flight Computer System - Dr. Shreekant Thakkar, Technology Innovation Institute | The goal of the project is to develop an open RISC-V-based SoC architecture and software stack for adoption on secure application processors for drone flight computer applications to innovate in processor and platform design co-optimizing security, resilience, power efficiency, and real-time performance.
We target one order of magnitude improvements in performance and efficiency with respect to current commercial flight computer systems while delivering the reliability and security requirements needed by flight computer systems applications.
The talk will describe our goals of research partners and us in helping deliver this solution using the open-source RISC-V architecture. |
| 3:45 PM | Lightning Talk: A Trusted OS for RISC-V ? OP-TEE is a Candidate - Marouene Boubakri, NXP | Several products varying from mobile, automotive, and industrial, rely on TEE to protect sensitive information integrity and confidentiality by providing a secure environment for data processing. OP-TEE is an open-source project which offers a secure OS able to run on TEE as a companion to a non-secure OS (Linux, Android). Numerous OP-TEE trusted applications (TAs) had been developed for various purposes (DRM, on-line payment etc). With the rapid development of the RISC-V ecosystem, a software stack to guarantee compatibility with the existing TAs is needed. This talk presents an effort of porting OP-TEE to RISC-V. We made a first milestone and the implementation has been tested to assess its correct behavior functionally. Evaluation against several TAs showed good results regarding compatibility. We are now working on upstreaming the patches to be available for the community. |
| 3:55 PM | Using PMP, ePMP and Rust to Protect Embedded Kernels, Even from Themselves - Alistair Francis, Western Digital | Desktop computer systems have used the Memory Management Unit (MMU) to enforce W^X (write xor execute) to help mitigate data execution attacks. Sometimes refereed to as Data Execution Prevention (DEP), W^X is a useful mechanism to help lock down systems. Although embedded systems don't have an MMU, PMP and ePMP can be used on RISC-V to enforce W^X. This talk will discuss the work done with Tock to utilise the RISC-V PMP and ePMP to both enforce W^X on kernel memory and to also isolate untrusted applications from the kernel. Tock is an embedded Operating System (OS) written in Rust, which is a memory safe language. Tock is the OS being used for the open source OpenTitan RoT project. This talk will go into details of what protections this provides us and importantly what it doesn't protect against. |
| 4:15 PM | Extending Security to Resource Constrained Devices - Kate Stewart, The Linux Foundation | As we hear more in the news about supply chain attacks and the cost of them, the need to have trusted systems is growing in awareness. A large part of the problem is the lack of transparency on the software and hardware components that make up embedded systems, especially in the area of safety critical applications and establishing secure communications.
The Zephyr RTOS was started 5 years ago, with the goal of being a safe and secure RTOS for resource constrained devices that could be used where Linux is not an option. Some of the capabilities that the project has nurtured in order to have transparency and security for software on these constrained devices, can be extended these to the system and chip level with systems build on RISC-V. This can provide significant efficiencies in security, as well as a sound framework to used in applications that have safety requirements. |
| 4:25 PM | Information Flow Confidentiality and Integrity on a Rocket RISC-V SoC - Gregory Sullivan, Dover Microsystems | Dover Microsystems has developed information flow policies, enforced at the per-word and per-instruction level, to track confidentiality and integrity taint through computations. Dover Microsystems enforces these policies in hardware on an SoC built around a Rocket RISC-V core. The policies identify trusted (for integrity) and private (for confidentiality) data sources and sinks. Dover's confidentiality policy prevents private data from being written to a public output unless the data has encrypted. The integrity policy checks that trusted data has not been modified before being used. If private data is combined with other data (e.g. by ALU), the result is private. If trusted data is combined with other data, the result is untrusted. Greg will demonstrate use cases around protecting the integrity of an eFPGA bitstream and the confidentiality of AES keys. |
| 4:45 PM | OpenSBI Domain Support - Anup Patel, Western Digital Corporation | The OpenSBI firmware is one of the most widely used M-mode runtime firmware in RISC-V world. This firmware provides Supervisor Binary Interface (SBI) and various other services to the S-mode software. This talk will focus on the OpenSBI domain support which was added to the OpenSBI project recently in v0.9 release. The OpenSBI domain support helps users achieve system level partitioning using RISC-V features (such as PMP) and it can be easily extended to use upcoming RISC-V features such as ePMP, IOPMP, etc. This talk will also include a small demo showing a small trusted bare-metal application running in it's own domain along with Linux running as separate domain. |
