Introducing RISC-V Confidential Computing for IoT Devices - Bicheng Yang & Dingji Lee,
Data security (protection of data in use) has recently emerged as an important security parameter for Internet-of-Things (IoT) devices such as smartphones, wearables, surveillance camera, drones, smart home devices, automobiles, etc., that are at the epicenter of data generation. Among other competing techniques, confidential computing is a popular mechanism prevalent in X86/ ARM platforms, that protects confidentiality/ integrity of security-sensitive applications/ data in use, by performing computation in a hardware-based attestable Trusted Execution Environment (TEE). RISC-V architecture currently lacks this capability, and we are proposing architecture for enabling confidential computing on resource-constrained IoT devices. For example, 1) IoT platforms with M/S/U-modes support but no MMU, there is no isolation between OS (S-mode) and user applications (U-mode), and 2) IoT platforms with only M-mode, there is no privilege separation between the OS and M-mode monitor code, etc., leading to data security vulnerabilities. In this talk, we introduce IoT TEE architecture and present APIs, sPMP extension, etc., to enable confidential computing for various IoT device profiles.
