TEEP (Trusted Execution Environment Provisioning) on RISC-V - Akira Tsukamoto & Kuniyasu Suzaki
TEEP (Trusted Execution Environment Provisioning) on RISC-V - Akira Tsukamoto & Kuniyasu Suzaki, The National Institute of Advanced Industrial Science and Technology (AIST) IETF is defining Trusted Execution Environment Provisioning (TEEP) protocol to remotely install/update/delete of TA (Trusted Application) in TEE (Trusted Execution Environment) which provides hardware isolated security in CPU. TEEP is designed to be generic among different CPU architectures; however primary activity is on Intel and ARM only. Therefore, our team is implementing TEEP on RISC-V. TEEP consists of 3 major software components; “TEEP Broker” on the OS, “TEEP Agent” in the TEE, and “Trusted Application Manager (TAM)” as a remote server. These components manage certificates for authenticating TEE and TAM, and code signing of TA. All of the certificates are based on PKI management. The challenges of having TEEP on RISC-V is how to minimize required features, such as HTTP, Concise Binary Object Representation (CBOR) parser, inside TEE while keeping the portability of existing TA.
TEEP (Trusted Execution Environment Provisioning) on RISC-V - Akira Tsukamoto & Kuniyasu Suzaki, The National Institute of Advanced Industrial Science and Technology (AIST) IETF is defining Trusted Execution Environment Provisioning (TEEP) protocol to remotely install/update/delete of TA (Trusted Application) in TEE (Trusted Execution Environment) which provides hardware isolated security in CPU. TEEP is designed to be generic among different CPU architectures; however primary activity is on Intel and ARM only. Therefore, our team is implementing TEEP on RISC-V. TEEP consists of 3 major software components; “TEEP Broker” on the OS, “TEEP Agent” in the TEE, and “Trusted Application Manager (TAM)” as a remote server. These components manage certificates for authenticating TEE and TAM, and code signing of TA. All of the certificates are based on PKI management. The challenges of having TEEP on RISC-V is how to minimize required features, such as HTTP, Concise Binary Object Representation (CBOR) parser, inside TEE while keeping the portability of existing TA.