05-桂兵.pdf

1、RISC-V架构下OP-TEE 安全系统实践桂兵 芯来科技提纲2024/10/12Confidential 2024 Nuclei.All Rights Reserved.2 TEE 背景介绍 Nuclei OP-TEE 方案 Demo 展示TEE 背景介绍2024/10/12Confidential 2024 Nuclei.All Rights Reserved.3TEE(Trusted Execution Environment):由GP组织针对移动端设备，制定的安全解决方案。现有TEE情况：RISC-V 没有GP TEE标准的开源软件方案CPU 架构支持TEE的硬件支持TEE的软件ARM

2、TrustZoneQTEE/TEEgris/ITrustee/Trustonic/OP-TEERISC-VPMP，Worldguard，IOPMP，AP-TEEKeystone/PengLai/MutilZoneTEE 背景介绍2024/10/12Confidential 2024 Nuclei.All Rights Reserved.4ARM TrustzoneProcessor ArchitectureMonitor ModeSystem ArchitectureAXI/AXI2AHB/AXI2APBDebug ArchitectureSecure privileged/user inva

3、sive(JTAG)/non-invasive(Trace)debugHardware LibTZASC/TZPC/GICTEE 背景介绍2024/10/12Confidential 2024 Nuclei.All Rights Reserved.5RISC-V官方TEE标准：AP-TEE(in development)Keystone Enclave PMP M/S/UNuclei OP-TEE 方案2024/10/12Confidential 2024 Nuclei.All Rights Reserved.6HOST:UX900 MMU/PMP/PLIC Nuclei Secure har

4、t/bus/cache/tlb with secure bitHSM：N300 BootROM Efuse CryptoUX900QSPIUSARTQSPI2FRTDECN300MAILBOXDMATIMEREFUSEBROMACRYPWWGDHASHDDRCRYPTRNGHSM FABHOST FABHSMHOSTMMCNuclei OP-TEE 方案2024/10/12Confidential 2024 Nuclei.All Rights Reserved.7安全启动HSM BootROM从flash加载hsmboot到HSM ILM，验签解密HSM Boot从flash加载SPL到Hos

5、t CLM，验签解密，运行NSBS等待Host请求crypto 服务SPL 初始化DDR，从flash加载opensbi/optee/uboot到DDR，验签解密U-Boot从SD卡加载kernel/rootfs到DDR，验签解密Host验签和解密，通过MailBox请求HSM NSBS服务SPL-OpenSBI-OP-TEE-U-Boot-KernelNuclei OP-TEE 方案2024/10/12Confidential 2024 Nuclei.All Rights Reserved.8隔离机制-内存隔离，CPU安全状态隔离PMP实现内存隔离：区分安全系统与非安全系统的内存地址空间M模

6、式Monitor：管理CPU安全状态上下文，负责CPU安全状态上下文切换，执行地址空间切换PMP配置以编号小的优先级高结合Nuclei Secure特性，CPU安全状态有硬件支持，BUS/Cache/TLB也区分硬件安全状态SM M-modeTEE S-modeREE S-modeShare S-modeU-modepmp0pmp1pmp2pmp3DDRpmp4USERREE-OSTEE-OSVirtual Address SpaceNuclei OP-TEE 方案2024/10/12Confidential 20