Skip to main content
FOSDEM PWA

Spock : a software-based RISC-V TEE

K.4.401 | Day 1 | 13:35 - 13:55 | Speakers: jip helsen

Spock : a software-based RISC-V TEE
A picture of a devroom at FOSDEM 2024
Open in browser
Get involved in the conversation!Join the chat

Notes

Abstract

Securing embedded devices, particularly those with minimal resources, presents a unique and pressing challenge. Conventional approaches to Trusted Execution Environments (TEEs) often require specialized hardware or substantial system resources, leaving low-end devices vulnerable to breaches. The need for a lightweight, efficient solution that bridges this gap is greater than ever in today’s interconnected world.

Introducing Spock

Through the development of Spock, we have created a versatile and efficient Trusted Execution Environment (TEE) tailored for RISC-V embedded devices. By relying solely on Physical Memory Protection (PMP) for isolation and requiring only machine and user modes as specified in the RISC-V privileged instruction set, Spock delivers robust security without relying on any specialized hardware.

At the core of Spock’s architecture is the Security Manager (SM), which plays a key role in managing enclave data and buffer permissions. The SM enables Spock to efficiently virtualize buffers and dynamically allocate PMP entries, providing a flexible and scalable approach to memory isolation. By leveraging this abstraction, Spock can create virtual enclaves that surpass hardware-imposed limitations, such as the number of PMP entries.

Core Features and Capabilities

Spock’s minimalist API design delivers essential security functions, including secure execution and attestation. This design supports:

  • Virtualization of critical operations while maintaining a minimal Trusted Computing Base (TCB).
  • Integration into very low resource embedded devices.
  • Both relocatable and fixed enclaves, offering flexibility for diverse use cases.

Why Spock Matters

Spock’s design represents a modern, efficient solution for secure computing in low-resource embedded devices. Its ability to combine robust security with minimal hardware requirements makes it uniquely suited for the demands of today’s connected world, ensuring that even the smallest devices can operate securely.

Available at : https://github.com/jiphelsen/Spock

Speakers

jip helsen
Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.