Construction of RISC-V Lightweight Trusted Execution Environment Based on Hardware Extension

The trusted execution environment (TEE) can prevent malicious programs from accessing the sensitive memory of application software, thereby ensuring the security of terminal devices in the process of collecting and transmitting data in the Internet of Things (IoT). The RISC-V architecture provides hardware support for the construction of a TEE, however, terminal devices based on RISC-V CPU face security challenges. Based on the mechanism of RISC-V hardware extension, this paper constructs a lightweight TEE scheme, which makes the trusted operating system kernel and embedded real-time operating system kernel run in the Machine (M) mode of higher CPU privilege in an isolated manner, and the application program runs in the User (U) mode, so the security operation of the terminal device in the IoT is ensured. In addition, an interrupt handling process for this scheme is also designed. This solution can be used as a reference design for a lightweight TEE for embedded systems whose CPU is based on RISC-V but only have M/U modes.