Processing sensitive data and deploying well-designed Intellectual Property (IP) cores on remote Field Programmable Gate Array (FPGA) are prone to private data leakage and IP theft. One effective solution is constructing Trusted Execution Environment (TEE) on FPGA-SoCs (FPGA System on Chips). Researchers have integrated this type TEE with Trusted Platform Module (TPM)-based trusted boot, denoted as FPGA-SoC tbTEE. But there is no effort on secure and trusted runtime customization of FPGA-SoC TEE. This paper extends FPGA-SoC tbTEE to build Runtime Customizable TEE (RCTEE) on FPGA-SoC by additive three major components (our work): 1) CrloadIP, which can load an IP core at runtime such that RCTEE can be adjusted dynamically and securely; 2) CexecIP, which can not only execute an IP core without modifying the operating system of FPGA-SoC TEE, but also prevent insider attacks from executing IPs deployed in RCTEE; 3) CremoAT, which can provide the newly measured RCTEE state and establish a secure and trusted communication path between remote verifiers and RCTEE. We conduct a security analysis of RCTEE and its performance evaluation on Xilinx Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC.

翻译：在远程现场可编程门阵列（FPGA）上处理敏感数据并部署精心设计的知识产权（IP）核，容易导致私有数据泄露和IP窃取。一种有效的解决方案是在FPGA系统级芯片（FPGA-SoC）上构建可信执行环境（TEE）。研究者已将此类TEE与基于可信平台模块（TPM）的可信启动集成，称为FPGA-SoC tbTEE。然而，目前尚无针对FPGA-SoC TEE进行安全可信的运行时定制的研究。本文通过添加三个主要组件（我们的工作）扩展FPGA-SoC tbTEE，在FPGA-SoC上构建运行时定制TEE（RCTEE）：1) CrloadIP，可在运行时加载IP核，使RCTEE能动态且安全地调整；2) CexecIP，不仅能无需修改FPGA-SoC TEE操作系统即可执行IP核，还能防止内部攻击者执行部署在RCTEE中的IP；3) CremoAT，可提供新测量的RCTEE状态，并在远程验证者与RCTEE之间建立安全可信的通信路径。我们在Xilinx Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC上对RCTEE进行了安全性分析及性能评估。