The majority of mobile devices today are based on Arm architecture that supports the hosting of trusted applications in Trusted Execution Environment (TEE). RISC-V is a relatively new open-source instruction set architecture that was engineered to fit many uses. In one potential RISC-V usage scenario, mobile devices could be based on RISC-V hardware. We consider the implications of porting the mobile security stack on top of a RISC-V system on a chip, identify the gaps in the open-source Keystone framework for building custom TEEs, and propose a security architecture that, among other things, supports the GlobalPlatform TEE API specification for trusted applications. In addition to Keystone enclaves the architecture includes a Trusted Hart -- a normal core that runs a trusted operating system and is dedicated for security functions, like control of the device's keystore and the management of secure peripherals. The proposed security architecture for RISC-V platform is verified experimentally using the HiFive Unleashed RISC-V development board.

翻译：当前大多数移动设备采用支持可信执行环境（TEE）中托管可信应用程序的Arm架构。RISC-V是一种较新的开源指令集架构，旨在适配多种应用场景。在RISC-V的潜在应用场景中，移动设备可基于RISC-V硬件实现。本文探讨将移动安全栈移植至RISC-V系统级芯片（SoC）所产生的影响，识别开源Keystone框架在构建定制化TEE时的不足，并提出一种安全架构。该架构除支持GlobalPlatform TEE应用程序编程接口规范外，还包含Keystone飞地机制及"可信处理器核心"——一个运行可信操作系统并专用于安全功能的常规核心，负责设备密钥库的管控与安全外设管理。通过HiFive Unleashed RISC-V开发板对该架构进行实验验证。