Penglai utilizes PMP/sPMP to provide enclave functionalities, based on openSBI (v0.9) and no hardware modifications required.
Learn MorePenglai supports fine-grained isolation (4KB page-level) between untrusted host and enclaves utilizing hardware TVM features.
Learn MorePenglai customized for MCU devices (no MMU). It supports ARM PSA as the SDK, and actively maintained by Trustkernel.
Learn MoreEmerging applications like artificial intelligence and autonomous car require high security-assurance, which stimulates the wide-spread deployment of trusted execution environment (TEE), e.g., Intel SGX, AMD SEV and ARM TrustZone.
Penglai is an open-sourced, secure and scalable TEE system for RISC-V. It is designed for high scalability , great performance, and strong security guarantees . Penglai has three versions now: (1) Penglai-sPMP for unmodified hardware and unmodified OS (except a kernel module); (2) Penglai-TVM for unmodified hardware and slightly modified OS (with a clean patch) to support upto 1000 enclave instances in a single device; (3) Penglai-MCU for MCU devices (no MMU, M/U or M/S/U).
Penglai has been adopted as the default RISC-V TEE for OS distributions like openEuler and OpenHarmony, and also been deployed on device vendors like Nuclei.
12-2022
Penglai-mini was officially announced at RISC-V Summit 2022. Penglai-mini is a TEE system dedicated to IoT devices without an MMU. With sPMP lightweight S-mode isolation, the Penglai-mini can achieve great scalability and security with no additional overhead.
[Slides] [Video]
06-2021
Penglai's work was accepted by OSDI'21. Furthermore, Penglai was adopted by the OpenHarmony community.
01-2021
The main modules of Penglai were partially formally verified. In the meantime, Penglai was merged into the openEuler community.
01-2020
Penglai won the frontier exploration award of the China Open Instruction Ecosystem (RISC-V) Alliance.
12-2019
Penglai v1.0 was officially open-sourced. Moreover, we have proposed a new hardware isolation mechanism, namely SMPU, to the RISC-V community.
11-2019
Penglai can run 1000 enclaves at the same time. Meanwhile, Nuclei and Trustkernel announced that they would use Penglai.
06-2019
Project Penglai was officially launched. In the academic world, we have proposed flexible cross-world calls (ISCA'15) and XPC (ISCA'19), an architectural support for secure and efficient cross process call.
If you use Penglai or want to compare with Penglai, please consider using the following bib for citation.
@inproceedings {273705, author = {Erhu Feng and Xu Lu and Dong Du and Bicheng Yang and Xueqiang Jiang and Yubin Xia and Binyu Zang and Haibo Chen}, title = {Scalable Memory Protection in the {PENGLAI} Enclave}, booktitle = {15th USENIX Symposium on Operating Systems Design and Implementation ({OSDI} 21)}, year = {2021}, isbn = {978-1-939133-22-9}, pages = {275--294}, url = {https://www.usenix.org/conference/osdi21/presentation/feng}, publisher = {USENIX Association}, month = jul, }
Most of our team members from SJTU and communities.