NOW LOADING

Open-sourced RISC-V TEE for high scalability

Code on Github

OSDI'21 paper for Penglai RISC-V TEE

View the paper

Penglai-PMP/sPMP

Penglai utilizes PMP/sPMP to provide enclave functionalities, based on openSBI (v0.9) and no hardware modifications required.

Learn More

Penglai-TVM

Penglai supports fine-grained isolation (4KB page-level) between untrusted host and enclaves utilizing hardware TVM features.

Learn More

Penglai-MCU

Penglai customized for MCU devices (no MMU). It supports ARM PSA as the SDK, and actively maintained by Trustkernel.

Learn More

Penglai Enclave

Emerging applications like artificial intelligence and autonomous car require high security-assurance, which stimulates the wide-spread deployment of trusted execution environment (TEE), e.g., Intel SGX, AMD SEV and ARM TrustZone.

Penglai is an open-sourced, secure and scalable TEE system for RISC-V. It is designed for high scalability , great performance, and strong security guarantees . Penglai has three versions now: (1) Penglai-sPMP for unmodified hardware and unmodified OS (except a kernel module); (2) Penglai-TVM for unmodified hardware and slightly modified OS (with a clean patch) to support upto 1000 enclave instances in a single device; (3) Penglai-MCU for MCU devices (no MMU, M/U or M/S/U).

Case Studies

Penglai has been adopted as the default RISC-V TEE for OS distributions like openEuler and OpenHarmony, and also been deployed on device vendors like Nuclei.

openEuler​

openEuler is a widely-used OS distribution. Recently, openEuler 22.03 LTS was released, which is the first long-term version of openEuler that supports the whole scene of digital infrastructure. As a server operating system, openEuler needs confidential computing capabilities for scenarios like machine learning and AI to protect user privacy and model security.


openEuler community cooperates with Penglai team since 2021 and uses Penglai-Enclave as the confidential computing solution for RISC-V. Specifically, openEuler provides the native support for Penglai enclave (RISC-V version). Its unified confidential computing framework secGear relies on Penglai as the underlying TEE. In addition, Penglai supports trusted machine learning framework, which can enable secure ML applications.


As one of the cornerstones of openEuler confidential computing, Penglai-Enclave will work with the openEuler community to continuously improve the security of the whole OS and applications.

News and Roadmap

  • Technical Talk at RISC-V Summit 2022

    12-2022

    Penglai-mini was officially announced at RISC-V Summit 2022. Penglai-mini is a TEE system dedicated to IoT devices without an MMU. With sPMP lightweight S-mode isolation, the Penglai-mini can achieve great scalability and security with no additional overhead.
    [Slides] [Video]

  • OSDI Accepted

    06-2021

    Penglai's work was accepted by OSDI'21. Furthermore, Penglai was adopted by the OpenHarmony community.

  • Formal Verification

    01-2021

    The main modules of Penglai were partially formally verified. In the meantime, Penglai was merged into the openEuler community.

  • Frontier Award of China RISC-V Alliance

    01-2020

    Penglai won the frontier exploration award of the China Open Instruction Ecosystem (RISC-V) Alliance.

  • Penglai Open-sourced

    12-2019

    Penglai v1.0 was officially open-sourced. Moreover, we have proposed a new hardware isolation mechanism, namely SMPU, to the RISC-V community.

  • 1000 Enclaves Supported

    11-2019

    Penglai can run 1000 enclaves at the same time. Meanwhile, Nuclei and Trustkernel announced that they would use Penglai.

  • Penglai Officially Launched

    06-2019

    Project Penglai was officially launched. In the academic world, we have proposed flexible cross-world calls (ISCA'15) and XPC (ISCA'19), an architectural support for secure and efficient cross process call.

Cite Penglai

If you use Penglai or want to compare with Penglai, please consider using the following bib for citation.

Penglai OSDI'21
@inproceedings {273705,
author = {Erhu Feng and Xu Lu and Dong Du and Bicheng Yang and Xueqiang Jiang and Yubin Xia and Binyu Zang and Haibo Chen},
title = {Scalable Memory Protection in the {PENGLAI} Enclave},
booktitle = {15th USENIX Symposium on Operating Systems Design and Implementation ({OSDI} 21)},
year = {2021},
isbn = {978-1-939133-22-9},
pages = {275--294},
url = {https://www.usenix.org/conference/osdi21/presentation/feng},
publisher = {USENIX Association},
month = jul,
}

Our Teams

Most of our team members from SJTU and communities.

Erhu Feng (冯二虎)

Erhu Feng (冯二虎)

Bicheng Yang (杨璧丞)

Bicheng Yang (杨璧丞)

Xueqiang Jiang (江学强)

Xueqiang Jiang (江学强)

Yuhao Xue (薛宇豪)

Yuhao Xue (薛宇豪)

Qingyu Shang (尚晴宇)

Qingyu Shang (尚晴宇)

Xu Lu (路旭)

Xu Lu (路旭)

Jinyu Gu

Jinyu Gu

Dong Du

Dong Du

Yubin Xia

Yubin Xia

Explore More?

If you are curious to learn more, please refer the document page, propose any issues in github, and contribute to the project.

Need help

Please feel free to ask any issues you meet through the Github issue of Penglai-sPMP or Penglai-TVM.

Issues