Penglai utilizes PMP/sPMP to provide enclave functionalities, based on openSBI (v0.9) and no hardware modifications required.

Learn More


Penglai supports fine-grained isolation (4KB page-level) between untrusted host and enclaves utilizing hardware TVM features.

Learn More


Penglai customized for MCU devices (no MMU). It supports ARM PSA as the SDK, and actively maintained by Trustkernel.

Learn More

Penglai Enclave

Emerging applications like artificial intelligence and autonomous car require high security-assurance, which stimulates the wide-spread deployment of trusted execution environment (TEE), e.g., Intel SGX, AMD SEV and ARM TrustZone.

Penglai is an open-sourced, secure and scalable TEE system for RISC-V. It is designed for high scalability , great performance, and strong security guarantees . Penglai has three versions now: (1) Penglai-sPMP for unmodified hardware and unmodified OS (except a kernel module); (2) Penglai-TVM for unmodified hardware and slightly modified OS (with a clean patch) to support upto 1000 enclave instances in a single device; (3) Penglai-MCU for MCU devices (no MMU, M/U or M/S/U).

Case Studies

Penglai has been adopted as the default RISC-V TEE for OS distributions like openEuler and OpenHarmony, and also been deployed on device vendors like Nuclei.


openEuler is a widely-used OS distribution. Recently, openEuler 22.03 LTS was released, which is the first long-term version of openEuler that supports the whole scene of digital infrastructure. As a server operating system, openEuler needs confidential computing capabilities for scenarios like machine learning and AI to protect user privacy and model security.

openEuler community cooperates with Penglai team since 2021 and uses Penglai-Enclave as the confidential computing solution for RISC-V. Specifically, openEuler provides the native support for Penglai enclave (RISC-V version). Its unified confidential computing framework secGear relies on Penglai as the underlying TEE. In addition, Penglai supports trusted machine learning framework, which can enable secure ML applications.

As one of the cornerstones of openEuler confidential computing, Penglai-Enclave will work with the openEuler community to continuously improve the security of the whole OS and applications.

News and Roadmap

  • Technical Talk at RISC-V Summit 2022


    Penglai-mini was officially announced at RISC-V Summit 2022. Penglai-mini is a TEE system dedicated to IoT devices without an MMU. With sPMP lightweight S-mode isolation, the Penglai-mini can achieve great scalability and security with no additional overhead.
    [Slides] [Video]

  • OSDI Accepted


    Penglai's work was accepted by OSDI'21. Furthermore, Penglai was adopted by the OpenHarmony community.

  • Formal Verification


    The main modules of Penglai were partially formally verified. In the meantime, Penglai was merged into the openEuler community.

  • Frontier Award of China RISC-V Alliance


    Penglai won the frontier exploration award of the China Open Instruction Ecosystem (RISC-V) Alliance.

  • Penglai Open-sourced


    Penglai v1.0 was officially open-sourced. Moreover, we have proposed a new hardware isolation mechanism, namely SMPU, to the RISC-V community.

  • 1000 Enclaves Supported


    Penglai can run 1000 enclaves at the same time. Meanwhile, Nuclei and Trustkernel announced that they would use Penglai.

  • Penglai Officially Launched


    Project Penglai was officially launched. In the academic world, we have proposed flexible cross-world calls (ISCA'15) and XPC (ISCA'19), an architectural support for secure and efficient cross process call.

Cite Penglai

If you use Penglai or want to compare with Penglai, please consider using the following bib for citation.

@inproceedings {273705,
author = {Erhu Feng and Xu Lu and Dong Du and Bicheng Yang and Xueqiang Jiang and Yubin Xia and Binyu Zang and Haibo Chen},
title = {Scalable Memory Protection in the {PENGLAI} Enclave},
booktitle = {15th USENIX Symposium on Operating Systems Design and Implementation ({OSDI} 21)},
year = {2021},
isbn = {978-1-939133-22-9},
pages = {275--294},
url = {},
publisher = {USENIX Association},
month = jul,

Explore More?

If you are curious to learn more, please refer the document page, propose any issues in github, and contribute to the project.

Need help

Please feel free to ask any issues you meet through the Github issue of Penglai-sPMP or Penglai-TVM.