Emerging applications like artificial intelligence and autonomous car require high security-assurance, which stimulates the wide-spread deployment of trusted execution environment (TEE), e.g., Intel SGX, AMD SEV and ARM TrustZone. However, existing enclave systems are far from the ideal for three reasons.
- Not scalable: they can only support limited security memory (128MB in SGX) or limited instances (15 instances in SEV);
- Can't support high-performance applications, e.g., poor secure communication performance;
- Still have security limitations, e.g., PT-based side channels in SGX.
Penglai-Enclave is proposed to overcome the challenges. Penglai is an open-sourced, secure and scalable TEE system for RISC-V. Penglai is made powerful through a new hardware-assisted scalable physical memory isolation extension (sPMP) which is introduced to overcome the limited secure regions. Evaluations show that Penglai can achieve more than 100 instances even in a resource-restricted device.