[PPT] - TEE Boot Procedure with Crypto-accelerators in RISC-V Processors PowerPoint Presentation

SLIDE 1

TEE Boot Procedure with Crypto-accelerators in RISC-V Processors

Authors: Ckristian Duran, Trong-Thuc Hoang, Akira Tsukamoto, Kuniyasu Suzaki, and Cong-Kha Pham

SLIDE 2

Outline

Motivation
Hardware Structure for Trusted Execution Environments
Boot Procedure with Crypto-accelerators
Implementation Results
Conclusions

2

SLIDE 3

Outline

Motivation
Hardware Structure for Trusted Execution Environments
Boot Procedure with Crypto-accelerators
Implementation Results
Conclusions

3

SLIDE 4

RAM ROM Devices Debug

RISC-V Processor Privilege Modes

4

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode

SLIDE 5

RAM ROM Devices Debug

RISC-V Processor Privilege Modes

5

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode SD Card ROM - Boot Procedure Copy BOOTLDR from SD Jump to BOOTLDR in RAM Store BOOTLDR in RAM

SD commands through a SPI Device

SLIDE 6

RAM BOOTLDR ROM Devices Debug

RISC-V Processor Privilege Modes

6

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode ROM - Boot Procedure Copy BOOTLDR from SD Jump to BOOTLDR in RAM Store BOOTLDR in RAM

SLIDE 7

RAM BOOTLDR ROM Devices Debug

RISC-V Processor Privilege Modes

7

0x00000000 0xFFFFFFFF Execution

RISC-V Processor M-mode ROM - Boot Procedure Copy BOOTLDR from SD Jump to BOOTLDR in RAM Store BOOTLDR in RAM

SLIDE 8

RAM BOOTLDR ROM Devices Debug

RISC-V Processor Privilege Modes

8

0x00000000 0xFFFFFFFF Execution

RISC-V Processor M-mode RAM Linux Devices Debug

0x00000000 0xFFFFFFFF Execution

RISC-V Processor S-mode The bootloader extracts Linux and executes it in Supervisor-Mode

SLIDE 9

RAM BOOTLDR ROM Devices Debug

RISC-V Processor Privilege Modes

9

0x00000000 0xFFFFFFFF Execution

RISC-V Processor M-mode RAM Linux Devices Debug

0x00000000 0xFFFFFFFF Execution

RISC-V Processor S-mode App 1 Memory App 2 Memory

0x00000000 0xFFFFFFFF PID 1 Execution

RISC-V Processor U-mode

PID 2 Execution

SLIDE 10

Malicious App

Non-Protected Applications

10

App 1 Memory App 2 Memory

0x00000000 0xFFFFFFFF PID 1 Execution

RISC-V Processor U-mode

PID 2 Execution

Malicious applications can access and execute code arbitrarily. Some attacks are:

Cache manipulation
Privilege mode escalation
Controlled power glitches

SLIDE 11

Sign Sign

Making a Secure Environment

11

App 1 Memory App 2 Memory

0x00000000 0xFFFFFFFF PID 1 Execution

RISC-V Processor U-mode

PID 2 Execution

RAM Linux Devices Debug

0x00000000 0xFFFFFFFF Execution

RISC-V Processor S-mode Linux only executes the application if the signature is authenticated.

SLIDE 12

Sign Sign

Making a Secure Environment

12

App 1 Memory App 2 Memory

0x00000000 0xFFFFFFFF PID 1 Execution

RISC-V Processor U-mode RAM Linux Devices Debug

0x00000000 0xFFFFFFFF Execution

RISC-V Processor S-mode Once the signature verification is performed, the attack can rewrite the instructions of any application to execute unsigned code. Unsigned Code

PID 2 Execution

SLIDE 13

Sign

Making the Trusted Execution Environment

13

App 1 Interface

0x00000000 0xFFFFFFFF PID 1 Execution

RISC-V Processor U-mode RAM Linux Devices Debug

0x00000000 0xFFFFFFFF Execution

RISC-V Processor S-mode RAM BOOTLDR ROM Devices Debug App 1

0x00000000 0xFFFFFFFF Execution

RISC-V Processor M-mode Signature and Execution are performed in the highest privileged mode

SLIDE 14

RISC-V Lack of Crypto-Hardware

14

App 1 Memory Signature Procedure Hashing Generate Keypair Elliptic Curve Sign / Ver

16KB 164ms at 100MHz clock

SLIDE 15

BOOTLDR + Linux

RISC-V Lack of Crypto-Hardware

15

App 1 Memory Signature Procedure Hashing Generate Keypair Elliptic Curve Sign / Ver

16KB 164ms at 100MHz clock

Signature Procedure Hashing Generate Keypair Elliptic Curve Sign / Ver

2MB

18.5s at 100MHz clock

SLIDE 16

Outline

Motivation
Hardware Structure for Trusted Execution Environment
Boot Procedure with Crypto-accelerators
Implementation Results
Conclusions

16

SLIDE 17

SoC Architecture

17

ROCKET COREPLEX TILELINK SYSTEM BUS (SBUS) TILELINK PERIPHERAL BUS (PBUS) SHA-3 ROCKET RISC-V CORE 2 I$ D$ DDR controller

GPIO SPI (as MMC) UART

ROCKET RISC-V CORE 1 I$ D$ MBUS

SPI (as ROM)

TL to AXI4

SLIDE 18

18

SHA-3 Device Architecture

SLIDE 19

19

SHA-3 Device Architecture

SLIDE 20

20

SHA-3 Device Architecture

SLIDE 21

21

SHA-3 Device Architecture

SLIDE 22

Outline

Motivation
Hardware Structure for Trusted Execution Environments
Boot Procedure with Crypto-accelerators
Implementation Results
Conclusions

22

SLIDE 23

SoC Memory Map

23

RAM ZSBL Devices Debug

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode SD Card UART SPI: Contains BBL SHA3 ED25519 Sign ED25519 Base Mult Crypto Acc ROM - Boot Procedure Copy BBL from SD Calculate SHA3 (Hs) Generate Keypair (SK,PK) Generate Signature

SLIDE 24

Free Mem SM BBL

Boot Procedure

24

ZSBL Devices Debug

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode SD Card UART SPI: Contains BBL SHA3 ED25519 Sign ED25519 Base Mult Crypto Acc ROM - Boot Procedure Copy BBL from SD Calculate SHA3 (Hs) Generate Keypair (SK,PK) Generate Signature The BBL is copied to the main memory from a untrusted source (SD card). This also creates the Secure Monitor (SM)

SLIDE 25

Free Mem SM BBL

Boot Procedure

25

ZSBL Devices Debug

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode SD Card UART SPI: Contains BBL SHA3 ED25519 Sign ED25519 Base Mult Crypto Acc ROM - Boot Procedure Calculate SHA3 (Hs) Generate Keypair (SK,PK) Generate Signature Copy BBL from SD Payload The BBL is hashed using the SHA-3 hardware by pushing registers to the device.

SLIDE 26

Free Mem SM BBL

Boot Procedure

26

ZSBL Devices Debug

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode SD Card UART SPI: Contains BBL SHA3 ED25519 Sign ED25519 Base Mult Crypto Acc ROM - Boot Procedure Generate Keypair (SK,PK) Generate Signature Copy BBL from SD Hash (Hs) Calculate SHA3 (Hs) The previous hash is used by the ED25519 base-point multiplier to create the Keypair (SK,PK)

SLIDE 27

SM Sign BBL

Boot Procedure

27

ZSBL Devices Debug

0x00000000 0xFFFFFFFF Reset Vector

RISC-V Processor M-mode SD Card UART SPI: Contains BBL SHA3 ED25519 Sign ED25519 Base Mult Crypto Acc ROM - Boot Procedure Generate Signature Copy BBL from SD Auxiliar Hashes Calculate SHA3 (Hs) The Keypair and some auxiliar hashes are used to calculate the signature. Generate Keypair (SK,PK) Keypair (SK,PK)

SLIDE 28

Outline

Motivation
Hardware Structure for Trusted Execution Environments
Boot Procedure with Crypto-accelerators
Implementation Results
Conclusions

28

SLIDE 29

Implementation Results

29

SHA-3 RocketTile ALUTs 8108 24332 FFs 2790 15325 RAM Bits 17680 DSP 32 Total 10898 57369 Logic Utilization 3.4% 12.4% RAM Utilization 0% 1% DSP Utilization 0% 2.4% Table 1: Synthesis result on Stratix-IV GX Altera FPGA.

SLIDE 30

Implementation Results

30

Figure 1: Comparison between software and hardware with different bootloader sizes.

2MB Bootloader Software HW SHA-3 with SW Ed25519 Ed25519 keypair (ms) 109.5 93.4 Ed25519 signature (ms) 231019 82.6

Table 2: Execution results for Ed25519 task.

SLIDE 31

Outline

Motivation
Hardware Structure for Trusted Execution Environments
Boot Procedure with Crypto-accelerators
Implementation Results
Conclusions

31

SLIDE 32

Conclusions

We presented a system platform for trusted execution

environments (TEEs) featuring the SHA-3 accelerator.

ISC-V core with RV64IMAFDC ISA using the Rocket chip

generator.

The SHA-3 accelerator hashes data using a 64-bit register

as input.

The software authenticates the bootloader and utilizes the

accelerators.

The execution time drops significantly compared to software.

32

SLIDE 33

Questions?

33