RISC-V Global Forum 2020

TEE (Trusted Execution Environment) is a CPU feature that offers an isolated environment for critical processing. RISC-V has some TEE implementations, i.e., Keystone, Sanctum, etc. However, each CPU offers an original programming model and the portability is not kept. GlobalPlatform (GP) offers TEE Internal APIs, but it is used on ARM TrustZone mainly. Most implementations are on a Trusted OS and cannot be port to another TEE easily.


We implement GP TEE APIs as a portable library. Most APIs are independent of CPU architecture, but some APIs are not (e.g., Secure Storage, Secure Timer) and implemented for each architecture. The current library is available for RISC-V Keystone and Intel SGX, and the performance was measured on both architectures (Pentium and SiFive Unleashed). The results showed that most are the same but the low performance of secure storage on Keystone.