tee boot procedure with crypto accelerators in risc v
play

TEE Boot Procedure with Crypto-accelerators in RISC-V Processors - PowerPoint PPT Presentation

Apr 09, 2023 •125 likes •470 views

TEE Boot Procedure with Crypto-accelerators in RISC-V Processors Authors: Ckristian Duran, Trong-Thuc Hoang, Akira Tsukamoto, Kuniyasu Suzaki, and Cong-Kha Pham Outline Motivation Hardware Structure for Trusted Execution Environments

  1. TEE Boot Procedure with Crypto-accelerators in RISC-V Processors Authors: Ckristian Duran, Trong-Thuc Hoang, Akira Tsukamoto, Kuniyasu Suzaki, and Cong-Kha Pham

  2. Outline ● Motivation ● Hardware Structure for Trusted Execution Environments ● Boot Procedure with Crypto-accelerators ● Implementation Results ● Conclusions 2

  3. Outline ● Motivation ● Hardware Structure for Trusted Execution Environments ● Boot Procedure with Crypto-accelerators ● Implementation Results ● Conclusions 3

  4. RISC-V Processor Privilege Modes 0x00000000 Debug Reset Vector ROM Devices RAM 0xFFFFFFFF RISC-V Processor M-mode 4

  5. RISC-V Processor Privilege Modes 0x00000000 Debug ROM - Boot Procedure Reset Vector ROM Copy Store Jump to BOOTLDR BOOTLDR BOOTLDR from SD in RAM in RAM Devices SD SD commands Card through a SPI Device RAM 0xFFFFFFFF RISC-V Processor M-mode 5

  6. RISC-V Processor Privilege Modes 0x00000000 Debug ROM - Boot Procedure Reset Vector ROM Copy Store Jump to BOOTLDR BOOTLDR BOOTLDR from SD in RAM in RAM Devices BOOTLDR RAM 0xFFFFFFFF RISC-V Processor M-mode 6

  7. RISC-V Processor Privilege Modes 0x00000000 Debug ROM - Boot Procedure ROM Copy Store Jump to BOOTLDR BOOTLDR BOOTLDR from SD in RAM in RAM Devices Execution BOOTLDR RAM 0xFFFFFFFF RISC-V Processor M-mode 7

  8. RISC-V Processor Privilege Modes 0x00000000 0x00000000 Debug Debug ROM Devices Devices Execution BOOTLDR The bootloader extracts Linux and RAM executes it in Execution Linux Supervisor-Mode RAM 0xFFFFFFFF 0xFFFFFFFF RISC-V Processor RISC-V Processor M-mode S-mode 8

  9. RISC-V Processor Privilege Modes 0x00000000 0x00000000 0x00000000 Debug Debug ROM PID 1 Execution App 1 Memory Devices Devices App 2 PID 2 Memory Execution Execution BOOTLDR RAM Execution Linux RAM 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF RISC-V Processor RISC-V Processor RISC-V Processor M-mode S-mode U-mode 9

  10. Non-Protected Applications 0x00000000 Malicious applications can access and execute code arbitrarily. Some attacks PID 1 are: Execution App 1 Memory ● Cache manipulation App 2 ● Privilege mode escalation Memory ● Controlled power glitches PID 2 Malicious Execution App 0xFFFFFFFF RISC-V Processor U-mode 10

  11. Making a Secure Environment 0x00000000 0x00000000 Debug PID 1 Execution App 1 Memory Devices Sign App 2 PID 2 Memory Execution Sign Linux only executes the application if the Execution signature is Linux authenticated. RAM 0xFFFFFFFF 0xFFFFFFFF RISC-V Processor RISC-V Processor S-mode U-mode 11

  12. Making a Secure Environment 0x00000000 0x00000000 Debug PID 1 Once the signature Execution App 1 verification is performed, Memory Devices the attack can rewrite the Sign instructions of any application to execute App 2 unsigned code . Memory Sign PID 2 Unsigned Execution Linux Execution Code RAM 0xFFFFFFFF 0xFFFFFFFF RISC-V Processor RISC-V Processor S-mode U-mode 12

  13. Making the Trusted Execution Environment 0x00000000 0x00000000 0x00000000 Debug Debug ROM PID 1 Execution App 1 Interface Devices Devices Sign Signature and Execution are App 1 performed in the Execution BOOTLDR highest privileged mode RAM Execution Linux RAM 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF RISC-V Processor RISC-V Processor RISC-V Processor M-mode S-mode U-mode 13

  14. RISC-V Lack of Crypto-Hardware Signature Procedure Elliptic App 1 Generate Hashing Curve 16KB Memory Keypair Sign / Ver 164ms at 100MHz clock 14

  15. RISC-V Lack of Crypto-Hardware Signature Procedure Elliptic App 1 Generate Hashing Curve 16KB Memory Keypair Sign / Ver 164ms at 100MHz clock Signature Procedure Elliptic BOOTLDR Generate 2MB Hashing Curve + Linux Keypair Sign / Ver 18.5s at 100MHz clock 15

  16. Outline ● Motivation ● Hardware Structure for Trusted Execution Environment ● Boot Procedure with Crypto-accelerators ● Implementation Results ● Conclusions 16

  17. SoC Architecture ROCKET COREPLEX ROCKET RISC-V CORE 1 ROCKET RISC-V CORE 2 I$ D$ I$ D$ TILELINK SYSTEM BUS (SBUS) MBUS TILELINK PERIPHERAL BUS (PBUS) TL to AXI4 SPI (as SPI (as DDR SHA-3 UART GPIO ROM) MMC) controller 17

  18. SHA-3 Device Architecture 18

  19. SHA-3 Device Architecture 19

  20. SHA-3 Device Architecture 20

  21. SHA-3 Device Architecture 21

  22. Outline ● Motivation ● Hardware Structure for Trusted Execution Environments ● Boot Procedure with Crypto-accelerators ● Implementation Results ● Conclusions 22

  23. SoC Memory Map 0x00000000 Debug ROM - Boot Procedure Reset Vector ZSBL Calculate Generate Copy BBL Generate SHA3 Keypair from SD Signature (H s ) (S K ,P K ) Devices UART SPI: Contains SD Card BBL RAM SHA3 ED25519 Crypto Sign Acc 0xFFFFFFFF ED25519 RISC-V Processor Base Mult M-mode 23

  24. Boot Procedure 0x00000000 Debug ROM - Boot Procedure Reset Vector ZSBL Calculate Generate Copy BBL Generate SHA3 Keypair from SD Signature (H s ) (S K ,P K ) Devices UART SPI: Contains SD BBL The BBL is copied to Card BBL the main memory SM from a untrusted SHA3 source (SD card). Free This also creates the Mem ED25519 Crypto Secure Monitor ( SM ) Sign Acc 0xFFFFFFFF ED25519 RISC-V Processor Base Mult M-mode 24

  25. Boot Procedure 0x00000000 Debug ROM - Boot Procedure Reset Vector ZSBL Calculate Generate Copy BBL Generate SHA3 Keypair from SD Signature (H s ) (S K ,P K ) Devices UART Payload SPI: Contains SD BBL Card BBL The BBL is hashed SM using the SHA-3 SHA3 hardware by Free pushing registers to Mem ED25519 Crypto the device. Sign Acc 0xFFFFFFFF ED25519 RISC-V Processor Base Mult M-mode 25

  26. Boot Procedure 0x00000000 Debug ROM - Boot Procedure Reset Vector ZSBL Calculate Generate Copy BBL Generate SHA3 Keypair from SD Signature (H s ) (S K ,P K ) Devices UART SPI: Contains SD BBL Card BBL The previous hash is SM used by the SHA3 ED25519 base-point Free Hash (H s ) multiplier to create Mem ED25519 Crypto the Keypair (S K ,P K ) Sign Acc 0xFFFFFFFF ED25519 RISC-V Processor Base Mult M-mode 26

  27. Boot Procedure 0x00000000 Debug ROM - Boot Procedure Reset Vector ZSBL Calculate Generate Copy BBL Generate SHA3 Keypair from SD Signature (H s ) (S K ,P K ) Devices UART SPI: Contains SD BBL Card BBL The Keypair and Auxiliar some auxiliar SM Hashes SHA3 hashes are used to Sign calculate the ED25519 Crypto signature. Sign Acc 0xFFFFFFFF ED25519 Keypair RISC-V Processor Base Mult (S K ,P K ) M-mode 27

  28. Outline ● Motivation ● Hardware Structure for Trusted Execution Environments ● Boot Procedure with Crypto-accelerators ● Implementation Results ● Conclusions 28

  29. Implementation Results Table 1: Synthesis result on Stratix-IV GX Altera FPGA. SHA-3 RocketTile ALUTs 8108 24332 FFs 2790 15325 RAM Bits 0 17680 DSP 0 32 Total 10898 57369 Logic Utilization 3.4% 12.4% RAM Utilization 0% 1% DSP Utilization 0% 2.4% 29

  30. Implementation Results Figure 1: Comparison between software and hardware with different bootloader sizes. Table 2: Execution results for Ed25519 task. 2MB Bootloader Software HW SHA-3 with SW Ed25519 Ed25519 keypair (ms) 109.5 93.4 Ed25519 signature (ms) 231019 82.6 30

  31. Outline ● Motivation ● Hardware Structure for Trusted Execution Environments ● Boot Procedure with Crypto-accelerators ● Implementation Results ● Conclusions 31

  32. Conclusions ● We presented a system platform for trusted execution environments (TEEs) featuring the SHA-3 accelerator. ● ISC-V core with RV64IMAFDC ISA using the Rocket chip generator. ● The SHA-3 accelerator hashes data using a 64-bit register as input. ● The software authenticates the bootloader and utilizes the accelerators. ● The execution time drops significantly compared to software. 32

  33. Questions? 33

Recommend

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

771 views • 28 slides
The Standardized Boot flow for RISC-V Platforms - Jagan Teki, Amarula Solutions(India) CRVA

The Standardized Boot flow for RISC-V Platforms - Jagan Teki, Amarula Solutions(India) CRVA

The Standardized Boot flow for RISC-V Platforms - Jagan Teki, Amarula Solutions(India) CRVA Technical Seminar (CRVS 2020) Jagan Teki Co-Founder, CEO at Amarula Solutions India Business development and customer handling. Amarula

991 views • 20 slides
CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
The future of operating systems on RISC-V Alex Bradbury asb@lowrisc.org @asbradbury 4th

The future of operating systems on RISC-V Alex Bradbury asb@lowrisc.org @asbradbury 4th

The future of operating systems on RISC-V Alex Bradbury asb@lowrisc.org @asbradbury 4th March 2019 Structure of this talk Introduction to RISC-V RISC-V status Selected RISC-V topics RISC-V and open hardware: the future

733 views • 28 slides
RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT. BOOT https://github.com/boot-clj/boot BOOT TEMPLATES boot -d seancorfield/boot-new new -t tenzing -n <name> [+a <option>]* $ cd

566 views • 22 slides
Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail in the instruction set wars? Describe a simple RISC ISA called DLX 2. Designing a simple DLX processor: Single Cycle Implementation Multiple

1.01k views • 21 slides
Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail in the instruction set wars? Describe a simple RISC ISA called DLX 2. Designing a simple DLX processor: Single Cycle Implementation Multiple

753 views • 11 slides
GRVI Phalanx Update: A Massively Parallel RISC-V FPGA Accelerator Framework Jan Gray |

GRVI Phalanx Update: A Massively Parallel RISC-V FPGA Accelerator Framework Jan Gray |

GRVI Phalanx Update: A Massively Parallel RISC-V FPGA Accelerator Framework Jan Gray | jan@fpga.org | http://fpga.org CARRV2017: 2017/10/14 FPGA Datacenter Accelerators Are Almost Mainstream Catapult v2. Intel += Altera. OpenPOWER CAPI. AWS

508 views • 28 slides
Introduction to Unification Theory Higher-Order Unification Temur Kutsia RISC, Johannes Kepler

Introduction to Unification Theory Higher-Order Unification Temur Kutsia RISC, Johannes Kepler

Introduction to Unification Theory Higher-Order Unification Temur Kutsia RISC, Johannes Kepler University of Linz, Austria kutsia@risc.jku.at Overview Introduction Preliminaries Higher-Order Unification Procedure Outline Introduction

1.53k views • 130 slides
Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides
Confidential Accelerators Stavros Volos Microsoft Research Accelerators Play Pivotal Role in

Confidential Accelerators Stavros Volos Microsoft Research Accelerators Play Pivotal Role in

Confidential Accelerators Stavros Volos Microsoft Research Accelerators Play Pivotal Role in Cloud GPU, FPGA, AI Accelerators (e.g., Brainwave, TPU) Increasing compute performance and bandwidth E.g., Nvidia V100 offers 14 TFLOPS & ~1

300 views • 12 slides
Applications on Heterogeneous Platforms with Accelerators Accelerators and Hybrid Exascale

Applications on Heterogeneous Platforms with Accelerators Accelerators and Hybrid Exascale

TStream: Scaling Data-Intensive Applications on Heterogeneous Platforms with Accelerators Accelerators and Hybrid Exascale Systems, IPDPS12 25 th May 2012, Shanghai, China. Ana Balevic, Bart Kienhuis University of Leiden The Netherlands

493 views • 16 slides
LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner Research Institute for Symbolic Computation (RISC) Wolfgang.Schreiner@risc.jku.at http://www.risc.jku.at Systematic Problem Solving A key competence

592 views • 24 slides
PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the

PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the

ENHANCED TOOLS FOR RISC-V PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the leading provider of RISC-V processor IP Codasip Bk : A portfolio of RISC-V processors Uniquely providing design automation tools

318 views • 9 slides
LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner Research Institute for Symbolic Computation (RISC) Wolfgang.Schreiner@risc.jku.at http://www.risc.jku.at Systematic Problem Solving A key competence

1.25k views • 73 slides
I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device 3. The bootkit 4. Defending / Detecting 2 / 44 Introduction Vincent Works at KPN REDteam Likes Linux and low-level stu Located in Amsterdam

792 views • 44 slides
R265: Advanced Topics in Computer Architecture Seminar 7: HW accelerators and accelerators for

R265: Advanced Topics in Computer Architecture Seminar 7: HW accelerators and accelerators for

R265: Advanced Topics in Computer Architecture Seminar 7: HW accelerators and accelerators for machine learning Robert Mullins This lecture Computer architecture trends Hardware accelerators Design choices and trade-offs Hardware

384 views • 22 slides
Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are the transmitters of body movement to the ski. Proper support, comfort, and performance application make the difference between a good day on the snow

431 views • 29 slides
Sail, RISC-V, and CHERI-RISC-V Prashanth Mundkur and Peter G. Neumann, SRI International (most of

Sail, RISC-V, and CHERI-RISC-V Prashanth Mundkur and Peter G. Neumann, SRI International (most of

Sail, RISC-V, and CHERI-RISC-V Prashanth Mundkur and Peter G. Neumann, SRI International (most of this work done by University of Cambridge) Robert Norton-Wright, Jon French, Brian Campbell , Alasdair Armstrong, Thomas Bauereiss, Shaked Flur,

866 views • 24 slides
EUCARD2/WP4:Applica2ons Medium Energy Accelerators/Accelerators for Medicine

EUCARD2/WP4:Applica2ons Medium Energy Accelerators/Accelerators for Medicine

EUCARD2/WP4:Applica2ons Medium Energy Accelerators/Accelerators for Medicine Introduc2on Hywel Owen School of Physics and Astronomy, University of Manchester &

159 views • 12 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0 Why Secure Boot? How can we prevent running malware at boot? With Secure Boot! What if the machine is a VM in

303 views • 15 slides
Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is an innovative SPI tool created by DediProg to force the application controller to work (read, program, update..) on the backup memory inserted in the

1.06k views • 17 slides
QEMU Support for the RISC-V Instruction Set Architecture Sagar Karandikar

QEMU Support for the RISC-V Instruction Set Architecture Sagar Karandikar

QEMU Support for the RISC-V Instruction Set Architecture Sagar Karandikar sagark@eecs.berkeley.edu KVM Forum 2016 https://github.com/riscv/riscv-qemu Outline Why RISC-V? Benefits of an Open ISA RISC-V ISA Basics Virtualization

536 views • 42 slides

More recommend