Nuclei Security Solution — “Penglai” TEE
SW-HW Co-design Trusted Execution Environment (TEE) collaborated by Nuclei and TrustKernel
Penglai Architecture
•
RISC-V Privileged ISA based TEE Framework
Enclave Enclave Enclave
1
2
3
Host
App
Enclave
App
User
Mode
Enclave
4
...
• Smallest Trusted Code Base
Enclave
n
•
RISC-V core (PMP/sPMP) + Verifiable security monitor (M-mode
privilege) + TEEOS
Supervisor
Mode
RTOS
TEE OS
•
Secure Assurance
•
Strong isolation between enclave and other application or OS
Machine
Mode
Secure Monitor
• Protect against a malicious or compromised OS
•
•
Secure boot and remote attestation for chain of trust
Trusted
Untrusted
High performance and scalability
Nuclei Security Solution — Side Channel Protection
SCP (Side Channel Protection) is used to prevent side-channel attacks by randomly inecting fake
instructions to the pipeline.
Randomly inecting
fake instructions
Normal instructions
Fake instructions