Software Based Off Chip Memory Protection for RISC V Trusted Execution Environments

We present a software-based memory protection for RISC-V enclaves. Our system provides confidentiality and integrity guarantees for the enclave pages when an attacker can arbitrarily read or write to external memory. Unlike hardwarebased implementations such as Memory Encryption Engine (MEE) in Intel SGX, our software-based implementation requires no additional security-specific hardware. We use instead only a small on-chip scratchpad as our trusted memory region. This results in a portable and highly adaptable solution, applicable to primarily embedded contexts. Our approach is implemented as a module for Keystone, which is an open-source framework for RISC-V enclaves.