Hacking Book | Free Online Hacking Learning


v's security chip scheme

Posted by agaran at 2020-04-14

11:01, May 30, 2018

Hardendedlinux wrote that "it has always been an important issue to build personal devices with privacy requirements for trusted chain and cloud environment with high security. The traditional root of trust construction is basically completed by verifiedboot and measuredboot (see hardendedboot). With the promotion of Intel SGX and arm platform tee, although the main requirements in cloud environment at present do not need attachment Secure enclave is implemented by secure enclave, but this does not prevent it from being paid more and more attention by the industry. As early as 2016, MIT researchers tried to use risc-v in the sanctum project to realize the similar basic POC of Intel SGX. The latest version of sanctum uses rocket open core to realize the core functions related to PUF, attachment and verified boot. At the same time, MIT and UC Berkeley have jointly developed another project called keystone. Keystone uses PMP (Pax uderef in similar software) on the basis of sanctum to enhance its security. Both sanctum and keystone are open designs and implementations, which means that anyone can audit backdoors and vulnerabilities, which is similar to Intel SGX's complex and closed design and implementation are totally different, which also means that an Intel me system that Google is afraid of can be replaced by a system that is free and open from hardware to software. "