Open-Source Hardware Memory Protection Engine Integrated With NVMM Simulator

With growing on-device IoT processing, security on edge devices becomes increasingly important. Among Trusted Execution Environment (TEE), an open-source RISC-V Keystone TEE is the expected one. However, some issues remain when applying it to various devices: untrusted DRAM, and untrusted path to non-volatile storage. These issues can be resolved by Memory Protection Engine (MPE) based on an integrity tree, and Non-Volatile Main Memory (NVMM), respectively. TEE, MPE, and NVMM must be cooperatively optimized to exploit performance. Despite this demand, there is no widely available platform which enables fast, reliable, and system-wide evaluation. In the paper, we provide an open-source hardware simulator for secure edge devices. We implemented an MPE using SGX-style Integrity Tree on the Keystone compatible RISC-V SoC. Then, we ported the NVMM simulation technique to it. Its whole design was publicized to widely provide a baseline hardware design. The MPE behavior was validated by using micro benchmarks. It revealed that the MPE read/write overhead 2.55 x /4.16x on DRAM, and 3.05 x /5.40x on NVMM, respectively Besides, we discuss our work's role by comparing with the gem5 considering TEE evaluation time and impact of the protected NVMM.