Flexible privilege management for microcontroller-class RISC-V cores

The trustworthiness of microcontroller-class devices is crucial for a growing spectrum of applications involving embedded and industrial systems, ranging from robotics to avionics, from sensor networks to health. In that respect, integrating security-aware processes into design methodologies can lead to products that are more resilient to attacks and provide native protection mechanisms capable of mitigating system vulnerabilities, hence reducing damages and recovery costs. Based on the increasing interest in open-source hardware and relying on the non-proprietary RISC-V specification, in this work we aim to explore architectural extensions serving as a baseline for establishing a Trusted Execution Environment (TEE) in microcontroller-class processor cores targeted at embedded and industrial applications, especially those with some form of latency-sensitive requirements. We point out that supporting a trusted environment in this type of systems is particularly challenging and we identify a minimum set of hardware-level protection mechanisms, with limited assumptions on the available privileged modes and protection support. The reference architecture is demonstrated by extending a lightweight RISC-V core, Ibex. As shown in the last part of our work, the proof-of-concept design achieves flexible support for isolation at a modest overhead in terms of additional hardware resources and delay, thereby fully matching the constraints of latency-sensitive deeply embedded applications.