-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Gernot, thanks for sharing your thoughts. I am entering the thread here as I my thoughts go into a similar direction. We last year mentored Hesham's GSoC project of porting seL4 to the RISC-V architecture and think in the direction of TEEs for a GSoC this year. In my job I have worked a lot with GP-compliant TEEs the last year and it would be great if you could share your opinions on my thought process. First of all, RISC-V has four execution levels that are more or less similar to ARM's EL0 to EL3. My starting point for a GP-compliant TEE would naturally be OP-TEE, and of course seL4. These are the options and my thought process: * Porting OP-TEE plainly to RISC-V: Would be a nice project, but I would prefer a portable solution. When porting directly, either OP-TEE can serve as SM or more preferably there should be a RISC-V equivalent of ARM-TF. * Porting OP-TEE on top of seL4: That would be para-virtualizing OP-TEE os. The communication between secure world and non-secure world is mapped to seL4 communication. * Porting OP-TEE functions as seL4 services: This is maybe actually the best way to handle it. All threading and separation is handled by seL4, Trusted Applications run as seL4 containers with the GP-API, and the services (encrypted storage, crypto functions etc.) are running as seL4 services, too. * For the latter two, one thing that remains is similar to the original thread question: The non-secure operating systems need to be para-virtualized ideally, right? Or can seL4 currently work as a hypervisor? The question remains is then how the communication between non-secure and secure world is dispatched, or is there something like a lowest exception level secure monitor needed. Sorry, if I overlooked this part until now. Thanks a lot for your input. Best, Stefan - -- Stefan Wallentowitz Staff Engineer Simless GmbH, Zweigstelle/Branch München Adresse/Address: Freibadstr. 30, 81543 München, Germany Email: stefan@simless.com Web: www.simless.com Simless GmbH Adresse/Address: Alaunstr. 85, 01099 Dresden, Germany Geschäftsführung/Managing Director: Karsten Ohme Handelsregister/Trage Register: Amtsgericht Dresden HRB 34482 Sitz der Gesellschaft/Head Office: Dresden Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail sein sollten, setzen Sie sich bitte mit dem Absender der E-Mail oder unter der angegebenen Telefonnummer in Verbindung und vernichten Sie diese E-Mail auf Ihren Speichermedien. Notice: The information contained in this e-mail is confidential. It is intended solely for the addressee named above. If you are not the intended recipient, please notify the sender immediately and destroy this message on any media of yours. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW879wAAoJENZAHP84beGSn44H/ipV3sA1uqLd7hLQcHcqmMW6 9d1VE77DkKl319s3pkmKPkZQG1OdyvmBS9WT2FNEbelKlREkW24aN5kpK8pY+C8l /15moC4PVA3f03K3iUWfFyvLysx4P2t8BrF6gnaV7n7LjaiUAkd5z3hSS9oO3HSI fkuGtKuNI4AtbhIkvJcDERtPWJUV6uvV7HBFaEBCjhWGpyqMhzTzfP8mI7R5VzcS JvZmlUcPTZoDEZpXxtVYMTl60IEzdDPTwby3HEw8rBezJrkZ6PsICnGEq1x96p1F 3GGC+sasfWpMiYwBi7AFwXgpXQyC7qmdoLtjYAH6DcigxJZFsil1XqfXq96uYvQ= =QIEM -----END PGP SIGNATURE-----