摘要
随着互联网和物联网的快速发展,全球联网设备数量高速增长,“万物互联”成为全球网络未来发展的重要方向。边缘物联代理设备繁荣的同时也催生了多样化的安全问题,然而传统的安全保护机制在现有边缘物联代理设备上已变得低效,且可信执行环境过大,需要依赖远程授权。目前应用普遍存在被破解、数据被窃取篡改等安全风险,对金融数据安全、个人隐私数据保护、业务数据完整性等带来极大的威胁。本文提出了一种基于RISC-V架构的轻量化内存保护单元,实现基于硬件可信根的硬件安全启动机制。通过对RISC-V指令集进行扩展,并利用新增指令创建内存安全空间,将一般的内存转换成安全的加密空间,实现可信嵌入式系统。
The rapid development of contemporary information technology not only brings convenience to people,but also creates many security risks.With the rapid development of the Internet and the Internet of Things,the number of globally connected devices is growing rapidly,and"Internet of Things"has become an important direction for the future development of global networks.However,the prosperity of edge IoT proxy devices has also given rise to diverse security issues.However,traditional security protection mechanisms have become inefficient on existing edge IoT proxy devices.However,the trusted execution environment is too large and relies on remote authorization and other issues.At present,there are common security risks in applications such as being cracked,data being stolen and tampered with,posing a great threat to financial data security,personal privacy data protection,and business data integrity.This article proposes a lightweight memory protection unit based on the RISC-V architecture,implementing a hardware secure boot mechanism based on hardware trusted roots.By extending the RISC-V instruction set and using newly added instructions to create a memory secure space,the general memory is converted into a secure encrypted space,achieving a trusted embedded system.
作者
葛红舞
徐春晓
左浩然
龚子锐
GE Hongwu;XU Chunxiao;ZUO Haoran;GONG Zirui(NARI Information&Communication Technology Co.,Ltd.,Nanjing 211106,China)
出处
《集成电路与嵌入式系统》
2024年第4期63-66,共4页
INTEGRATED CIRCUITS AND EMBEDDED SYSTEMS
基金
南京南瑞信息通信科技有限公司“基于自主可控RISC-V指令集的电力系统智能终端研究与应用”(5246DR230012)。
关键词
RISC
V
密码指令扩展
加速引擎
可信安全
SM4算法
RISC-V
password instruction extension
acceleration engine
trusted security
SM4 algorithm