IPADS and Trustkernel officially open source "Penglai": a trusted execution environment for the RISC-V platform

On December 31, 2019, IPADS and Trustkernel announced the official open-sourcing of “PengLai”: a trusted execution environment for the RISC-V platform.


With the rapid development of scenarios such as autonomous driving, 5G, and AIoT, the system security capabilities of RISC-V platforms are becoming increasingly important.TEE: Trusted Execution Environment, is an important supporting technology for modern system security. By creating an Enclave (i.e., an instance of a trusted execution environment that is guaranteed to be isolated by hardware), TEE technology can significantly reduce the overall trust base of the system and enhance the protection of specific code and data.

The “Ponglai” is a RISC-V based scalable TEE system. Unlike existing systems, Penglai extends the existing RISC-V hardware language to support the scalability of the isolated environment through a collaborative approach of hardware and software. To achieve the generality of the software trust base, the Penglai architecture designs a layer of “security language” interface between the security monitor and the specific hardware primitives. The management logic of trusted environment instances will be implemented on this generic interface without caring about specific hardware isolation and protection mechanisms.

Specifically, the current Penglai system implementation is based on a new RISC-V instruction set extension: the s-mode Physical Memory Protection mechanism (sPMP), which allows scalable physical memory isolation in the TEE OS or Secure monitor. In addition to the sPMP hardware extension, Penglai also supports Enclave protection via the existing physical memory isolation mechanism PMP (Physical Memory Protection).


The current Penglai open source project supports new hardware extensions in the Qemu emulator environment and is based on Docker containers to wrap all development dependencies in the environment. Developers only need to prepare the container environment and Git to download and run demo instances. Tests show that even in a resource-constrained scenario, Penglai is able to support more than 100 Enclave instances.

Later, in terms of compatibility and ease of use, we will further support more interfaces and features, as well as more hardware environments; in terms of security features, we will support features such as memory encryption engine and memory integrity protection; in terms of performance enhancement, we will support features such as Enclave fast fork, secure zero-copy data transfer, etc.

The following is specific open source information.

  • Penglai Home:http://penglai-enclave.systems/

  • Gitee:https://gitee.com/penglai-enclave/Penglai-Enclave

  • Github:https://github.com/Penglai-Enclave/Penglai-Enclave

Penglai is licensed under the Mulan Permissive License (MulanPSL) for easy secondary development and commercial use. Currently, Penglai has been adopted by companies such as RISC-V processor IP and solution company Corelai Technology as its security solution.

Founded in 2015, Bottle Bowl Information Technology is a professional smart device security product and service provider dedicated to providing smart device vendors and application vendors with system-level security products and solutions based on chip technology to protect the security of systems and applications. Since its establishment, Bottle Bowl has been deeply engaged in the field of chip and system security, insisting on the research of ARM, X86, RISC-V and other hardware architectures and continuously developing security products with hardware and software synergy, among which trusted execution environment products have been applied in hundreds of millions of smart devices. Through its own understanding and accumulation of chip and system security, Bottle Bowl will cooperate deeply with all parties in the industry chain and continue to bring security systems and trusted execution environment solutions designed in collaboration with hardware and software to the RISC-V community, escorting for massive application business.