Penglai Enclave:RISC-V chip and system security solutions

Expandable TEE system with hardware and software co-isolation

Penglai Enclave:RISC-V chip and system security solutions

T6 Architecture

"Penglai" is an extensible TEE system based on RISC-V. Unlike existing systems, Penglai extends existing RISC-V hardware primitives to support scalability of isolated environments through hardware-software collaboration. In order to achieve the generality of software trust base, the Penglai architecture has designed a layer of "security primitive" interface in the security monitor and the specific hardware primitive. The management logic of trusted environment instances will be implemented on this generic interface, without caring about specific hardware isolation and protection mechanisms. Specifically, the current Penglai system implementation is based on a new RISC-V instruction set extension: the s-mode Physical Memory Protection (sPMP) mechanism, which allows scalable physical memory protection in the TEE OS or Secure monitor.In addition to the sPMP hardware extension, Penglai also supports Enclave protection via the existing physical memory isolation mechanism.

Four objectives


Software and hardware full stack definable


TEE protection granularity is configurable


Software and hardware co-optimization


Formal authentication

We offer four basic security capabilities

Memory Isolation

Use sPMP + PMP to ensure memory isolation between Enclave, each secure application can only access the memory pre-allocated to itself.

Interruption isolation

Different interrupt controllers provide different granularity of interrupt configuration capabilities, and Penglai uses different interrupt isolation mechanisms for different interrupt controllers to ensure that interrupts are only visible to the specified Enclave App.

Trusted Storage

The logic for secure storage is executed in a dedicated Service Enclave. The Enclave App calls the Storage Service Enclave by way of an IPC, and depending on the scenario, the caller can use either the Global Platform or PSA style API. Trusted Storage provides privacy and integrity protection for data, while providing a degree of protection against replay attacks.

Peripheral use safety

Limit requests initiated by RISC-V Core by configuring PMP/sPMP, limit DMA requests initiated by the device by IOPMP. In the chip design phase, each peripheral will be assigned a master id. Configure the master id in IOPMP to have access to a specified range of memory.


Secure Communications


TEE NSSDK/TEE_TA SDK: Provides development packages related to interaction between secure applications (Enclave) and non-secure applications, interaction between secure applications, etc.

Support mainstream encryption and decryption, signature verification and hash algorithms (including SM2/SM3/SM4).

TEE Security Enhanced SSL/TLS Protocol.

Support PSA, GP two styles of API.

Secure Boot and Remote Authentication


Security, created with you

On December 31, 2019, IPADS and TrustKernel announced the official open source of "Penglai": a trusted execution environment for the RISC-V platform. If you have concerns, ideas, code or any other questions, please feel free to contact us or submit your proposal. We welcome every developer to explore the world of security with us. The following is specific open source information: