---
tags: Keystone
---
# Keystone Research Projects
There are a few things that needs to be done before we bring Keystone into real world.
## List of Projects
**Hardware** (Requirements are marked *)
| Name | Type | Assigned | Description |
|:--------|:-----|:---:|:------------|
| *Silicon root of trust | development | | Currently, Keystone only implements software-based root of trust simulated via early-stage bootloader (e.g., ZSBL). This lacks hardware-based protection of the keys and the certificate. OpenTitan is a potential open-source project that can be integrated with Keystone. |
| *I/O protection | development | | SoCs needs to also enforce the memory isolation for peripheral devices. This can be done by RISC-V IOPMP standard, which is still WIP. Some companies have already came up with non-standard IOPMP on their chip. |
| Interrupt Controller | development | |Keystone doesn't have ability to allow enclaves to receive their own interrupts. This can be implemented on PLIC or CLIC interrupt controller. |
| Crypto Accelerator | research, development | Gui Andrade| Cryptographic accelerators may speed up secure booting, measurement, and attestation. Also, this could potentially make software-based memory encryption practical (ongoing research by Gui Andrade) |
| PMP Limitation | research | | The limited number of PMP entries (e.g., 16) limits the number of concurrent enclaves, as well as some of research extensions (e.g., Elasticlave). A number of solutions have been proposed (e.g., sPMP of Penglai Enclave) as well. Faster hardware implementations or a better specification shall be explored. |
**Software** (Requirements are marked *)
| Name | Type | Assigned | Description |
|:--------|:-----|:---:|:------------|
| System Call (`fork()`) | research, development| Dayeol Lee | `fork()` is one of the most tricky system calls to implement in TEEs. We are currently exploring secure, verified cloning of an enclave via snapshotting and post-init measurement (ongoing research by Dayeol Lee). This will improve start-up latency and resource utilization of numerous workloads (e.g., FaaS). |
| *System Calls (I/O) | development | | More I/O system calls must be handled in the runtime in order to support more legacy applications. |
| Dynamic Loading | research, development | Cathy Lu | Currently, enclaves can only be statically initialized and should be completely loaded before the beginning of the execution. To support dynamic libraries in Keystone, we need to re-design how applications are loaded and also how the enclave verify the libraries after initialization. |
|More off-the-shelf microkernels| development | | We are hoping to support more off-the-shelf microkernels other than seL4 so that one can easily port their specific application into Keystone enclave. |
| *Concurrent Multithreading | research, development | Stephan Kaminsky | Enclaves can have multiple threads, but they can't run in parallel because we have no mechanism for an enclave to be aware of multiple harts. |
| Embedded Device TEE | research, development | Alex Thomas | Embedded or IoT devices often do not have MMU or S-mode. Our security monitor interface needs to be general enough to support these chips. |
| Toolings | development | | You can run unmodified application on Keystone, but you still need a bunch of tools like signature generator or edge-call development tools. |
| Interop with TEE Open-Source frameworks | development | | Asylo, OP-TEE |
**Verification/Specification**
* Document specification of each components
* Formal verification of the security monitor
## Timeline
### Requirements for Hardware Deployment
Estimated time is assuming an experienced hardware/system engineer.
**Silicon Root of Trust**
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| Setting up an FPGA environment for OpenTitan | 3 |
| Replace OpenTitan core with PMP/MMU-capable core | 8 |
| Integrate Keystone SM with OpenTitan blobs | 4 |
| Key/certificate access via device tree | 2 |
| Documentation | 2 |
| **Total** | **19** |
**I/O Protection**
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| Search for purchasable platform w/ IOPMP | 1 |
| Setting up build env and boot Keystone SM | 1 |
| Implement/test platform-specific I/O protection | 2 |
| Generalize the interface and refactor | 1 |
| Documentation | 1 |
| **Total** | **6** |
### Requirements for Completeness
**Interrupt Controller**
* See if Penglai folks can share their implementation
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| | |
**Dynamic Loading**
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| | |
**I/O System Calls**
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| | |
**Concurrent Multithreading**
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| | |
**Toolings**
| Subtask | Estimated Time (person week) |
|----------|:------------:|
| | |
## Open Research Challenges
### Concurrent Multithreading
### Software Integration
### Limitation of RISC-V PMP
### Silicon Root of Trust
### Formal Verification
### Evolving RISC-V Standard
Sign in with Wallet
Connect another wallet