基于轻量级的RISC-V异构处理器的安全模型研究  

作　　者：罗云鹏 吴晋成 王正[1] 王铜柱[1] LUO Yunpeng;WU Jincheng;WANG Zheng;WANG Tongzhu(No.30 Institute of CETC,Chengdu Sichuan 610041,China)

机构地区：[1]中国电子科技集团公司第三十研究所,四川成都610041

出　　处：《通信技术》2024年第9期973-980,共8页Communications Technology

基　　金：国家自然科学基金(U20B2046)。

摘　　要：面对物联网的快速发展,需要低延时、高性能的处理器来实现关键数据的传输和保护,同时要提高处理器的硬件安全,减少非法用户对处理器的攻击。结合当前开源第五代精简指令集(Reduced Instruction Set Computing-Five,RISC-V)处理器架构优点,与现场可编程门阵列(Field Programmable Gate Array,FPGA)相结合,设计了异构处理器,提出了基于密码的安全启动模型。首先,细化RISC-V异构处理器的体系结构,设计轻量级密码启动安全模型TrustZone,实现处理器性能与安全的平衡,并结合FPGA的优点,实现定制化的专用协议与业务通信。其次,提出当前RISC-V异构处理器可实现的便捷途径,并基于此进行模型搭建和测试验证。验证结果表明,虽然采用TrustZone安全度量后处理器启动时间有所增加,但针对轻量级的处理器应用场景,在增强处理器安全的前提下,该启动时间开销是可以接受的。To cope with the rapid development of IoT(Internet of Things),low-latency and high-performance processors are required to achieve the transmission and protection of critical data.Additionally,it is essential to enhance the hardware security of processors and reduce attacks on the processors by unauthorized users.This paper combines the advantages of the current open-source RISC-V processor architecture with FPGA to design a heterogeneous processor,and proposes a cryptography-based secure boot model.First,the paper refines the architecture of the RISC-V heterogeneous processor,designs a lightweight crypto-boot security model,TrustZone,to achieve a balance between processor performance and security,and combines the advantages of FPGA to implement customized dedicated protocols and business communications.Then,it proposes a convenient way to implement current RISC-V heterogeneous processors,based on which the model is built and tested.The verification results indicate that although the processor boot time increases slightly with the adoption of the TrustZone security measurement,the overhead of this boot time is acceptable for lightweight processor application scenarios with enhanced processor security.

关 键 词：RISC-V 异构处理器 可信启动 密码协处理 TrustZone认证 

分 类 号：TP332[自动化与计算机技术—计算机系统结构]