面向Keystone TEE的高性能异步边缘调用机制  

作　　者：王占坤 赵波[1] WANG Zhankun;ZHAO Bo(Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)

机构地区：[1]武汉大学国家网络安全学院空天信息安全与可信计算教育部重点实验室,武汉430072

出　　处：《计算机工程与应用》2025年第6期328-340,共13页Computer Engineering and Applications

摘　　要：基于硬件安全的可信执行环境是保护数据安全和隐私的重要技术手段,Keystone是RISC-V平台上最流行的TEE方案。但是目前Keystone只能实现从安全世界调用非安全世界的函数,无法执行相反的过程;并且一次OCALL操作至少需要八次特权级转换,性能开销很高。针对这些问题,提出了一种基于用户态中断的异步边缘调用机制,不仅实现了对ECALL操作的支持,而且避免了CPU的特权级切换,极大提高了ECALL/OCALL效率。为了实现异步边缘调用,在安全世界中实现了用户态中断的委托与触发机制,并利用核间中断实现了异步ECALL/OCALL的事件通知;在Keystone共享内存的基础上设计了内存管理器,提供了异步边缘调用时的数据传递方案,并改进了共享内存的安全设计;基于QEMU对系统原型进行了实现,测试结果表明,异步ECALL/OCALL相比Keystone的同步OCALL性能提升了4倍。A hardware-based secure execution environment is an important technology for safeguarding data security and privacy.Keystone is the most popular trusted execution environment(TEE)solution for the RISC-V platform.However,the current version of Keystone can only invoke functions from the secure world to the non-secure world and lacks the capability to perform the reverse process.Furthermore,each OCALL operation in Keystone requires a minimum of eight privilegelevel transitions,resulting in significant performance overhead.To address these challenges,a novel approach based on user-mode interrupts for asynchronous edge function call has been proposed.This mechanism not only enables support for ECALL operations but also eliminates the need for privilege-level switching.As a result,the efficiency of ECALL/OCALL is greatly enhanced.The implementation of asynchronous ECALL/OCALL involves several key steps.Firstly,a delegation and triggering mechanism for user-mode interrupts is implemented within the secure world.This mechanism leverages inter-processor interrupts to facilitate asynchronous ECALL/OCALL event notifications.Secondly,a memory manager is designed on the Keystone shared memory to enable efficient data transmission during asynchronous function calls.Lastly,a system prototype based on QEMU is developed and test results demonstrate that the asynchronous ECALL/OCALL approach achieves a 4 times performance improvement compared to the synchronous OCALL method in Keystone.

关 键 词：用户态中断 核间中断 可信执行环境 异步调用 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]