计算机工程与应用2025,Vol.61Issue(6):328-340,13.DOI:10.3778/j.issn.1002-8331.2311-0312
面向Keystone TEE的高性能异步边缘调用机制
High-Performance Asynchronous Edge Call Mechanism for Keystone TEE
王占坤 1赵波1
作者信息
- 1. 武汉大学 国家网络安全学院 空天信息安全与可信计算教育部重点实验室,武汉 430072
- 折叠
摘要
Abstract
A hardware-based secure execution environment is an important technology for safeguarding data security and privacy.Keystone is the most popular trusted execution environment(TEE)solution for the RISC-V platform.However,the current version of Keystone can only invoke functions from the secure world to the non-secure world and lacks the capability to perform the reverse process.Furthermore,each OCALL operation in Keystone requires a minimum of eight privilege-level transitions,resulting in significant performance overhead.To address these challenges,a novel approach based on user-mode interrupts for asynchronous edge function call has been proposed.This mechanism not only enables support for ECALL operations but also eliminates the need for privilege-level switching.As a result,the efficiency of ECALL/OCALL is greatly enhanced.The implementation of asynchronous ECALL/OCALL involves several key steps.Firstly,a delegation and triggering mechanism for user-mode interrupts is implemented within the secure world.This mechanism leverages inter-processor interrupts to facilitate asynchronous ECALL/OCALL event notifications.Secondly,a memory manager is designed on the Keystone shared memory to enable efficient data transmission during asynchronous function calls.Lastly,a system prototype based on QEMU is developed and test results demonstrate that the asynchronous ECALL/OCALL approach achieves a 4 times performance improvement compared to the synchronous OCALL method in Keystone.关键词
用户态中断/核间中断/可信执行环境/异步调用Key words
user-mode interrupt/inter-core interrupt/trusted execution environment(TEE)/asynchronous function call分类
信息技术与安全科学引用本文复制引用
王占坤,赵波..面向Keystone TEE的高性能异步边缘调用机制[J].计算机工程与应用,2025,61(6):328-340,13.
