Towards Secure Runtime Customizable Trusted Execution Environment on FPGA-SoC

Processing sensitive data and deploying well-designed Intellectual Property (IP) cores on remote Field Programmable Gate Array (FPGA) are prone to private data leakage and IP theft. One effective solution is constructing Trusted Execution Environment (TEE) and its secure boot process on FPGA-SoC (FPGA System on Chip). This paper aims to establish Secure Runtime Customizable TEE (SrcTEE) on FPGA-SoC through the design of a novel secure boot scheme and the design of the following three components: 1) CrloadIP, which enforces access control on TEE applications deploying IP at runtime such that SrcTEE can alleviate threats from unauthorized TEE applications and then SrcTEE can be adjusted dynamically and securely; 2) CexecIP, which not only enables the execution of newly-installed IP cores without modifying the operating system of FPGA-SoC TEE, but also prevents insider attacks from executing IPs in SrcTEE; 3) CremoAT, which can provide the newly-measured SrcTEE state and establish a secure communication path between remote verifiers and SrcTEE. Our secure boot scheme supports refreshable root trust key, and assures the authenticity and integrity of boot codes during the SrcTEE booting process. We conduct a security analysis of SrcTEE and its performance evaluation on Xilinx Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC.