PIE: A Platform-wide TEE.

While modern computing architectures rely on specialized hardware such as accelerators to provide performance and functionality, trusted execution environments (TEEs), one of the most promising recent developments in security, can only protect code confined in the CPU, limiting TEEs potential and applicability to a handful of applications. We observe that the TEEs' hardware trusted computing base (TCB) is fixed at design time, forcing users to rely on (mostly untrustworthy) software to allow peripherals into the TEE. Based on this observation, we propose PIE, a secure platform design with a configurable hardware and software TCB, which allows us to support specialized hardware while ensuring the least privilege principle. We introduce two new security properties relevant to such systems: platform-wide attestation and platform awareness. Platform-wide attestation allows to remotely verify the platform's current state, including the state of specialized hardware devices and how they are connected with each other, whereas platform awareness defines how the enclave reacts upon a change in connected devices. Together, these allow to attest to the hardware configuration of a system and check that only the trusted hardware with the right version of its firmware is part of the TCB (platform-wide attestation) and will stay part of the TCB for the whole execution (platform awareness). Finally, we present a prototype of PIE based on RISC-V's Keystone to show that such systems are feasible with only around 600 lines added to the software TCB, without compromising performance.