We have developed the Trusted RV which is a combination of 4 core 64bit RISC-V and 1 core 32bit RISC-V Secure Coprocessor. The secure coprocessor works as a "Root of Trust" and keeps critical information (e.g., Device Key, Certificate). The secure coprocessor offers machine mode only and runs Zephyr OS. The Zephyr OS includes crypto and certificate-verification libraries and manages the 64bit RISC-V. The secure coprocessor boots before the 64bit RISC-V and verifies it.
The secure coprocessor is tightened with RISC-V Keystone on the 64bit RISC-V to keep security. The 64bit RISC-V runs Keystone as TEE (Trusted Execution Environment), and Secure Monitor (SM) runs on machine mode under the Linux kernel. The secure communication between 64bit RISC-V and Secure Coprocessor is managed by SM only. The communication is passed to a Trusted Application (TA) in a Keystone Enclave only. The secure communication is implanted on the shared memory and mutual interrupts between 64bit RISC-V and Secure Coprocessor. This mechanism is also used for the remote attestation of Keystone which based on the key in the secure coprocessor. The Trusted RV is implemented on a simulator for software development, as well as FPGA (Xilinx VC707).