RISC-V架构处理器分区过程中,因未处于可信执行环境中,使得部分分区内容出现了新行内容随意替换旧行内容的问题,导致分区结果重叠部分较多。为此,提出基于可信执行环境的RISC-V架构处理器安全分区方法。根据请求指令中的虚拟机ID编号将虚拟机与虚拟根实例进行绑定,为RISC-V架构处理器中的划分提供安全环境。将安全内存加密引擎集成到内部的 Cache与存储控制器间,生成单次分块区。利用多用户端密钥对称算法获取访问密文,采用蒙特卡罗法计算当前分区解向量对应的偏移时间。根据该偏移时间序列,采用Cache方法进行分区可信通道物理页着色处理,可避免出现新行随意替换旧行的问题,获取安全的分区结果。由实验结果可知,使用本研究方法分区命中率最小值可达到0.82,能够达到理想的分区效果。

During the partitioning process of the RISC-V architecture processor,it is not in a trusted security environment,which causes the problem of the new row content replacing the old row content at will in some partition content,resulting in more overlapping parts of partition results.Therefore,a secure partitioning method for RISC-V architecture processors based on trusted execution environment is proposed.According to the virtual machine ID number in the request instruction,the virtual machine is bound to the virtual root instance to provide a secure environment for the security division in the RISC-V architecture processor.Integrate the secure memory encryption engine between the internal cache and the storage controller to generate single-shot chunks.The multi-user key symmetry algorithm is used to obtain the access ciphertext,and the Monte Carlo method is used to calculate the offset time corresponding to the current partition solution vector.According to the offset time series,the Cache method is used to color the physical pages of the partitioned trusted channel to avoid the problem of replacing old rows with new rows and obtain safe partitioning results.It can be seen from the experimental results that the minimum value of partition hit rate can reach 0.82 using the research method,which can achieve the ideal partition effect.