Abstract:
The open-source RISC-V instruction set architecture (ISA) provides a significant opportunity for China to establish an independent and controllable IoT ecosystem. However, IoT devices often lack hardware protections and are vulnerable to physical-level firmware tampering attacks. Therefore, ensuring firmware integrity to improve device security is crucial. Previous researches have focused on secure boot techniques, but several challenges remain: 1) The traditional software-level trusted root can be physically tampered, making it difficult to ensure the reliability of the trusted root; 2) Mainstream hardware-level secure boot technology is controlled by international chip manufacturers, the specific implementation method is not publicly available, and does not support domestic cryptographic algorithms, making it impossible to ensure security independence and controllability for China; 3) Existing research on secure boot mechanisms based on RISC-V CPUs can verify the credibility of executable code but lacks a mechanism for verifying the integrity of upper-level firmware. To solve these challenges, we design and implement SeChain, a RISC-V secure boot mechanism based on the Chinese domestic cryptographic algorithm SM9. Specifically: 1) A signature calculation unit (SCU) is added inside the RISC-V SoC to generate key pairs and signatures; 2) A key verification unit (KVU) is added to perform on-chip execution of verification algorithms and firmware integrity verification; 3) A multi-level secure boot process based on verification boot is designed and implemented, starting from an immutable hardware trust root, completing the integrity verification of the next-stage boot program step by step, and achieving secure boot. Based on this design, SeChain realizes the security and trustworthiness of the trust root in the startup phase and constructs a trusted secure boot chain based on the domestic cryptographic algorithm SM9, providing reliable protection for device secure boot and trusted execution. To verify the effectiveness, efficiency, and security against trust root attacks of SeChain, we complete SeChain simulation verification experiments based on VexRiscv CPU on FPGA hardware platform. The experimental results show that SeChain can resist various firmware tampering attacks, as well as resist trust root attacks, which has an average additional time overhead of no more than 6.47 seconds. SeChain is suitable for resource constrained IoT devices, while meeting secure and trusted boot requirements, it can provide strong protection for domestic RISC-V ecosystem security independence and controllability.