Composite Enclaves: Towards Disaggregated Trusted Execution.

Trusted execution environments (TEE) remove the OS and the hypervisor from the trusted computing base (TCB) and provide isolation to applications, known as enclaves. TEEs also provide remote attestation, which allows a remote verifier to check if the proper version of the enclave is running. However, TEEs provide only a static and restricted hardware trusted computing base, which includes only the CPU. While this might be acceptable for some applications, it is too restrictive for others, and falls short when one considers external hardware entities that are connected to the platform. Current proposals to include specific external components into a TEE exist, but these remain limited to very specific use cases and cannot be used dynamically. In this paper, we investigate platforms where enclaves can utilize a dynamic hardware TCB. We propose new security properties that are relevant for such systems, namely, platform-wide attestation and platform awareness. These properties allow a remote verifier to verify the current state and to define how the enclave reacts upon a change in connected peripherals. Finally, we present a prototype based on RISC-V's Keystone to show that such systems are feasible with only around 350 lines added to the software TCB.