frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Confidential computing for high-assurance RISC-V embedded systems

https://github.com/IBM/ACE-RISCV
103•mrnoone•1y ago
Dear HN community! Looking forward to hearing your feedback on ACE (assured confidential execution), technology that implements VM-based trusted execution environment (TEE) for embedded RISC-V systems with focus on a formally verified and auditable firmware. We target high-assurance systems that can benefit from compartmentalization and hardware-backed isolation. The key ingredient called security monitor (firmware) is implemented in Rust. The formal specification is defined as annotations directly in code and gets translated to Coq using RefinedRust automation. ACE design is now part of the RISCV confidential VM extension (CoVE) specification (deployment model 3).

Comments

IshKebab•1y ago
Can you explain what the relationship is between this and CoVE? Is ACE (this repo) the firmware, and CoVE the RISC-V hardware extensions that it requires?

How does it run on a P550 if that doesn't support CoVE?

aseipp•1y ago
Yes, that's basically the relationship between CoVE and ACE, from a quick glance. In this case, ACE is simply implementing a formally modeled and verified security monitor where the design has been extracted to Coq and the invariants proven.

It can work on P550 because CoVE supports several "Deployment strategies", the one ACE uses is referenced in the README: CoVE spec, Appendix D, "M-mode [Trusted Security Manager] based deployment model" https://github.com/riscv-non-isa/riscv-ap-tee/blob/main/src/... -- the other appendicies detail e.g. Smmtt based designs, and apparently there's a not-yet-written "Nested Virtualization" design in Appendix C.

They also note that the P550 isn't a "true" port due to the preliminary, non-ratified H extension, and it also misses another required extension called "Sstc" but they just emulate it. (Sstc is interesting; it seems to be a performance optimization for delivering timer interrupts directly to supervisors, but I can imagine in the case of CoVE timer interrupts going through M-mode could leak data, making it more of a security issue.)

Leveraging M-mode is basically how previous security monitors like keystone worked too, back on the original HiFive Unleashed. It just sorta treats M-mode as an analogue to the "secure world" in ARM parlance, though there is no requirement that M-mode has e.g. an encrypted memory controller and dedicated memory region, and I'm guessing other things (I'm not super familiar with TrustZone.)

Broadly speaking this reminds me as a kind of a evolution/combination of Microsoft's Komodo (formally verified, but was only for e.g. SGX-style enclaves) and existing M-mode TEE systems like Keystone -- but upgraded to support "Confidental Computing" virtual machines. So that's quite nice.

mrnoone•1y ago
The CoVE specification defines a unified confidential computing architecture for RISC-V that scales across embedded, edge, and cloud use cases. The system designers select the appropriate deployment model based on the specific constraints and goals of their target systems. ACE adopts the deployment model tailored for mid- to high-end embedded platforms (see Appendix D in the CoVE spec).

Ultimately, we should expect multiple CoVE implementations optimized for different domains. For instance, in cloud environments, the focus is on maximizing performance and resource utilization—typically requiring full CoVE support and advanced hardware features such as Smmtt and AIA. Salus from Rivos is an example of such a high-end implementation. In contrast, embedded systems have limited power and silicon budgets, and thus prioritize simpler hardware. These systems trade off performance and accept memory fragmentation in favor of reduced hardware complexity and cost—ACE is designed with this trade-off in mind.

ACE runs on P550 by emulating the missing hardware features. This enables experimental deployment on real hardware. (P550 is the first commercially available RISC-V processor with virtualization support.)

neom•1y ago
Developers have faced in the confidential computing space, particularly with x86 TEEs, fragmentation leading to vendor lockin and a difficult developer experience due to multiple, somewhat incompatible standards/approaches. Does the CoVE effort, and IBM's involvement in it, aim to prevent a similar situation in the RISC-V world, fostering a more open and standardized TEE ecosystem? Are you using CCC to align RISC-V CoVE with efforts to improve the developer experience? I hope we see common abstractions across different TEE architectures!!!
mrnoone•1y ago
I agree with your point, we need common abstractions across different TEE architectures!

The CoVE specification addresses fragmentation in the RISC-V ecosystem by defining a unified confidential computing architecture that scales across embedded, edge, and cloud use cases. Higher layers of the software stack, for example Linux KVM and QEMU, implement the defined ABI, enabling support for a variety of CoVE-compliant implementations. Currently, there are two CoVE implementations: ACE, targeting embedded systems, and Salus, aimed at cloud deployments. Additionally, there are efforts underway to port OP-TEE to the CoVE architecture.

Within the Linux kernel, there is ongoing work to unify internal interfaces across different TEE implementations (x86,ARM,Z,PowerPC) and harden the guest kernel. The CoVE patches are designed to align with these abstractions, though they have not yet been upstreamed. Remote attestation is still the pain point, since the CoVE spec proposes formats that are not compatible with Intel/AMD/TPM style. On the other hand, the ACE's local attestation re-uses the format from OpenPOWER PEF and opens it with versioning to new algorithms and properties.

From an end-user standpoint, VM-based TEEs are more agnostic to the underlying hardware technology compared with process-based TEEs, as they rely on the virtualization boundary for isolation. What does still change is the guest kernel and its supporting libraries, which must be adapted to leverage platform-specific attestation mechanisms.

anonymousDan•1y ago
How does this differ from Keystone?
mrnoone•1y ago
There are two key differences:

(1) ACE leverages hardware virtualization support, including an MMU, to enable confidential virtual machines. In contrast, Keystone is designed for simpler processors that rely on just machine/supervisor/user privilege levels and physical memory protection (PMP), making it more suitable for process-based enclaves—similar to architectures like Komodo or Intel SGX. In that sense, ACE is conceptually closer to Intel TDX, but tailored for a different domain: embedded systems rather than cloud infrastructure.

(2) In ACE, the architecture and code are simplified to facilitate formal verification.

hyperhello•1y ago
> ACE supports local attestation, a mechanism to authenticate confidential VMs intended for embedded systems with limited or no network connectivity.

I'm interested to know the safe definition of 'limited' connectivity - is there some kind of boundary which logical reasoning can't support?

l0ng1nu5•1y ago
This area is where I see riscv excelling ahead of current proprietary options. I don't think it can compete on speed in terms of general purpose computing at this point.

The way I see it, once guaranteed security is offered, security conscious IT admins will insist on using it and the herd will eventually follow.

Anthropic says US lifts export ban on Fable 5

https://www.bbc.com/news/articles/cdr42623e1do
2•tobr•1m ago•0 comments

ESA declares private Minecraft servers 'illegal' in StopKillingGames hearing

https://www.pcgamer.com/gaming-industry/esa-bafflingly-declares-private-minecraft-servers-illegal...
1•N_Lens•1m ago•0 comments

The Supreme Court just worsened the Democrats's fundraising

https://www.politico.com/news/2026/06/30/the-supreme-court-just-made-the-dncs-fundraising-woes-a-...
1•Alien1Being•3m ago•0 comments

Commerce Department gives green light for Anthropic to bring back Fable 5

https://www.nbcnews.com/business/business-news/commerce-department-gives-green-light-anthropic-br...
2•rw2•7m ago•0 comments

Show HN: The Sword of Ghix – a retro game made by a 13 yo with AI Assisted tools

https://paulinatorrr.itch.io/sword-of-ghix-chapter-1
1•fredliu•7m ago•0 comments

Google sunsets Tenor API, breaking GIFs in Discord and X

https://aiweekly.co/alerts/google-sunsets-tenor-api-breaking-gifs-in-discord-and-x
1•Gaishan•9m ago•1 comments

GovScape lets you easily search government documents

https://www.washington.edu/news/2026/06/24/govscape-lets-you-easily-search-millions-of-government...
1•gnabgib•13m ago•0 comments

Fable 5 up to 50% of weekly usage limits through July 7

https://twitter.com/theo/status/2072173365318840573
1•bentaber•14m ago•0 comments

Otsuka posts phase 3B ADHD trial win ahead of looming FDA approval decision

https://www.fiercebiotech.com/biotech/otsuka-posts-phase-3b-adhd-trial-win-ahead-looming-fda-appr...
1•rguiscard•15m ago•0 comments

Underwater Suit-Wearing Cyborg Insect Capable of Hours-Long Divingl

https://www.nature.com/articles/s41467-026-74235-1
2•UltraSane•16m ago•1 comments

U.S. murder rate approaches a record low

https://www.npr.org/2026/06/30/nx-s1-5866810/us-murder-rate-record-low-crime-homicide
1•toomuchtodo•18m ago•0 comments

Claude Fable 5 available globally tomorrow

https://twitter.com/anthropicai/status/2072163884430229756
5•jitl•22m ago•0 comments

Ask HN: If governments keep restricting frontier AI, what happens next?

1•akashwadhwani35•23m ago•0 comments

The Oracle Problem

https://pilgrima.ge/p/the-oracle-problem
2•paulpauper•26m ago•0 comments

Is Claude's Constitution Aligned with Planetary Flourishing?

https://cathalharte.ch/essay-is-claudes-constitution-aligned-with-planetary-flourishing.html
1•paulpauper•26m ago•0 comments

Scientists discover unexpected way to make pancreatic cancer cells self-destruct

https://www.sciencedaily.com/releases/2026/06/260622091512.htm
1•jonbaer•27m ago•0 comments

Tracing Codex's 640TB-a-year SQLite writes

https://querydoctor.com/blog/tracing-codexs-640tb-year-sqlite-writes
1•thunderbong•27m ago•0 comments

Syncpen: A Markdown writing app your AI can write in (Claude, Cursor, Cowork)

https://www.syncpen.io/
1•airbuzz•28m ago•0 comments

WhatsApp Coding – Managing Google Antigravity 2.0 via a mobile chat proxy

https://github.com/rajibbora1965/WhatsAppCoding
1•rajibbora•29m ago•0 comments

Modular Cognitive Architecture Emerges in Large Language Models

https://pengrui-han.github.io/LLM_Modularity_Page/
1•pulisse•31m ago•0 comments

BullRun – free global stock screener with an MCP server

https://bull-run.org/
1•ferinator•31m ago•2 comments

Firms that adopt AI grow headcount 10% over the two years following adoption

https://ramp.com/data/ai-jobs-impact
2•nreece•34m ago•0 comments

What ORMs have taught me: just learn SQL (2014)

https://wozniak.ca/blog/2014/08/03/1/index.html
1•ciconia•34m ago•0 comments

Why do teams keep losing context, and why hasn't any tool fixed it?

1•rihabzt•36m ago•0 comments

Trump's second-term windfall: $1.4B

https://www.politico.com/news/2026/06/30/trump-crypto-windfall-disclosures-00983207
2•Alien1Being•37m ago•0 comments

Vektor Slipstream v1.7.4: Effort Control and Real Memory Search

https://medium.com/@vektormemory/vektor-slipstream-v1-7-4-effort-control-real-memory-search-e62d4...
1•vektormemory•39m ago•0 comments

The Virtual Drug That Created Fortnite

https://comuniq.xyz/post?t=1339
2•01-_-•46m ago•0 comments

Chinese tech makes desalinating seawater cheaper than producing bottled water

https://www.scmp.com/news/china/science/article/3358699/chinese-tech-makes-desalinating-seawater-...
3•01-_-•48m ago•1 comments

IBM claims first sub-1 nanometer chip technology

https://arstechnica.com/gadgets/2026/06/ibm-claims-worlds-first-sub-1-nanometer-chip-technology/
1•surprisetalk•52m ago•0 comments

A new Plaza Accord for global currencies wouldn't work

https://www.economist.com/finance-and-economics/2026/06/30/a-new-plaza-accord-for-global-currenci...
1•petethomas•55m ago•0 comments