Open-source Secure Hardware Enclave

How can I participate?

We encourage participation and collaboration with anyone who is interested in helping the project.
Please subscribe to our announcment mailing list ( , discussion mailing list (, and check out our github.


Keystone is an open-source project for building trusted execution environments (TEE) with secure hardware enclaves, based on the RISC-V architecture. Our goal is to build a secure and trustworthy open-source secure hardware enclave, accessible to everyone in industry and academia.

Keystone is available and actively developed on github and documented at

Why do we need secure hardware enclaves?

Secure computation is a powerful abstraction, protecting the integrity and confidentiality of computations over confidential data. While there are already many applications for secure computing, it will continue to grow in importance. First, the shift towards cloud computing has driven high demand for security in the cloud, because it requires all of the data computation and storage to take place on remote machines. Second, there is a growing need to compute over private data from multiple sources. For example, mutually distrusting organizations may want to train collaborative machine learning models over confidential data.

One way to enable secure computation is to use crypto-based techniques such as homomorphic encryption and multi-party computation. However, state-of-the-art techniques in this domain are many orders of magnitude slower than native computation, limiting their practical applications.

Secure hardware enclaves provide another solution to secure computation with little or no performance overhead over native computation. Hardware enclaves enable computation over confidential data, providing strong isolation from other applications, the operating system, and the host. The secure enclave can also attest to the correct execution of a program to a remote party. Because secure enclaves has low performance overhead, they enable secure computation with a wide range of real-world applications.

Why should it be open-source?

Although many TEEs have been proposed by both industry (e.g., Intel SGX) and academia (e.g., Sanctum), no full-stack implementation has been open-sourced for use. We started the Keystone project to fill this gap. Commercial TEEs often take advantage of security by obscurity; most parts of the designs (especially the hardware stack) are not open-sourced and remain undocumented. Most security guarantees of commercial TEEs rely on trusting the design, implementation, and supply-chain management of hardware vendors.

Keystone follows the philosophy of open security. While there is no industry agreement on the “right solution” for everything, we believe open-source design allows the community to more effectively share insights, improve designs, and iterate on problems towards the goal of secure hardware enclaves.

Here are the list of goals of Keystone project:

  1. Chain of Trust
    • Secure boot
    • Remote attestation
    • Secure key provisioning
  2. Memory Isolation
    • Physical memory protection
    • Page table isolation
  3. Defense against Physical Attack
    • Memory encryption
    • Memory address bus encryption
  4. Defense against Side-channel Attack
    • Isolated architecture
  5. Formal Verification
  6. Deployment
    • RISC-V QEMU simulation
    • FPGA-based deployment (FireSim)
    • Tape out to chip
  7. Secure supply-chain management

Related Publications and Presentations

Keystone Enclave: An Open-Source Secure Enclave for RISC-V

Dayeol Lee
RISC-V Summit, Santa Clara, 2018

Towards An Open-Source, Formally-Verified Secure Enclave

Dawn Song
Workshop on Inter-Disciplinary Research Challenges in Computer Systems (An NSF-Sponsored Community Vision Workshop Co-located with ASPLOS’2018)

FireSim: FPGA-Accelerated Cycle-Exact Scale-Out System Simulation in the Public Cloud

S. Karandikar, H. Mao, D. Kim, D. Biancolin, A. Amid, D. Lee, N. Pemberton, E. Amaro, C. Schmidt, A. Chopra, Q. Huang, K. Kovacs, B. Nikolic, R. Katz, J. Bachrach, K. Asanovic
International Symposium on Computer Architecture (ISCA), 2018

A Formal Foundation for Secure Remote Execution of Enclaves

P. Subramanyan, R. Sinha, I. Lebedev, S. Devadas and S. Seshia
Computer and Communication Security Conference (CCS), 2017

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

V. Costan, I. Lebedev, S. Devadas
USENIX Security Symposium, 2016

Project Timeline

2018 December

  • Keystone v0.1 is released and Keystone is open-sourced.
  • Keystone v0.1 runs on FPGA-based (FireSim), qemu, and the HiFive Unleashed development board.



Keystone is currently led by research groups of EECS at UC Berkeley in collaboration with MIT.

Dayeol Lee
UC Berkeley

David Kohlbrenner
UC Berkeley

Shweta Shinde
UC Berkeley

Krste Asanovic
UC Berkeley

Dawn Song
UC Berkeley

Ilia Lebedev

Srini Devadas

Sagar Karandikar
UC Berkeley

Albert Ou
UC Berkeley