Skip to main content

Keystone Enclave

Keystone Enclave is an open-source framework for building and running trusted execution environments (TEEs) based on RISC‑V hardware, providing a customizable enclave runtime and security architecture for confidential computing (confidential computing framework).

  • Framework for RISC‑V trusted execution environments and enclaves (confidential computing / hardware security)
  • Customizable enclave runtime and security monitor supporting modular TEEs (runtime / systems software)
  • Hardware–software co-design for isolating sensitive workloads on RISC‑V platforms (platform security)
  • Support for running unmodified Linux applications inside enclaves via compatible runtimes (application security / workload isolation)
  • Reference implementations, SDKs, and documentation for building enclave-enabled systems and applications (developer tooling)

More About Keystone Enclave

Keystone Enclave is an open-source confidential computing framework focused on RISC‑V trusted execution environments (TEEs), designed to enable isolated enclaves that protect code and data from higher-privileged software such as operating systems and hypervisors. It targets use cases where workloads require hardware-backed isolation, including secure data processing, multi-tenant cloud executions, and protection of cryptographic material on general-purpose RISC‑V platforms.

The project provides a modular enclave runtime (runtime / operating environment) and a security monitor (platform security) that run alongside a host Operating System (OS) on RISC‑V hardware. The security monitor manages enclave lifecycle operations, such as creation, measurement, and teardown, and controls access to processor and memory resources. The enclave runtime offers execution support and basic services to applications inside enclaves while maintaining isolation boundaries enforced by the underlying RISC‑V architecture and Keystone’s security model.

Keystone Enclave uses a hardware–software co-design approach (platform architecture), defining an enclave abstraction that can be tailored to different RISC‑V platforms and memory protection capabilities. It leverages RISC‑V privileged architecture features (processor architecture) to partition physical memory into secure and non-secure regions, enforce access control on page tables, and mediate transitions between enclave mode and host mode. The design aligns with confidential computing practices by focusing on measurement, attestation, and isolation of enclave code and data during execution.

The project includes reference implementations and example platforms (reference platform support) that demonstrate how to integrate the security monitor and enclave runtime with a RISC‑V system-on-chip, boot chain, and host OS. It also provides developer tooling and Software Development Kit (SDK) elements (developer tooling), such as interfaces for building enclave applications, adapting existing workloads, and conducting attestation flows where a remote party can verify enclave measurements before provisioning secrets. These components are intended to support research, prototyping, and deployment of enclave-based solutions on RISC‑V.

In enterprise and institutional environments, Keystone Enclave fits into the confidential computing category (confidential computing framework), relevant for secure multi-tenant infrastructure, data-in-use protection, and secure execution of privacy-sensitive workloads. Its RISC‑V focus positions it for use in custom silicon, data center accelerators, and edge devices where organizations require an open and inspectable TEE implementation. The project’s architecture and artifacts are used both as a reference design for hardware and platform vendors and as an execution environment for software teams that want to run Linux-compatible or bare-metal style applications within TEEs, while integrating with broader security controls such as attestation services, key management, and workload orchestration.