Keystone Project

We encourage participation and collaboration with anyone who is interested in helping the project.
Please subscribe to our mailing list ( for future announcements and check out our github.


Keystone is an open-source project for building trusted execution environments (TEE) with secure hardware enclaves, based on the RISC-V architecture. Our goal is to build a secure and trustworthy open-source secure hardware enclave, accessible to everyone in industry and academia.

Keystone is available and actively developed on github and documented at

Why do we need secure hardware enclaves?

Secure computation is a powerful abstraction, protecting the integrity and confidentiality of computations over confidential data. While there are already many applications for secure computing, it will continue to grow in importance. First, the shift towards cloud computing has driven high demand for security in the cloud, because it requires all of the data computation and storage to take place on remote machines. Second, there is a growing need to compute over private data from multiple sources. For example, mutually distrusting organizations may want to train collaborative machine learning models over confidential data.

One way to enable secure computation is to use crypto-based techniques such as homomorphic encryption and multi-party computation. However, state-of-the-art techniques in this domain are many orders of magnitude slower than native computation, limiting their practical applications.

Secure hardware enclaves provide another solution to secure computation with little or no performance overhead over native computation. Hardware enclaves enable computation over confidential data, providing strong isolation from other applications, the operating system, and the host. The secure enclave can also attest to the correct execution of a program to a remote party. Because secure enclaves has low performance overhead, they enable secure computation with a wide range of real-world applications.

Why should it be open-source?

Although many TEEs have been proposed by both industry (e.g., Intel SGX) and academia (e.g., Sanctum), no full-stack implementation has been open-sourced for use. We started the Keystone project to fill this gap. Commercial TEEs often take advantage of security by obscurity; most parts of the designs (especially the hardware stack) are not open-sourced and remain undocumented. Most security guarantees of commercial TEEs rely on trusting the design, implementation, and supply-chain management of hardware vendors.

Keystone follows the philosophy of open security. While there is no industry agreement on the “right solution” for everything, we believe open-source design allows the community to more effectively share insights, improve designs, and iterate on problems towards the goal of secure hardware enclaves.

Here are the list of goals of Keystone project:

  1. Chain of Trust
    • Secure boot
    • Remote attestation
    • Secure key provisioning
  2. Memory Isolation
    • Physical memory protection
    • Page table isolation
  3. Defense against Physical Attack
    • Memory encryption
    • Memory address bus encryption
  4. Defense against Side-channel Attack
  5. Formal Verification
  6. Deployment
    • RISC-V QEMU simulation
    • FPGA-based deployment (FireSim)
    • Tape out to chip
  7. Secure supply-chain management

Towards An Open-Source, Formally-Verified Secure Enclave

Dawn Song
Workshop on Inter-Disciplinary Research Challenges in Computer Systems (An NSF-Sponsored Community Vision Workshop Co-located with ASPLOS’2018)

FireSim: FPGA-Accelerated Cycle-Exact Scale-Out System Simulation in the Public Cloud

S. Karandikar, H. Mao, D. Kim, D. Biancolin, A. Amid, D. Lee, N. Pemberton, E. Amaro, C. Schmidt, A. Chopra, Q. Huang, K. Kovacs, B. Nikolic, R. Katz, J. Bachrach, K. Asanovic
International Symposium on Computer Architecture (ISCA), 2018

A Formal Foundation for Secure Remote Execution of Enclaves

P. Subramanyan, R. Sinha, I. Lebedev, S. Devadas and S. Seshia
Computer and Communication Security Conference (CCS), 2017

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

V. Costan, I. Lebedev, S. Devadas
USENIX Security Symposium, 2016

Project Timeline

  • Keystone v0.1 is released and Keystone is open-sourced.
  • Keystone v0.1 runs on FPGA-based (FireSim), qemu, and the HiFive Unleashed development board.


  • Keystone is now available at

  • leading researchers and practitioners from Google, Facebook, Microsoft, Intel, ARM, UC Berkeley, MIT, UT Austin, Si-Five, Oasis Labs, and many others came together on building open source secure enclave

  • Dawn Song gave a keynote about the open-source secure enclave at ASPLOS'18 NSF Workshop!


Keystone is currently led by research groups of CSAIL at MIT and EECS at UC Berkeley.

Dayeol Lee UC Berkeley

David Kohlbrenner UC Berkeley

Krste Asanovic UC Berkeley

Dawn Song UC Berkeley

Ilia Lebedev MIT

Srini Devadas MIT

Sagar Karandikar UC Berkeley

Albert Ou UC Berkeley