Nuclei Security Solution — “Penglai” TEE  
SW-HW Co-design Trusted Execution Environment (TEE) collaborated by Nuclei and TrustKernel  
Penglai Architecture  
RISC-V Privileged ISA based TEE Framework  
Enclave Enclave Enclave  
1
2
3
Host  
App  
Enclave  
App  
Uesr  
Mode  
Enclave  
4
...  
Smallest Trusted Code Base  
Enclave  
n
RISC-V core (PMP/sPMP) + Verifiable security monitor (M-mode  
privilege) + TEEOS  
Supervisor  
Mode  
RTOS  
TEE OS  
Secure Assurance  
Strong isolation between enclave and other application or OS  
Machine  
Mode  
Secure Monitor  
Protect against a malicious or compromised OS  
Secure boot and remote attestation for chain of trust  
Trusted  
Untrusted  
High performance and scalability  
Nuclei Security Solution Side Channel Protection  
SCP (Side Channel Protection) is used to prevent side-channel attacks by randomly inecting fake  
instructions to the pipeline.  
Randomly inecting  
fake instructions  
Normal instructions  
Fake instructions