[sargun]

Does anyone know if this SBC contains RISC-V Worldguard capabilities (https://www.sifive.com/technology/shield-soc-security)? I've been looking for a RISC-V SBC with a way to protect asymmetric keys. The new ESP32 has a dedicated key storage.

The SoC docs indicate: • 512 × 32-bit (2 KB) of OTP for key data on-die storage

But, that sounds like it's for the likes of secureboot.

[aseipp]

No, and there aren't any (public) cores deployed with Worldguard support that I'm aware of, at least none with user-controllable software, nor am I aware of any alternative implementations to Worldguard e.g. FPGA designs for prototyping. Seems like a fairly involved product.

If you just want some kind of trusted key storage/signing inside a secure enclave style design, to keep things secure from the OS/hypervisor, something like Keystone may be more your speed. It largely just re-uses the existing M-mode privilege level to enforce separation from the OS and userspace stack. It isn't 1-to-1 with Worldguard, but it's a start, and in theory you can "just" patch the SBI implementation to support it: http://docs.keystone-enclave.org/en/latest/Getting-Started/H...

Anything implemented today is probably going to be missing some key features of a complete stack, but the parts are all mostly there, and still moving.