To address the lack of lightweight, trustworthy confidential computing support in embedded RISC-V systems, this paper proposes ACE—a royalty-free, open-source solution that systematically introduces the confidential computing paradigm to resource-constrained embedded environments for the first time. ACE constructs a hardware-isolated trusted execution environment (TEE) leveraging RISC-V virtualization extensions and employs a formal-verification-driven, minimal trusted verification base (TVB) design methodology to drastically reduce the trusted computing base (TCB). It is complemented by an open-source firmware stack enabling secure boot and isolated execution of sensitive applications. Prototyped on the first-generation RISC-V hardware supporting virtualization, ACE achieves <128 KB memory overhead and <5 μs context-switch latency, demonstrating both strong security guarantees and practical deployability. This work establishes a verifiable, low-overhead confidential computing paradigm tailored for safety-critical embedded systems.

Confidential computing plays an important role in isolating sensitive applications from the vast amount of untrusted code commonly found in the modern cloud. We argue that it can also be leveraged to build safer and more secure mission-critical embedded systems. In this paper, we introduce the Assured Confidential Execution (ACE), an open-source and royalty-free confidential computing technology targeted for embedded RISC-V systems. We present a set of principles and a methodology that we used to build ACE and that might be applied for developing other embedded systems that require formal verification. An evaluation of our prototype on the first available RISC-V hardware supporting virtualization indicates that ACE is a viable candidate for our target systems.