Vyond is a Secure OS working on RISC-V machine. The purpose of Vyond is to go beyond secure os, which originated from the word “Beyond”. As of now, we open a Security Monitor (SM) of Vyond-TEE written in Rust and an implementation of SiFive's WorldGuard running on Chipyard.
WorldGuard (WG) is one of physical-memory isolation techniques used in RISC-V. This scheme provides a mechanism to tag transactions with an identification of the initiating context called a world id (WID) and reject illegal transactions if WID does not have a permission.
Vyond implements WorldGuard on top of Chipyard SoC generator framework so as to apply it to various RISC-V enabled SoC.
See more details in WorldGuard on Chipyard and Initial Chipyard Setting
Vyond provides an enclave as a protection domain isolated from the rest of the system, both in terms of its execution and its memory. Enclave is an isolated region of memory within the address space of a user-level process. This region of memory is controlled entirely by the Security Monitor.
See Vyond Quick Start to build and run Vyond-TEE.