Resource-constrained microcontrollers are highly vulnerable to control-flow hijacking attacks, yet existing Control-Flow Attestation (CFA) schemes incur prohibitive computational overhead and are unsuitable for embedded environments. Method: We propose a lightweight hardware-assisted attestation mechanism featuring: (i) a linear-space-complexity verifier; (ii) tight integration of ARMv8.1-M’s Trusted Execution Environment (TEE) with register-level isolation to prevent memory corruption; and (iii) reuse of commodity chip hardware accelerators for Message Authentication Code (MAC) computation. Contribution/Results: This work presents the first low-overhead CFA scheme validated on real-world firmware, significantly reducing attestation data volume. In representative embedded scenarios, it achieves performance comparable to or exceeding state-of-the-art approaches, and has been successfully deployed end-to-end at the firmware level on commercial microcontrollers.

Microcontroller-based embedded systems are vital in daily life, but are especially vulnerable to control-flow hijacking attacks due to hardware and software constraints. Control-Flow Attestation (CFA) aims to precisely attest the execution path of a program to a remote verifier. However, existing CFA solutions face challenges with large measurement and/or trace data, limiting these solutions to small programs. In addition, slow software-based measurement calculations limit their feasibility for microcontroller systems. In this paper, we present ENOLA, an efficient control-flow attestation solution for low-end embedded systems. ENOLA introduces a novel authenticator that achieves linear space complexity. Moreover, ENOLA capitalizes on the latest hardware-assisted message authentication code computation capabilities found in commercially-available devices for measurement computation. ENOLA employs a trusted execution environment, and allocates general-purpose registers to thwart memory corruption attacks. We have developed the ENOLA compiler through LLVM passes and attestation engine on the ARMv8.1-M architecture. Our evaluations demonstrate ENOLA's effectiveness in minimizing data transmission, while achieving lower or comparable performance to the existing works.