Some version at least will be yes. RE: RoT + RISV-V, cache isolation appears missing here, so sidechannel attacks using cache timing and other methods still work

Awesome! It was unclear to me where the Rambus IP began and SiFive's core took over in the demo.

Keystone using existing RISC-V extensions is exciting to see, but it's frustrating that the Hack a Day article seems to confound where it begins and ends (at least today). The Keystone presentation notes that the RoT is derived from Sanctum and their docs indicate that you need to bring your own entropy and key storage, neither of which are made clear in the blog post.

Isn't this highly similar to MIT's Sanctum from 2015, also open source and ignoring the hardware changes needed to make meaningful guarantees about sidechannel attack robustness? Useful if you want to avoid hardware mods, but the enclave model is not new. https://eprint.iacr.org/2015/564.pdf and open source code via MIT license here: https://github.com/pwnall/sanctum

Well its the next evolution by many of the same people.

The T2 is utilizing a physically unclonable function (PUF) and TRNG to create a public/private device key pair on die. At manufacturing, the T2 exposes the device public key to Apple, Apple signs with a group key posted to their CA. This is why they say they can revoke privileges via the CA. It's unclear to me whether the T2 regenerates this key pair each time it is requested, or whether it is encrypted and stored in memory. In the event the latter is the case, the encryption is being performed inside the secure enclave. "Secure enclave" used here is almost certainly distinct from Intel SGX, ARM TrustZone and the like. The page tables are protected. Row Hammer, Spectre, Meltdown and Foreshadow do not apply to something like T2, as the OS is considered trusted. The fundamental challenge that e.g. Intel's SGX has over this type of architecture is that a dedicated security co-processor doesn't need to maintain speculative execution behaviors necessitated by performance requirements, which expose numerous sidechannel attacks, and likely has minimal need to assume untrusted code operating in the T2 OS.