Trusted Execution Environments (TEEs) are essential for cloud security, with Confidential Virtual Machines (CVMs) as the prevailing approach. While proprietary solutions dominate deployments, the RISC-V ecosystem lacks mature open-source CVM implementations despite CoVE progress. This paper presents a VM-level TEE architecture on the open-source XiangShan RISC-V processor, featuring physical isolation of Enclave Management Tasks via dedicated secure cores. We implement bitmap-based page-granularity memory isolation and multi-key memory encryption for fine-grained access control and software-defined full-memory cryptographic protection. Evaluation on FPGA prototypes demonstrates minimal EMS area overhead (<1% of SoC area).