Google translation of the original article on EE Times China

 

Arm, which dominates the smart phone market, provides Arm TrustZone technology for its microprocessor core. One of the security mechanisms corresponding to RISC-V core is MultiZone. How does RISC-V MultiZone guarantee the security of chips and systems?

According to market forecast data studied by Ericsson, there will be more than 22 billion connected Internet of Things (IoT) devices in the world by 2024. However, the rapid development and popularity of IoT has also brought security risks. For edge devices, although security measures based on the isolation mechanism have been generally implemented, there are still limitations in security authentication. In addition, the security integration of the IoT ecosystem has become increasingly complex, and security has become an important issue of concern to the entire industry. As the core component of IoT devices, the security of the microprocessor is particularly important. For design engineers, what security factors need to be considered during the chip design phase? The four elements of SoC platform security include:

1. Trusted Execution Environment (TEE): Force isolation of code, data, and stored information through hardware;
2. Root of Trust: unique ID and certificate, and secure storage of private keys;
3. Secure boot: prevent unauthorized authentication code from launching;
4. Tools: Engineers need tools and processes that are transparent, intuitive, and easy to integrate.

Arm, which dominates the smart phone market, provides Arm TrustZone technology for its microprocessor core. One of the security mechanisms corresponding to the RISC-V core is MultiZone. Well-known information security expert Cesare Garlati is the main member of the RISC-V Foundation security working group and the co-founder of Hex Five Security. He compared Arm TrustZone with RISC-V MultiZone security mechanisms.

Figure 1 Both Arm TrustZone and RISC-V MultiZone are based on isolation security mechanisms. (Source: Hex Five)

Figure 2 Hardware security mechanism of Arm TrustZone and RISC-V MultiZone. (Source: Hex Five)

Both Arm and RISC-V architectures are based on the security concept of the isolation mechanism, but when Arm realizes hardware security, the two domains are hard-coded into the hardware, while RISC-V is a software-defined domain, To strengthen. In terms of software, Armv8-A uses the OP-TEE software model. Most of its configuration and tools come from the partners of Arm Ecology. Armv8-M uses the PSA software model. The code size of the RISC-V MultiZone security software model is small and therefore faster.

According to the latest market research report by Semico Research, shipments of RISC-V CPU cores will reach 62.4 billion by 2025, of which the IoT application market will have the highest market share of approximately 16.7 billion cores. The main application markets of RISC-V core include: computer, consumer electronics, communications, transportation, and industry. The average compound annual growth rate (CAGR) from 2018 to 2025 is expected to be 146.2%. The fastest growing number is the 5G-driven communications market, including 5G mobile phones, cellular base stations, and 5G infrastructure.

Figure 3 RISC-V core growth trends and main application markets. (Source: Semico Research)

This analysis report divides RISC-V core-based chips into four categories: high-performance multi-core SoCs, cost-effective multi-core SoCs, basic SoCs, and FPGAs. Among them, the fastest-growing is the basic SoC, with a compound annual growth rate of 190%. . Among the largest shipments of IoT applications, smart grid devices such as smart meters / water meters / gas meters and the Industrial Internet of Things (IIoT) are the main markets.

With the popularity of connected devices, attackers are becoming more destructive, bringing huge challenges to network security. If these RISC-V core-connected network devices are attacked by hackers, they will have a huge impact on industrial production and people’s daily lives. Therefore, security has gradually become an important topic in the RISC-V community, and it has also received the attention of the RISC-V Foundation and its major member companies.

How does an open RISC-V guarantee chip and system security?

Many people think that it is safe to hide things, but information security experts now agree that this “security through hiding” is not feasible. On the contrary, openness and transparency can truly ensure the security of the underlying application from the core of the underlying chip, which is based on the concept of “security through isolation”. In fact, many companies and designers in the industry believe that RISC-V’s open source code instead provides the transparency that other proprietary ISAs lack, which actually reduces the possibility of chip-level hardware from hacking, because there are many studies around the world People are paying attention to their security developments. Once there is a potential security risk, someone will immediately point it out and post it to the open community, and experts will soon propose corresponding solutions.

RISC-V ISA already has a very complete set of security mechanisms, including 4-ring trust, secure interrupt processing, and a unique physical memory protection (PMP) mechanism. In addition, some commercial companies have also released many security solutions for RISC-V, including cryptographic libraries, roots of trust, and multi-domain trusted execution environment (TEE).

Andes Technology builds a secure RISC-V ecosystem

As a founding member of the RISC-V Foundation, Andes Technology has been actively promoting the development and popularity of RISC-V since 2016, and has recently been upgraded to the Platinum membership level. In 2018, Andes Technology’s CPU core shipments exceeded 1 billion, of which 32 / 64-bit embedded CPU cores were mainly used in the IoT market. In response to the RISC-V security challenge, Andes Technology and the RISC-V community partners have built a comprehensive ecosystem, including integrating security solutions from multiple companies.

Figure 4 Andes Technology cooperates with multiple hardware security solution developers around the world. (Source: Andes)

Security solutions that have been integrated or compatible with the core RISC-V core include:

Cyber ​​Escort Unit of Secure-IC

Secure-IC’s Cyber ​​Escort Unit (CEU) technology integration platform, FPGA prototype-ready solution, and Andes Technology RISC-V processor enable SoC designers to effectively prevent physical and network attacks, including buffer overflow, Error injection attacks, skipping or replacing instructions, etc. The technology complies with Common Criteria’s High Security Level (EAL) certification and PP0084 Protection Profile certification.

Figure 5 The Cyber-Escort Unit (CEU) of the Secure-IC is integrated with the AndesCore core. (Source: Andes Technology)

This technology can be operated immediately. To be more precise, CEU is a dual technology, mainly to prevent the four threats to the security of embedded systems:

1. Return oriented programming (ROP) and Jump Oriented Programming (JOP): Attackers reassemble code blocks and assemble them into a malicious patch;
2. Use buffer overflow or integer overflow to destroy the stack: the attacker creates a fake function stack to modify the program context;

3. Perform code modification and coverage: the attacker managed to change the genuine program to a malicious program;

4. Control traffic hijacking: The attacker manipulates the program to make it perform illegal functions or illegal jumps.

Secure-IC’s flagship product, Securezr, is a CEU-integrated root-of-trust solution that ensures device security and provides corresponding security services (such as authentication, lifecycle management, remote configuration, and cloud computing). This security subsystem can be embedded with a dedicated processing unit based on the standard or enhanced network security of the AndesCore V5 processor, which enhances AndesCore’s highly resilient security performance and effectively resists various hacking attacks, including bypass attacks, error injection attacks, network attacks, etc .

Silex Insight’s high-level eSecure root of trust

The root of trust has become a necessary feature of many devices and networking services. Silex Insight’s advanced eSecure IP module can provide a complete root of trust solution for security applications, prevent the leakage of confidential information, and provide secure boot, key authentication and Application protection. AndesCore’s high-performance, low-power secondary pipeline RISC-V CPU core N22 is tightly integrated with the eSecure module, which can completely and reliably control and execute security protection functions. The eSecure module is highly configurable and offers a variety of options in terms of security functions, performance, area, and power consumption. It is suitable for many applications, such as IoT, storage devices, and communications.

Tiempo Secure’s Secure Element IP

The Secure Element IP (TESIC) developed by Tiempo Secure integrates anti-attack and security sensors, reaching the CC / Common Criteria (EAL5 +) level of the ISO / IEC 15408 standard, which can effectively prevent sidewalk and intrusion attacks. Integration with the RISC-V SoC brings security to the CC EAL5 + level without impacting power and performance.

CoreGuard for Dover Microsystems

Dover’s CoreGuard technology can protect embedded systems from network attacks due to software weaknesses. Its silicon IP and Andes RISC-V processor integration can prevent 94% of known software viruses. Including 100% buffer overflows, code injection, data leaks, and security breaches.

Dover’s CoreGuard silicon IP acts as the “guard” for the main processor, monitoring every instruction executed by the processor to ensure that it complies with a predetermined “micropolicy”, including a series of information security, functional security, and privacy rules. If an instruction violates the “micro-policy”, the CoreGuard Policy Enforcer hardware will prevent it from continuing until it is harmful.

In addition, other security solution providers include: HEX-Five, inside secure, SECURE-RF, and INTRINSIC ID.

The RISC-V ecosystem is gradually mature

At the recent RISC-V CON technical seminar held in Beijing, Lin Zhiming, the general manager of Andes Technology reviewed and looked forward to the ecological development of RSIC-V, which proved the ecological evolution of RISC-V from many aspects such as technology, market and open source community Maturity is becoming a mainstream microprocessor architecture. He also described the core RISC-V development blueprint of Andes Technology, and predicted that the market pattern of RISC-V will go hand in hand with x86 and Arm.

Figure 6 Andes Core Technology RISC-V core development blueprint. (Source: Andes Technology)

Figure 7 The huge RISC-V camp has begun to compete positively with the Arm architecture. (Source: Andes Technology)

Su Hongmeng, CTO and executive vice president of Andes Technology, demonstrated the RISC-V core and its development environment and ecology based on Andes V5 architecture at the conference. RISC-V can support processor designs from 1 core to 1,000 cores to meet the computing performance requirements from the edge to the cloud. It will be used in AIoT, ADAS, blockchain, multimedia, security systems, storage devices, wireless communication and Emerging applications such as 5G are playing an increasing role.

Figure 8 The complete development environment and ecology of the Andes V5 architecture.

AIoT is the main battlefield of RISC-V

If the main battlefield of x86 architecture is desktop PC and server, the main battlefield of Arm architecture is mobile phone and mobile device, then the main battlefield of RISC-V is AIoT. This shift from high cost, high performance, and high power consumption to low cost, reasonable performance, and low power consumption is actually the development trend of technology democratization. The development of the technology and application market will naturally choose the appropriate ISA, chip, operating system and software, and companies that can provide suitable technical products and services will also be recognized by the market.

Figure 9 Arm dominates the general-purpose MCU and smart phone processor market, while RISC-V has an advantage in the deeply embedded field. (Source: Andes Technology)

In emerging IoT, AI, and 5G applications, if RISC-V is to compete with Arm and x86 architectures, it cannot rely on technical and economic indicators such as performance, power consumption, and price. It must be better in terms of security in order to win. Trust from system vendors and chip design companies.