Excerpts of my interview with Brandon Lewis (@TechieLew)
Embedded Computing Design – October 22, 2018
Security Is a Satisfier, Not a Differentiator
Security is not a differentiator for end products – it is a satisfier. That is, you can’t sell a product that falls below the level of security demanded by a customer and you can’t charge more for exceeding that level. The problem is security is hard – its takes development time and expertise that is often not available in house. “…the problem with security today is it’s just too hard to use,” said Don Barnetson, co-founder of Hex Five Security. “It only gets used where people are absolutely forced to use it in a mobile handset or a set‑top box environment.”
The challenge is that many customers don’t know to ask for security and aren’t aware of the vulnerabilities in devices until they are compromised.
The Model of Trusted Execution Environments need to Change
“The traditional trusted execution environments have a secure and a non‑secure world,” said Barnetson. “Today, we have lots of different things that need security. Maybe, you have a Bluetooth stack and a root of trust and a DRM engine. All of those have secrets, but they have secrets you want to keep from each other.”
“Only having two worlds doesn’t really make sense in that context. You want to have an unlimited number of worlds, each of which is equally secure,” added Barnetson.
With RISC-V, a Trusted Execution Environment (TEE) can be deployed without any hardware changes; with MultiZone™ Security a robust TEE and be integrated by your existing development engineers without requiring new skills, new tools or changes to their workflow.
“This doesn’t disrupt the toolset or the code base at all. If you have something that runs on native bare metal RISC‑V, you can drop it into one of these zones and it just runs right away,” said Barnetson
What if Robust Security Was the Default?
A robust Trusted Execution Environment implemented on existing hardware by existing design engineers allows TEEs to be nearly free on RISC-V.
What if, in RISC-V, security was the default rather than the exception?