FreeRTOS with TLS 1.3 and hardware-enforced separation between OS, TCP/IP stack and root of trust.
The first secure IoT stack for RISC-V. A free reference implementation of a secure IoT device firmware with hardware-enforced software-defined separation between real time OS, communications stack, root of trust, and crypto library TLS 1.3 / ECC.
This reference implementation combines MultiZone, FreeRTOS, picoTCP, wolfSSL, and root of trust as physically isolated TEE zones:
- X300 Bitstream : Rocket rv32 with Ethernet peripheral for ARTY A7 Board
- TEE: MultiZone Security Trusted Execution Environment configured for 4 Zones
- Zone 1: FreeRTOS with 3 tasks (CLI user interface, PWM LED rainbow, Robotic arm control)
- Zone 2: PicoTCP terminating the Ethernet port
- Zone 3: WolfSSL TLS 1.3 / ECC Root of Trust
- Zone 4: UART local console application
The MultiZone Secure IoT Stack supports a multitude of hardware targets. For a complete evaluation of the framework it is recommended to use the open source softcore X300 developed by Hex Five Security. It is an enhanced version of the E300 SoC (Rocket rv32) maintained by SiFive – entirely free for commercial and non-commercial use. Like the E300, the X300 is designed to be programmed onto a Xilinx Artix-7 35T Arty FPGA.