MultiZone Security for Linux
Enabling safety-critical applications in mixed-criticality systems where Linux and real-time come together in a single chip
Hardware consolidation requirements in automotive, aerospace & defense, and industrial automation are forcing embedded systems designers to merge safety-critical functionality with untrusted applications and operating systems. The resulting monolithic systems present vastly larger code base, greater attack surface, and increased system vulnerability. In response, Hex Five has developed MultiZone® Security for Linux, the industry-first enclave specifically designed to bring security through separation to embedded systems. MultiZone Security is available immediately for the Microchip PolarFire® system-on-chip, the world’s first hardened real-time, Linux capable, RISC-V-based microprocessor subsystem. Support for additional processors to be announced later in 2020.
For safety-critical applications that run trusted workloads on untrusted platforms, MultiZone Security provides hardware-enforced software-defined separation for multiple execution domains with full control over data, programs and peripherals. Contrary to hypervisor-based solutions, MultiZone Security is completely self-contained, it presents an extremely limited attack surface (<2KB), it is formally verifiable, and doesn’t require hardware support for virtualization or changes to existing application software. With MultiZone Security, open source software, third party libraries, and legacy binaries can be configured in minutes to achieve unprecedented levels of safety and security.