MultiZone Security for Linux

Enabling safety-critical applications in mixed-criticality systems where Linux and real-time come together in a single chip

Hardware consolidation requirements in automotive, aerospace & defense, and industrial automation are forcing embedded systems designers to merge safety-critical functionality with untrusted applications and operating systems. The resulting monolithic systems present vastly larger code base, greater attack surface, and increased system vulnerability. In response, Hex Five has developed MultiZone® Security for Linux, the industry-first enclave specifically designed to bring security through separation to embedded systems. MultiZone Security is available immediately for the Microchip PolarFire® system-on-chip, the world’s first hardened real-time, Linux capable, RISC-V-based microprocessor subsystem.

For safety-critical applications that run trusted workloads on untrusted platforms, MultiZone Security provides hardware-enforced software-defined separation for multiple execution domains with full control over data, programs and peripherals. Contrary to hypervisor-based solutions, MultiZone Security is completely self-contained, it presents an extremely limited attack surface (4KB), it is formally verifiable, and doesn’t require hardware support for virtualization or changes to existing application software. With MultiZone Security, open source software, third party libraries, and legacy binaries can be configured in minutes to achieve unprecedented levels of safety and security.

Resources

• MultiZone Security Video
• Datasheet 2019-12-16
• MultiZone Enclave White Paper
• GitHub Repository
• Secure Boot Linux mSD image
• Secure IPC protocol specifications
• Hex Five Prebuilt Reference GNU Toolchain
• Hex Five Prebuilt Reference OpenOCD

MultiZone technology is protected by patents US 11,151,262 and PCT/US2019/038774