MultiZone Security for RISC-V
The first Trusted Execution Environment (TEE) for RISC-V processors
For RISC-V applications that require strong hardware security, MultiZone® Security provides hardware-enforced software-defined separation for multiple equally secure domains, with full control over data, programs and peripherals. Contrary to traditional solutions, MultiZone® Security requires no additional IP blocks or changes to existing firmware. Open source libraries, third party binaries and legacy code can be configured in minutes to achieve unprecedented levels of safety and security. MultiZone® Security is based on free and open standards, open sourced on GitHub, and licensed free of charge for evaluation and royalty free for commercial use.
MultiZone Security is the first Trusted Execution Environment for RISC-V – it enables development of a light weight, policy-based security environment for RISC-V that scales from tiny single-core IoT devices to multi-core SMP Linux applications.
MultiZone® Security consists of the following components:
- MultiZone® nanoKernel – lightweight, formally verifiable, bare metal kernel providing policy-driven hardware-enforced separation of ram, rom, i/o and interrupts.
- MultiZone® Messenger – communications infrastructure to exchange secure messages across zones on a no- shared memory basis.
- MultiZone® Configurator – combines fully linked zone executables with policies and kernel to generate the secure boot firmware image.
- MultiZone® Secure Boot – 2-stage secure boot loader to verify integrity and authenticity of the firmware image (sha-256 / sha-512 / ECC)
How does MultiZone Security work?
MultiZone Security integrates seamlessly into your existing IDE such as Eclipse or command line based toolset.
- Application blocks are written, compiled and linked separately for each zone producing a set of elf or hex file.
- MultiZone Policies are set to achieve the desired ram, rom, i/o and interrupt isolation for each zone – RWX, with granularity down to 4 bytes.
- Finally the MultiZone Configurator is invoked to combine zone elf/hex files with the MultiZone runtime into a signed firmware image.
- The full system can be written, compiled and debugged with your existing GNU or Eclipse toolset.
Features |
|
Development Environments |
|
System Requirements |
|
MultiZone technology is protected by patents US 11,151,262 and PCT/US2019/038774