By David Patterson Pardee Professor of Computer Science, Emeritus, at UC Berkeley, vice chair of the RISC-V International Board of Directors and Advisor at Hex Five.
EETimes (December 13, 2022)
In a little over a decade, RISC-V has arguably become at least the third most important instruction set architecture (ISA) for future applications of computing. In the next few years, it may become just as surprising to pick a proprietary ISA over the open RISC-V for a new project as it would be to pick a closed alternative to Ethernet or USB.
My colleagues at UC Berkeley and I predict that by the end of this decade, the dominant ISA for future product development will be the open RISC-V architecture. Companies around the world are already designing with RISC-V and the momentum is rapidly increasing, so this is a good time for the industry to take a closer look at RISC-V and examine some fallacies about it.
The US Patent Office recognizes the novelty of Hex Five’s security technology
April 16, 2022
No more secrets: here is how we do the magic: https://patents.google.com/patent/US11151262B2
September 16, 2020
The Industry’s First SoC FPGA Development Kit Based on the RISC-V Instruction Set Architecture is Now Available
Microchip’s PolarFire® SoC FPGA Icicle Kit enables the broad RISC-V-based Mi-V ecosystem for the industry’s lowest-power FPGA
CHANDLER, Ariz., Sept. 16, 2020 (GLOBE NEWSWIRE) — The rising adoption of the free and open RISC-V Instruction Set Architecture (ISA) is driving the need for an affordable, standardized development platform that embeds RISC-V technology and leverages the diverse RISC-V ecosystem. To meet this need, Microchip Technology Inc. (Nasdaq: MCHP) is offering the industry’s first RISC-V-based System-on-Chip (SoC) Field-Programmable Gate Array (FPGA) development kit for PolarFire SoC FPGA—the industry-leading low-power, low-cost, RISC-V-based SoC FPGA. Microchip’s Icicle Development Kit for PolarFire (SoC) FPGAs brings together numerous Mi-V partners to accelerate customer design deployment and commercial adoption across a variety of industries.
July 28, 2020
Today Renesas announced the second phase of ready to use partner solutions in the Renesas RA MCU ecosystem, addressing critical aspects of IoT system design – read full release here
“Securing Cortex–M applications is particularly challenging as these devices typically lack hardware security mechanisms like TrustZone. In the past, to comply with security regulations, developers hadno choice but to upgrade hardware and firmware –resulting in lengthy and costly system redesigns. Today, Renesas customer have a new option: MultiZone Security offers aconvenient alternative path to a hardware upgrade. MultiZone can retrofit existing Cortex–M applications: if you don’t have TrustZone, or if you require finer granularity than one secure world, you can take advantage of high–security hardware separation without the need for a system redesign.” – Cesare Garlati, Founder Hex Five Security
February 24, 2020
A quick and safe way to add security and separation to billions of embedded devices
Redwood City, California, Feb. 24, 2020 — Hex Five Security announces the general availability of MultiZone Security for members of the Arm Cortex‑M processor family: a quick and safe way to add security and separation to Cortex‑M devices. MultiZone is immediately available for Cortex‑M0+, Cortex‑M3, Cortex‑M4, and Cortex‑M7, including microcontrollers produced by Microchip, NXP Semiconductors, Renesas, STMicroelectronics, GigaDevice, and others.
MultiZone will be unveiled to the general public at the Embedded World Conference, February 25-27, 2020 in Nuremberg, Germany. Register for the workshop 5.1 on Tuesday 25 at 14:30 or for sessions 3.2 II on Wednesday 26 at 17:00 and 3.3 II on Thursday 27 at 14:30.
The Embedded Muse
Jack Ganssle – Editor
Issue Number 389, January 6, 2020
*Reach 200K embedded developers per month
Hex-Five Security’s MultiZone product is a software layer that uses hardware to enforce high security when using untrusted code. Currently RISC-V versions are available.
It’s a small (under 2 KB) bit of code that is formally verifiable. That’s a big selling point when pursuing a Common Criteria security standard. As I understand it, the product enforces separation zones to keep bad actors out of others’ sandboxes, which sounds like the Common Criteria’s separation kernels.
A datasheet is here. It’s free for non-commercial use.
Note: This section is about something I personally find cool, interesting or important and want to pass along to readers. It is not influenced by vendors.
Gu Zhengshu, EETC
December 31, 2019
(Original article in Chinese)
Arm, which dominates the smart phone market, provides Arm TrustZone technology for its microprocessor core. One of the security mechanisms corresponding to RISC-V core is MultiZone. How does RISC-V MultiZone guarantee the security of chips and systems?
According to market forecast data studied by Ericsson, there will be more than 22 billion connected Internet of Things (IoT) devices in the world by 2024. However, the rapid development and popularity of IoT has also brought security risks. For edge devices, although security measures based on the isolation mechanism have been generally implemented, there are still limitations in security authentication.
Hex Five Announces General Availability of MultiZone™ Security for Linux
The First Commercial Enclave for RISC-V processors
December 10, 2019
Enabling safety-critical applications in mixed-criticality systems where Linux and real-time come together in a single chip
San Jose, California, Dec. 10, 2019, RISC-V Summit — Hardware consolidation requirements in automotive, aerospace & defense, and industrial automation are forcing embedded systems designers to merge safety-critical functionality with untrusted applications and operating systems. The resulting monolithic systems present vastly larger code base, greater attack surface, and increased system vulnerability. In response, Hex Five Security Inc. announces the general availability of MultiZone™ Security for Linux, the industry-first enclave specifically designed to bring security through separation to embedded systems. MultiZone™ Security is available immediately for the Microchip PolarFire® system-on-chip, the world’s first hardened real-time, Linux capable, RISC-V-based microprocessor subsystem. Support for additional RISC-V processors to be announced later in 2020.
October 28, 2019
Enabling secure execution of multiple subsystems from storage to application processor.
Cesare Garlati & Boran Car, August 28, 2019
System Design – Many Trusted Environments
Previous approaches to securing IoT devices are based on the use of complex hardware mechanisms or container virtualization. With Trusted Execution Environments (TEE), on the other hand, it is easy to securely isolate different parts of the system…
(Article in German)
Providing Ada Developers with a Robust Execution Environment for RISC-V Processors.
NEW YORK and REDWOOD SHORES, Calif., May 28, 2019 (GLOBE NEWSWIRE) — Hex Five Security Inc., creator of MultiZone™, the first trusted execution environment for RISC-V, today joined AdaCore’s Partner Program to enable the secure execution of Ada applications on RISC-V processors. As part of the initiative, Hex Five has developed an Ada version of the MultiZone™ SDK and published a reference application showing how to securely run Ada software in MultiZone™ containers. This deployment scenario is especially useful in safety-critical domains, such as transportation, defense, and aerospace. With MultiZone™ Security, developers can rapidly configure open source libraries, third-party binaries, and legacy code to coexist with Ada applications, thus achieving unprecedented levels of safety and security.
Chris Wiltz Apr 18, 2019
Hex Five Security
San Jose’s Hex Five is the creator of MultiZone Security, what it calls the first trusted execution environment for RISC-V. MultiZone requires no additional hardware, dedicated cores, or programming models, and allows for policy-based, hardware-enforced separation for an unlimited number of security domains, with full control over data, code, interrupts, and peripherals. And since it’s open source, like RISC-V, engineers can also implement open course libraries, third-party binaries, and even old legacy code into MultiZone as well. Hex Five also maintains an open source repository for MultiZone on GitHub.
In February 2019, as part of a partnership with cryptography company wolfSSL, Hex Five released an industry-first secure Internet of Things (IoT) stack for RISC-V. The stack is designed to be implemented with FreeRTOS and to handle the security risks inherent in the embedded operating system.
MultiZone allows engineers to isolate the firmware into an unlimited number of separate zones, essentially walling them off from one another in terms of security. According to Hex Five, the result of this is preventing shared memory attacks and other exploits from spreading throughout the system. Any exploit is confined into the zone in which it happens.
wolfSSL and Hex-Five Security Bring Secure IoT Stack for RISC-V
wolfSSL, a provider of TLS cryptography, and Hex-Five Security, developer of MultiZone Security, have partnered to bring what’s claimed as an industry-first secure IoT stack for RISC-V. The move brings a TLS 1.3 reference application of FreeRTOS with hardware-enforced separation between OS, TCP/IP, and Roots of Trust (RoT). Hex-Five Security’s MultiZone Security compartmentalizes the monolithic firmware into an unlimited amount of physically isolated zones, which prevents attacks to the system from propagating to the rest of the platform and compromising the security layers.
wolfSSL’s TLS 1.3 library offers more robust security and increased speed, featuring wolfCrypt encryption, which supports FIPS 140-2 encryption that’s certified by the government and meets NIST (National Institute of Standards and Technology) standards. The stunnel TLS proxy is also supported, which allows already existing servers and clients to establish two-year connections without needing to change source-code programming. It’s useful for securing email exchange, remote shell, and web-hosting connections. The MultiZone Secure IoT Stack is now available for anyone on Hex Five Technology’s GitHub page.
Based on the instruction set architecture RISC-V from the University of Berkeley, processor cores are now being developed as IP and SoCs. Cesare Garlati, founder Hex Five Security and chief security strategist at prpl Foundation, follows the development closely.
San Jose, CA – Feb 25, 2019 /PRWeb/ – wolfSSL, a leading provider of TLS cryptography and Hex Five Security, provider of MultiZone™ Security, the first Trusted Execution Environment for RISC-V announce general availability of the industry-first secure IoT stack for RISC-V – a TLS 1.3 reference implementation of freeRTOS with hardware-enforced separation between OS, TCP/IP stack and root of trust.
Hex Five is excited to collaborate with Dr. Sandro Pinto on the first Secure IoT Stack for RISC-V which will be
presented at Embedded World in Nuremburg, Germany on Feb 26-27, 2019. This demonstration will detailed
in sessions on Feb 26 and 27th and will be on display at the wolfSSL booth, Hall 4 / Booth 421.
Germany on Feb 26-27. https://www.embedded-world.eu/program.html
SAN JOSE, Calif., Nov. 9, 2018 /PRNewswire/ — Hex Five Security, Inc., the creator of MultiZone™ Security, Andes Technology Corporation and GOWIN Semiconductor Corp announce a collaboration to enable MultiZoneTM Security, the first Trusted Execution Environment for RISC-V on the Andes N(X)25 RISC-V Cores, which is part of 25-series, with the GOWIN GW-2A Family of FPGAs.
Redwood Shores, CA – Nov 1, 2018 /PRNewswire/ – Hex Five Security, Inc, the creator of MultiZone™ Security, the first trusted execution environment for RISC-V, today announced the formation of the Hex Five Strategic Advisory Board, an esteemed group of technical and business leaders chosen to counsel the company on achieving its goal of making RISC-V the most secure processor platform.
Andes RISC-V CON Debuts at Hyatt Regency Santa Clara November 13; Linley Group, MediaTek, Andes, Faraday, GOWIN, Imperas Software, Hex Five, and XtremeEDA to Detail RISC-V Technology Advance
Oct 31, 2018
Andes and GOWIN providing attendees 100+ RISC-V SDK Boards; Conference Presentations Will Describe RISC-V Program Development and Debug
San Jose, California, Oct. 31, 2018 (GLOBE NEWSWIRE) — Andes Technology Corporation, a leading supplier of small gate count, low-power and high performance 32/64-bit embedded CPU cores today announced the debut of RISC-V CON on Tuesday November 13, at the Hyatt Regency Santa Clara.
Arms race: SiFive, Hex Five build code safe houses for RISC-V chips
Sept 10, 2018
Those developing custom CPUs can now tap a TrustZone-ish trusted execution environment
If you’ve been looking at SiFive’s RISC-V-based chip technology and thinking, y’know what, it’s missing an Arm TrustZone-style element to run sensitive code, well, here’s some good news.
And if you’re just into processor design and checking out alternatives to Arm CPU cores, then this may be some interesting news.
SiFive helps organizations turn semiconductor designs based on the open-source RISC-V instruction set architecture (ISA) into chips. On Monday, it announced it has integrated Hex Five Security’s MultiZone Security trusted execution environment (TEE) into its Freedom SDK.
Hex-Five Adds MultiZone™ Security Trusted Execution Environment to SiFive DesignShare Program
Sept 10, 2018
Enabling RISC-V Developers to a Robust Trusted Execution Environment without any changes to hardware or software.
SAN MATEO, Calif. – September 10, 2018 – SiFive, the leading provider of commercial RISC-V processor IP, today welcomed Hex Five Security, maker of MultiZone™ Security – the first Trusted Execution Environment (TEE) for RISC-V, to the growing SiFive Software Ecosystem. Through the partnership, SiFive will incorporate MultiZone™ Security into its Freedom SDK for easy adoption by SiFive customers seeking a Trusted Execution Environment.
Hex-Five Announces General Availability of MultiZone™ Security – the First Trusted Execution Environment for RISC-V
Sept 5, 2018
Enabling developers to implement best practices of security through separation without any changes to hardware or software.
REDWOOD CITY, Calif. – Sept 5, 2018 – Hex-Five Security, today announces general availability of MultiZone™ Security – the first Trusted Execution Environment (TEE) for RISC-V providing developers with a critical building block of hardware enforced, policy-based security through separation without the need for any hardware changes.