SiFive - October 23, 2019
SiFive Shield: An Open, Scalable Platform Architecture for Security
Securing The RISC-V Revolution
SiFive Shield is an open, scalable platform architecture designed to enable whole SoC security for RISC-V designs. The needs of modern SoC design dictate the need for a scalable solution for security, offering a low trusted computing base with clear root-of-trust and crucially, is auditable. Customization is also key, as a single offering fits all approach does not align to the needs of the next generation of domain specific processors now being designed.
Securing the RISC-V revolution requires a scalable architecture that offers per-memory protected memory regions and multi-core privilege modes. SiFive Shield and SiFive WorldGuard enable a scalable architecture with the ability to offer greater isolation.
SiFive WorldGuard is a fine-grain security model for isolated code execution and data protection. SiFive Worldguard offers SoC level information control with advanced isolation control, based on multiple levels of privilege per world, and an unlimited amount of worlds. SiFive WorldGuard offers core-driven and process-id driven modes for multi-domain security, to offer data protection for core, cache, interconnect, peripheral, and memory.
In a multi-core processor, shown above, World ID markers are used to isolate processes from each other to ensure protected and isolated execution. Inside the SoC, the WID marker extends from core to cache, interconnect, peripherals, bus masters, DMA regions, and memories. Applications or OS environments can be isolated and protected, inside a high-performance multi-core system. For embedded systems where a single core is more common, the use of PID driven world ID's to protect and isolated execution between user and machine mode, for example.
SiFive WorldGuard hardware accelerated multi-domain security moves the industry well beyond a single zone of trust.
Root of Trust
A clear root of trust is critical for enabling security. SiFive Shield offers secure on device storage of keys, with per device unique IDs. This enables flexible key management to support key and certificate provisioning at time of manufacture, critical to the beginning of secure lifecycle management. SiFive’s root of trust is based on open specifications and an open-source software platform for clear audibility.
Secure SoC design is enabled by accurate threat modelling. Inside of an SoC, the flow of information for processing requires an array of technologies. Fault detectors for the SoC ensure that operation continued as intended, to deter physical tamper attacks. Physical Memory Protection (PMP) and Physical Memory Attributes (PMA) are supported in the RISC-V ISA and leveraged by SiFive Shield to set limitations on memory ranges and memory mapped peripherals by privilege, enabling scalable domain security.
Build upon the open and freely available RISC-V ISA enables a new approach to security. Building an open, secure platform architecture for security that can scale is the main goal of SiFive Shield.
The SiFive Shield architecture includes a NIST SP 800-90A/B/C compliant true random number generator (TRNG) to enable cryptographic or entropy based secure features. The Cryptographic engines are protected against SPA/DPA/EMA attacks, and enable support for common use cases. The AES cryptographic engine offers block cipher and authenticated encryption support, while the secure hash crypto-engine support SHA-2 and SHA-3 standards. Public Key cryptographic RSA and ECDSA support is also offered. The cryptographic library is subject to external lab verification to ensure correct operation and validity.
SiFive offers a single software platform based on open-source software. Figure n indicates the mix of community open-source software, including FreeRTOS and Linux OS support for SiFive RISC-V based SoCs. Further development is enabled via the SiFive Freedom Metal and Freedom SDK tool chains that offer a full development environment.
SiFive Shield is a new, transformative technology for securing RISC-V based SoCs. With an open, top-down security platform specification designed to provide a clear root of trust, low trusted codebase, effective lifecycle management, and a class-leading SiFive WorldGuard security model, the RISC-V revolution is secured by SiFive Shield.