SiFive Technology

Securing The
RISC-V Revolution

An Open, Scalable Platform Architecture for Security

SiFive Shield

SiFive Shield is an open, scalable platform architecture designed to enable whole SoC security for RISC-V designs. The needs of modern SoC design dictate the need for a scalable solution for security, offering a low trusted computing base with clear root-of-trust and crucially, is auditable. Customization is also key, as a single offering fits all approaches and does not meet the needs of the next generation of domain-specific processors now being designed.

Securing the RISC-V revolution requires a scalable architecture that offers per-memory protected regions and multi-core privilege modes. SiFive Shield and SiFive WorldGuard enable a scalable architecture with the ability to offer greater isolation.

SiFive WorldGuard

SiFive WorldGuard is a fine-grain security model for isolated code execution and data protection. SiFive Worldguard offers SoC-level information control with advanced isolation control, based on multiple levels of privilege per world, and an unlimited amount of worlds. SiFive WorldGuard offers core-driven and process-ID driven modes for multi-domain security, to offer data protection for core, cache, interconnect, peripheral, and memory.

In a multi-core processor, shown above, World ID markers are used to isolate processes from each other to ensure protected and isolated execution. Inside the SoC, the WID marker extends from core to cache, interconnect, peripherals, bus masters, DMA regions, and memories. Applications or OS environments can be isolated and protected inside a high-performance multi-core system. For embedded systems where a single core is more common, PID-driven world IDs protect and isolate execution between user and machine mode

SiFive WorldGuard hardware-accelerated multi-domain security moves the industry well beyond a single zone of trust.

Root of Trust

A clear Root of Trust is critical for enabling security. SiFive Shield offers secure on-device storage of keys, with per-device unique IDs. This enables flexible key management to support key and certificate provisioning at time of manufacture, critical to the beginning of secure lifecycle management. SiFive’s Root of Trust is based on open specifications and an open-source software platform for clear audibility.

Threat Prevention

Secure SoC design is enabled by accurate threat modelling. Inside of an SoC, the flow of information for processing requires an array of technologies. To deter physical tamper attacks, fault detectors for the SoC ensure that operation continues as intended. Physical Memory Protection (PMP) and Physical Memory Attributes (PMA) are supported in the RISC-V ISA and leveraged by SiFive Shield to set limitations on memory ranges and memory-mapped peripherals by privilege, enabling scalable domain security.

SiFive Shield builds on the open and freely available RISC-V ISA, enabling a new approach to security that can scale.

Verified Crypto-Engines

The SiFive Shield architecture includes a NIST SP 800-90A/B/C compliant true random number generator (TRNG) to enable cryptographic or entropy-based secure features. The Cryptographic engines are protected against SPA/DPA/EMA attacks and enable support for common use cases. The AES cryptographic engine offers block cipher and authenticated encryption support, while the secure hash crypto-engine supports SHA-2 and SHA-3 standards. Public Key cryptographic RSA and ECDSA support is also offered. The cryptographic library is subject to external lab verification to ensure correct operation and validity.

Software

SiFive offers a single software platform based on open-source software. SiFive RISC-V based SoCs enjoy a mix of community open-source software support, including FreeRTOS and Linux OS support.The SiFive Freedom Metal and Freedom SDK tool chains offer a full development environment.

Summary

SiFive Shield is a new, transformative technology for securing RISC-V based SoCs. With an open, top-down security platform specification designed to provide a clear Root of Trust, low trusted codebase, effective lifecycle management, and a class-leading SiFive WorldGuard security model, the RISC-V revolution is secured by SiFive Shield.

RISC-V CORE IP

Choose from one of SiFive's silicon-proven RISC-V Standard Cores, and personalize to get the features that you want with SiFive Core Designer.

Learn More

Get in touch

We'd like to hear from you. Share you vision with our dedicated sales team, and we'll shape a solution that fits your need.

Contact Us Today