SiFive Technology

Securing The
RISC-V Revolution

An Open, Scalable Platform Architecture for Security

SiFive Shield

The SiFive® Shield™ solution is an open, scalable platform architecture designed to enable whole SoC security for RISC-V designs. The needs of modern SoC design dictate the need for a scalable solution for security, offering a low trusted computing base with clear root-of-trust and crucially, is auditable. Customization is also key, as a single offering fits all approaches and does not meet the needs of the next generation of domain-specific processors now being designed.

Securing the RISC-V revolution requires a scalable architecture that offers per-memory protected regions and multi-core privilege modes. SiFive Shield and SiFive WorldGuard enable a scalable architecture with the ability to offer greater isolation.

SiFive WorldGuard

SiFive WorldGuard is a fine-grain security model for isolated code execution and data protection. SiFive Worldguard offers SoC-level information control with advanced isolation control, based on multiple levels of privilege per world, and an unlimited amount of worlds. SiFive WorldGuard offers core-driven and process-ID driven modes for multi-domain security, to offer data protection for core, cache, interconnect, peripheral, and memory.

In a multi-core processor, shown above, World ID markers are used to isolate processes from each other to ensure protected and isolated execution. Inside the SoC, the WID marker extends from core to cache, interconnect, peripherals, bus masters, DMA regions, and memories. Applications or OS environments can be isolated and protected inside a high-performance multi-core system. For embedded systems where a single core is more common, PID-driven world IDs protect and isolate execution between user and machine mode

SiFive WorldGuard hardware-accelerated multi-domain security moves the industry well beyond a single zone of trust.

Root of Trust

A clear Root of Trust is critical for enabling security. SiFive Shield offers secure on-device storage of keys, with per-device unique IDs. This enables flexible key management to support key and certificate provisioning at time of manufacture, critical to the beginning of secure lifecycle management. SiFive’s Root of Trust is based on open specifications and an open-source software platform for clear audibility.

Threat Prevention

Secure SoC design is enabled by accurate threat modelling. Inside an SoC, the flow of information for processing requires an array of technologies. To deter physical tamper attacks, fault detectors for the SoC ensure that operation continues as intended. Physical Memory Protection (PMP) and Physical Memory Attributes (PMA) are supported in the RISC-V ISA and leveraged by SiFive Shield to set limitations on memory ranges and memory-mapped peripherals by privilege, enabling scalable domain security.

SiFive Shield builds on the open and freely available RISC-V ISA, enabling a new approach to security that can scale.

Verified Crypto-Engines

The SiFive Shield architecture includes a NIST SP 800-90A/B/C compliant true random number generator (TRNG) to enable cryptographic or entropy-based secure features. The Cryptographic engines are protected against SPA/DPA/EMA attacks and enable support for common use cases. The AES cryptographic engine offers block cipher and authenticated encryption support, while the secure hash crypto-engine supports SHA-2 and SHA-3 standards. Public Key cryptographic RSA and ECDSA support is also offered. The cryptographic library is subject to external lab verification to ensure correct operation and validity.

Software

SiFive offers a single software platform based on open-source software. SiFive RISC-V based SoCs enjoy a mix of community open-source software support, including FreeRTOS and Linux OS support. The SiFive Freedom Metal and Freedom SDK tool chains offer a full development environment.

Summary

SiFive Shield is a new, transformative technology for securing RISC-V based SoCs. With an open, top-down security platform specification designed to provide a clear Root of Trust, low trusted codebase, effective lifecycle management, and a class-leading SiFive WorldGuard security model, the RISC-V revolution is secured by SiFive Shield.

SiFive PGP Public Key

You can download this key or copy-and-paste the text below.

 -----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGELqe0BEAC6Bc6h74IZJExtOYmQyF1kkX6MfgDnc2gwv+6+cvYr8Vz3oNPz
+UreW0y5uSomUzZis1njGeLGI6WpxrLRAx5+uiZmNnRQPDj4HVi++Od7S0x++Eus
j8mLKYqOQMO5PBk2/j/lRmoKVEDskwyYP/ZKCCFCkHZJVBxOGhEL3x68ZDoeceGO
Ektz7bhxkVCkUiWHCBTYn39inYTImTXEnPBNHD1k3/T8SbLWg9Bjf2cFhbPhtndV
+m63vFeXUh4kIrfpgnFVoDOwzORqIjknjGVNt3zaNb2LjYY0pTr0UXxSH0tGa7TG
JUkMO5V7cch6HKB5qXMNGKQL779yFkNlpBlKI+/NQZqRCkqjD8CnUZo0VfQqiFeN
IZ1o9cRGpnJjndGdDb+SCUX1laA+M+nykBvUZdPLO5tyNiO16aZnTdiVub07/bAs
3ZQlmym6DQlFL/7WXrelOr0eG4Vvj05oYoWCUmk46TePWE+hWNVGr6Ykqjwy9pBF
0lA7Mqvd8izju7y279AkSN2mzHg/ZqBO+t59uGn1XjG/B7OXMWC7WDBp/HIxzTsM
X8rttVkBgWRufQZbCkb0eJTwZ1hwLprhpymwhrlHJUs562wfPGK30yKeI/d4MBxZ
dDyaYFxj+LdwG1esZdTIioG9mMfYGNr12XD6lOJUWjtGvKaCh0S8JFxb8wARAQAB
tB9TaUZpdmUgUFNJUlQgPHBzaXJ0QHNpZml2ZS5jb20+iQJOBBMBCgA4FiEETG7X
rgI+AkI9O6G875q5xQ0Z4coFAmELqe0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQ75q5xQ0Z4cqTZQ/+JK6XiEN3nRPk/1MRswWQbOC/9Wn4z91oBcjqv7n1
kKwLZR8CkAV6H7q+hOpch5UDR9jVlEIGppB/vpBeLf8ngZs1HRKyNN6B1K0dpxba
Bujf09okoDVaJBJFtlRT6b18AekDFOmsnuRix0qi1NQO/RE8IFi4V9E6HDBUQYYw
IbRXd5vmQriq9cV0XCaXVywDAxdC1dYZZNu2c4uDVr3LHk3gWBHhjlQPk1XVIHI0
2TfU11p9FCOuJVVhcTAE9wb6qlJpCwQiBOPfhHGCU2AEw3Bj673r9KmFNuMm2pTb
O+Yjzgud3lBSwfVqMH9sbxzZDb4FG8EzfFsuR05MmdkQWccEYCX73HiR7nhVB7IU
LWmCzb3cBz0VIjt9TV6VWhZmgCX+QGTWgeEMn/pjsy9J964b0tqo2L2dNRcnWcA2
Pbvv6ruBGheC14y4goqdSKAjLDOFopACkmpfxw/9+bXPGpHnoCpqssXnwyxp+0iP
i+W7WdTrA3BjEzcS9IzRXSCNB3HcQE980I9c1L1TV98WD7XSse0DkRoN3r/H5c/x
Q7J0yshnVt+KQauQ+BHF7IGxLJPPMKpUfHy6iFVelcHT3XhblZ/SGJ1ShyoFi9fe
peTxGu5FYSEQkCoHgCtkV3iT9rh3IJDDQgzKCKIwPvQto/paDBOgiNzjHB5awDJO
Zg25Ag0EYQup7QEQAK1cK+iyhgD8x95lEuiJCFMVmXb76v6Mf5gYoBrZ2YHTgweW
P7pCVwC18vos//izizIn/LWMM890ZmFeAEqouSBr0Ijbx/JNeNC5DV9cYzMKOR4y
PsUG2M18xXqN7IHlyHLV27dDOvSHcgHa7sOqFPNjhoc7xBYdYlq9LhvELsGDI54c
TNOWwDxO/Hy55NKPavQujNPEUeLqR/oDil11c0QtBh2S5z+paUguHkpamuJvfzdy
nyn+bvq+ArzL2rUerxhFFHzqA/nG0oe0do9JwVKaAt+mT0WnctFqZVuKtMF4TDLw
lI+es6y9XPbkesOmgh2tzYmVOOPoVft1QnWIIq7BFUmoHTcaRwtTHh42g/m7Fxs6
Djkk4yyg/ZnRf4fBfiCe9A8iOF0bGad8q80JK0LPtvJKJMrsr2VtuhraOSgcj5gk
pYD1LhiWmcGCcvthuxKb4S/P3Q3nKcmW7Glm+9SNOgRqHD2YN9MhzKqnbM1QpcUi
LuTwFZFd5FSYYhIlgp9oPD96xpjMmDaBfTmBL18UuBmL4HnCJ7VG6wYzm7Z/nnj+
WmGHfUu7qYz0XacQpcEO2waPyeRTbsU4RHH1yv0bZ8mKZtiMED3kP/XC75AJrgH/
HySxFoAH8UGE0Jt8zlm/eN+fivudIRyB94bCodLHCswHY9fKXRmJ8cxGJaTxABEB
AAGJAjYEGAEKACAWIQRMbteuAj4CQj07obzvmrnFDRnhygUCYQup7QIbDAAKCRDv
mrnFDRnhysOKD/0aMp9QD9TVCBP+IETBkw7WH+UDDxN5Z+76mCeqcGCe+r+9UzTT
ACyaMQLNO+syAE0xtI20nnbPaB100NpsW1BpcMkJGElcPXOEcCrHTESIHrcjLX6N
Icz23Qs1HQECIJ9dPQIJc4nnW6SnswKvOqDSrpHJf3ThdRRQ4oloBqFnSQVCGuar
7OMbfBy7waOPjwZC8C/mcmqkkhNLF8cHoiXdNm96hAMGOmRmhqGArDBdORf8lNPj
Xg/I28O+3Aeps6ELz8gT3ZOtpUBhkr5EaBoDZq3m9n9fedgANMGPmY3eJy6JOCSC
PbF2GdwmkxAfl+ZBYu72OVLfjVR/rRUgZveSO9XcPUv8CgzPjXSCVEGb+LV3rck0
QKHevZnnAP3cyniKJfxdsR1OMhxBlvNAtdg44QxfmqZC0vbJ4sBx3t81Q5+k7V0A
jya0YJjnJRF+8hfUAXc72Irw4IzJ8DdC/zsTVCisOAFNr08loKK05Bdeahy7ij18
MywlgH8FMzhYCXB0b3Y2jSyb6/oxwQ2BIIDDhcgPW+owz+73Ex4ovG9KypOKrQtZ
pqOwVDImNuyAbS7rVVZ1EcOr3KyeCVigrqpjLAlgd6X6Jk2dsqfljd0aoxz4SvHc
urfXW4+jUUyZ93kRCnWKDmO+Rrgy0fn/OMJ3za56GimlR/IaF+r+IM7IVw==
=+5E8

-----END PGP PUBLIC KEY BLOCK——

RISC-V CORE IP

Choose from one of SiFive's silicon-proven RISC-V Standard Cores, and personalize to get the features that you want with SiFive Core Designer.

Learn More

Get in touch

We'd like to hear from you. Share you vision with our dedicated sales team, and we'll shape a solution that fits your need.

Contact Us Today