SiFive Shield is an open and scalable platform architecture designed to provide a comprehensive SoC security approach for RISC-V based designs. The demands of modern SoC design dictate the need for scalable solutions for security, which provide a clear root-of-trust in the components of a trusted computing base, crucially, it is auditable. Customizable features are also key, as a single product cannot fit all approaches, which does not align with the needs of the next generation of domain-specific processors currently being designed.
To safeguard the RISC-V revolution, a scalable architecture is needed that provides memory-protected regions and multi-core privileged modes. SiFive Shield and SiFive WorldGuard support scalable architectures and have the capability to provide greater isolation.
1. SiFive WorldGuard
SiFive WorldGuard is a refined security model for isolating code execution and data protection. SiFive WorldGuard provides SoC-level information control capabilities with advanced isolation controls based on multiple privilege levels and an unlimited number of operational worlds. SiFive WorldGuard offers kernel-driven and process ID-driven modes for achieving multi-domain security, thereby providing data protection for the kernel, caches, interconnects, peripherals, and memory.
In the multi-core processor shown above, the World ID tags are used to isolate processes from each other to ensure protected and isolated computation execution. Within the SoC, the WID tags extend from the kernel to the cache, interconnects, peripherals, bus masters, DMA regions, and memory. In high-performance multi-core systems, applications or OS environments can be isolated and protected. For more common single-core embedded systems, for example, a PID-driven operational WID is used to protect and isolate execution between user mode and machine mode.
SiFive WorldGuard’s hardware-accelerated multi-domain security extends far beyond a single trust zone across the industry.
2. Root of Trust
A clear root of trust is crucial for achieving security. SiFive Shield employs a unique ID for each device to provide secure device key storage. This allows for flexible key management to support key and certificate provisioning at manufacturing, which is particularly important for the initial stages of secure lifecycle management. For clarity of discernment, SiFive’s root of trust is based on open specifications and open-source software platforms.
3. Threat Protection Services
Precise threat modeling enables secure SoC design. Within the SoC, the information flow being processed requires a series of technologies. The SoC’s fault detectors ensure that operations proceed as expected to thwart physical tampering attacks. The RISC-V instruction set architecture supports Physical Memory Protection (PMP) and Physical Memory Attributes (PMA), and SiFive Shield leverages this by restricting the settings of memory ranges and memory-mapped peripherals based on privilege levels, thereby achieving security in scalable domains.
Built on the open and freely available RISC-V instruction set architecture, SiFive Shield provides a new approach to security. Its primary goal is to construct a scalable, secure security platform architecture.
4. Verified Cryptographic Engine
The SiFive Shield architecture includes a NIST SP 800-90A/B/C compliant True Random Number Generator (TRNG) that enables security features based on cryptography or information entropy. The cryptographic engine can prevent SPA/DPA/EMA attacks and supports common use cases. The AES cryptographic engine provides block cipher and authentication encryption support, while the secure hash encryption engine supports SHA-2 and SHA-3 standards. Furthermore, the AES cryptographic engine also provides public key encryption support for RSA and ECDSA. The cryptographic library must be validated by external laboratories to ensure correct operation and effectiveness.
5. Software
SiFive provides a single software platform based on open-source software. The numbers shown in the previous image indicate a collection of community open-source software, including support for FreeRTOS and Linux OS for SoCs based on SiFive RISC-V instruction set architecture. Further development can be achieved through the SiFive Freedom Metal and Freedom SDK toolchains, which provide a complete development environment.
Conclusion
SiFive Shield is an innovative technology designed to protect SoCs based on the RISC-V instruction set architecture. With an open, top-down security platform specification aimed at providing a clear root of trust, low-trust codebases, effective lifecycle management, and the first-class SiFive WorldGuard security model, SiFive Shield can safeguard the RISC-V revolution.
This article is sourced from the SiFive Blog, authored by James Prior, Senior Director of Product Marketing Communications at SiFive. It has been translated for re-publication, aiming to convey more information; all rights belong to the original author.
Original Link:
https://www.sifive.com/blog/sifive-shield-an-open-scalable-platform-architecture