Security due to open source processor architecture RISC-V

mozaiek-fpga

5 July 2016

RISC-V is a widely supported open source processor architecture that can control FPGAs and other types of hardware. Due to the open source character, anyone can make their own softcore and transfer it directly to a different FPGA. Technolution developed a private softcore with RISC-V for safety and security applications.

Article from Bits&Chips #5, July 2016

In order to guarantee a car's safety, designers will stop at nothing. The break and airbag systems of a car always have to function. A small hiccup in the navigational or audio system can be inconvenient, but will not immediately result in a dangerous situation.

Those who program all the different parts in the software in one processor, will have to go to great lengths in order to be able to guarantee that the critical functions will always work. That is why such critical functions are made in separate hardware components; to optimize the security. This provides an isolated piece of hardware of which we can guarantee that is will always work, but is not a very flexible notion. The car with these separate pieces of secured hardware is an example of a mixed criticality system that performs tasks at different levels of safety/security.

What is applicable to cars is also applicable to lots of other complex systems. The controls of an X-ray system in a medical device always need to work. With the upcoming new trend of the Internet of Things (IoT, everything can be interconnected. However, some parts or processes are deliberately kept away from the Internet. Even then, mixed criticality systems are required. An autonomous processor or separate system, like the breaking or airbag system of a car, offer the most security. Separate systems are technically and financially often not an option due to being too complex, large and expensive.

Currently, it is possible to combine the functionality of the separate systems into one FPGA. From the separate pieces of secured hardware, we have now come to the separate pieces of secured logic on the FPGA. This is, again, a mixed criticality system. The critical functions runs on their own processor in the chips that can be programmed. One FPGA can host several of these: for example, one for the emergency break, one that only takes the conditions for an emergency stop into account, and another for the user interface that is a lot less crucial.

The FPGA becomes a meeting point for all separate systems. The processors function completely independently on their own terms and do not influence each other. Each processor has its own crucial task.

Well done

On an FPGA, we can use the standard logical ports to construct anything, much like we can use Lego pieces to build anything. However, constructing a complete system with elementary construction blocks takes a lot of time. That is why manufacturers provide their own ready-to-use construction blocks with their FPGA, including a complete processor core.

These so-called softcores are becoming increasingly more important in FPGA designing. They allow us to run software for specific tasks that are otherwise hard to realize in logic ports. This way, we can combine the best of both worlds: the flexibility of the software (on the softcore) and the processing power of logic ports.

That sounds nice, doesn't it? Flexibility; the best of both worlds! But there is a catch... The construction blocks are specific to the manufacturer. If we want to transfer the design to another piece of hardware, we will have to look for alternatives for the used construction blocks. It would be like first building a car out of Lego and than needing to construct the same car but out of Mecano pieces. The transferring of the software to a different processor is a particularly hard job.

We would therefore like to have a platform that can be independent from any type or hardware brand. That is one of the driving forces behind the open-source initiative RISC-V (see frame). RISC-V is the connection between the software and the processor. The software commands are dissected to instructions that can be done immediately by the processor The idea is that we run all software with only a limited set of instructions.

Even the architecture of the instruction set is not an easy thing to achieve: we need an entire ecosystem around the architecture, with all sorts of tools, compilers, control systems, applications and debug tools. This is well done in RISC-V and is still under development. Due to the open-source character, anyone can use it and contribute to it. And equally important in this case: we can transfer the RISC-V design directly to a different FPGA, regardless of the brand.

About RISC-V 
RISC (reduced instruction set computing) was established in the eighties as an alternative for the, at that time, increasingly more complex processor architectures such as Intel x86. Berkeley University has, based on the RISC philosophy, developed a processor architecture specially for research and educational purposes. With the arrival of the fifth generation (the V in RISC-V), there is now an architecture that is also suitable for commercial purposes.
RISC-V offers a serious alternative for the commercial architectures such as Arm (in mobile phones), x86 (Intel-pcs) and Mips. It therefore has the potential to become the Linux of embedded hardware platforms. Technolution is one of the 27 founders of the RISC-V Foundation, together with Google, HP, Oracle and many others. This way the company from Gouda supports the further development of the RISC-V standard.

Recycling

Due to the freedom and the flexibility, we at Technolution use RISC-V to develop our own softcore for high-safety and high-security applications, for aviation and aerospace, government security and medical implementations. The softcore can handle the software in a specific, secured way. It does not get easily upset when one bit falls over due to cosmic radiation or aimed manipulation by a hacker. His robust and reliability make it a suitable partner for applications that find it hard to repair or correct a system, for instance satellites.
Having our own RISC-V softcore provides us with the advantage that we can transfer both the software together with the softcore in one new design regardless of the type of hardware brand. We only have to design this software/softcore combination once and certify it, after which we use it endlessly. So we can use our constantly increasing tool box of certified building blocks. With different types of softcores (size, performance) that can be combined into one mixed criticality system. Thanks to the flexibility of the FPGA, we can completely adjust the design to meet our requirements. And if we encounter a mistake in our design, or we think of a smart addition, we can simply set up a new design or update the FPGA.

Authors

Jonathan Hofman is domain architect and Jan Jaap Treurniet is security specialist with Technolution. Both are involved in various security related projects. Merijn van den Berg is a technical writer with the company in Gouda.

Editing Nieke Roos

 

Contact:

gijsbert-huijgen
  • Gijsbert Huijgen
  • Business Development Manager
  • Send email
jonathan-hofman