19. Februar 2019, 06:00 Uhr | Harry Schubert
Interview with Cesare Garlati, Chief Security Strategist at prpl Foundation.
Based on the instruction set architecture RISC-V from the University of Berkeley, processor cores are now being developed as IP and SoCs. Cesare Garlati, chief security strategist at the prpl Foundation, follows the development closely.
In the program of this year's embedded world Conference, RISC-V dominates the block »Hardware Engineering«. One of the speakers is Cesare Garlati, who accompanies the development of RISC-V and deals intensively with security aspects as a key member of the RISC-V Security Group and founder of Hex Five Security - the first Trusted Execution Environment for RISC-V. In an interview, he talks about the current state of technology.
? Mr. Garlati How far has the development of a RISC-V ecosystem progressed?
! Cesare Garlati: The RISC-V ecosystem has grown tremendously from its beginnings as a research project at U.C. Berkeley. As of Q4 2018 the Foundation has more than 220 members in 27 countries, many open source and commercial RISC-V cores are available and a robust ecosystem of peripherals, development and software tools.
Today you can find RISC-V solutions that cover everything from tiny 8-bit microcontrollers to 64-bit quad core running Linux. And even a more powerful 128-bit out-of-order core is in the makings at U.C. Berkeley – BOOM (Berkeley Out of Order Machine).
? Which information sources, tools and libraries are available to SoC/FPGA designers to use RISC-V-IPs? Which development kits are available?
! Garlati: The best starting point is the RISC-V Foundation site – risc-v.org – from there you can link to vendor sites, open source tools and cores.
More specifically – I know of 70 RISC-V cores either available today or to be released sometime this year, a compelling mix of open source and commercial cores and peripherals. These can be implemented as soft cores on FPGA platforms such as the Xilinx »Arty« board and FPGA startups such as GoWin. Also low cost silicon development boards are available from companies like Microsemi – now part of Microchip – and SiFIve for as little at $ 59.
? Which RISC-V processors are available as IP (open source and proprietary) and as IC? What are their differences?
! Garlati: I am aware of approximately 70 processors – 12 of them are available as open source IP that can be downloaded from GitHub – see links on the RISC-V foundation website. They range from very low gate count micro controllers, through to quad core Linux capable 64 bit processors all the way to the 128 bit out-of-order processor known as the Berkeley Out of Order Machine (BOOM).
On the IC side, SoCs are available from SiFive for the E31 – a 32 bit Micro controller – and the U540 – a 5 core Linux capable SoC; in addition Greenwaves has a 8 Core SoC known as GAP8. Microsemi just announced their PolarFire RISC-V SoC in December – it will provide a Linux capable set of hard cores combined with configurable FPGA on a single chip, a very intriguing proposition that combines the flexibility of FPGA with the speed and low-power of silicon.
Many more SoCs are in development and we expect 2019 to be a record year of growth for the RISC-V community.
? How mature are the RISC-V-IPs?
! Garlati: Starting on the software side – the compilers, libraries and toolchains have been upstream’d and are mature enough for production. Linux support for RISC-V was upstream’d with the 4.19 release enabling Linux to be booted and supported.
On the core side, in addition to the open source cores, there are five commercial vendors of RISC-V cores with full validation and support – Andes, Codasip, Esperanto, SiFive and Syntacore.
? What must be considered if IPs for SoCs/FPGAs shall to be used in industry, medical or automotive applications?
! Garlati: RISC-V has reached a sufficient level of maturity that no addition precautions (beyond what you would normally take for life safety applications) are necessary to consider it for applications of this type.
Indeed, many customers perceive the open nature of RISC-V provides a level of transparency that they have not had with legacy IP providers and which reduces the risk of national entities introducing and exploiting vulnerabilities.
For safety critical application a robust commercial-grade Trusted Execution Environment is highly recommended – for example Hex Five’s MultiZone Security, the first TEE for RISC-V that offers un unlimited numbers of secure »Zones« without requiring additional specialized hardware.
? How can a SoC/FPGA be protected with an open source RISC-V core?
! Garlati: There is overwhelming consensus among security experts that the idea of Security Through Obscurity, that hiding how things are done is the best way to keep them safe, never worked. Instead, security should be as open and transparent as possible and based on the concept of Security Through Separation from the core up to the application level.
RISC-V includes the most modern set of security features or »hardware hooks« available in an Instruction Set Architecture (ISA). Including definition for up to 4 Rings of Trust, Secure Interrupt Handling and a unique memory protection concept called Physical Memory Protection (PMP) built right into the core and tied to the highest level of privilege.
To build on that, commercial entities have developed and released security solutions that provide key security elements – such as crypto libraries, roots of trust and multi-domain Trusted Execution Environments on top of the standard RISC-V ISA.
? How mature is the environment for developing RISC-V SoCs and RISC-V FPGAs?
! Garlati: RISC-V is open and ready for business – all of the major SoC vendors and cloud providers have RISC-V efforts underway that are either in the public domain or for internal use – see WD’s announcement just to name one.
? What do embedded designers need to consider when building an embedded system with a RISC-V processor?
! Garlati: In addition to ensuring that the right components are available either in the open source community or commercially for RISC-V; an embedded designer might want to consider if there is an opportunity to take advantage of the custom instruction extensions that RISC-V supports.
Half of the instruction space are standard instructions that are universally supported to allow software to run across all RISC-V platforms. The other half are available for custom extensions that designers might want to include specific to their application.
Several of the commercial RISC-V IP vendors offer compelling sets of extensions for AI/ML acceleration and other key functions.
? What do embedded software developers need to consider if they want to optimize the software for RISC-V?
! Garlati: As the toolchain has been fully upstream’d, there isn’t really much to consider here – its just like developing on any other mature processor platform.
On the operating system side, most of the major OS’s have been ported to RISC-V, but it is worth verifying support and, if the OS is not yet supported approaching your RISC-V solutions vendor to help put that in place.
is an internationally renowned expert in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation – a technology nonprofit dedicated to enabling security and interoperability of embedded systems. Cesare is a long-time supporter of the RISC-V Foundation, a key member of the RISC-V security group and co-founder of Hex Five Security – the creator of the first trusted execution environment for RISC-V.
Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many tier-1 events, including Embedded World Conference, IoT World, Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications, CSA Congress, DAC, IoT Innovation and many editions of the RSA Conference – the world’s leading information security event.
Cesare holds a U.C. Berkeley MBA, a Master in Electrical Engineering and Computer Sciences, professional certifications from Microsoft, Cisco and Oracle, and he is a Fellow of the Cloud Security Alliance, where he founded and chaired the Mobile Security and IoT Security groups.
Making RISC-V the Most Secure Platform Ever
The prpl Foundation is an open source and standards organization with members from all parts of the industry. Chipset makers and hardware manufacturers work alongside software vendors and internet service providers. The foundation's goal is to create the next generation of industry ecosystems that will fuel the smart society of the future.
In the Internet of Things (IoT) era ecosystems can only grow through openness and collaboration. Therefore, prpl works exclusively on community-driven open source projects and cross-industry specifications.
In addition to prpl's own projects, the foundation supports key community initiatives related to prpl's strategic goals. This support can range from industry insights, to direct funding as well as fundraising among member companies and the wider industry.
By combining these different mechanisms, prpl creates a bridge between some of the best minds in the open source sphere and its members. It is through this thriving technical community, that the foundation's work will generate additional value and differentiation opportunities for companies working with prpl.