RISC-V pioneer SiFive has announced the launch of what it claims is an open, scalable, and "innovative new approach to system-on-chip design" which puts security at the center: SiFive Shield.
That modern processors and systems-on-chips (SoCs) aren't always the most secure should come as no surprise: a constant demand for increasing performance has led to a new class of security vulnerabilities, exemplified by the Spectre and Meltdown exploit families, being baked directly into the hardware. The solution, SiFive claims, is to approach SoC design from a new angle with a focus on security first and foremost — and that's what it claims SiFive Shield does.
"The introduction of the new SiFive Shield security solution is a pivotal moment for SiFive, and the RISC-V industry," claims Naveed Sherwani, SiFive chief executive, following the announcement of the platform at the Linley Fall Processor Conference this week. "The availability of best-in-class security that is a scalable and configurable security solution and replaces legacy solutions with a modern, forward-thinking design enables SiFive to continue to win IP and SoC designs. SiFive partners and customers will be able to implement modern security principles into their next generation products to ensure data protection and trusted execution in the critical IoT, automotive, and data center accelerator markets."
At its heart, SiFive Shield is designed to boost the security of SoCs through the introduction of secure lifecycle management, the reduction of the trusted computing base in order to lower attack services, and to offer a clear root-of-trust. When designed with SiFive Shield, an SoC includes system-level security, fine-grained security controls, and an auditable software stack — along with hardware features including a FIPS-verified true random number generation (TRNG), fault detectors, and secure cryptographic acceleration engines.
SiFive Shield is joined by SiFive WorldGuard, a hardware-enforced fine-grain security model designed to offer isolated code execution and data protection. A SiFive WorldGuard system provides configurable privilege levels, split across "multiple domains or worlds," with data protection extending across multiple cores and other bus masters.
More information on SiFive Shield and SiFive WorldGuard is available from the official announcement.