Data and codes are only as powerful as the security platform that protects them. Without a robust security model for isolated code execution and data protection, developers and their platforms may remain open to threats like improper access to memory or devices by software applications and other bus initiators (such as DMAs).
A security platform is a fundamental part of every impactful silicon design, though historically these platforms have been inaccessible to developers.
To address this, SiFive—the pioneer and leader of RISC-V computing—recently gave its WorldGuard security model to RISC-V International. This now provides the RISC-V community with a uniform way to secure designs and bring them to market faster. WorldGuard, a hardware-enhanced software isolation solution, makes it easy for developers to enable a Trusted Execution Environment (TEE) on RISC-V platforms by providing an open, system-level approach to securing access to system resources (memory and peripherals) by software applications.
Using WorldGuard, designers can create domains, also known as “worlds,” for isolated code execution and data protection without breaking the RISC-V Instruction Set Architecture (ISA) or requiring new instructions. Feature-rich OS, applications, and TEE can be isolated and protected inside a high-performance multi-core system. By expanding hardware isolation to the whole SoC, WorldGuard now allows developers to protect caches, interconnects, arbitrary bus masters, memories, and peripherals. This SoC-level information control with advanced isolation control based on multiple levels of privilege per world gives developers access to unlimited worlds.
This security approach is designed for creating multiple trusted environments. A Trusted Computing Base (TCB) where the highest level of trust, known as the “Trusted Agent” is limited to the secure ROM boot, the Machine-mode firmware, the secure applications, and the OSs that implement them.
From the beginning, SiFive’s WorldGuard security model was open and free to be used by developers for system-level design security. With SiFive’s donation, the entire RISC-V ecosystem can benefit from WorldGuard’s multi-domain security and data protection for core, cache, interconnect, peripheral, and memory offerings. WorldGuard will now be managed by RISC-V International.
By Dany Nativel, Senior Director, Product Marketing at SiFive