Exponential growth in online data and connected devices, including those deployed in critical safety and privacy applications, has increased the potential for consequential security breaches. Security is ranked as a primary concern in diverse segments such as embedded systems, automotive, HPC, and data centers. There is a common need for secure processors that can scale across use-cases and are supported by a broad partner ecosystem that ensures robust implementation and verification
Drawing on years of established expertise, the RISC-V ISA has been designed from the bottom up with a security-minded feature set.
RISC-V permits the use of optional extensions to enable robust security that scales across a full spectrum of use cases from microcontrollers to HPC. These platforms handle sensitive, high-value data requiring robust confidentiality, integrity, and verifiable execution. They support multi-tenant/multi-level workloads, necessitating scalable isolation mechanisms.
This whitepaper outlines how to implement isolation-oriented use cases using RISC-V supervisor domains. It describes both ISA-defined mechanisms (hardware-level) and non-ISA mechanisms (hardware and software) that enable the instantiation and management of isolated supervisor contexts.
Video: RISC-V Security – Current Initiatives and Future Trends – by Helena Handschuh at RISC-V Summit North America
Helena Handschuh, Technical Board Advisor, delivers her Keynote presentation on security at the RISC-V Summit North America.
In this video she outlines:
- Why security is important and where new and existing threats are coming from
- A list of must-have ingredients for a secure computation environment
- The current and ongoing RISC-V security initiatives and projects.
- Latest RISC-V security news from Industry, Academia and Standards groups
- Future security trends and where RISC-V can help
The RISC-V ISA is flexible and customizable to provide robust scalable security across a wide variety of use cases
Customizable Security Features
The RISC-V ISA is uniquely customizable via extensions allowing a composable approach to security where features and attributes can be added or omitted as applicable to the use case. This permits right-sized security avoiding waste and enabling resource sharing and reuse, where appropriate.
Scalable Across Use Cases
Scales across processor use cases, from simple microcontrollers to data centers and HPC. Allows reuse, speeds time to deployment and reduces resource demand for developers of a range of solutions across segments.
Bespoke Security
The extensibility of RISC-V enables users to create bespoke security solutions for niche or special use cases that other architectures do not allow.
Community Resourced
A strong contributory RISC-V ecosystem of security experts enables the pooling of community resources, reducing the individual development resource burden, allowing focus on specific competencies and improving overall performance.
RISC-V is secure by design, built with security front of mind to avoid legacy issues and prepared for emerging threats
Secure By Design
The RISC-V ISA is specifically designed with security first features including multiple privilege levels, PMPs (physical memory protection), secure interprocessing and isolation through TEEs (trusted execution environments)
Future Proofed
Ability to adapt the ISA through extensions to modify security features to future proof against new and emerging threats (e.g, Post Quantum Cryptography).
Built on Experience
As a relatively new ISA, RISC-V draws upon decades of experience to build a secure architecture from the ground up, avoiding known security vulnerabilities and prepared for emerging ones.
Comprehensive
The RISC-V ISA comprehensively addresses both the operational security requirements of the application layer and data plus the need to secure specific hardware components. It ensures that assets are protected from unauthorized reading and modification and maintains legitimate access to resources.
The RISC-V security ecosystem is evolving and growing to reflect market demand and address requirements
End-to-End Ecosystem
As RISC-V adoption gains traction across multiple segments, the ecosystem is expanding to offer end-to-end security solutions that meet market demand and requirements. These include security specific solutions such as implementation and verification tools.
Heterogeneous and Secure
Vendors frequently develop SOCs that deploy a heterogeneous mix of processor ISAs. Security ecosystem partners are delivering RISC-V focused solutions that ensure integrity across mixed architectures.
3rd Party Initiatives
Developers are increasingly actively engaged in 3rd Party industry initiatives to ensure that their RISC-V-based solutions are ahead in addressing newly emerging security approaches (e.g. CHERI).
Hear from our Members About RISC-V and HPC
Explore the Latest RISC-V Security Content
Channel Life: The IoT semiconductor market is heading into a major shift by 2026, driven by the mainstream adoption of edge AI, the rise of open and modular architectures like RISC-V and chiplets, and increasing…
Project Snapshot Post-Quantum Cryptography (PQC) is a topic of increased interest in the past decade, both with regards to the cryptosystem definition and the hardware and software implementations to perform at optimum efficiency. We present…
Project Snapshot Fault Injection Attacks (FIA) present considerable threats to the security and reliability of embedded systems. FIAs can compromise an embedded processor by altering its clock signal, power supply or by using electromagnetic pulses.…
Project Snapshot Post-quantum cryptography (PQC) has garnered significant attention across various communities, particularly with the National Institute of Standards and Technology (NIST) advancing to the fourth round of PQC standardization. One of the leading candidates…
TestRIG (Testing with Random Instruction Generation) is a testing framework for RISC-V implementations. The RISC-V community has standardized a formal model of the architecture in the Sail language, giving a human-readable specification that can also…
Author: Ronan Lashermes, Hardware Security Research Engineer at Inria. Results from a joint work with Hery Andrianatrehina, Joseph Paturel, Simon Rokicki and Thomas Rubiano at Inria. When designing a modern core, achieving peak performance…