All About Circuits
All About Circuits

How RISC-V Enables Shift-Left Practices for Securing Embedded Systems

RISC-V’s open architecture enables a shift-left approach to security in embedded systems. Learn how it smooths the way for integrating security features and more early in the development cycle.

Industry Article March 26, 2025 by Jay Thomas, LDRA

Integrating security into embedded systems is becoming more complex as connectivity introduces opportunities for risks and exploits. RISC-V's architecture offers unique advantages for implementing "shift-left" secure development practices to mitigate risks early in the lifecycle. It allows developers to proactively assess, customize, and enhance security features at the most fundamental levels before the costs of reactively addressing issues become too high.
 

RISC-V offers many advantages for customization for a “shift left” in the development process.

Figure 1. RISC-V offers many advantages for customization for a “shift left” in the development process.

 

This article discusses RISC-V features that provide architectural-level options and support software verification tools for critical applications in the automotive, aerospace, industrial control systems, and similar sectors. Embedded systems teams can use these capabilities to reduce security risks and promote DevSecOps practices as early as possible in the development lifecycle.

 

RISC-V’s Architectural Transparency and Modularity

While it may seem counterintuitive, RISC-V's open architecture offers distinct security advantages. Unlike proprietary architectures from Intel or Arm, where potential vulnerabilities can remain hidden due to restricted access, RISC-V's design is under constant scrutiny from the global developer community. This transparency ensures that security issues can be identified and resolved swiftly, with no concealed backdoors or undocumented features that could jeopardize system security.

RISC-V's clean-slate design and modular instruction set architecture (ISA) allow developers to implement only the features needed for their specific application. This reduces security issues and potential attack surfaces from the start of development. Compared to complex legacy architectures, this architectural simplicity makes security analysis and testing more straightforward to achieve coverage.
 

Security Features at the Hardware Level

RISC-V's built-in security features support the creation of a comprehensive Trusted Computing Base (TCB). Physical Memory Protection (PMP) provides hardware-enforced memory isolation, and support for Trusted Execution Environments (TEE) enables the secure processing of sensitive data. Secure boot mechanisms ensure system integrity from power-on, creating a chain of trust that extends from hardware to application software.

The extensible nature of RISC-V allows developers to implement additional security features directly in hardware. They can add custom security instructions and accelerators while maintaining the simplicity of the base architecture. This capability allows security features to be designed from the beginning rather than added later at a greater cost. For example, teams can implement custom encryption engines, secure boot mechanisms, and hardware-level memory protection units tailored to their specific security requirements.

 

Certification and Security Verification

RISC-V's modular design offers significant advantages for system certification. The clear distinction between the base ISA and custom extensions simplifies the independent certification of security features. This modularity also aids development teams in maintaining clear documentation and traceability between security requirements and their hardware implementations, which are crucial aspects of standards like ISO/SAE 21434 and ISO 26262.

The simplicity of RISC-V's base architecture makes verification more practical than that of complex proprietary architectures. Development teams can verify security properties early in the design process when changes are less costly. The architecture's clean design also simplifies the implementation of security test features, such as hardware-assisted debugging and monitoring capabilities

.

RISC-V’s Growing Ecosystem Of Tools

The RISC-V ecosystem is continuously expanding with more pre-verified and supporting security solutions. Hardware IP blocks, cryptographic libraries, and security vaults from various vendors can be integrated early in the design process, allowing developers to implement robust security features without starting from scratch.

Many software development tools for RISC-V support security-focused development practices. Advanced toolsets, such as LDRA's target license package (TLP) for RISC-V architectures, support requirements traceability, coding standards compliance, vulnerability detection, and multi-core code coverage analysis on the development host and target. Additionally, LDRA is highly integrated with RISC-V environments, supporting dynamic testing with silicon-level simulation and real hardware.

 

LDRA’s tool suite provides a variety of resources for analyzing code and ensuring compliance to standards and certifications.

Figure 2. LDRA’s tool suite provides a variety of resources for analyzing code and ensuring compliance to standards and certifications.

 

Supply Chain Security

RISC-V's open architecture allows for various sourcing strategies for silicon, minimizing security risks linked to supply chain dependencies. Development teams can apply uniform security features across different vendors' implementations, ensuring consistent security properties while diversifying their supply chain. This flexibility is especially important for long-lifecycle applications where supply chain integrity is vital.

 

RISC-V as a Viable Security Option

RISC-V's architecture provides fundamental advantages for implementing shift-left security in critical systems. Several industries have already demonstrated the security benefits of RISC-V implementations. Automotive manufacturers use RISC-V processors with custom security extensions for advanced systems and aerospace companies are leveraging RISC-V's verifiable security properties in flight control.

 

LDRA’s enable developers to ensure standards compliance in safety-critical industries like aerospace and automotive.

Figure 3. LDRA’s enable developers to ensure standards compliance in safety-critical industries like aerospace and automotive. (Click on image to enlarge)

 

As security requirements continue to evolve, RISC-V's flexible architecture ensures that systems can adapt to new threats. Organizations developing security-critical systems should consider RISC-V as a foundation for security-first development practices.

 

All images used courtesy of LDRA.

Related Content

Secure by Design: Accelerating CRA Compliance for Embedded Systems
Secure by Design: Accelerating CRA Compliance for Embedded Systems
Industry Webinars
IoT Security Technology Global Forum
IoT Security Technology Global Forum
Industry Webinars
Accelerating Embedded System Development with CodeFusion Studio™
Accelerating Embedded System Development with CodeFusion Studio™
Industry Webinars
Practical Guide to RF Testing Secure Radios
Practical Guide to RF Testing Secure Radios
Industry Webinars
How High Precision GNSS Enables New Automotive Applications
How High Precision GNSS Enables New Automotive Applications
Industry Webinars
Simplicity SDK for Zephyr
Simplicity SDK for Zephyr
Industry Webinars
Tuning Robot Operating System (ROS) for Commercial Use
Tuning Robot Operating System (ROS) for Commercial Use
Industry Webinars
Building Secure Embedded Systems: A Modular Path to CRA Compliance
Building Secure Embedded Systems: A Modular Path to CRA Compliance
Partner Content Hub

Learn More About

automotive aeroscope risc-v embedded systems embedded security Verification safety certification shift left LDRA

You May Also Like