SiFive Gives its WorldGuard Security Model to the RISC-V Community
SiFive hopes to strengthen the RISC-V community with the contribution of its WorldGuard model.
The emergence of RISC-V has been a revolutionary and powerful movement in the computing industry. Open-sourced and license-free, RISC-V has removed barriers to entry for chip designers and enabled thousands to design more easily than otherwise possible.
There’s no doubt that RISC-V has been successful, but at its core, the movement is only as successful as the contributions of its members. Last week, SiFive—a leader in the RISC-V community—took to further bolstering the RISC-V movement by giving its WorldGuard security model over to RISC-V International.
RISC-V pioneer SiFive has opened up its WorldGuard model to RISC-V International members.
In this piece, we’ll talk about security in RISC-V, SiFive’s WorldGuard model, and the implications of its introduction into the RISC-V community.
Security in Open-source
As RISC-V becomes more popular and widespread, security is also becoming an increasingly important aspect of the technology. Security in the context of RISC-V is a unique conversation due to the open-source nature of the ISA. Being open-source, RISC-V experiences both benefits and drawbacks from a security perspective.
The drawback of security in open-source systems is that adversaries have full, unrestricted access to system design information. Since all of RISC-V is free and accessible to anyone, malicious users can leverage this information to understand and ultimately exploit the granular details of a system’s design to find security vulnerabilities.
In closed-source designs, the lack of access to information acts as a barrier for adversaries, whereas an open-source design has a much larger attack surface area.
The spectrum of RISC-V hardware and architecture security. Image use courtesy of Tao Lu and co-authors
By the same token, the accessibility of design information in open-source ISAs like RISC-V is also its greatest strength in the context of security. In security, there is a concept called “security by obscurity”, which is the concept of keeping a system secure by hiding its information. However, security through obscurity is generally criticized, since a truly secure system is one which is not obscured—allowing users to find vulnerabilities and resolve them.
RISC-V benefits from a lack of obscurity in this sense since there is more visibility into the system design, resulting in more known and addressed vulnerabilities and hence a more robust system.
In terms of security, one of SiFive’s most notable offerings is its WorldGuard security model. WorldGuard is a security framework from SiFive that works to facilitate isolated code execution and data protection in SoCs.
Classified as a “hardware-enhanced software isolation solution”, WorldGuard is said to help developers enable Trusted Execution Environments (TEE) on the SoC level to keep data safe.
According to SiFive, WorldGuard takes effect on the entire suite of SoC components, including core, cache, interconnect, peripheral, and memory. The result is greater security and data protection inside of an SoC design.
A multi-core processor with WorldGuard implemented. Image used courtesy of SiFive. (Click on image to enlarge)
While WorldGuard has been exclusive to SiFive processors in the past, SiFive’s announcement last week revealed that it is contributing the security model to the RISC-V community. Specifically, SiFive has given its WorldGuard model to RISC-V International, the main body of the RISC-V community, which consists of over 3,500 members.
By doing this, SiFive has effectively bestowed RISC-V designers everywhere with a new means of significantly increasing security in their SoC designs—free of cost. According to SiFive, WorldGuard is interoperable with RISC-V designs and will require minimal to no redesign to integrate into most systems.
Pushing RISC-V Forward
At the end of the day, the RISC-V movement is only going to be as successful as its members will allow it to be. With SiFive contributing a new security model to the community, the company has lent a hand in further pushing RISC-V further and ensuring greater security and success for RISC-V moving forward.