Use models and services are evolving across a wide range of connected products such as IoT devices, gateway routers, IPTVs, mobile devices, and automotive systems. These devices must increasingly be designed to support numerous unique applications, various content sources, and in-the-field software updates from service providers and operators, all while ensuring privacy and data protection.
With this evolution comes the need for a new security approach to ensure protection for OEM products and operator services. MIPS multi-domain security technology addresses this need, designed to provide the industry’s most scalable and secure solutions for protection of next-generation SoCs.
Today’s embedded security approaches are binary (one secure zone / one non-secure zone) and are complex to implement. These solutions won’t scale to address the complex types of applications and services being enabled by next-generation connected devices and the cloud.
The MIPS security approach is uniquely scalable: the number of secure domains is limited only by hardware. We go beyond a binary approach to create multiple secure domains, where each secure/non-secure application/operating system can operate independently in its own separate environment. This ‘security through separation’ maintains a clean-room environment while preventing software cross-contamination and leaks.
In addition to providing a more secure system, this technique enables consolidation of multiple different embedded CPUs into a single core, resulting in lower silicon area and development effort, ultimately decreasing the overall cost and extending battery life. This technology ensures that customer SoCs and OEM products are designed for security, reliability and dynamic software management.
Hardware virtualized CPU
The MIPS multi-domain technology provides security through separation of memory spaces used by each system function. Each of these separate memory spaces is known as a “domain”. Each system function can only use its own domain and normally can’t access the domains used by other functions. By having multiple domains, single functions can be isolated from the rest of the system. This allows for the advantageous situation where mutually-distrusting applications not having to trust each other. The architecture allows up to 255 domains, particular implementations might only allow lower number of domains. Access to memory spaces which are shared among multiple domains is programmatically controlled by privileged software within the system.
The hypervisor is a software component which configures and manages the separate memory domains. It is also responsible for loading the software running in those domains. The software within a domain is called a ‘Guest” – and this can be an entire operating system or a standalone application. The hypervisor is also responsible for context switching among these Guests as needed by the system as well as dealing with events that affect all Guests. MIPS multi-domain technology requires the usage of a type-I hypervisor – also known as bare-iron or native hypervisor. The hypervisor must support full virtualization of the CPU to make use of the features of the MIPS Virtualization architecture.
Root of Trust
The Root of Trust (Rot) is an entity that is responsible for authenticating the software running on the system. The RoT must be the first active component within the system upon system power-up to ensure that no tampering is done with the rest of the system. For this authentication functionality, the RoT normally supplies encryption, decryption and hashing functions to the rest of the system. In very simple systems, some code held in un-mutable memory (ROM or OTP programmed at the factory) may function as the RoT. More sophisticated systems would have a separate subsystem that acts as the RoT – we call this separate subsystem the Trusted Element (TE).
Global Platform Compliant TEE
Sierraware has made its SierraTEE secure operating system available for MIPS CPUs. SierraTEE for MIPS is a comprehensive implementation of MIPS hardware backed virtualization as well as Global Platform System and Inter Process Communication (IPC) APIs. Sierraware’s TEE offers a wide range of capabilities and applications, providing a simple, affordable way to integrate rich platforms like FFmpeg, OpenSSL, MiniDLNA, and others. In addition to offering a full suite of Global Platform APIs, it offers POSIX APIs for easy integration of legacy applications like DRM with minimal changes. POSIX also allows for building devices with very small footprint ideal for applications like IoT and set-top boxes. The secure kernel is optimized for size and performance while maintaining POSIX compliance.