Chip information security, implementation ideas for different ISA architectures

With the increasing emphasis on information security, many countries and organizations have introduced corresponding laws and standards to regulate the security of chips in personal data privacy. For example, there are ISO 21434 in the automotive industry and ISO/IEC 27400:2022 in the field of the Internet of Things. However, for different chip architectures, the ways to achieve security often vary, such as Arm and RISC-V.

Arm TrustZone technology
After years of development, Arm's TrustZone technology has been applied to billions of application processors, and it can be said that this security design protects the code and data of various devices around us. Because this technology integrates hardware mandatory isolation technology into the CPU, it provides a system level efficient security solution for major Arm processors and utilizes this technology to create a trusted execution environment (TEE).

Through TrustZone, the software and hardware resources on the SoC can be divided into secure and non secure partitions. Security operations that require confidentiality are executed in the secure partition, while some operations such as OS and applications are executed in the non secure partition. In terms of processor design, each physical processor core is divided into two virtual cores: a secure core and a non secure core.

Thanks to this hardware isolation mechanism, Arm processors can store sensitive information such as biometric information in TrustZone, such as fingerprint information, and manage the isolation partition through software management programs. For a trusted execution environment, three objectives need to be met, including data confidentiality, data integrity, and code integrity.

RISC-V PMP technology
Traditional RISC-V processors do not provide isolation techniques like Arm TrustZone, but they still provide developers with the ability to expand security by using methods such as PMP and IOPMP to further enhance RISC-V processor protection of physical memory.

As a memory protection mechanism, PMP can be used for memory access in both M mode and S/U mode, but only in M mode can PMP be configured with permission. Memory access permissions for up to 16 zones can be configured through up to 16 CSR registers. In this way, in the operating system, PMP can achieve memory isolation between different processes, avoiding one process from accessing sensitive data of another process. Compared to the two partitions of Arm TrustZone, its software security solution is more flexible.

However, PM is only a protective mechanism for CPU core access, and usually there are other I/O agents on the bus within a hardware platform, such as DSP/GPU, DMA, NIC, etc. Attackers can evade PMP to steal data by controlling the software or firmware of an I/O agent.

So in order to address this security threat, RISC-V needs to protect memory access by adding an IOPMP, which needs to be added between different main devices and buses. IOPMP can define access permissions like PMP and check whether read and write transfers comply with access rules.

The exploration of processor information security design in the industry has never stopped. Thanks to the scalability of the RISC-V architecture, many manufacturers have also launched their own security design solutions. In addition, there are separate hardware IP modules, and open source projects such as OpenTtitan and OP-TEE provide a unified chip security design reference. In the future, with the popularization of AI computing and quantum computing, chip information security is bound to face greater challenges, and even existing design solutions need to be prepared for iteration.