One of the challenges in the RISC-V bid for world domination may be security. That may seem like a silly statement, given that security weaknesses are invariably a function of implementation and RISC-V doesn’t define implementation, only the instruction-set architecture (ISA). But bear with me. RISC-V success depends heavily on implementors not yielding to the temptation of non-standard extensions in the pursuit of differentiation. It also depends heavily on a perception that, where it matters, implementations are at least as secure as equivalent ARM offerings.
Whatever you may think of the ARM hegemony, you can’t deny that they are putting a lot of work into security, from the device-level all the way up to the total system. Especially in the IoT, wherever the security floodgates break (when we will really wake up to the importance of security) security-lite RISC solutions are not going to do well. Recognizing this, the RISC-V Foundation has formed a security standing committee, chaired by Dr. Helena Handschuh of Rambus.
The technical goals of the standard continue to be in ISA refinement, so this committee will be considering extension to the privilege specification as well as extensions in support of cryptography. And of course they have a promotional goal to encourage adoption of and to further innovation around the RISC-V standard particularly with respect to security. About 25 companies are represented on the committee, from security specialists to IP vendors and large semiconductor vendors.
One of these companies is Tortuga Logic, who I have written about before. I talked to Jason Oberg, CEO of Tortuga, about their role in this activity. Tortuga’s whole objective is security, particularly against side-channel attacks, so they should be able to add real value to the committee. Naturally they have a business interest. When they’re aligned with the standard, their tools and IP should become attractive in guiding design for anyone implementing or using RISC-V. Which should in turn provide objective measures of security and therefore build confidence around using these implementations. A virtuous cycle with Tortuga making some money along the way. (I asked Jason what they plan to do in the spirit of open support. He said they’re thinking of possibly releasing an open threat-model for RISC-V.)
If you’re plugged into the RISC-V world, you’ll know that there is a summit next week, December 4th-5th at the Santa Clara convention center. Jason will be presenting in the afternoon of the 5th on a security verification framework for RISC-V, also Tortuga will have a booth in the exhibit hall. Their demo should be pretty interesting; they have applied their technology to analysis of the open Rocket core and will show a number of side-channel issues they found in that implementation. You might want to check out the demo if only to better understand how your current verification strategy will probably miss these kinds of problem and to realize that those deficiencies may not be easy to fix through better testbenches or more formal verification.