Post on 23-Sep-2020
Securing the New Golden Age of Computer ArchitectureTed Speers, Head Of Product Arch & Planning
March 13, 2019
About Microchip FPGAs
3
Number One from Low Earth Orbit to Beyond Pluto
IRNSS7 Satellites Launched 2013-2016
RTAX2000S
Iridium NextFirst 10 Satellites Launched 2017
GOES-RClimate Satellite Launched 2016
JUNOEntered Jupiter Orbit 2016
RTSX32SU, RTAX250S, RTAX2000S
Pluto New HorizonsPluto Images 2015
RTSX32SU, RTSX72SU
RosettaOrbits and Lands on Comet 2014
Legacy RT FPGAs
RTSX32SU, RTAX250S, RTAX1000S, RT3PE3000LRTSX72SU, RTAX2000S
4
Airbus A380• APA, A500K, SX-A, AX FPGAs• Flight computers, cockpit
displays, engine controls, power distribution, . . .
Boeing 787 Dreamliner• APA, A3P, AX FPGAs• Flight computers, cockpit
displays, engine controls, braking, power distribution,cabin pressure, flight surface actuation . . .
Airbus A350 XWB• APA, A3P FPGAs• Flight computers, cockpit displays, braking,
engine controls, power distribution,cabin pressure, flight surface actuation . . .
Number One Above 30000 Feet
Boeing 777-300ER• A3P, Igloo2 FPGAs• Flight computers, power
distribution, engine controls, electronic control networks, flight surface actuation. . .
5
Comprehensive Womb-to-Tomb Security Architecture
???
6
Award Winning PolarFireFPGA as an SoC platform
Proven SecurityDefense-grade securityDPA safe Crypto coprocessorBuilt-in anti-tamper
Exceptional ReliabilitySEU immune configurationBlock RAM with ECCExtended temperatures
Lowest PowerLow static power technologyPower optimized transceiversUp to 50% lower than SRAM FPGAs Control Plane
Signal Processing
Video & Image Processing Hardware
Acceleration
10G Bridging & Aggregation
Low Power Optics
PortableEquipment
Who joins the RISC-V Foundation?
8
9
Board of Directors
10
RISC-V IP Providers
11
Semiconductor OEMs
12
Academia & Research
13
System OEMs
14
EDA, IP and Support
15
Debug, OS and Tools
16
Datacenter
17
Modern fabs
18
Emerging Applications
The New Golden Age of Computer Architecture
20
2017 Turing Award Lecture
Building a secure world from the ground up
22
Activity of Note: Formal Spec
23
Activity of Note: Formal Spec
24
Activity of Note: Formal Spec
25
RISC-V Members Through a Security Filter
Chip CompaniesDefense Companies
Security IP Security Services and Tools
26
Activity of Note:Security Standing Committee
Security Steering Committee Main Goals Promote RISC-V as an ideal vehicle for the security community Liaise with other internal RISC-V committees and with external security committees Create an information repository on new attack trends, threats and countermeasures Identify top 10 open challenges in security for the RISC-V community to address Propose security committees (Marketing or Technical) to tackle specific security topics Recruit security talent to the RISC-V ecosystem (e.g., into committees) Develop consensus around best security practices for IoT devices and embedded systems
27
Speaker Program: Gernot Heiser, Data61
28
Timing Channels
29
Mitigating Timing Attacks
30
New Hardware-Software Contract!
31
Augmented ISA
32
Putting it all Together: The RISC-V Security Stack
Compliance Suite,
RISC-V implementation Formal RISC-V ISA spec
Secure SBI Formal aISA Specification
Secure seL4 Microkernel Formal seL4 Specification
RichOS (e.g. Linux)
Start creating a secure future today with Microchip and RISC-V
34
PolarFire SoCRISC-V-based SoC FPGA
Freedom to Innovate in
Thermal and Power Constrained Systems
Linux and Real-TimeHigh-Reliability Safety Critical Systems
Securely Connected IoT Systems
35
Secure Boot Guards against sophisticated methods of
attack whereby a malicious external agent tampers with the boot image stored in bootflash (e.g Linux FSBL)
Authenticates the image in bootflash before transferring execution control to the OS boot loader pointed to by reset vector
FPGA system controller (root of trust) manages the authentication process and certifies boot image using crypto functionality built into the FPGA backbone Push “zero state boot loader” (ZSBL) upon detecting HW
reset. Release monitor core from reset and executes
authentication on FSBL image pointed to by reset vector. If authentication is successful, transfer execution control
back to FSBL, otherwise abort.
Reset Vector
BootFlash
FSBLHW RESET
System Controller
Crypto Processor
PUF
sNVM
System Services
NRBG
RISC-VRV64IMAC
Monitor CoreE51
PMP SecureBoot
16K L1I$
8K DTIM
PushZSBL
Root of
Trust
36
ZSBL bootloader authenticates FSBL image in bootflash which contains: Actual FSBL image
SBIC data structure generated during bootflash programming and stored @ SBIC_ADDR
Authenticity of SBIC is verified by FPGA system controller using ECDSA: UCSQ is a public key programmed on the device by the user Corresponds to UCSK private key used to sign the SBIC during programming
ECDSAVERIFY (UCSQ, IMAGE_ADDR | IMAGE_LEN | BOOTVEC0-4 | H, CODESIG)
Elliptic Curve Digital Signature Algorithm (ECDSA)
CODESIG = ECDSASIGN (UCSK, IMAGE_ADDR | IMAGE_LEN | BOOTVEC0-4 | H)
Authentication Framework
37
PolarFire HiFive Unleashed Expansion
Freedom to Begin Hardware Development
38
Freedom to Start Software Development
Free Rapid Software Development and Debug Capabilities without Hardware
Complete PolarFire SoC Processor Subsystem Model
39
Building Out the Mi-V RISC-V Ecosystem
40
Where IDMs have Fabs
Taiwan –
https://en.wikipedia.org/wiki/List_of_semiconductor_fabrication_plants
41
Where foundries have their fabs
Taiwan – birthplace of Golden AgesTaiwan –
https://en.wikipedia.org/wiki/List_of_semiconductor_fabrication_plants
Thank You