The physical memory protection (PMP) feature is a key part of RISC-V privilege specification that is fundamental for OS and application security, defining regions which can be individually configured to create access permissions to a range of addresses in memory. It (PMP) is used as a fundamental approach to security applications that depend on trusted execution environments (TEE) such as Keystone, OpenTitan, and other security protection techniques.
Functional verification of PMP is essential for any RISC-V processor targeted at security applications, and to address this, Imperas Software announced the beta release of its ImperasDV architectural validation test suites for RISC-V PMP.
In RISC-V processor implementations for security applications, PMP is used as a way to ensure memory isolation between key security applications and other activities. The PMP specification provides a flexible and comprehensive approach to enabling this based on control registers for the parameterization of modes to control the memory access, permissions, and policy. By using control registers, the actual policy and operation can be configured in software using the available hardware resources. As a result, the PMP policy can be configured to control the initial processor boot process and is fundamental to many systems that rely on a TEE for security applications.
Functional verification of a RISC-V processor involves making sure the design behaves as expected. In the case of PMP functionality, the wide range of possible configurations and implementations means architectural validation test suites also need to cover the vulnerabilities that arise from a design error that enable an unnecessary or unwanted option. The benefit of third-party tests is to provide an independent interpretation of the specification and offer a valuable additional safeguard. This is important especially when specification options selected for the target device are used to direct the test plan, since an unintended design error that includes an unnecessary and therefore untested feature could allow for a security vulnerability.
CEO of Imperas Software, Simon Davidmann, said, “In any verification plan, the opportunity to use more tests is always a useful option, but as is often the case some tests are more useful than others. Test suites have many useful qualities, perhaps the top two are coverage and specification completeness. The RISC-V PMP test requirements are significant given the complexity of the specification and security implications for any implementation errors. The Imperas mutating fault simulation technology ensures the test coverage, and the Imperas reference model covers the full envelope of the PMP specification, so when combined these produce a useful architectural validation test suite for any RISC-V processor targeted at security applications.”
Imperas said its PMP architectural validation test suites are available now to ImperasDV users as a beta release, with a full production release scheduled for Q2 2022. The ImperasDV RISC-V processor verification technology is already in active use with many of its customers, some of which have working silicon prototypes and are now working on second generation designs, according to the company. A select sample of these include Codasip, EM Microelectronics (Swatch), NSITEXE (Denso), Nvidia Networking (Mellanox), OpenHW Group, MIPS Technology, Seagate Technology, Silicon Labs, and Valtrix Systems, plus others yet to be made public.
- Building security into an AI SoC using CPU features with extensions
- Global IoT security push, podcast on tackling memory safety exploits
- Codasip adopts Imperas for RISC-V processor verification
- Enabling industrial-grade open verification for RISC-V
- Green Hills Software adds RISC-V support to INTEGRITY RTOS
- RISC-V based CPU supports automotive functional safety