MIPS virtualization technology: Creating efficient embedded security solutions
Sponsored content [Friday 15 March 2013]
Today, the importance of hardware virtualization has continued to increase from home entertainment to the mobile market. A higher level of security and content protection can be achieved through hardware virtualization. An increasing number of consumers have used such hardware virtualization to perform mobile payments, HD media streaming, Cloud storage, or even secure ID protections where highly secured applications are required.
Imagination Technologies has released MIPS Release 5 (R5), which is an important new version for the MIPS architecture. The new architectural enhancements that underwent more than two years in development process include critical functions such as Virtualization and Single Instruction Multiple Data (SIMD) modules. The MIPS virtualization modules have highly scalable options with multiple functions, including enhanced security features and support for multiple operating systems.
Rao Gattupalli, Director of Segment Marketing at Imagination indicated that, "Virtualization is an essential key to the future development of embedded systems." Regarding the development of the embedded systems security architecture, Gattupalli stated, "We must first define what we mean by a security system. The most precise definition is that if a system can ensure smooth operation without unintended data leakage/loss, it can be regarded as a safe and reliable system."
Isolation: The key to system security
The urgent security needs of the embedded system cover a wide dimension ranging from consumers to enterprises. From the consumer perspective, Gattupalli pointed out that smart phones and tablet PCs have become targets for hackers. Furthermore, rapid software development and increased software complexity have prevented full software integrity verifications, thus causing the error/hacker attack problems to become increasingly serious.
In the corporate field, bring your own device (BYOD) has become one of the biggest security challenges. In addition, awareness for content protection and media streaming security as well as the needs for secure payment transaction spurred by mobile payment, secure Cloud storage, and secure ID protection are on the rise. The new generation of embedded devices require solutions that provide more security while taking into account the SoC area and cost benefits. Gattupalli indicated that one of the key objectives to SoC design in response to the demands for modern embedded security is to isolate secure applications from non-secure applications in order to ensure that data transmitted during secure applications are not stolen or leaked.
An embedded application specific secure SoC must be able to isolate secure data from non-secure applications. Currently, this isolation mechanism is required from smart phones to set top boxes (STB) because increasingly more applications require complex terminal equipment to process high security content such as encryption keys, payment systems, and HD video streaming. Gattupalli indicated that, "Within one system, protection is required from one application to another and from one data type to another." Meanwhile, these applications must operate smoothly without interruption. That is, when operating system error occurs in another area, the application must be able to continue to run or exit intact.
In general, the secure partition construction method includes using another core or using the virtualization technology to create multiple secure and non-secure partitions within a single core. Virtualization can be accomplished through para-virtualization or hardware-assisted virtualization. MIPS can enable a solution that can support both para-virtualization and hardware assisted virtualization simultaneously. At present, the market already has a para-virtualization solution that can be implemented on MIPS-based cores. Furthermore, the MIPS architecture also provides the hardware-assisted virtualization technology.
Gattupalli indicated that numerous SoCs currently adopt the dual-core processor configurations where one processor is responsible for the non-secure area and the other is used for the secure area. Today's security configurations are universal and can provide a high level of security. However, greater scalability and cost-effectiveness methods are still needed in practical applications to satisfy the needs of the new generation devices to simultaneously perform a variety of applications within the security area.
Use secure SoC as the core for embedded systems
Gattupalli first specified the six key elements that constitute a secure SoC as follows: secure boot, secure key storage, trusted execution environment (TEE), secure data path, secure update, and secure debug.
Secure boot is referred to as the root of trust that is primarily used to prevent tampering. It is usually the read-only memory used to store the initial start-up code required for device reset. Secure key storage generally means the OTP OPT area used to store secure assets such as public keys and other DRM encryption keys. For example, the Netflex video on demand application stores the public key in the OTP OPT in order to decode the contents. Safe boot and secure key storage is the primary objective of constructing a secure SoC.
The TEE software layer is loaded after the successful load and certified initialization of the program. The TEE is the secure environment used to manage and control access to a set of low-level software modules. These sub-modules include security keys, secure data paths, secure updates, and secure debugging. The TEE is used for the allocation of resources and prevents non-secure applications from accessing the secure block. Basically TEE can be regarded as the gatekeeper of the bottom-level hardware resources. For example, during STB applications, the TEE can ensure that unauthorized applications cannot access critical assets such as the unencrypted address of the secure data that may exist in the video codec or the memory.
Secure data paths can ensure that high-value assets such as codecs can only be accessed by authorized entities. Secure update is to provide validation and management to ensure safe upper level system software updates. Gattupalli indicated that because operating systems, and various peripherals such as USBs all require updates; therefore, customers will need the security safeguards during the updating process. In addition, debugging also has security needs. The secure debug module for the SoC can enable the JTAG port to prevent unauthorized access.
Gattupalli further indicated that, "The biggest challenge for the SoC secure embedded application comes from power and size as well as the reusable resources for secure and non-secure applications." He specifically emphasized the importance of reusable resources. As terminal devices become more complex with the development trending towards multi-core processors, the lack of reusable resources for secure and non-secure applications is bound to create numerous design drawbacks.
The other major challenge comes from the multiple secure zones. Gattupalli indicated that general single- or multi-user data access, enterprise-level data access, and financial or personal data access operations are all major challenges for the secure SoC. Meanwhile, before these needs are fully satisfied, designers would also hope to optimize the SoC size and costs. The virtualization technology is the best solution for this situation.
As the virtualization technology can enable parallel processing of multiple operating systems and applications while consolidating workloads, it can be used as the key technology to develop the next generation security-critical embedded devices. The MIPS virtualization module is a simple and flexible hardware solution that can satisfy these different needs under the limited or unaffected performance setback conditions.
Virtualization brings greater benefits to the embedded system
Virtualization provides a scalable and TEE for the secure embedded system to connect to a variety of applications. It can secure isolation for each individual environment and manage privileged resources through access policies defined by each virtual machine. Meanwhile, only the trusted execution environments can communicate with the virtual machine. These features not only strengthen the reliability of the system, they can also accelerate the speed developments in the future.
Virtualization allows multiple independent operating systems on a single processor to become completely isolated, such as running Linux and RTOS simultaneously, while strengthening system reliability. That is, a session malfunction would not cause the entire system to fail. In addition, virtualization can also help to implement QoS, contribute to the migration from heterogeneous to homogeneous multi-core, and protect the customers' investments in operating systems and real-time operating systems.
In fact, Gattupalli indicated that the core element of virtualization is hypervisor, a small code constructed on the hardware to provide a reliable execution environment. Hypervisor can manage resource priority by defining the access strategy of each execution environment or "object." The objects will be isolated from each other, but can communicate to each other through a secure API and hypervisor. System reliability can be achieved through secure operation from other entities beyond the guests, and the system would be unaffected even when one guest is damaged. Hypervisor can manage all of the I/O priorities for the memories of the subsystem.
Gattupalli indicated that secure hypervisor can serve as the foundation for embedded systems that emphasized on security and reliability, virtual environments can provide flexible software management, and the software and hardware security virtualization solutions for MIPS would become the key to enable the embedded system design to reach its goal quickly and successfully.
Rao Gattupalli, Director of Segment Marketing at Imagination