SlideShare ist ein Scribd-Unternehmen logo

RISC-V 30906 hex five multi_zone iot firmware

Als PPTX, PDF herunterladen
RISC-V International
RISC-V International

RISC-V Summit 2020 presentation

Technologie
1 von 19
MultiZone® IoT Firmware The quick and safe way to build secure IoT applications with any RISC-V processor Cesare Garlati – Hex Five Security Sandro Pinto – Hex Five Security
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited  Market requirements ― Consumer products: high volume / low cost ― Battery operated: small processor / limited ram & rom Building Secure IoT Devices Is Challenging Resource-constrained MCUs (no MMU) 100’ of KB of 3rd party untrusted code base No RISC-V specs for TrustZone®-like TEE  Basic IoT requirements ― SW foundation: multitask RTOS, peripherals drivers, ... ― Connectivity libraries: tcp/ip, dhcp, dns, sntp, mqtt, ... ― Security libraries: TLS, ECC, PKI, RoT, TEE, ...  Advanced IoT requirements ― New IoT regulations, access to commercial clouds, ... ― Secure boot, remote updates, OTA provisioning, ...
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Complete IoT stack that shields trusted applications from untrusted 3rd party libraries Provides secure access to any IoT clouds, secure boot, remote firmware updates, ... Works with any RISC-V processor: no need for proprietary TrustZone-like HW  Rapid development: pre-integrated TEE, TCP/IP, TLS/ECC, FreeRTOS, GCC, Eclipse  Built-in Trusted Execution Environment providing up to 4 separated HW/SW “worlds”  Commercial open source license: no GPL contamination, no royalties, $$ per design MultiZone® IoT Firmware
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone® IoT Firmware Architecture MultiZone Trusted Execution Environment (TEE) Any RISC-V 32-bit or 64-bit with ‘U’ extension ‘M’ mode ‘U’ Mode ‘U’ Mode HW Drivers Zone ... RTOS or bare metal app PMP HW HW Drivers Zone #3 RTOS or bare metal app HW Drivers Zone #2 RTOS or bare metal app ETHERNET driver Zone #1 MQTT Lib TLS Lib TCP Lib PMP PMP
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Secure access to commercial IoT clouds  Customer needs MQTT, TLS, ECC, mutual authentication optimized for RISC-V devices  Customer is concerned about backdoors and lack of separation in 3rd party software  Customer can’t afford time, cost and the technology risk of a complete system redesign MultiZone provides built-in secure connectivity to commercial cloud providers like AWS, Azure, etc  MultiZone provides four separated execution environments, hardware enforced, software defined  MultiZone can retrofit existing hardware and software, works out- of-the-box, and it is available now 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Remote firmware updates  Product must comply with new IoT regulation requiring remote firmware updates - OTA  Customer is concerned about time, cost, and security risk of developing a DIY solution  Customer is concerned about the vendor lock-in inherent in commercial cloud services MultiZone provides high-grade security OTA updates via open standard MQTT and TLS protocols  MultiZone is commercial-grade, available immediately, and built from the ground up for security  MultiZone remote firmware updates work with any commercial or private IoT cloud 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Real-time monitoring and device management  Customer needs real-time monitoring, remote updates, and device management  Customer can’t absorb the recurring cost of commercial web services – i.e. AWS, Azure  Project economics can’t justify the addition of expensive IoT modules to the BOM MultiZone provides secure bidirectional access to/from the device via standard MQTT protocol  MultiZone works with public and private clouds – i.e. OEM owned PKI and backend infrastructure  MultiZone can retrofit existing hardware, no need to redesign for additional 3rd party IoT modules 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited  Download and build the MultiZone Eclipse project  Flash the MultiZone Firmware to the ARTY FPGA board  Connect to public or private IoT cloud  Remotely deploy individual applications  Remotely control the operations of a small robotic arm  Connect a local terminal to asses security and separation MultiZone® Reference Application – Live Demo Cloud Private: MQTT broker, Commercial: AWS, ... MQTT TLS ECC UART GPIO
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited How To Get Started Hardware  Artix-7 35T FPGA Evaluation Kit http://www.xilinx.com/products/boards-and- kits/arty.html  Olimex debug head ARM-USB-TINY-H http://www.olimex.com/Products/ARM/JTAG/ARM-USB-TINY-H/  OWI Robot (optional) http://owirobot.com/robotic-arm-edge/ Software  Eclipse IDE CDT http://www.eclipse.org/cdt/  Hex Five X300 SoC bitstream http://github.com/hex-five/multizone-fpga  MultiZone Firmware https://github.com/hex-five/multizone-iot-firmware Documentation  https://github.com/hex-five/multizone-iot-firmware/blob/master/manual.pdf
MultiZone Security MultiZone Security is the quick and safe way to add security and separation to billions of IoT devices. MultiZone can retrofit existing hardware. If you don’t have TrustZone, or if you require finer granularity than one trusted area, you can take advantage of high security separation without the need for a redesign – see http://hex-five.com
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone® IoT Firmware – Data Sheet Stack Component Features Size License Reference Hardware  Digilent ARTY7 35T FPGA  Hex Five X300 SoC IP  RISC-V core RV32ACIMU 4-way i-cahe 65MHz  Ethernet: Xilinx EthernetLite Ethernet core Apache 2.0 license permissive commercial use ok IDE & Toolchain • Eclipse IDE + openOCD debug • GNU GCC, GDB, …  GCC multi-lib rv32, rv32e, rv64, GDB, openOCD  Hex Five pre-built GCC binaries (optional)  Hex Five pre-built OpenOCD binaries (optional) GNU General Public License version 3 TCP/IP library  LWIP 2.1.1  Hex Five security extensions  IP, ICMP, UDP, TCP, ARP, DHCP, DNS, SNTP, MQTT  Light weight single threaded execution  Fully integrated with SSL stack 40KB ROM 16KB RAM Modified BSD permissive commercial use ok SSL library  mbed TLS 2.23.0  Hex Five secure configuration  TLSv1.2, Cipher TLS_AES_128_GCM_SHA256  ECC: prime256v1, Private Key NIST CURVE: P-256  Mutual authentication, Cert expiration verification, TLS large fragment 64KB ROM 32KB RAM Apache 2.0 license permissive commercial use ok Real Time OS (optional)  FreeRTOS 10.3.0  Hex Five integration with TEE  Secure unprivileged execution of kernel, tasks, and interrupt handlers  No memory shared with TCP/IP and SSL library code  No memory shared with other applications running in separate zones 32KB ROM 16KB RAM MIT open source license permissive commercial use ok Trusted Execution Environment  MultiZone Security TEE 2.0  RISC-V secure DMA extension  RISC-V shared PLIC extension  4 separated Trusted Execution Environments (zones) enforced via PMP  8 memory-mapped resources per zone – i.e. ram, rom, i/o, uart, gpio, eth, …  Secure inter-zone messaging – no shared memory, no buffers, no stack, etc  Protected user-mode interrupt handlers mapped to zones – plic / clint 4KB ROM 4KB RAM Free for evaluation, commercial license priced per design – perpetual, no royalties, no GPL contamination Minimal Attack Surface (compare with TrustZone Secure Firmware) 4KB RAM 4KB ROM
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone Security TEE Feature List Formally verifiable TCB ~2KB, minimal attack surface, no dynamic data structures like stack, hype, and buffers. TCB equivalent to less than 10,000 lines of code – assuming 10-4 defects per lines of code ratio. Zero trust Completely self-contained runtime, no dependencies from libraries and other runtime components including C runtime, linker scripts, and kernel-mode drivers. Sealed runtime, pre-built driven by statically defined user-defined policies, that doesn’t require or even expose to the developer any other interface than the policy configuration file itself. Isolation of executable code (text segments) to ensure that user programs run in unprivileged mode so that they can’t compromise the overall system integrity – including drivers and IRQ handlers. Isolation of data (data segments) and memory-mapped peripherals (typically I/O) via a hardware unit that prevents access outside statically defined security boundaries. Isolation of interrupts so that interrupt handlers are mapped to the respective zone context and executed at a reduced level of privilege, unable to compromise the isolation model. Isolation of hardware components including all cores, bus masters, DMA, interrupt controllers, and caches in heterogeneous systems where deterministic and OOO come together in a single SoC. Pre-emptive temporal separation mechanism to ensure that any single thread can’t cause a denial of service by indefinitely holding processing cycles. This is a must for safety-critical applications. Secure inter-zone communications infrastructure to allow inter-zone data transfers without relying on shared memory resources such as buffers, stack, and heap. Secure inter-processor communications infrastructure to allow zones running on the secure core(s) to send/receive data to/from other low- criticality/non-secure core – i.e. protected split buffers. Soft timer facility to multiplex the underlying single hardware timer functionality and make it available to each zone independently from the others. Wait for interrupt functionality to allow transparent support for system suspend and low-power states. This is a must for battery-operated devices and low-latency deterministic applications . Trap & Emulate functionality for secure execution of privileged instructions. Allows porting of existing application code originally designed to operate in a single unprotected memory space. Secure boot 2-stage boot loader to verify the integrity and authenticity of runtime and policies. Should boot the whole system to configure and lock separation policies for all hardware components. Toolchain extension cross-platform command line fully integrated with toolchain and IDE, to combine and configure the zones binaries and to produce the signed firmware image for the secure boot of the system. Open source API to expose runtime micro-services such as messaging and process scheduling. Optional helper wrappers to reduce system calls overhead. Free and open permissive license.
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone TEE Vs Arm TrustZone Patent pending US 16450826, PCT US1938774 - Configuring, Enforcing, And Monitoring Separation Of Trusted Execution Environments. Arm and TrustZone are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. TrustZone: Two Domains Hardcoded in Silicon Cortex-M23/M33 MPC Memory OS Apps Normal World MPC Periphera ls Arm Trusted Firmware-M Trusted Apps Secure World NS Bit SAU/IDAU U-Thread mode P-Thread mode TZ-M HW MultiZone: Multiple Domains Defined In Software MultiZone TEE RISC-V 32-bit or 64-bit PMP OS Apps Zone #1 Zone #2 Trusted OS Trusted Apps PMP HW Machine mode User Mode Memory Periphera ls Zone #3 Zone #4 App App User Mode
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Fit new functionality into limited RAM and ROM  Customer is struggling to fit large 3rd party libraries into limited RAM and ROM  Product economics don’t justify platform upgrade and hardware redesign  Product economics don’t justify platform upgrade and firmware redesign MultiZone is lightweight and built from the ground up for resource constrained MCUs – 4KB RAM ROM  MultiZone can retrofit existing MCUs – no need for hardware redesign  MultiZone runs unmodified binaries – no need for software redesign 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Permissive open source software (no GPL)  Product needs security libraries – i.e. TLS, ECC  Customer IP can’t risk “GPL contamination”  Customer can’t afford expensive commercial libraries MultiZone includes pre-integrated open source libraries providing TLS 1.2, ECC, MQTT, ...  MultiZone is GPL free. Its open source components are distributed under permissive licensing  MultiZone commercial license is conveniently priced per design – perpetual, no royalties ever 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Multitenant applications  Customer needs the equivalent of an App Store to provision and run 3rd party IoT services  The device must run physically separated, remotely deployed, untrusted 3rd party applications  Customer can’t afford cost and security risk of multicore, MMU- based, Linux capable hardware MultiZone provides up to 4+ physically separated application environments – no interference  MultiZone provides remote deployment of individual apps via MQTT / TLS / ECC protocols  MultiZone works with the lightweight PMP built into RISC-V MCUs – no need for Linux & multi-coreCPUs 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Safety-critical applications  Product must comply with safety critical regulations – i.e. medical devices, automotive  Customers needs to shield critical functionality from 100’s of KB of untrusted 3rd party sw  Customer looking for low-cost alternatives to proprietary RTOS and hypervisors MultiZone guarantees non interference and spatial and temporal separation of programs  MultiZone provides high-grade security and separation for up to 8 execution environments  MultiZone offers a simple convenient license priced per customer’s design – no royalties 
MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case RISC-V alternative to a TrustZone design  Product needs a mechanism to separate critical functionality from untrusted software  Functional requirements mandate finer granularity than one “secure world”  Customer is concerned about time, cost, and technology risk of a complete system redesign MultiZone provides hardware enforced separation via Physical Memory Protection (PMP)  MultiZone provides 4+ “secure words” to separate multiple 3rd party components  MultiZone can retrofit standard RISC-V hardware and software. No system redesign is required. 
MultiZone® Security MultiZone Security is the quick and safe way to add security and separation to billions of IoT devices. MultiZone can retrofit existing hardware. If you don’t have TrustZone, or if you require finer granularity than one trusted area, you can take advantage of high security separation without the need for a redesign – see http://hex-five.com

Empfohlen

Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...
RISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overview
RISC-V International
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
RISC-V International
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire soc
RISC-V International
 
Andes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorialAndes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorial
RISC-V International
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
RISC-V International
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
RISC-V International
 
Gernot heiser unsw sydney and se l4 foundation
Gernot heiser unsw sydney and se l4 foundationGernot heiser unsw sydney and se l4 foundation
Gernot heiser unsw sydney and se l4 foundation
RISC-V International
 

Empfohlen

Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...
RISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overview
RISC-V International
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
RISC-V International
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire soc
RISC-V International
 
Andes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorialAndes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorial
RISC-V International
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
RISC-V International
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
RISC-V International
 
Gernot heiser unsw sydney and se l4 foundation
Gernot heiser unsw sydney and se l4 foundationGernot heiser unsw sydney and se l4 foundation
Gernot heiser unsw sydney and se l4 foundation
RISC-V International
 
Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystem
RISC-V International
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunity
RISC-V International
 
Tech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemTech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystem
RISC-V International
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V International
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
RISC-V International
 
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
RISC-V International
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
RISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
RISC-V International
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...
RISC-V International
 
SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable Cores
RISC-V International
 
Andes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmpAndes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmp
RISC-V International
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V International
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutions
RISC-V International
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
RISC-V International
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V International
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation Overview
RISC-V International
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
RISC-V International
 
Data trustworthiness at the edge
Data trustworthiness at the edgeData trustworthiness at the edge
Data trustworthiness at the edge
RISC-V International
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
RISC-V International
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudDebugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
HiveMQ
 

Weitere ähnliche Inhalte

Was ist angesagt?

RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V International
 

Was ist angesagt? (20)

Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystem
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunity
 
Tech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemTech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystem
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
 
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...
 
SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable Cores
 
Andes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmpAndes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmp
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutions
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation Overview
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
 
Data trustworthiness at the edge
Data trustworthiness at the edgeData trustworthiness at the edge
Data trustworthiness at the edge
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
 

Ähnlich wie RISC-V 30906 hex five multi_zone iot firmware

Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudDebugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
HiveMQ
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
MediaTek Labs
 
Dominating Industrie 4.0 with Secure Software Licensing
Dominating Industrie 4.0 with Secure Software LicensingDominating Industrie 4.0 with Secure Software Licensing
Dominating Industrie 4.0 with Secure Software Licensing
team-WIBU
 
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ
 
IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...
IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...
IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...
HostedbyConfluent
 
Kafka Summit 2021 - Why MQTT and Kafka are a match made in heaven
Kafka Summit 2021 - Why MQTT and Kafka are a match made in heavenKafka Summit 2021 - Why MQTT and Kafka are a match made in heaven
Kafka Summit 2021 - Why MQTT and Kafka are a match made in heaven
Dominik Obermaier
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
HiveMQ
 
Embedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packagesEmbedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packages
team-WIBU
 

Ähnlich wie RISC-V 30906 hex five multi_zone iot firmware (20)

BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudDebugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
From idea to the field - Simplify Your IoT project (Acal BFi Nordic & Sierra ...
From idea to the field - Simplify Your IoT project (Acal BFi Nordic & Sierra ...From idea to the field - Simplify Your IoT project (Acal BFi Nordic & Sierra ...
From idea to the field - Simplify Your IoT project (Acal BFi Nordic & Sierra ...
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
 
Dominating Industrie 4.0 with Secure Software Licensing
Dominating Industrie 4.0 with Secure Software LicensingDominating Industrie 4.0 with Secure Software Licensing
Dominating Industrie 4.0 with Secure Software Licensing
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
 
Sensor fusion
Sensor fusionSensor fusion
Sensor fusion
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
 
IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...
IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...
IoT Data Streaming - Why MQTT and Kafka are a match made in heaven | Dominik ...
 
Kafka Summit 2021 - Why MQTT and Kafka are a match made in heaven
Kafka Summit 2021 - Why MQTT and Kafka are a match made in heavenKafka Summit 2021 - Why MQTT and Kafka are a match made in heaven
Kafka Summit 2021 - Why MQTT and Kafka are a match made in heaven
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentationSS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentation
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
 
Catching the Internet of Things (IoT) Wave
Catching the Internet of Things (IoT) WaveCatching the Internet of Things (IoT) Wave
Catching the Internet of Things (IoT) Wave
 
Intels presentation at blue line industrial computer seminar
Intels presentation at blue line industrial computer seminarIntels presentation at blue line industrial computer seminar
Intels presentation at blue line industrial computer seminar
 
Embedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packagesEmbedded devices - Big opportunities in tiny packages
Embedded devices - Big opportunities in tiny packages
 

Mehr von RISC-V International

Mehr von RISC-V International (16)

WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titan
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process node
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
 
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
 
Educating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-VEducating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-V
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

RISC-V 30906 hex five multi_zone iot firmware

  • 1. MultiZone® IoT Firmware The quick and safe way to build secure IoT applications with any RISC-V processor Cesare Garlati – Hex Five Security Sandro Pinto – Hex Five Security
  • 2. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited  Market requirements ― Consumer products: high volume / low cost ― Battery operated: small processor / limited ram & rom Building Secure IoT Devices Is Challenging Resource-constrained MCUs (no MMU) 100’ of KB of 3rd party untrusted code base No RISC-V specs for TrustZone®-like TEE  Basic IoT requirements ― SW foundation: multitask RTOS, peripherals drivers, ... ― Connectivity libraries: tcp/ip, dhcp, dns, sntp, mqtt, ... ― Security libraries: TLS, ECC, PKI, RoT, TEE, ...  Advanced IoT requirements ― New IoT regulations, access to commercial clouds, ... ― Secure boot, remote updates, OTA provisioning, ...
  • 3. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Complete IoT stack that shields trusted applications from untrusted 3rd party libraries Provides secure access to any IoT clouds, secure boot, remote firmware updates, ... Works with any RISC-V processor: no need for proprietary TrustZone-like HW  Rapid development: pre-integrated TEE, TCP/IP, TLS/ECC, FreeRTOS, GCC, Eclipse  Built-in Trusted Execution Environment providing up to 4 separated HW/SW “worlds”  Commercial open source license: no GPL contamination, no royalties, $$ per design MultiZone® IoT Firmware
  • 4. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone® IoT Firmware Architecture MultiZone Trusted Execution Environment (TEE) Any RISC-V 32-bit or 64-bit with ‘U’ extension ‘M’ mode ‘U’ Mode ‘U’ Mode HW Drivers Zone ... RTOS or bare metal app PMP HW HW Drivers Zone #3 RTOS or bare metal app HW Drivers Zone #2 RTOS or bare metal app ETHERNET driver Zone #1 MQTT Lib TLS Lib TCP Lib PMP PMP
  • 5. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Secure access to commercial IoT clouds  Customer needs MQTT, TLS, ECC, mutual authentication optimized for RISC-V devices  Customer is concerned about backdoors and lack of separation in 3rd party software  Customer can’t afford time, cost and the technology risk of a complete system redesign MultiZone provides built-in secure connectivity to commercial cloud providers like AWS, Azure, etc  MultiZone provides four separated execution environments, hardware enforced, software defined  MultiZone can retrofit existing hardware and software, works out- of-the-box, and it is available now 
  • 6. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Remote firmware updates  Product must comply with new IoT regulation requiring remote firmware updates - OTA  Customer is concerned about time, cost, and security risk of developing a DIY solution  Customer is concerned about the vendor lock-in inherent in commercial cloud services MultiZone provides high-grade security OTA updates via open standard MQTT and TLS protocols  MultiZone is commercial-grade, available immediately, and built from the ground up for security  MultiZone remote firmware updates work with any commercial or private IoT cloud 
  • 7. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Real-time monitoring and device management  Customer needs real-time monitoring, remote updates, and device management  Customer can’t absorb the recurring cost of commercial web services – i.e. AWS, Azure  Project economics can’t justify the addition of expensive IoT modules to the BOM MultiZone provides secure bidirectional access to/from the device via standard MQTT protocol  MultiZone works with public and private clouds – i.e. OEM owned PKI and backend infrastructure  MultiZone can retrofit existing hardware, no need to redesign for additional 3rd party IoT modules 
  • 8. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited  Download and build the MultiZone Eclipse project  Flash the MultiZone Firmware to the ARTY FPGA board  Connect to public or private IoT cloud  Remotely deploy individual applications  Remotely control the operations of a small robotic arm  Connect a local terminal to asses security and separation MultiZone® Reference Application – Live Demo Cloud Private: MQTT broker, Commercial: AWS, ... MQTT TLS ECC UART GPIO
  • 9. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited How To Get Started Hardware  Artix-7 35T FPGA Evaluation Kit http://www.xilinx.com/products/boards-and- kits/arty.html  Olimex debug head ARM-USB-TINY-H http://www.olimex.com/Products/ARM/JTAG/ARM-USB-TINY-H/  OWI Robot (optional) http://owirobot.com/robotic-arm-edge/ Software  Eclipse IDE CDT http://www.eclipse.org/cdt/  Hex Five X300 SoC bitstream http://github.com/hex-five/multizone-fpga  MultiZone Firmware https://github.com/hex-five/multizone-iot-firmware Documentation  https://github.com/hex-five/multizone-iot-firmware/blob/master/manual.pdf
  • 10. MultiZone Security MultiZone Security is the quick and safe way to add security and separation to billions of IoT devices. MultiZone can retrofit existing hardware. If you don’t have TrustZone, or if you require finer granularity than one trusted area, you can take advantage of high security separation without the need for a redesign – see http://hex-five.com
  • 11. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone® IoT Firmware – Data Sheet Stack Component Features Size License Reference Hardware  Digilent ARTY7 35T FPGA  Hex Five X300 SoC IP  RISC-V core RV32ACIMU 4-way i-cahe 65MHz  Ethernet: Xilinx EthernetLite Ethernet core Apache 2.0 license permissive commercial use ok IDE & Toolchain • Eclipse IDE + openOCD debug • GNU GCC, GDB, …  GCC multi-lib rv32, rv32e, rv64, GDB, openOCD  Hex Five pre-built GCC binaries (optional)  Hex Five pre-built OpenOCD binaries (optional) GNU General Public License version 3 TCP/IP library  LWIP 2.1.1  Hex Five security extensions  IP, ICMP, UDP, TCP, ARP, DHCP, DNS, SNTP, MQTT  Light weight single threaded execution  Fully integrated with SSL stack 40KB ROM 16KB RAM Modified BSD permissive commercial use ok SSL library  mbed TLS 2.23.0  Hex Five secure configuration  TLSv1.2, Cipher TLS_AES_128_GCM_SHA256  ECC: prime256v1, Private Key NIST CURVE: P-256  Mutual authentication, Cert expiration verification, TLS large fragment 64KB ROM 32KB RAM Apache 2.0 license permissive commercial use ok Real Time OS (optional)  FreeRTOS 10.3.0  Hex Five integration with TEE  Secure unprivileged execution of kernel, tasks, and interrupt handlers  No memory shared with TCP/IP and SSL library code  No memory shared with other applications running in separate zones 32KB ROM 16KB RAM MIT open source license permissive commercial use ok Trusted Execution Environment  MultiZone Security TEE 2.0  RISC-V secure DMA extension  RISC-V shared PLIC extension  4 separated Trusted Execution Environments (zones) enforced via PMP  8 memory-mapped resources per zone – i.e. ram, rom, i/o, uart, gpio, eth, …  Secure inter-zone messaging – no shared memory, no buffers, no stack, etc  Protected user-mode interrupt handlers mapped to zones – plic / clint 4KB ROM 4KB RAM Free for evaluation, commercial license priced per design – perpetual, no royalties, no GPL contamination Minimal Attack Surface (compare with TrustZone Secure Firmware) 4KB RAM 4KB ROM
  • 12. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone Security TEE Feature List Formally verifiable TCB ~2KB, minimal attack surface, no dynamic data structures like stack, hype, and buffers. TCB equivalent to less than 10,000 lines of code – assuming 10-4 defects per lines of code ratio. Zero trust Completely self-contained runtime, no dependencies from libraries and other runtime components including C runtime, linker scripts, and kernel-mode drivers. Sealed runtime, pre-built driven by statically defined user-defined policies, that doesn’t require or even expose to the developer any other interface than the policy configuration file itself. Isolation of executable code (text segments) to ensure that user programs run in unprivileged mode so that they can’t compromise the overall system integrity – including drivers and IRQ handlers. Isolation of data (data segments) and memory-mapped peripherals (typically I/O) via a hardware unit that prevents access outside statically defined security boundaries. Isolation of interrupts so that interrupt handlers are mapped to the respective zone context and executed at a reduced level of privilege, unable to compromise the isolation model. Isolation of hardware components including all cores, bus masters, DMA, interrupt controllers, and caches in heterogeneous systems where deterministic and OOO come together in a single SoC. Pre-emptive temporal separation mechanism to ensure that any single thread can’t cause a denial of service by indefinitely holding processing cycles. This is a must for safety-critical applications. Secure inter-zone communications infrastructure to allow inter-zone data transfers without relying on shared memory resources such as buffers, stack, and heap. Secure inter-processor communications infrastructure to allow zones running on the secure core(s) to send/receive data to/from other low- criticality/non-secure core – i.e. protected split buffers. Soft timer facility to multiplex the underlying single hardware timer functionality and make it available to each zone independently from the others. Wait for interrupt functionality to allow transparent support for system suspend and low-power states. This is a must for battery-operated devices and low-latency deterministic applications . Trap & Emulate functionality for secure execution of privileged instructions. Allows porting of existing application code originally designed to operate in a single unprotected memory space. Secure boot 2-stage boot loader to verify the integrity and authenticity of runtime and policies. Should boot the whole system to configure and lock separation policies for all hardware components. Toolchain extension cross-platform command line fully integrated with toolchain and IDE, to combine and configure the zones binaries and to produce the signed firmware image for the secure boot of the system. Open source API to expose runtime micro-services such as messaging and process scheduling. Optional helper wrappers to reduce system calls overhead. Free and open permissive license.
  • 13. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited MultiZone TEE Vs Arm TrustZone Patent pending US 16450826, PCT US1938774 - Configuring, Enforcing, And Monitoring Separation Of Trusted Execution Environments. Arm and TrustZone are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. TrustZone: Two Domains Hardcoded in Silicon Cortex-M23/M33 MPC Memory OS Apps Normal World MPC Periphera ls Arm Trusted Firmware-M Trusted Apps Secure World NS Bit SAU/IDAU U-Thread mode P-Thread mode TZ-M HW MultiZone: Multiple Domains Defined In Software MultiZone TEE RISC-V 32-bit or 64-bit PMP OS Apps Zone #1 Zone #2 Trusted OS Trusted Apps PMP HW Machine mode User Mode Memory Periphera ls Zone #3 Zone #4 App App User Mode
  • 14. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Fit new functionality into limited RAM and ROM  Customer is struggling to fit large 3rd party libraries into limited RAM and ROM  Product economics don’t justify platform upgrade and hardware redesign  Product economics don’t justify platform upgrade and firmware redesign MultiZone is lightweight and built from the ground up for resource constrained MCUs – 4KB RAM ROM  MultiZone can retrofit existing MCUs – no need for hardware redesign  MultiZone runs unmodified binaries – no need for software redesign 
  • 15. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Permissive open source software (no GPL)  Product needs security libraries – i.e. TLS, ECC  Customer IP can’t risk “GPL contamination”  Customer can’t afford expensive commercial libraries MultiZone includes pre-integrated open source libraries providing TLS 1.2, ECC, MQTT, ...  MultiZone is GPL free. Its open source components are distributed under permissive licensing  MultiZone commercial license is conveniently priced per design – perpetual, no royalties ever 
  • 16. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Multitenant applications  Customer needs the equivalent of an App Store to provision and run 3rd party IoT services  The device must run physically separated, remotely deployed, untrusted 3rd party applications  Customer can’t afford cost and security risk of multicore, MMU- based, Linux capable hardware MultiZone provides up to 4+ physically separated application environments – no interference  MultiZone provides remote deployment of individual apps via MQTT / TLS / ECC protocols  MultiZone works with the lightweight PMP built into RISC-V MCUs – no need for Linux & multi-coreCPUs 
  • 17. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case Safety-critical applications  Product must comply with safety critical regulations – i.e. medical devices, automotive  Customers needs to shield critical functionality from 100’s of KB of untrusted 3rd party sw  Customer looking for low-cost alternatives to proprietary RTOS and hypervisors MultiZone guarantees non interference and spatial and temporal separation of programs  MultiZone provides high-grade security and separation for up to 8 execution environments  MultiZone offers a simple convenient license priced per customer’s design – no royalties 
  • 18. MultiZone is a registered trademark of Hex Five Security, Inc. – Patent pending US 16450826, PCT US1938774 Cortex-M and TrustZone are registered trademarks of Arm Limited Use case RISC-V alternative to a TrustZone design  Product needs a mechanism to separate critical functionality from untrusted software  Functional requirements mandate finer granularity than one “secure world”  Customer is concerned about time, cost, and technology risk of a complete system redesign MultiZone provides hardware enforced separation via Physical Memory Protection (PMP)  MultiZone provides 4+ “secure words” to separate multiple 3rd party components  MultiZone can retrofit standard RISC-V hardware and software. No system redesign is required. 
  • 19. MultiZone® Security MultiZone Security is the quick and safe way to add security and separation to billions of IoT devices. MultiZone can retrofit existing hardware. If you don’t have TrustZone, or if you require finer granularity than one trusted area, you can take advantage of high security separation without the need for a redesign – see http://hex-five.com