

Cesare Garlati, CEO Hex Five Security

Andes RISC-V Con Beijing 2019

### Embedded Computing Thread Model



- MCU-based lack basic hardware security primitives like MMU & Virtual Memory
  - ➡ any line of code can break the CIA Confidentiality Integrity Availability
- 🕷 Linux-based have MMU & VM but can't be trusted either
  - ➡ 17M+ lines of code attack surface and non-free kernel drivers
- 🕷 Untrusted software: 3rd party libraries, open source, proprietary binaries
  - ➡ Supply chain security: 100+ libraries in a typical IoT stack
- 🛞 Secure Elements & TPM Modules: secure data at rest, can't run programs
- # Arm has TrustZone<sup>®</sup>: too complex and expensive for mainstream adoption
- ₭ RISC-V: free and open (good) but no TrustZone<sup>®</sup> at all (bad)

... while regulators increasingly mandate "isolation" built into any device

### **OX5** HEX-Five Security

## RISC-V ISA Security Building Blocks

#### Privilege Levels & Control and Status Registers

- Machine always present, highest privilege mode
- Supervisor Linux, supports MMU / virtual memory
- Reserved (Hypervisor) work in progress
- User / Application unprivileged lowest level
- Trusted Execution Environment runs at highest privilege
- Note: Interrupts always M mode (unless "N" implemented)

#### **Physical Memory Protection**

- Hardware enforced 4 ranges \* 4 config reg (if implemented)
- Policy R/W/X => synchronous exception mechanism (trap)
- Overlapping OK, ranges can be locked down
- Top of range (TOR) or naturally aligned power of two (NAPOT)
- Trusted Execution Environment manages PMP context at runtime
- Note: enforced per core no ISA spec for multi-core / platform

| Rings | Modes | Intended Usage     |  |  |
|-------|-------|--------------------|--|--|
| 1     | Μ     | Unsecured embedded |  |  |
| 2     | M,U   | Secure embedded    |  |  |
| 3     | M,S,U | Linux              |  |  |

| Α | Name  | Description                  |
|---|-------|------------------------------|
| 1 | TOR   | Top of range                 |
| 2 | NA4   | Naturally aligned 4-byte     |
| 3 | NAPOT | Naturally aligned power of 2 |



## MultiZone<sup>™</sup> Trusted Execution Environment



Multiple equally secure zones for programs, data, i/o Hardware-enforced Software-defined Policy-driven RWX

Minimal attack surface (<2KB), Formally verifiable

- It's like TrustZone® for RISC-V
- Runs on any RISC-V core with PMP & U-Mode
- No need to modify application software or toolchain
- Use cases: TLS, secure boot, remote firmware update

Arm and TrustZone are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

### Ox5 HEX-Five Security

# Reference Application – Secure IoT Stack



#### Crypto

TLSv1.3, Cipher TLS\_AES\_128\_GCM\_SHA256 Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, P-256, 256 bits Server public key is 256 bit Private Key ASN1 OID: prime256v1 Private Key NIST CURVE: P-256



#### **Ox5** HEX–Five Security

### MultiZone<sup>™</sup> Security – How It Works



Patent pending US 16450826, PCT US1938774 – Configuring, Enforcing, And Monitoring Separation Of Trusted Execution Environments.

#### **MEX-Five Security**

# MultiZone<sup>™</sup> For Linux – Enclave Concept



Multiple statically defined enclaves - ram, rom, i/o, irq

- Secure messaging with no shared mem secure buffers for Linux IPC
- Secure interrupt handlers mapped to enclaves and executed in U-mode
- Trap & emulation of privileged instructions, Soft-timers, Secure boot

#### Ox5 HEX-Five Security

# Takeaways

- Embedded systems with or without MMU are inherently not secure as all code can access all data and peripherals
- The RISC-V ISA defines some security building blocks including privileged modes and physical memory protection
- The design complexity associated with properly implementing security primitives often results in them not being used at all



MultiZone<sup>™</sup> security provides multiple equally secure execution environments



MultiZone<sup>™</sup> provides hardware– enforced software–defined separation for programs data and I/O

3

MultiZone<sup>™</sup> Security doesn't require additional cores, specialized IP or changes to existing applications



0x5

HEX-Five

## Hex Five MultiZone<sup>™</sup> Security

Hex Five Security, Inc. is the creator of MultiZone<sup>™</sup> Security, the first Trusted Execution Environment for RISC-V. Hex Five open standard technology provides software-defined hardware-enforced separation for multiple security domains, with full isolation of data, programs and peripherals. Contrary to traditional solutions, MultiZone<sup>™</sup> Security requires no additional hardware or changes to existing software: open source libraries, third party binaries and legacy code can be configured in minutes to achieve unprecedented levels of safety and security.

## MultiZone<sup>™</sup> Open Standard API – C Library

/\* Copyright(C) 2019 Hex Five Security, Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

#ifndef LIBHEXFIVE\_H\_
#define LIBHEXFIVE\_H\_

\*/

void ECALL\_YIELD(); void ECALL\_WFI();

int ECALL\_SEND(int, void \*); int ECALL\_RECV(int, void \*);

void ECALL\_TRP\_VECT(int, void \*); void ECALL\_IR0\_VECT(int, void \*);

void ECALL\_CSRS\_MIE(); void ECALL\_CSRC\_MIE();

void ECALL\_CSRW\_MTIMECMP(uint64\_t);

uint64\_t ECALL\_CSRR\_MTIME(); uint64\_t ECALL\_CSRR\_MCYCLE(); uint64\_t ECALL\_CSRR\_MINSTR(); uint64\_t ECALL\_CSRR\_MHPMC3(); uint64\_t ECALL\_CSRR\_MHPMC4(); uint64\_t ECALL\_CSRR\_MISA(); uint64\_t ECALL\_CSRR\_MVENDID(); uint64\_t ECALL\_CSRR\_MARCHID(); uint64\_t ECALL\_CSRR\_MIMPID();

uint64\_t ECALL\_CSRR\_MHARTID();

#endif /\* LIBHEXFIVE\_H\_ \*/

| - |
|---|

Permissive Licensing - "any purpose"

Hardware threads (zones) management Inter zone messaging – zone0 SMP Linux Traps & IRQs handlers registration (U-mode) Traps & IRQs enable / disable – per zone Hardware thread timer – per zone

Trap & emulation helpers Read-only, selected CSRs Completely optional - just for speed / latency



# Virtual Memory (MMU) Uncomfortable Truth

~/linux-4.18.6\$ cloc --exclude-lang=DTD,Lua,make .
60965 text files.
60546 unique files.
14391 files ignored.

| Language                  | files | blank   | comment | code     |
|---------------------------|-------|---------|---------|----------|
| с                         | 25782 | 2554166 | 2248398 | 12965944 |
| C/C++ Header              | 18693 | 484773  | 892818  | 3629746  |
| Assembly                  | 1318  | 47155   | 105960  | 232515   |
| JSON                      | 189   | 0       | 0       | 102201   |
| Perl                      | 55    | 5414    | 3994    | 27294    |
| Bourne Shell              | 346   | 5633    | 4983    | 24450    |
| Python                    | 108   | 3055    | 3337    | 17427    |
| HTML                      | 5     | 669     | 0       | 5492     |
| yacc                      | 9     | 701     | 375     | 4648     |
| lex                       | 8     | 326     | 314     | 2007     |
| C++                       | 7     | 285     | 77      | 1844     |
| Bourne Again Shell        | 51    | 351     | 318     | 1711     |
| awk                       | 11    | 170     | 155     | 1384     |
| Markdown                  | 1     | 220     | 0       | 1077     |
| TeX                       | 1     | 108     | 3       | 915      |
| NAnt script               | 2     | 156     | 0       | 599      |
| Windows Module Definition | 2     | 14      | 0       | 102      |
| m4                        | 1     | 15      | 1       | 95       |
| XSLT                      | 5     | 13      | 26      | 61       |
| CSS                       | 1     | 18      | 27      | 44       |
| vim script                | 1     | 3       | 12      | 27       |
| Ruby                      | 1     | 4       | 0       | 25       |
| INI                       | 1     | 1       | 0       | 6        |
| sed                       | 1     | 2       | 5       | 5        |
| SUM:                      | 46599 | 3103252 |         | 17019619 |

**HEX-Five Security** 

(a) Industry Average: "about 15 - 50 errors per 1000 lines of delivered code." He further says this is usually representative of code that has some level of structured programming behind it, but probably includes a mix of coding techniques.

(b) Microsoft Applications: "about 10 - 20 defects per 1000 lines of code during in-house testing, and 0.5 defect per KLOC (KLOC IS CALLED AS 1000 lines of code) in released product (Moore 1992)." He attributes this to a combination of code-reading techniques and independent testing (discussed further in another chapter of his book).

(c) "Harlan Mills pioneered 'cleanroom development', a technique that has been able to achieve rates as low as 3 defects per 1000 lines of code during in-house testing and 0.1 defect per 1000 lines of code in released product (Cobb and Mills 1990).

#### 17,019,619 \* 10<sup>-4</sup> = **1,701** disasters waiting to happen

Credits: AI Danial https://github.com/AIDanial/cloc, Dan Mayer's development blog https://www.mayerdan.com/ruby/2012/11/11/bugs-per-line-of-code-ratio