The MIPS Technologies group at Imagination Technologies has developed a set of cores aimed at embedded systems and microcontrollers that focus on security and reliability by including support for virtualization and anti-tamper measures.
The MIPS M51xx series follows on from the launch of the Warrior core family last year. The new cores are aimed at lower-performance systems than the superscalar, out-of-order execution P5600 cores that appeared in 2013. Like the microAptiv cores already in use by licensee Microchip Technology, the M51xx is intended for microcontrollers and comes in two forms: a cache-based version with paged virtual-memory support and an MCU-oriented one intended to work with onchip memory and so does not have a cache or virtual memory. However, both provide hardware-assisted virtualization.
To support operating systems that have not been paravirtualized to make them work with a hypervizor, the M51xx without paging support still performs a level of address translation. A 16-entry Fixed Memory Translation (FMT) lookup table allows different real-time operating system (RTOS) images or applications to take up different chunks of physical memory but still provide the illusion of having their memory space begin at zero.
Mark Throndson, director of business development for the processor line at Imagination, said: “The underlying trend for why we put hardware virtualization into this class of device was to allow higher levels of security and reliability in embedded systems. As more and more things get connected, this becomes more critical. It can be used for task isolation, to protect code, allow multiple applications to run on a trusted platform or for implementing reliability and safety-critical systems.”
The virtualization adds an additional privilege level to the architecture, on top of the standard user and kernel modes, which will normally be used by the hypervizor that mediates any transactions that have to pass beyond a given virtual machine.
As I/O accesses will generally need to be trapped and handled by the hypervizor before they are allowed to continue, latency can be an issue in virtualized real-time environments. Ian Anderton, business development manager, said the use of shadow registers, implemented to speed up context switching between commonly accessed tasks, helps minimize that time by reducing the number of stack pushes and pops.
MIPS has organised hypervizor support for two open-source implementations: the Kernel Virtual Machine (KVM) and Fiasco-OC. The company expects commercial implementations to be ported over time.
To protect against reverse engineering and some forms of tampering, the MIPS 51xx adds two novel features. One is a mode that injects pipeline stalls at random intervals to try to fool side-channel attacks such as differential power analysis. These techniques use small fluctuations in processor activity to track operations such as decryption. The random stalls should make program behavior less predictable.
A second tamper protection is user-defined scrambling of cache and on-chip data RAM accesses, supported by a built-in pseudorandom number generator. The idea is that, at boot or at defined intervals, such as after a cache flush, a random number is used to remap address locations to make it much more difficult to track data accesses made by a program running on the processor core.
Throndson said the M51xx has achieved some adoption: “We already have multiple licensees and we have released RTL to the lead licensees.”