Imagination Technologies plans to introduce support for virtualization across all its processor cores, including signal processors such as the Ensigma family, as part of a plan to improve SoC security.
Rather than provide a split between secure and non-secure code in the way that ARM Trustzone currently works, Imagination’s Omnishield will use virtualization to create multiple software zones with different privilege levels on the basis that if one secure zone is successfully hacked code in other zones should still remain secure.
“If thieves enter the house, it will be close to impossible to break into every room,” Imagination marketing specialist Alexandru Voica claimed in a blog post on the initiative.
Image Virtualization on the PowerVR 7
The company already implements virtualization support on its MIPS general-purpose processors and on some PowerVR 6 GPUs. The company is adding further virtualization support to the PowerVR 7 range. Adding a root of trust module based on a version of the TPM standard and extending the virtualization support to the Ensigma signal processors is intended to create an environment where applications using a mix of processors can be isolated from each other and from the actual hardware.
Although virtualization can provide an effective way of isolating applications from each other it can dramatically reduce performance, particularly for I/O intensive operations, because they can force the processor to continually trap and emulate requests that the application attempts to make to the underlying hardware. I/O MMUs with support for ‘pass through’ modes provide greater performance but vulnerabilities have been found in implementations that allow an application in a guest OS to access a wider range of I/O addresses than are programmed into the MMU.
GPU virtualization can be particularly problematic in terms of the trade off between performance and security because of the many different types of memory they employ. Information leakage between virtual domains can happen easily unless all memory access are protected, which can result in multiple traps being taken by the control processor or the risk of pass-through strategies exposing privileged data. Researchers have proposed techniques that force the application to use a relatively high-level API to the GPU – at the OpenGL layer, for example – to provide a GPU hypervisor with more control over the runtime environment and provide greater isolation.
It is unclear at this stage how Imagination will co-ordinate the multiple secure zones across different processors to allow a single application to employ combinations of cores. The company has proposed a secure interconnect fabric that should enable cores to communicate without risk of eavesdropping. The separate root of trust module may provide the means to allow tasks running on each to authenticate each other at runtime.
The software framework for Omnishield will be coordinated through the Prpl Foundation, which develops open-source software for the MIPS architecture. Imagination said Prpl will provide trusted boot, hypervisor and secure OS components, some of which will be available in 2015. The company said the Prpl security working group is also working to deliver an overall security framework, APIs, and reference platforms that support the multi-domain technology.