Open-Source and Security Standardization Join Forces for Embedded IoT Security

RISC-V International is the open-standard organization developing the open source RISC-V ISA specification. On May 11, 2020, the organization announced a partnership with GlobalPlatform, the nonprofit industry association behind various security specifications, including Secure Elements (SE) and Trusted Execution Environments (TEE). The two entities are set to partner on the development of open standards for the hardware design of embedded components in connected Internet of Things (IoT) devices, focused specifically on processors with TEEs.

The collaboration is significant as it will provide a boost to RISC-V usage in the IoT, angling it as a serious competitor to ARM and its ARMv8-M Instruction Set Architecture (ISA), notably for its range of secure Cortex Microcontroller Units (MCUs)— M23, M33, M35P, and the latest M55 based on v8.1-M. Open-source alternatives can provide significant cost reduction on the licensing and royalty fee side, as well as flexibility in design. However, this is a more complex undertaking because it lacks a set of standardized libraries and development tools that proprietary alternatives such as ARM offer. As a result, hardware and software engineering costs are higher, as are development time and Go-to-Market (GTM).

Nonetheless, the RISC-V Initiative is an increasingly popular movement and is driving interest in open-source Intellectual Property (IP) cores. Security is certainly a key area of focus and, in 2018, the initiative had already announced the creation of the Security Standing Committee (chaired by Rambus), notably to work on security for RISC-V-based IoT devices, embedded systems, and Machine Learning (ML) implementations.

The Cryptographic Extensions Task Group within the organization has the goal to propose ISA vector extensions for the standardized and secure execution of popular cryptography algorithms. The Trusted Execution Environment Task Group is looking to define an architecture specification to support TEE for RISC-V processors. The groups have already published a draft specification for cryptographic extensions for the RISC-V ISA and proposed an approach to embed TEE. As such, the collaboration with GlobalPlatform is a huge boost today, in both credibility and support for RISC-V, as a viable and competitive alternative to ARM for secure IoT device development.

The announcement (and, in parallel, ARM’s new Cortex-M55) are driving home the importance of embedded security for IoT deployments, with TEE spearheading the secure microcontroller movement. Whether through TrustZone (ARM, Trustonic) or open-source (RISC-V), TEE looks set to secure its relevance in the IoT space. The key to its success now is ensuring that the associated development tools are both easily leveraged and cost-effective. While TEE as a technology has been around for over a decade, and is widespread in smartphones, its adoption has often been hampered by cost and development barriers, and as such has failed to maximize its full potential. But efforts such as the RISC-V and GlobalPlatform collaboration, and ARM’s new Flexible Access for Startups program, will see development for IoT (including TEE) become easier and more accessible.

With the focus now on embedded security in IoT, and the race to provide a suitable security solution for resource-constrained devices, secure applications, and secure management, TEE as a technology is showing great promise, especially for more complex edge devices where compute-intense and critical functions are to be run. Its relevance is being certainly touted for automotive, industrial, and telco infrastructure (and 5G), among others. These efforts are all key to enabling secure device management in the field, opening up new and greater opportunities from provisioning and cloud onboarding to secure updates and remote monitoring.