8.如何通过基于RISC-V的可信根提升基于RISC-V的SoC设计的安全等级.pdf

1、How to Elevate the Security Level of RISC-V Based SoC Designs with a RISC-V Based Root-of-TrustJuly18,2025SamuelChiangRambus2HangzhouXiongmaiHangzhouXiongmaiTechnologyTechnology4.3MCamerasrecalledSanFranciscoMuniSanFranciscoMuniAllridesfreefortwodays!ConnectedDevices+VehiclesTodayareatEverGreaterRis

2、kDynamicNetworkServicesDynamicNetworkServices(Dyn)(Dyn)100,000infecteddevicesBlockageof1,200websites*QuotefromBrianKrebsConnectittotheInternet,someonewilltrytohackit3MeltdownandSpectre:RunningtoKeepUpMeltdownandSpectreprovideadramaticexampleofsomethingsecurityexpertshaveknownforyears:Complexsystems,

3、likemodernCPUs,thataredesignedforperformanceandnotsecurityareinherentlyweakagainstattackers4SecurityFirst:ImplementingTrustbyDesigninSiliconDesignFreedomDesignFreedomSiloedSiloedLayeredSecurityLayeredSecuritySeparategeneralandsecureprocessingOptimizeindependentlyforperformanceandsecurityStrongestsec

4、urityenforcedinhardwareatinnerlayerOuterlayersaremoreflexible,butlesstrustedRootoftrustdesignedfromthebottomupforsecurityControlallimplementationstartingwithopenRISC-VInstructionSetArchitecture5ARootofTrustprovidesatrustedfoundationthattheSoC&applicationscanusetobuildtheirownprotectionRootofTrustpro

5、ductsareexpectedtoproviderobustSecurityandCryptoservicestotheSoCandapplicationsWhyaRootofTrust:ProvidingSecurityandCryptoServicesRootofTrustSecureFunctionality:SecurebootSecurefirmwareupdateAuthenticationAttestationSecuredatastorageSecurekeystorageDevicepersonalizationKeyanddataprovisioningUserdatap

6、rivacySecurecommunicationRuntimeintegritycheckingCryptographicaccelerationSecureprotocolimplementationSecuredebugFeature/configuration/SKUmanagement6WhyaLayeredSecurityApproach?AttacksurfacesarelargeAttackonlyneedstobreakweakestlinkNosinglepointsecurityimplementationisresistanttoallsecurityattacksMa