SiFive, Inc. announced the company is giving the WorldGuard security model to RISC-V International, providing the RISC-V community with a uniform way to secure their designs and bring them to market faster. RISC-V International is the non-profit home of the open standard RISC-V Instruction Set Architecture (ISA), related specifications, and stakeholder community which has more than 3,570 RISC-V members across 70 countries.
WorldGuard makes it easy for developers to enable a Trusted Execution Environment (TEE) on RISC-V platforms. As a hardware-enhanced software isolation solution, WorldGuard provides protection against improper access to memory or devices by software applications and other bus initiators (such as DMAs). Designers can quickly create domains, also known as “worlds,” for isolated code execution and data protection. WorldGuard doesn’t break the RISC-V ISA and doesn’t require new instructions to be used. It simply adds secure metadata to the transactions issued by the various bus initiators and checks permissions against an Access Control List (ACL) at the destination, whether it’s memory or a peripheral. The isolation is based on multiple levels of privilege for each world, offering robust SoC-level information control.
WorldGuard provides an open, system-level approach to securing access to system resources (memory and peripherals) by software applications. This approach is ideal for creating multiple trusted environments, enabling a Trusted Computing Base (TCB) where the highest level of trust is limited to the secure ROM boot, the Machine-mode firmware, the secure applications, and the Operating Systems (OSs) that implement them. This base of trust is also referred to as the “Trusted Agent.”
Ongoing development of WorldGuard will now be managed by RISC-V International. SiFive will continue to contribute its expertise and resources.