Imagination’s OmniShield enables next-generation SoC security
Changing use models in connected devices necessitate a new approach to ensure security for OEM products and operator services
Imagination Technologies (IMG.L) introduces OmniShield™ technology designed to provide the industry’s most scalable and secure solutions for protection of next-generation SoCs. With OmniShield-ready hardware and software IP, Imagination is ensuring that customers’ SoCs and OEMs’ products are designed for security, reliability and dynamic software management, as use models and services evolve across a wide range of connected devices.
Connected products such as Internet of Things (IoT), gateway routers, IPTVs, mobile devices and automotive systems must increasingly be designed to support numerous unique applications, various content sources, and in-the-field software updates from service providers and operators, all while ensuring privacy and data protection. With these multiple applications and associated data co-existing on the same SoC, each must be kept secure both from external attacks and also from each other.
For example, set-top boxes must now protect not only broadcast content, but also over-the-top (OTT) streaming video and third party applications. In automotive, communications are becoming tightly coupled with smartphones, bringing third party services into the automotive infrastructure. And in supporting emerging applications such as self-parking and autonomous driving, it is critical to ensure ultra-safe operation to meet ADAS requirements.
Today’s embedded security approaches are CPU centric, binary (one secure zone / one non-secure zone) and are complicated to implement. These solutions won’t scale to address the sophisticated types of applications and services being enabled by next-generation connected devices and the cloud.
Imagination’s OmniShield is a scalable security technology that ensures that applications that need to be secure are effectively and reliably isolated from each other as well as protected from non-secure applications, while still meeting required levels of functionality, performance, cost, and power consumption. OmniShield goes beyond a binary approach to create multiple secure domains, where each secure/non-secure application/operating system can operate independently in its own separate environment. For example, secure processes such as DRM and payment systems can coexist with non-secure processes such as gaming and web browsing.
This multi-domain separation-based architecture not only ensures security and reliability, but also eases development and deployment of applications and services. Thanks to OmniShield, developers will be able to securely develop and debug code in a virtualized environment, and operators and other service providers can configure devices for provisioning of services in the field.
OmniShield also addresses the scalability that heterogeneous architectures will require by protecting all of the processors in an SoC – including the CPU, GPU and others. In a heterogeneous architecture, application data and resources will be shared between the CPU and other processors in the system, so those processors will now face the same level of exposure as the CPU, and must be given the same level of protection.
OmniShield encompasses both hardware and software components, enabling companies for the first time to implement a truly secure, heterogeneous multi-domain application environment using hardware-enforced separation and protection throughout. Because it is based on hardware supported virtualization, OmniShield is efficient and does not compromise performance, which is especially important in embedded environments such as IoT.
OmniShield leverages the fact that hardware virtualization is applicable to all processing engines including general processors (CPUs) and application specific processors such as GPUs. In addition, since virtualization concepts are already well understood and supported techniques in many operating systems and RTOS, they provide an ideal and proven foundation for hardware enablement and extensions needed for next-generation security. These facts mean that OmniShield can offer a universal security solution that delivers the ultimate combination of protection, scalability and efficiency.
Tony King-Smith, EVP marketing, Imagination, says: “The separation-based architecture of OmniShield will play a critical role in minimizing attack surface area in next-generation connected devices. Our customers are using OmniShield-ready IP to create innovative SoCs that will empower their customers to deploy new trusted services and applications. PowerVR IP is already used in secure heterogeneous environments thanks to the virtualization in some Series6XT GPUs. We’ll soon see OmniShield-ready systems based on our other processors including PowerVR Series7 GPUs and MIPS Warrior CPUs. This is the start of a new era of secure SoC and cloud-based systems design.”
OmniShield-ready hardware and software
Imagination is building OmniShield support into its entire range of processors, including MIPS Warrior CPUs, PowerVR multimedia processors and Ensigma processors. Imagination’s processors are designed to operate in heterogeneous and coherent clusters connected by a scalable secure interconnect fabric which extends OmniShield throughout the SoC with secure flows controlled by a trusted hypervisor. In addition, Imagination and its partners will provide a growing range of virtualized Root-of-Trust IP blocks for OmniShield including crypto, Public Key Accelerator, true random number generators, secure I/O for external TPMs and secure ROM.
Imagination is building on its OmniShield-ready processor IP technologies by assembling some of the industry’s most advanced SoC and platform software, all OmniShield-ready. This includes trusted boot and other security functions, as well as trusted hypervisors and secure OS, some of which will be available in 2015 through the open source prpl Foundation. The prpl security working group is also working to deliver an overall security framework, open APIs (application programming interfaces), and reference platforms supporting the multi-domain technology. Imagination is already working with a wide range of industry-leading providers of third party security solutions in support of OmniShield, resulting in a strong and growing ecosystem of partners supporting Imagination in every aspect of secure SoC and connected system design.
Multiple partners are already designing SoCs using OmniShield technology. OmniShield reference designs will be available in 2015. Contact email@example.com for more information.
Imagination Summit Silicon Valley: Securing the Future
Imagination will hold its annual Silicon Valley Summit at the Hyatt Regency Santa Clara on Thursday, May 21st. This year the event is focused on “Securing the Future” with presentations from Imagination and partners on a variety of related topics, including OmniShield. Visit http://www.imgtec.com/events/detail.asp?ID=37 for more information and to register.