Imperas announces RISC-V PMP test suite for security applications
Imperas has announced the beta release of the ImperasDV architectural validation test suites for RISC-V Psychical Memory Protection (PMP).
The open standard ISA (Instruction Set Architecture) of RISC-V offers developers a wide range of standard extensions and options that support the design of an optimized processor while leveraging the ecosystem of compatibility. The RISC-V Privileged Specification includes PMP as a fundamental approach to memory protection that is essential in security applications that depend on TEE (Trusted Execution Environments) such as Keystone, OpenTitan, and many other leading techniques for security protection. Thus, functional verification of PMP is essential for any RISC-V processor targeted at security applications.
RISC-V processor implementations for security applications use physical memory protection (PMP) as a way to ensure memory isolation between key security applications and other activities. The RISC-V PMP specification provides a flexible and comprehensive approach based on control registers for the parameterisation of modes to control the memory access, permissions, and policy. By using control registers, the actual policy and operation can be configured in software using the available hardware resources. The PMP policy thus can be configured to control the initial processor boot process and is fundamental to many systems that rely on a TEE for security applications.
RISC-V processor functional verification needs to ensure the design behaves as expected. In the case of the PMP functionality, due to the wide range of possible configurations and implementations, the architectural validation test suite also needs to cover the vulnerabilities that arise from a design error that enable an unnecessary or unwanted option. While some processor developers undertake both the design and test phases of a project, the advantage that 3rd party tests provide is an independent interpretation of the specification and thus offer a valuable additional safeguard. This is especially important when specification options selected for the target device are used to direct the test plan, since an unintended design error that includes an unnecessary and therefore untested feature could allow for a security vulnerability.
“A key part of the RISC-V privilege specification that is fundamental for OS and application security is the PMP feature,” said Allen Baum of Esperanto Technologies, Inc., and Chair of the RISC-V International Architecture Test SIG. “Enabling its correct operation is essential for security applications, and the Imperas PMP test suites are a valuable contribution to the RISC-V compatibility and verification community.”
“In any verification plan, the opportunity to use more tests is always a useful option, but as is often the case some tests are more useful than others,” said Simon Davidmann, CEO at Imperas Software Ltd. “Test suites have many useful qualities, perhaps the top two are coverage and specification completeness. The RISC-V PMP test requirements are significant given the complexity of the specification and security implications for any implementation errors. The Imperas mutating fault simulation technology ensures the test coverage, and the Imperas reference model covers the full envelope of the PMP specification, so when combined these produce a useful architectural validation test suite for any RISC-V processor targeted at security applications.”