Imagination Technologies introduced OmniShield technology designed to provide a scalable and secure solution for protection of next-generation SoCs.
The solution addresses security concerns at the platform level. It offers chip makers and OEMs the advanced security framework they need to build better devices.
Connected products such as Internet of Things (IoT), gateway routers, IPTVs, mobile devices and automotive systems must increasingly be designed to support numerous unique applications, various content sources, and in-the-field software updates from service providers and operators, all while ensuring privacy and data protection. With these multiple applications and associated data co-existing on the same SoC, each must be kept secure both from external attacks and also from each other.
For example, set-top boxes must now protect not only broadcast content, but also over-the-top (OTT) streaming video and third party applications.
Today?s embedded security approaches are CPU centric, binary (one secure zone / one non-secure zone) and are complicated to implement. These solutions won't scale to address the sophisticated types of applications and services being enabled by next-generation connected devices and the cloud.
Imagination?s OmniShield is a scalable security technology that ensures that applications that need to be secure and isolated from each other as well as protected from non-secure applications, while still meeting required levels of functionality, performance, cost, and power consumption. OmniShield goes beyond a binary approach to create multiple secure domains, where each secure/non-secure application/operating system can operate independently in its own separate environment. For example, secure processes such as DRM and payment systems can coexist with non-secure processes such as gaming and web browsing.
This multi-domain separation-based architecture also eases development and deployment of applications and services. Thanks to OmniShield, developers will be able to securely develop and debug code in a virtualized environment, and operators and other service providers can configure devices for provisioning of services in the field.
OmniShield also addresses the scalability that heterogeneous architectures will require by protecting all of the processors in an SoC - including the CPU, GPU and others. In a heterogeneous architecture, application data and resources will be shared between the CPU and other processors in the system, so those processors will now face the same level of exposure as the CPU, and must be given the same level of protection.
OmniShield encompasses both hardware and software components, enabling companies for the first time to implement a secure, heterogeneous multi-domain application environment using hardware-enforced separation and protection throughout. Because it is based on hardware supported virtualization, OmniShield is efficient and does not compromise performance, which is especially important in embedded environments such as IoT.
OmniShield leverages the fact that hardware virtualization is applicable to all processing engines including general processors (CPUs) and application specific processors such as GPUs. In addition, since virtualization concepts are already well understood and supported techniques in many operating systems and RTOS, they provide a proven foundation for hardware enablement and extensions needed for next-generation security.
Imagination is building OmniShield support into its entire range of processors, including MIPS Warrior CPUs, PowerVR multimedia processors and Ensigma processors. Imagination?s processors are designed to operate in heterogeneous and coherent clusters connected by a scalable secure interconnect fabric which extends OmniShield throughout the SoC with secure flows controlled by a trusted hypervisor. In addition, Imagination and its partners will provide virtualized Root-of-Trust IP blocks for OmniShield including crypto, Public Key Accelerator, true random number generators, secure I/O for external TPMs and secure ROM.
Imagination is building on its OmniShield-ready processor IP technologies by assembling advanced SoC and platform software, all OmniShield-ready. This includes trusted boot and other security functions, as well as trusted hypervisors and secure OS, some of which will be available in 2015 through the open source prpl Foundation. The prpl security working group is also working to deliver an overall security framework, open APIs (application programming interfaces), and reference platforms supporting the multi-domain technology.
OmniShield reference designs will be available in 2015.