HY has been talking up Security for nex-gen SoCs for some time now, and here is the end-product. He feels , obviously, that it is a better solution than ARM's TrustZone ie. an important differentiator, and that customers are more likely to choose IMG-based SoCs as a result.
LONDON, UK – 20th May, 2015 – Imagination Technologies (IMG.L) introduces OmniShield™ technology designed to provide the industry’s most scalable and secure solutions for protection of next-generation SoCs. With OmniShield-ready hardware and software IP, Imagination is ensuring that customers’ SoCs and OEMs’ products are designed for security, reliability and dynamic software management, as use models and services evolve across a wide range of connected devices.
Connected products such as Internet of Things (IoT), gateway routers, IPTVs, mobile devices and automotive systems must increasingly be designed to support numerous unique applications, various content sources, and in-the-field software updates from service providers and operators, all while ensuring privacy and data protection. With these multiple applications and associated data co-existing on the same SoC, each must be kept secure both from external attacks and also from each other.
For example, set-top boxes must now protect not only broadcast content, but also over-the-top (OTT) streaming video and third party applications. In automotive, communications are becoming tightly coupled with smartphones, bringing third party services into the automotive infrastructure. And in supporting emerging applications such as self-parking and autonomous driving, it is critical to ensure ultra-safe operation to meet ADAS requirements.
Today’s embedded security approaches are CPU centric, binary (one secure zone / one non-secure zone) and are complicated to implement. These solutions won’t scale to address the sophisticated types of applications and services being enabled by next-generation connected devices and the cloud.
Imagination’s OmniShield is a scalable security technology that ensures that applications that need to be secure are effectively and reliably isolated from each other as well as protected from non-secure applications, while still meeting required levels of functionality, performance, cost, and power consumption. OmniShield goes beyond a binary approach to create multiple secure domains, where each secure/non-secure application/operating system can operate independently in its own separate environment. For example, secure processes such as DRM and payment systems can coexist with non-secure processes such as gaming and web browsing.
This multi-domain separation-based architecture not only ensures security and reliability, but also eases development and deployment of applications and services. Thanks to OmniShield, developers will be able to securely develop and debug code in a virtualized environment, and operators and other service providers can configure devices for provisioning of services in the field.
OmniShield also addresses the scalability that heterogeneous architectures will require by protecting all of the processors in an SoC – including the CPU, GPU and others. In a heterogeneous architecture, application data and resources will be shared between the CPU and other processors in the system, so those processors will now face the same level of exposure as the CPU, and must be given the same level of protection.
OmniShield encompasses both hardware and software components, enabling companies for the first time to implement a truly secure, heterogeneous multi-domain application environment using hardware-enforced separation and protection throughout. Because it is based on hardware supported virtualization, OmniShield is efficient and does not compromise performance, which is especially important in embedded environments such as IoT.
OmniShield leverages the fact that hardware virtualization is applicable to all processing engines including general processors (CPUs) and application specific processors such as GPUs. In addition, since virtualization concepts are already well understood and supported techniques in many operating systems and RTOS, they provide an ideal and proven foundation for hardware enablement and extensions needed for next-generation security. These facts mean that OmniShield can offer a universal security solution that delivers the ultimate combination of protection, scalability and efficiency.
Tony King-Smith, EVP marketing, Imagination, says: “The separation-based architecture of OmniShield will play a critical role in minimizing attack surface area in next-generation connected devices. Our customers are using OmniShield-ready IP to create innovative SoCs that will empower their customers to deploy new trusted services and applications. PowerVR IP is already used in secure heterogeneous environments thanks to the virtualization in some Series6XT GPUs. We’ll soon see OmniShield-ready systems based on our other processors including PowerVR Series7 GPUs and MIPS Warrior CPUs. This is the start of a new era of secure SoC and cloud-based systems design.”
OmniShield-ready hardware and software
Imagination is building OmniShield support into its entire range of processors, including MIPS Warrior CPUs, PowerVR multimedia processors and Ensigma processors. Imagination’s processors are designed to operate in heterogeneous and coherent clusters connected by a scalable secure interconnect fabric which extends OmniShield throughout the SoC with secure flows controlled by a trusted hypervisor. In addition, Imagination and its partners will provide a growing range of virtualized Root-of-Trust IP blocks for OmniShield including crypto, Public Key Accelerator, true random number generators, secure I/O for external TPMs and secure ROM.
Imagination is building on its OmniShield-ready processor IP technologies by assembling some of the industry’s most advanced SoC and platform software, all OmniShield-ready. This includes trusted boot and other security functions, as well as trusted hypervisors and secure OS, some of which will be available in 2015 through the open source prpl Foundation. The prpl security working group is also working to deliver an overall security framework, open APIs (application programming interfaces), and reference platforms supporting the multi-domain technology. Imagination is already working with a wide range of industry-leading providers of third party security solutions in support of OmniShield, resulting in a strong and growing ecosystem of partners supporting Imagination in every aspect of secure SoC and connected system design.
Availability
Multiple partners are already designing SoCs using OmniShield technology. OmniShield reference designs will be available in 2015. Contact info@imgtec.com for more information.
Imagination Summit Silicon Valley: Securing the Future
Imagination will hold its annual Silicon Valley Summit at the Hyatt Regency Santa Clara on Thursday, May 21st. This year the event is focused on “Securing the Future” with presentations from Imagination and partners on a variety of related topics, including OmniShield. Visit http://www.imgtec.com/events/detail.asp?ID=37 for more information and to register.
Supporting Quotes
“As Elliptic focuses on driving open security initiatives as part of the prpl Foundation, we are in close collaboration with Imagination as they develop and roll out OmniShield enabled technologies. The success of future technology advancements depends on trust, therefore it is essential to take a holistic approach to security as we address evolving threats to connected devices in relation to the IoT, gateways, big data and the cloud.”
– Mike Borza, CTO, Elliptic Technologies
“With Ikanos’ multi-threading MIPS-based processors, we are enabling end-to-end, high speed and secure broadband access for provisioning of new revenue-generating triple- and quad-play services. And in the connected home, our processors are powering an array of new wireline and wireless gateways and routers, designed to address performance and security requirements of carriers, looking to offer new applications in IOT, home automation and other cloud-based services. It’s good to see Imagination addressing security needs as use models and services for these devices continue to evolve.”
– Kourosh Amiri, Vice President of Marketing, Ikanos
“Next-generation connected devices such as smart home gateways need to implement new security paradigms to address changing usage models, new applications and a range of new threats. We are pleased to see Imagination taking a leading role in driving discussion and action around next-generation security, which will be key to successfully delivering connected home devices that are consumer-friendly and trusted.”
– Dan Artusi, VP & General Manager, Lantiq – an Intel Company
“With Imagination’s PowerVR GPUs, MediaTek continues to push the envelope in terms of graphics innovation in our products. And while our graphics capabilities will continue to grow in exciting new directions, GPUs will also increasingly go beyond providing pure graphics functionality, and will need the same level of protection as the CPU. We’re pleased that Imagination is taking a leadership position in driving SoC security by offering a separation-based multi-domain architecture across all its GPUs.”
– Tom Hsieh, Marketing Director of Wireless Communications BU, MediaTek
“Imagination’s multi-domain OmniShield technology fits perfectly into the open framework that we are developing in the prpl Foundation’s security working group. There is clear market demand for hardware-based security to augment software-based approaches, particularly in heterogeneous, multitenant applications. Companies in a variety of vertical segments are demanding a way to securely deploy new services on existing devices without impacting services that are already present. Imagination is making important contributions in this regard, and we are excited to rally the prpl community to enable this type of secure, scalable, multi-domain approach.”
– Art Swift, President, prpl Foundation
“Together with Imagination and Green Hills Software, we’ve already shown the power of virtualization on a PowerVR G6400 GPU in our R-Car H2 SoC, enabling a real-time subsystem and a Linux-based subsystem to execute concurrently and securely. The direction Imagination is taking by enabling multi-domain security through its OmniShield-enabled GPUs and other processors with hardware virtualization is well aligned with what we see as needs in future automotive platforms.”
– Masahiro Suzuki, Vice President, Head,
Automotive Information System Business Division, Renesas
Automotive Information System Business Division, Renesas
“The industry needs to reexamine how it’s dealing with embedded security in light of emerging applications and an ever increasing number of connected devices. The holistic approach that Imagination is taking with its OmniShield technology represents the right direction. Imagination has also developed OmniShield to be accessible to its customers with negligible performance and area overhead. The ability to keep security related costs to a minimum will be a key advantage, especially for cost sensitive applications such as IoT.”
– Richard Wawrzyniak, Senior Market Analyst: ASIC & SoC, Semico Research Corp.
No comments:
Post a Comment