The Prpl Foundation, an open-source non-profit organization formed by Imagination Technologies Group plc and others as a support community for development around the MIPS processor architecture, has formed a working group to address security—the Security PEG (Prpl engineering group).
The working group is chartered to define an open-security framework for deploying virtualized services across fixed, mobile and IoT networks. Members active in the group include Broadcom, Ikanos, Imagination, Imperas Software, Ingenic, Lantiq and Qualcomm Atheros. Lantiq is in the process of being acquired by Intel, subject to regulatory approval.
Each company is contributing members to the Security PEG, which is looking to create generic guidelines and definitions to advance security for multiple operating systems co-existing on heterogeneous hardware. This means that the security standards that the PEG is trying to create will need to be applicable across multiple process instruction set architectures (ISAs).
Although the Prpl (pronounced "purple") Foundation was created by a group of MIPS licensees, it has always stressed that it is not limited to supporting the MIPS 32-bit and 64-bit architectures and is "open to others." The Security PEG provides a concrete example of this.
"We intend to open this up to as many architectures as possible," Cesare Garlati, chief security strategist at Prpl Foundation and previously vice president of mobile security for Trend Micro Inc., tells Electronics360. "We want to define a framework for all; a common approach to security. It is now the case that applications can be virtualized and even that multiple operating systems can be running on single heterogeneous system chip. There is a need to partition a SoC to be able to offer different services without compromising the integrity of each or the privacy of data."
Many Use Cases Already in Need
Garlati gives the example of cable television set top boxes and home gateway boxes, which may provide multiple services and the importance of segregating data, sometimes for the protection of service users and sometimes to prevent piracy of copyrighted entertainment streams.
The Security PEG is beginning work on the definition of a security roadmap to get from today’s software-virtualized solutions to full hardware supported virtualization, enabling multi-domain security across processors (CPUs, GPUs, NPUs), heterogeneous SoCs and systems built on these technologies including connected devices, routers and hubs. In addition, the Security PEG will define necessary application programming interfaces (APIs) for various levels of the security stack.
It is Prpl's view that such a development is overdue and that there are numerous use cases in mobile communications, in the connected car, in home gateways and in the coming Internet of Things that will benefit from a standard for hardware-assisted virtualization. One example is isolating the Android user interface and streamed content in home gateways and set top boxes. Another is the hardware-assisted isolation of different data types—such as health, payments, multimedia content, in Linux and Android operating systems in smartphones, tablets, wearables, automobiles, set-top boxes and IPTV.
"Heterogeneity is a double-edged sword," says Garlati. It provides choice and the option of multiple optimizations but it also creates the potential for repeated work and incompatibilities in terms of security, he says.
"We want to unify the approach to hardware security," Garlati says. “We welcome all players, including ARM, and there is already an open-source microkernel that supports multiple OSes in parallel.”
Garlati says that he expects the Security PEG to produce a series of API definitions by the end of 2015. Garlati says Prpl also intends to form cross links with other organizations such as the Heterogeneous Systems Architecture (HSA) Foundation and Linaro to help drive efficient standards setting.
"Our customers see a real need and demand for industry-wide solutions addressing secure hypervisors, operating systems, firmware and applications," says Simon Davidmann, CEO of Imperas Software Ltd., in a statement issued by the Prpl Foundation.
"For the last few years, the design community's focus has been on low power and we have done a good job,” Garlati says. “The new frontier is security and how we can make sure those devices and billions more to come can be used in a safe way."
Tom Hackenberg, principal analyst for embedded processing at IHS Technology, comments: "The PRPL foundation is a necessary component for the livelihood of the MIPS architecture from Imagination Technologies. No IP vendor of any substantial size can afford not to provide an open community as a place for collaboration—to promote the use of the IP—and a place for the provider to catch and resolve real or perceived issues for the community before frustrated users begin to vent in more damaging ways. It is also a very good way to understand what features chip designers are looking for but can't find. This enables the IP supplier, Imagination Technologies in this case, to work on ways to solve those problems in the next product releases."
MIPS missed out on the explosive growth in the market for mobile devices such as mobile phones, smartphones and tablet computers, which is now dominated by the ARM architecture. This missed opportunity weakened MIPS, leading to its acquisition by Imagination.
"Imagination has been set with the daunting task of differentiating the MIPS architecture as the solutions for media SoCs. Imagination brings the top-ranked embedded graphics core IP to the blend for a very competitive SoC," Hackenberg says.
"Unfortunately, as elegant and powerful a solution as they have, it will be an extreme struggle against the proliferation of the ARM embedded architecture and the perception that many suppliers need to have ARM-compatible solutions to be competitive,” Hackenburg says. “If Imagination Technologies is to re-carve a niche as the highest quality media processing SoC, they will need tools like Prpl to accomplish it.”
Questions or comments on this story? Contact firstname.lastname@example.org
Related links and articles: