Introduction to RISCV
Learn how to secure systems that use the new RISCV architecture.
This is an introductory course to RISCV security. Specifically, it is both an introduction to RISCV, with day 1 focusing on the ecosystem, the ISA, and the tooling as well as an introduction to RISCV security architecture which is on day 2. While there will be some discussion and demonstration on building custom RISCV cores, largely through simulation, it will be primarily low-level software focused in the exercises (assembly and C), although considerations for SoC design and security evaluation will be discussed.
At the end of this course students will have an understanding of the RISCV software development ecosystem, the core RISCV ISA, the security architecture of RISCV focusing on specific mechanics of the privileged ISA, and be comfortable writing basic assembly for RISCV.
Topics Covered in this course :
- RISCV, the hype that all the technical marketing people tell you and then the reality of working with RISCV
- The core 32bit RISCV ISA (some 64 bit will be discussed, but primarily we are MCU focused)
- Adding custom opcodes and simulating with Spike
- Understanding the toolchain for RISCV software development
- RISCV Security architecture
- The Privileged ISA
- How a Trusted Execution Environment is made on RISCV
- Development in C and ASM
- Weaknesses in RISCV security and where to go looking for exploits
Day 1 - Introduction to the RISCV ISA
- Background on RISCV
- Overview of the hardware and software development ecosystem
- Behind the hype of RISCV -- the state of the ecosystem from actually trying to build things in RISCV
Discussion 1: Introduction to RISCV
- Why is the significance of RISCV? What are the changes that are enabled by RISCV?
- We’ll discuss the modular aspect of RISCV instruction set extensions
- We’ll want to understand the “core” RISCV ISA, what’s included and what the nomenclature means
- We’ll discuss the appeal to computer architect designers and the ecosystem of creating a core.
Assignment 1: Basic RISCV Opcodes
- Using a convenient online RISC-V Interpreter (https://www.cs.cornell.edu/courses/cs3410/2019sp/riscv/interpreter/) student will write several short programs to understand the ISA.
- Students will exercise the basic instruction set to include conditional branching, arithmetic, loading and storing registers, and loading and storing to memory.
Discussion 2: Creating a new OPCODE
- One of the appeals of RISCV is creating a custom processor, we’ll discuss creating a new OPCODE to the RISCV ISA
- We’ll discuss the various tools and workflow one might consider when designing a new OPCODE, to include various hardware-software co-design tools
- Since engineering is all about trade-offs, we’ll go over the tradeoffs of using a new opcode vs adding a co-processor. We’ll discuss how other softcore processors, that don’t include an customizable ISA, allow for custom extensions.
Assignment 2: Create a new OPCODE with Spike
- First, students will use and install Spike to simulate the RISCV ISA
- Students will develop a small application that will run on the standard RISCV ISA and simulate it with Spike
- Students will then design a new OPCODE, add the simulated support to Spike, and rebuild their toolchain to be aware of their new OPCODE
- Students will write new assembly code using their custom instruction and run it in their custom simulator
Day 2 - RISCV Security architecture on the HiFive Board
- Walkthrough of the HiFive1RevB Board
- SiFive Freedom IDE and SDK usage
- Developing C and Assembly code for RISCV
- RISCV Security Architecture Overview
- Building and evaluating a TEE on RISCV
Discussion 6: High Five your HiFive Board
- We will discuss the HiFive Board and do a hardware walkthrough of the development kit
- The instructor will demonstrate Freedom Studio, SiFive’s IDE with an SDK for RISCV development on their cores
Assignment 7: RISCV Assembly on real hardware
- Enough with the simulator! Students will blink RGB LEDs on the board in RISCV Assembly which will require the following tasks:
- Read and navigate SiFive datasheets
- Understand memory mapped I/O
- Use Freedom Studio to develop assembly code
- Write assembly code to toggle the LEDs
Discussion 6: RISCV Security Model
- We will discuss the overall RISCV Security Model and the threats it attempts to mitigate
- We’ll discuss what threats the RISCV ISA can’t solve in a SoC design, e.g. secure boot
- Students will understand the different modes in the privileged instruction set
- Students will learn how different interactions of the core interact with the privileged modes, e.g. interrupts, and traps.
Assignment 7: Basic TEE in RISCV
- Students will make a basic TEE using machine and user modes
- Students will make an user mode context shift to toggle machine mode controlled LEDs
Assignment 7: Crypto TEE in RISCV
- Students will extend their TEE such that machine mode performs cryptographic operations
- Students will develop a small trusted application where user mode calls into machine mode, passing data between the modes, to encrypt data and return the result
Assignment 8: Attacks on RISCV
- Students will evaluate their TEE for various hardware and software attacks
- Like all technology marketing, it only tells users what it does, not what it doesn’t do. Students will evaluate the shortcomings of the RISCV security model.
Remote hardware and remote virtualization environments are available for this class. To get access to the hardware or the virtualization environment remotely, please contact our chat support.
Requirements
- The SiFive Rev1B HiFive board.
- Desktop or laptop capable of running VMWare and about 20G of available space. (The .ova is 14G).