New OmniShield platform implements multi-domain security for connected devices

There is revolution driving the world of semiconductors right now. From wearables to smart cars and homes, it seems connectivity is replacing orange as the new black of worldwide innovation. However, when connecting billions of users to the internet and to each other, companies must ensure that devices implement future-proof security.

The easiest way to address this is by relying on a powerful combination of hardware and software – and this is where OmniShield from Imagination steps in.

OmniShield explained

In anticipation of the Imagination Summit 2015 event in Santa Clara, Imagination is introducing OmniShield, a revolutionary approach to security across all markets.

Though current security solutions are acceptable for existing products, they don’t scale to meet the needs of next-generation products that are becoming increasingly connected and must support a range of new applications and services.

OmniShield - limited securityCurrent security solutions cannot scale

Think of your mobile processor as your home; if someone were to break into the house, they might then proceed to get access into every room.

OmniShield offers a vastly superior solution by implementing multiple locks (secure domains) protected by the strong, reinforced steel doors you see in movies (hardware isolation at the chip level); within every room, there are also many storage boxes with individual locks to provide further protection.

If thieves enter the house, it will be close to impossible to break into every room.

This ability to create multiple secure heterogeneous domains is a unique feature of our MIPS Warrior CPUs, PowerVR Series7 GPUs (and select PowerVR Series6XT GPUs) or Ensigma NPUs.

OmniShield - security software and hardware architecture___fOmniShield: hardware and software architecture

The diagram below presents a general use case for combining two of our OmniShield-ready families (MIPS Warrior CPUs and PowerVR Series7 GPUs) to obtain a next-generation platform that is designed to support fully secure applications.

OmniShield - security for all devices__fOmniShield adopts a platform-wide approach to security across many markets

Since MIPS CPUs and PowerVR GPUs are heterogeneous and coherent, they operate on a unified memory model, no longer copying data between memory buffers. Now that we’ve added virtualization to both families of silicon IP, we can create a fully protected and isolated architecture that implements secure virtualization in the context of coherent memory accesses.

MIPS Warrior CPUs support several secure domains

While competing solutions only offer up to one trusted zone where all virtualized software is forced to co-exist, MIPS Warrior CPUs support multiple secure domains. Remarkably and uniquely, this level of support is offered across the range, from M-class microcontrollers such as M5100 and M5150 to 64-bit I-class processors like I6400.

MIPS M5100 - hardware virtualizationMIPS MCUs implement multiple secure domains

This enables system designers to implement advanced security across a wide range of devices, from the smallest IoT sensors to data center many-core SoCs. Additionally, MIPS CPUs run the latest ultra-secure hypervisors and have been designed to support the latest technologies for secure content delivery or identity protection across multiple applications and content sources.

Virtualization goes beyond CPUs

Secure virtualization is not a CPU-only concern. System designers also pay particular attention to devices that incorporate firmware programmable processors that operate on memory shared with CPUs (including graphics, video, camera or network subsystems).

Imagination has recently announced a new generation of GPUs designed from the ground-up for secure virtualization. The new PowerVR Series7 family is designed to address the privacy and security needs of evolving and emerging connected applications.

PowerVR Series7XT and Series7XE GPUs are optimized to support multiple independent security contexts and execution domains by providing CPU-agnostic hardware virtualization deeply embedded in the graphics architecture.

PowerVR Series7 - virtualization_zonesAdvanced security and hardware virtualization is fully supported in PowerVR Series7 GPUs

This new generation of GPUs will enable customers in segments such as automotive to build systems where the dashboard and infotainment system can run independently and reliably on the same platform. For Android smartphones and tablets, hardware virtualization can keep a user’s personal data secure from health data collected by a wearable device.

Extending protection at the networking level

Ensigma NPUs implement a range of security solutions including basic building blocks for on-chip cryptography (symmetric/asymmetric ciphers, authentication engines), high-performance protocol processing engines (for IPSec, MACSec, and SSL/DTLS offload) and secure infrastructure for SoCs. These solutions are designed to reduce power consumption and increase performance for high-throughput data processing and secure communications.

Applications for OmniShield

Click on the links below if you want to know how consumer and enterprise markets can benefit from our OmniShield platform:

We will be showing a few demonstrations for these applications at our summit. Make sure you also follow us on Twitter (@ImaginationPR, @ImaginationTech) for the latest news and announcements from Imagination.

Leave a Comment