To address security, privacy and reliability concerns in a wide range of devices, MIPS has added hardware supported virtualization technology to its latest cores.
Hardware virtualization provides the foundation for MIPS multi-domain security technology, which ensures that applications that need to be secure are effectively and reliably isolated from each other, as well as protected from non-secure applications.
Since virtualization concepts are already well understood and supported techniques in many OS and RTOS, they provide an ideal and proven foundation for hardware enablement and extensions needed for next-generation security.
This can be achieved with software virtualization only (para-virtualized) or with hardware virtualization assistance (fully virtualized). Para-virtualized solutions exist and run on MIPS-Based™ cores today, and the MIPS architecture provides hardware-assisted virtualization.
The core element of virtualization is the hypervisor, a small body of trusted and privileged code that sits above the hardware, managing and orchestrating all of the SoC resources. It manages the resources by defining access policies for each execution environment or “guest.” Guests are isolated from each other, but can communicate with the hypervisor and with each other via secure APIs. This ensures the reliability of the system by allowing the rest of the guests to operate reliably even if one of the guests crashes. The hypervisor manages all memory I/O privileges of the subsystems.
Hypervisors in general are easier to secure than the multiple operating systems running on top of them, because they have a smaller footprint and hence have an easier time achieving certification.
There are different ways to implement a virtualized system. Para-virtualization is an excellent approach for retrofitting a scalable security solution into deployed embedded systems that are not due for additional hardware updates, but require a trusted execution environment. Para-virtualization improves performance by optimizing the interaction of the OS and the hypervisor, but there is some effort required to customize the OSes. Hardware-assisted virtualization, once incorporated into a CPU, provides the benefits of improved virtualization performance with no modification of the guest operating systems required.
Hypervisors
Hypervisors for the MIPS architecture are available from partners including Seltech and PUCRS University in Brazil. The Sierravisor hypervisor from Sierraware is also available for MIPS.