Root Cause
Notes on RISC-V Support and Security Implications
May 20th, 2023
Chris Rohlf
RISC-V (pronounced “risk five”) is an open standard instruction set architecture (ISA) developed in the open by a large number of contributors.
It has a permissive license model for both open and closed source implementations of the standard. The RISC-V documentation, discussions, and
standards are public and can be found on Github.
Open Source RISC-V
An open source ISA with active development is good, but it is largely useless until someone implements support for fundamental software
components such as compilers, linkers, kernels, C libraries, debuggers, JITs etc. There is already wide support for the RISC-V ISA from
mainstream open source software including LLVM, GCC, Linux Kernel, and Android among many others. But RISC-V standards are a rapidly moving
target and as new designs emerge this software support will need to greatly expand.
Future investment in RISC-V will likely include a similar open source contribution, either complete open sourcing of chip designs, or smaller
upstream contributions to various existing software projects to support the software stack that will run on top of these new chips. A large
set of foundational components must first be modified/built to support this architecture before the platform is suitable for user applications:
- LLVM and GCC Compiler Infrastructure
- Code generation
- Optimization pipelines
- Just In Time (JIT) compilation support
- Javascript JIT components in web browsers
- Android Dalvik/ART JIT
- Linux Kernel BPF
- Foundational C Libraries (libc, math etc)
- Common functions (memcpy, memset etc) optimized for RISC-V
- Machine optimized floating point, matrix multiplication, and vector operations
- Toolchains
- GNU Binutils
- Debuggers (GDB, LLDB)
- Disassemblers, decompilers
RISC-V Security
Over the last decade many general security and memory safety exploit mitigation technologies migrated from software to hardware (Intel CET, ARM MTE, ARM BTI, ARM Trustzone etc). These hardware implementations are significantly more performant than software at protecting forward and backward edge control flow transfers, enforcing privilege levels, and more. Many similar concepts have found their way into the RISC-V standards. Studying these specifications will be key to understanding how secure, or insecure, a RISC-V implementation / based device is.
- Control Flow Integrity
- “To enforce backward edge control flow integrity, the extension introduces a shadow stack. To enforce forward edge control flow integrity, the extension introduces labeled landing pad instructions.”
- This standard is still under development but will heavily influence exploitation strategies against memory safety vulnerabilities in RISC-V targets.
- If a RISC-V implementer deploys these correctly they may significantly raise the bar for exploitation relative to proprietary ISA’s. But if they choose to not implement them, and the implementation is not available in a widely adopted compiler toolchain, then software vulnerabilities running on these systems would be easily exploitable.
- https://github.com/riscv/riscv-cfi
- JIT’d Language Targets
- This standard is attempting to make RISC-V ISA more friendly to programming languages that are typically JIT’d from an interpreted bytecode (Python, Ruby, Javascript etc). These extensions would primarily serve to make JIT development easier and produce more performant code for common operations and design patterns such as NaN-Boxing, and dynamic typing.
- Could result in different instruction density and security relevant constructs for programs written in these languages.
- https://github.com/riscv/riscv-j-extension
- Cryptography Extension
- “This repository is used to develop standardization proposals for scalar and vector cryptographic instruction set extensions for the RISC-V architecture.”
- Cryptographic instruction extensions make heavily used mathematical operations in common cryptographic schemes much more performant (e.g. vectorizing AES-CTR/GCM operations so they may be performed many times per-second over data streams).
- This standard could also influence how security critical operations such as secure boot are implemented.
- https://github.com/riscv/riscv-crypto
- Virtual Memory Extension
- This standard is focusing on virtual memory specifics such as address translation, cacheability, etc.
- This standard is important for understanding any side channel risks inherent to the architecture as demonstrated on other popular ISA’s over the last several years (e.g. Spectre, Meltdown etc).
- https://github.com/riscv/virtual-memory
- Multi Zone Privilege Security Model
- Some RISC-V implementers have created support for a Trusted Execution Environment.
- These capabilities allow implementers to create different security privilege levels and domains that separate untrusted code from trusted code.
- https://hex-five.com/multizone-security-tee-riscv
- https://hex-five.com/download
- https://github.com/hex-five/multizone-api
When a RISC-V implementer publishes their product as compliant with a specific RISC-V standard it creates an opportunity to diff that product's specific implementation against the standard. Any deviations from the standard will be worth investigating for security vulnerabilities or backdoors. This is not an operation you can easily perform against a proprietary ISA.
RISC-V has the potential to bring new and exciting security capabilities to semiconductors from low end embedded devices all the way up to edge computing, high performance cloud computing, and even ‘supercomputers’.
Given the open nature of RISC-V standards I expect the ecosystem of RISC-V implementations to suffer many of the same issues the Android ecosystem has. Some implementations will be incomplete, or deviate from the specification in undocumented ways to support specific workloads they were designed for. These differences will create security vulnerabilities for consumers as devices based on RISC-V begin to be deployed at scale. The diversity of the RISC-V ecosystem may present the biggest security challenges in the years ahead. But it also has the potential to create opportunities for security protections to be designed, implemented, and deployed at scale in rapid time.