Root Cause

     

Notes on RISC-V Support and Security Implications

May 20th, 2023
Chris Rohlf

RISC-V (pronounced “risk five”) is an open standard instruction set architecture (ISA) developed in the open by a large number of contributors. It has a permissive license model for both open and closed source implementations of the standard. The RISC-V documentation, discussions, and standards are public and can be found on Github.

Open Source RISC-V

An open source ISA with active development is good, but it is largely useless until someone implements support for fundamental software components such as compilers, linkers, kernels, C libraries, debuggers, JITs etc. There is already wide support for the RISC-V ISA from mainstream open source software including LLVM, GCC, Linux Kernel, and Android among many others. But RISC-V standards are a rapidly moving target and as new designs emerge this software support will need to greatly expand.

Future investment in RISC-V will likely include a similar open source contribution, either complete open sourcing of chip designs, or smaller upstream contributions to various existing software projects to support the software stack that will run on top of these new chips. A large set of foundational components must first be modified/built to support this architecture before the platform is suitable for user applications:


RISC-V Security

Over the last decade many general security and memory safety exploit mitigation technologies migrated from software to hardware (Intel CET, ARM MTE, ARM BTI, ARM Trustzone etc). These hardware implementations are significantly more performant than software at protecting forward and backward edge control flow transfers, enforcing privilege levels, and more. Many similar concepts have found their way into the RISC-V standards. Studying these specifications will be key to understanding how secure, or insecure, a RISC-V implementation / based device is.


When a RISC-V implementer publishes their product as compliant with a specific RISC-V standard it creates an opportunity to diff that product's specific implementation against the standard. Any deviations from the standard will be worth investigating for security vulnerabilities or backdoors. This is not an operation you can easily perform against a proprietary ISA.

RISC-V has the potential to bring new and exciting security capabilities to semiconductors from low end embedded devices all the way up to edge computing, high performance cloud computing, and even ‘supercomputers’.

Given the open nature of RISC-V standards I expect the ecosystem of RISC-V implementations to suffer many of the same issues the Android ecosystem has. Some implementations will be incomplete, or deviate from the specification in undocumented ways to support specific workloads they were designed for. These differences will create security vulnerabilities for consumers as devices based on RISC-V begin to be deployed at scale. The diversity of the RISC-V ecosystem may present the biggest security challenges in the years ahead. But it also has the potential to create opportunities for security protections to be designed, implemented, and deployed at scale in rapid time.