Arm processors and Armv8-M microcontrollers support Arm TrustZone with hardware forced isolation built into the CPU. With the RISC-V processor, such a security solution has not been disclosed so far, but this time it has been released.

SiFive shield overview:

SiFive Shield is an open and scalable security platform designed for RISC-V processors. Supports root of trust, security customization, and provides a protected memory area and multi-core privileged mode for each memory. In combination with SiFive Worldguard, SiFive shields provide better isolation.

World Guard isolates code execution and data protection:
SiFive Worldguard provides a fine security model for quarantined code execution and data protection. There are two core ID (CID) drive mode and process ID (PID) drive mode to protect core, cache, interconnect, peripherals and memory data.

World ID markers (WID) can be used to isolate processes in a multi-core processor system from each other. For single-core processors found in embedded systems, PID drive world IDs (WIDs) can be used to separate execution between user mode and machine mode.

Root of Trust:
SiFive’s Root of Trust is based on open specifications and open source software platforms. SiFive Shield provides secure storage for unique keys on-chip using a unique ID that allows provisioning of keys and certificates in the manufacturing plant.

Memory protection against threats:
The security platform leverages the Physical Memory Protection (PMP) and Physical Memory Attributes (PMA) portions of the RISC-V ISA to set limits and privileges on memory ranges and memory mapped peripherals.

Crypto engine:
Shield architecture includes cryptographic hardware such as a novel random number generator (TRNG), AES encryption engine, secure hash encryption engine that supports SHA-2 and SHA-3 standards, RSA and ECDSA public key encryption Support. The cryptographic engine is protected from SPA / DPA / EMA attacks.

CNX Software article: https://www.cnx-software.com/…/sifive-shield-open-security…/