Using RISC-V in FPGAs for strategic defense systems
StoryFebruary 13, 2018
The defense market is often characterized as slow-moving and a laggard when it comes to high-tech components. The strict certifications and testing that are often required for upgrading military systems generally cannot be rushed. At the same time, though, there is growing demand to speed development cycles for the next generation of strategic defense products.
Field-programmable gate arrays (FPGAs) and system-on-chip (SoC) FPGAs can be used to accelerate prototyping and other development steps for mission-critical defense products, which often require functions such as secure communications, trusted intellectual property (IP), inspection of register transfer level (RTL) source code for certification, antitamper requirements, supply chain assurance, and more. To meet these challenges, the best choice is not an FPGA with a specific processor, but one integrating the new RISC-V open instruction set architecture (ISA). The combination of a secure FPGA with IP cores for RISC-V-open ISA processors with a comprehensive ecosystem enables designers to speed development, preserve software investments, accelerate innovation using a trusted processor, and meet all of the demanding security and other requirements of next-generation strategic defense systems.
Understanding RISC-V
RISC-V is not a processor but rather an open ISA, which is also fixed. This new RISC-V open ISA-based processor ecosystem is a major diversion from today’s processor architectures: The majority of processor architectures are an Intel x86 variation or an ARM A-class processor. These are very capable processors, but there are many advantages for defense applications to leverage RISC-V in FPGAs. The open ISA translates to everyone having a micro-architectural license. If the RISC-V IP core offers RTL source, then deep inspection is possible; RISC-V combined with a cryptographic processor enables trusted secure communications. Because the ISA is fixed, this means software can be written once and will run forever.
Benefits of an open ISA
The ISA is open, so anyone can design a RISC-V processor. It is as if the designer has a micro-architecture license, which is a viable option. Users and silicon vendors are free to implement whatever architecture they deem best for their application. This choice enables broad innovation, such as designs that have some operations accelerated in hardware or a processor designed for the lowest possible power consumption. As an example, Microsemi has introduced a variety of RISC-V IP cores for its FPGAs, all driven by user requirements.
With the open ISA, there is an additional benefit of design portability. For instance, designers can use a low-density FPGA device; if the design grows this could easily be redirected to a midrange-density solution even a custom application-specific integrated circuit (ASIC).
Open RTL source
Although the roots of RISC-V were in the open-source community, not every implementation is required to provide source code. However, with RISC-V, designers can obtain the processor source code from certain vendors. This option is simply not possible with closed architectures such as ARM or x86-based devices. FPGA suppliers can support their offerings with a family of IP cores. One example is Microsemi’s recently released Mi_V_RV32IMA 32-bit RISC-V IP core, part of its Mi-V ecosystem. With the complete RTL source available to defense agencies for deep inspection, its use can be approved for the highest levels of security functions, enabling trust for the FPGA system.
For many government, military, and defense programs, using a trusted processor is critical. Another important way to secure communications is to combine a RISC-V core with a differential power analysis (DPA)-resistant cryptographic processor.
An example design for secured communications is shown in Figure 1.
Figure 1: Secure data communications example.
To initiate secure data communications, a soft RISC-V core is used in the FPGA fabric. The RISC-V core instructs the coprocessor about which encryption protocols it should execute, which keys to use, and how to implement other security control functions. The embedded encryption coprocessor then runs the secure data link in and out of the FPGA. In this example, the boot code for the RISC-V core can also be stored in the on-chip secure nonvolatile memory (NVM), so no root kit or malware will be inserted. A RISC-V design such as this can be used as a root of trust for numerous types of defense systems.
Fixed ISA
With each generation of ARM processors, the instruction sets tend to grow, which forces software engineers to update their code for the newer architectures. Conversely, the RISC-V ISA is frozen so that code migration from one RISC-V core to another is seamless. The defense market can rapidly adopt RISC-V as a new standard open architecture for direct native hardware implementations because they can rely on the frozen ISA. The fixed ISA and the portability of RISC-V enable numerous designs that are supported for years or even decades.
Consider the following thermal image or infrared camera application (Figure 2).
Figure 2: Thermal image or infrared camera.
The RISC-V core in the camera implements the traditional functions that a microcontroller would support, which would include configuring the image sensor and updating the settings periodically when adjustments are required. The RISC-V core can also run the external memory storage stack for setting up transfer of images or video frames. The software will be completely portable across all devices that have a RISC-V core, which creates a royalty-free processor subsystem. Because the RTL code is available, the design can be implemented in any hardware. So, if the FPGA family needs to be changed, designers can simply retarget the RTL source and no software changes will be required.
RISC-V ecosystem
To encourage and enable broad use, the RISC-V Foundation – a nonprofit organization controlled by its members – froze the instruction set in 2014 so the market could dictate its processor architectures. As a result, all the variations in a RISC-V micro-architecture are acceptable because the ISA is open and fixed. There are numerous open-source, upstreamed software tools to support RISC-V designs, especially as the market introduces RISC-V ecosystems.
Microsemi’s Mi-V ecosystem contains FPGA-based open architecture RISC-V IP cores, a software integrated development environment (IDE), and support for various third-party real-time operating systems (RTOS) (Figure 3). An important feature of a RISC-V ecosystem is the ability to deploy a RISC-V IP core in multiple flash-based FPGA options, each of which can store the boot code for the RISC-V soft core in secure NVM. This design prevents malware or a root kit from being installed in a system. Another RISC-V ecosystem feature is the availability of a comprehensive family of supporting design tools that enable engineers to further leverage the benefits of the RISC-V RTL in custom FPGA designs.
RISC-V ecosystems also should support several open-source and commercial RTOS, such as Express Logic’s popular industrial-grade ThreadX, as well as Micrium’s uC OS II, each of which is available along with freeRTOS and more. For software code development, a good choice is the Eclipse-based Soft Console IDE (hosted on a Linux or Windows platform), which provides complete development support, including a C or C++ compiler and complete debugger capability.
Figure 3: The elements of the Microsemi Mi-V ecosystem.
With the mainstream adoption of RISC-V, defense engineers and architects now can consider a compelling alternative processor architecture. The advantages of an open ISA, RTL source code availability, secure communication solutions, and the fixed ISA are all aimed at solving the challenges of strategic defense systems. The open ISA with source code availability enables the user to trust that the design is optimized for specific functionality. For root-of-trust applications and those requiring secure communications, the RISC-V processor architecture can be used with the latest midrange-density FPGAs that deliver full design IP protection, antitamper capabilities, and other security features. Finally, the fixed ISA ensures software compatibility and longevity of the architecture for many years.
Ted Marena is the director of FPGA/SOC marketing at Microsemi. He has more than 20 years’ experience in FPGAs. Previously, Marena has held roles in design engineering, technical sales/support, business development, and product and strategic marketing. He was awarded Innovator of the Year in February 2014 when he worked for Lattice Semiconductor. Ted holds a Bachelor of Science in electrical engineering (Magna Cum Laude) from the University of Connecticut and an MBA from Bentley College’s Elkin B. McCallum Graduate School of Business.
Microsemi www.microsemi.com