Imagination Technologies is working with virtualization and security pioneer Sierraware on a Trusted Execution Environment (TEE) for devices based on Imagination’s MIPS CPUs. The TEE provides a secure area within a connected device that ensures sensitive data is stored, processed and protected in an isolated, trusted environment to enable end-to-end security by offering isolated, safe execution of authorized security software.
SierraTEE provides a secure and easy-to-implement solution for OmniShield-ready MIPS CPUs. It is implemented through Imagination’s OmniShield security technology, which uses the hardware virtualization in MIPS CPU to enable creation of multiple domains. In a system with multiple domains, the SierraVisor enables isolation of multiple concurrent guest systems. The combination of the SierraVisor and Sierraware TEE allows full operation of TEE on a virtualized environment.
Connected embedded devices increasingly have a mix of applications requiring security and some level of robustness against malicious software. SierraTEE is designed for and is already deployed in devices across a number of markets devices including mobile, set-top boxes and residential gateways, servers and industrial automation.
“We are seeing growing demand for our technology across an expanding number of applications and architectures," said Gopal Jayaraman, president and CEO of Sierraware. "Companies developing devices based on MIPS now have an easy-to-use TEE solution that will help them get to market quickly. For developers with Global Platform apps today, there aren’t any code changes needed – it just works.”
“SierraTEE builds on the growing range of security solutions and OmniShield enabled technologies for MIPS-based connected devices," said Jim Nicholas, EVP MIPS Processor IP at Imagination. "We are seeing demand for a Global Platform TEE in a number of areas where MIPS has a strong footprint including set-top boxes, TV, and automotive. Sierraware is an ideal partner for us since their technologies are widely deployed and well proven. Having a TEE based on hardware virtualization holds great promise for companies looking to provide a high level of separation in their system.”
SierraVisor provides a minimal secure kernel which can be run in parallel with a more fully featured high-level OS, such as Linux, Android, or BSD - on the same core. It also provides drivers for the Rich OS to communicate with the secure kernel. Anything can be made as part of the trusted infrastructure, from regions of PCI-E address space to NAND memory. SierraTEE for MIPS uses OmniShield virtualization technology to completely protect the secure kernel, and any secure peripherals, from code running in the rich environment. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS it cannot gain access to the secure domain. SierraTEE provides true Global Platform Internal and Client APIs and development tools.
SierraTEE for MIPS is available now, and it is already in use by MIPS licensees. The MIPS business is currently up for sale by Imagination alongside the communications and 3D graphics divisions.
- Imagination to sell off MIPS and ENSIGMA
- Open source hypervisor port to MIPS processors brings more security to the IoT
- Barco Silex and Imagination collaborate on IoT chip security
- prpl Foundation teams with CABA for MIPS-based security in the home
- What are the most influential products to use MIPS or PowerVR?
- Cybersecurity researchers design a chip that checks itself for sabotage