Abstract
In the last years, System-on-Chip (SoC)-FPGAs have been widely used in Mixed-Criticality Systems, where multiple applications with different criticality domains are executed. In these systems, it is essential to guarantee isolation between the associated memory regions and peripherals of different application domains. Most high-performance SoC-FPGAs already provide hardware components for supporting isolation. By contrast, low-cost SoC-FPGAs usually don’t have any mechanism for guaranteeing isolation. In this paper, we investigate the problem of hardware spatial isolation in low-cost SoC-FPGAs. First, we point out the issues and the limitations given by the fixed components in the Processing System and show how to address them. Second, we propose a Protection Unit, which is a lightweight hardware architecture for AXI communication that ensures memory and peripheral isolation between masters of different protection domains. The proposed architecture can be instantiated either on the master or on the slave side of an AXI interconnection. In addition, it is scalable from 1 to 16 memory regions, and application domains and policies are set up at run-time. We implement our architecture on the SoC-FPGA XC7Z020, where a Microblaze soft-core and the Arm Cortex-A9 are used simultaneously for different application domains. In the proposed implementation, the Protection Unit is implemented in combinatorial logic, and its execution does not contribute to the critical path. Therefore, it adds zero latency for the single communication transaction and uses only 0,5% lookup tables and 0,1% flip-flops of the target SoC-FPGA.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AMD-Xilinx: 7 Series FPGAs Data Sheet: Overview (DS180)
AMD-Xilinx: AXI Verification IP LogiCORE IP Product Guide (PG267)
AMD-Xilinx: Zynq-7000 SoC Technical Reference Manual (UG585)
ARM: CoreLink Network Interconnect NIC-301 Technical Reference Manual
De Donno, M., Tange, K., Dragoni, N.: Foundations and evolution of modern computing paradigms: Cloud, iot, edge, and fog. IEEE Access (2019)
Gracioli, G., et al.: Designing mixed criticality applications on modern heterogeneous mpsoc platforms. In: ECRTS 2019 (2019)
Hassan, M.: Heterogeneous mpsocs for mixed-criticality systems: challenges and opportunities. IEEE Design Test 35(4), 47–55 (2018). https://doi.org/10.1109/MDAT.2017.2771447
Intel: External Memory Interface Handbook Volume 3: Reference Material. https://www.intel.com/content/www/us/en/docs/programmable/683841/17-0/memory-protection.html. Accessed 13 July 2022
Intel-Altera: Cyclone V Hard Processor System Technical Reference Manual
Kornaros, G., et al.: Hardware support for cost-effective system-level protection in multi-core socs. In: 2015 Euromicro Conference on Digital System Design (2015)
Kumar Saha, S., Bobda, C.: FPGA accelerated embedded system security through hardware isolation. In: 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp. 1–6 (2020)
Kurth, A., Cavalcante, M., Zaruba, F.: PULP platform. https://github.com/pulp-platform/axi (2022)
Kurth, A., et al.: An open-source platform for high-performance non-coherent on-chip communication. IEEE Trans. Comput. 71(8), 1794–1809 (2022)
LeMay, M., Gunter, C.A.: Network-on-chip firewall: countering defective and malicious system-on-chip hardware. In: Martí-Oliet, N., Ölveczky, P.C., Talcott, C. (eds.) Logic, Rewriting, and Concurrency. LNCS, vol. 9200, pp. 404–426. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23165-5_19
Microchip: Polarfireő soc mss technical reference manual
Passaretti, D., Böhm, F., Pionteck, T.: Isolation-support for low-cost soc-fpgas. https://github.com/pasdani/Isolation-Support-for-Low-Cost-SoC-FPGAs
Passaretti, D., Ghosh, M., Abdurahman, S., Egito, M.L., Pionteck, T.: Hardware optimizations of the x-ray pre-processing for interventional computed tomography using the FPGA. Appl. Sci. 12(11), 5659 (2022)
Passaretti, D., Pionteck, T.: Configurable pipelined datapath for data acquisition in interventional computed tomography. In: 2021 IEEE 29th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM)
Passaretti, D., Pionteck, T.: Hardware/software co-design of a control and data acquisition system for computed tomography. In: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), pp. 1–4 (2020). https://doi.org/10.1109/MOCAST49295.2020.9200273
Pinto, S., Santos, N.: Demystifying arm trustzone: a comprehensive survey. ACM Comput. Surv. 51(6), 1–36 (2019)
Sensaoui, A., Hely, D., et al.: Toubkal: a flexible and efficient hardware isolation module for secure lightweight devices. In: 2019 15th European Dependable Computing Conference (EDCC), pp. 31–38. IEEE (2019)
Valente, G., Giammatteo, P., Muttillo, V., Pomante, L., Di Mascio, T.: A lightweight, hardware-based support for isolation in mixed-criticality network-on-chip architectures. ASTES (2019)
Xilinx Inc: Isolation methods in zynq ultrascale+ mpsocs application note
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Passaretti, D., Boehm, F., Wilhelm, M., Pionteck, T. (2022). Hardware Isolation Support for Low-Cost SoC-FPGAs. In: Schulz, M., Trinitis, C., Papadopoulou, N., Pionteck, T. (eds) Architecture of Computing Systems. ARCS 2022. Lecture Notes in Computer Science, vol 13642. Springer, Cham. https://doi.org/10.1007/978-3-031-21867-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-21867-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21866-8
Online ISBN: 978-3-031-21867-5
eBook Packages: Computer ScienceComputer Science (R0)