All News | Boards | Chips | Devices | Software | Archive | About | Contact | Subscribe
Please whitelist in your ad blocker. Without ads from our sponsors, we cannot continue publishing this site. Thanks :-)

Prpl Foundation demos first open source hypervisor for MIPS IoT

Jul 15, 2016 — by Eric Brown — 770 views

The Prpl Foundation demoed the “prplHypervisor,” an open source, Linux-ready hypervisor for MIPS-based IoT with multiple secure domains for different OSes.

The prplSecurity framework is one of the chief projects of the Imagination Technologies backed, Linaro-like prpl Foundation, which is developing open source Linux and Android code for MIPS processors. The latest piece is the prplHypervisor, which prpl calls “the industry-first light-weight open source hypervisor specifically designed to provide security through separation for the billions of embedded connected devices that power the Internet of Things.”

prplHypervisor stack diagram
(click image to enlarge)

The prplHypervisor uses hardware virtualization to create multiple distinct secure domains, supporting, independent, secure operation of both bare metal applications and rich operating systems like Linux on a single device. The technology “eliminates the possibility of lateral movement within the system while allowing secure high-speed inter-VM communications,” says prpl.

The prplHypervisor appears to work only with MIPS processors. The block diagram shows an MIPS M5150, one of its MCU-like Warrior-M processors aimed at IoT and wearables. Unlike the M5100 model, the M5150 has L1 cache controller and virtual memory management, and supports Linux, as well as MCU-oriented RTOSes.

MIPS M5150 core block diagram
(click image to enlarge)

The prplHypervisor implementation for the M5150 requires about 27KB of flash and 4KB of RAM per VM, says prpl. The technology is part of the larger prplSecurity framework, which includes open source APIs for hardware-level security controls such as root of trust, secure boot, and components such as secure inter-VM communications (prplSecureInterVM) and key management and authentication (prplPUF).

Architecture of prplHypervisor demo at IoT Evolution Expo
(click image to enlarge)

The hypervisor was principally developed by three prpl members: Intrinsic-ID, Altran, and the Pontifical Catholic University of Rio Grande do Sul (PUCRS). At the IoT Evolution Expo in Las Vegas this week, Cesare Garlati, chief security strategist at the prpl Foundation, demonstrated three, separated virtual machines implemented with the prplHypervisor. The three domains communicated via prplSecureInterVM (see diagram above).

The first VM received commands from the Internet via Altran’s picoTCP stack, while the second authenticated the request via Intrinsic-ID’s implementation of the prplPUF API. The third VM controlled a robotic arm via USB.

Other security-oriented projects from prpl include secure virtualization technology that purports to enable routers running OpenWrt Linux on MIPS Warrior CPUs to stay legal under new FCC rules. While the technology uses prplSecurity APIs, it instead taps the open source Linux based L4Re microkernel/mikrohypervisor developed at TU Dresden, and hosted by KernKonzept. It’s unclear if prplHypervisor might soon be another option available for the OpenWrt solution.

Further information

The open source prplHypervisor does not yet appear to be available for release, but progress can be observed on GitHub. More information may be found at the prplSecurity website.

(advertise here)


Please comment here...