Exploring The Security Framework Of RISC-V Architecture In Modern SoCs

Controlling the access to physical memory addresses.


In the rapidly evolving world of technology, system-on-chip (SoC) designs have become a cornerstone for various applications, from automotive and mobile devices to data centers. These complex systems integrate multiple processors, a multi-level cache hierarchy, and various subsystems that share memory and system resources. However, this open access to shared memory and resources introduces potential security vulnerabilities in SoC designs.

Recognizing the importance of security, the RISC-V architecture, which is increasingly adopted in SoCs, offers a robust solution to address these concerns. The Physical Memory Protection (PMP) unit within RISC-V architecture plays a pivotal role in enhancing SoC security by controlling the access to physical memory addresses.

The role of RISC-V PMP in SoC security

The PMP unit is a programmable hardware component in RISC-V-based SoCs that allows the definition of multiple memory regions, each governed by its own access policy per processor core. This feature is crucial for ensuring that software running on a processor core adheres to specified read, write, and execute permissions, depending on the execution mode of the core.

In complex SoC environments with multi-cluster, multi-processor configurations, verifying PMP settings presents a significant challenge. This complexity arises from the vast number of potential combinations of PMP regions, core configurations, and access policies. Additionally, the integration of Physical Memory Attributes (PMA), which define characteristics like shareability, cacheability, and exclusiveness, further complicates the verification process.

Challenges and solutions in PMP verification

Another critical aspect of SoC security verification involves the creation of tests and test infrastructure to address negative security scenarios. For instance, deliberately triggering a privilege access violation can provide valuable insights into the system’s response and behavior under unauthorized access attempts.

To tackle these challenges, using Portable Test and Stimulus (PSS) and Electronic Design Automation (EDA) tools, such as Perspec, has proven highly effective. These tools facilitate efficient verification of the security features of RISC-V-based SoCs by enabling the modeling of various security test scenarios, including both positive and negative tests.

Overview of the RISC-V PMP specification

The RISC-V architecture delineates three privilege modes (M-mode, U-mode, and S-mode) to support secure processing and fault containment within SoCs. Often trusted, the M-mode manages secure execution, while the U and S modes cater to application and operating system usage.


As SoCs continue to grow in complexity and application scope, the importance of robust security mechanisms cannot be overstated. The RISC-V PMP unit represents a significant advancement in securing SoCs against unauthorized memory access, thereby enhancing the overall security posture of these systems. Using advanced verification tools and methodologies, designers can effectively address the multifaceted challenges associated with SoC security verification, ensuring that modern SoCs can safely power the next generation of technology innovations. Click here to learn more about how Portable Test & Stimulus (PSS) and Cadence EDA tools, such as Perspec, can help efficiently verify security aspects of RISC-V-based SoCs. You can also read our previous blogs on how RISC-V is fundamentally changing the CPU design and manufacturing landscape.

Leave a Reply

(Note: This name will be displayed publicly)