RISC-V Markets, Security And Growth Prospects

Experts at the Table: Why RISC-V has garnered so much attention, what still needs to be done, and where it will likely find its greatest success.


Semiconductor Engineering sat down to discuss open instruction set hardware with Ben Levine, senior director of product management in Rambus’ Security Division; Jerry Ardizzone, vice president of worldwide sales at Codasip; Megan Wachs, vice president of engineering at SiFive; and Rishiyur Nikhil, CTO of Bluespec. What follows are excerpts of that conversation.  Part one of this discussion is here. 

(L-R) Ben Levine, Jerry Ardizzone, Megan Wachs, Rishiyur Nikhil.

SE: Do you think there’s room for more than one or two major RISC-V suppliers?

Ardizzone: It is very healthy right now having a lot of competitors out there. There are quite a few. I see two or three pretty strong ones, and we like to think we are one of those. I don’t think there’s room for five or ten, but there’s room for a couple.

Wachs: What we want to do is leverage RISC-V and enable people to do really exciting custom SoCs around RISC-V, and we are very interested in growing the ecosystem. So we really want lots of competitive cores out there so everyone knows RISC-V. But it’s not just about supplying the core. It’s about what you going to do with this core that makes it interesting to your customer.

Levine: Right now it is really a good thing for the RISC-V ecosystem to see a lot of companies out there. The competition is good. It’s part of the natural life cycle of an ecosystem like this. Initially, there are lots of companies competing. They have their own innovations and they bring their own technology to bear. Down the road, inevitably there will be some consolidation and some companies will drop out, and we’ll end up with a small handful or less of companies that are really solid in the market.

Nikhil: Another factor that plays into this is not commercial. It’s national security questions, right? So countries like China and India, for example, are hell-bent on doing something local that they control, where they know what’s in it and they can trust what’s in it. So even if it’s not economically viable, I am sure there will be suppliers for that reason. They may not be as large as the biggest suppliers in the commercial space worldwide, but there will be many suppliers for that reason, as well.

SE: Doesn’t this create a security problem? There may be extra circuitry that isn’t supposed to be in there, or there could be extra chips in the supply chain. This problem goes well beyond RISC-V, but is there anything in the RISC-V world that is different?

Nikhil: You have a greater scope of what you can control with RISC-V. For India or China, their fear is they don’t know what’s in the chips they import. RISC-V doesn’t completely eliminate the problem, but it does help add trust into the chip knowing who designed it and what’s in there.

Levine: The question is supply chain integrity for building chips, and security assurances around IP is a really complex question. It really comes down to being able to trace the provenance of that IP, where it came from, what happened to it as it went from the IP producer to the chip integrator, to the fab, and ultimately to silicon. Lots of people are working very diligently to solve that problem. I am not sure RISC-V really adds much to the overall security or to the solution to that problem. This one is pretty generic to IP, and solving those supply chain issues is something that needs to be done. But it will involve tools and mechanisms outside the IP itself.

SE: Is open source any more reliable than something from one vendor? Does the full community now say, ‘Okay, we can alert you to this,’ or is it more of a risk?

Levine: There is the idea that anything that’s open source is examined by a large community, so there’s a greater chance that if there’s some sort of back door or other concern with that, someone will discover it and make that known. The problem is that it still doesn’t solve the larger supply chain issues. And you have open-source RTL that is downloaded from GitHub somewhere that you’re going to integrate into your chip. But what happens throughout the whole design cycle of that chip, from that point to the ultimate silicon? And can you truly trust that the open-source community is going to do as thorough a job as you would like vetting that IP? I would argue that if you are just looking at the security of the IP itself, you might be better off having security specialists being the ones who look at it and really do the thorough security evaluation.

Ardizzone: I agree with that, and every customer asks about it. It’s very, very important that we have a strong third-party ecosystem around security, working with the people that know it better than anyone else. While we will have our own strategy for security, and the RISC-V Foundation worries a lot about security, as well, we need to come up with at least some standard minimum requirement for that. We depend heavily on the people that have high expertise in this area to provide external solutions or integrate-able internal solutions, whatever it may be. It’s very important.

Nikhil: In terms of things like supply chain and all, RISC-V is not in any different position than any commercial vendor. But the fact that RISC-V is open source and there’s lots of open-source cores available has already led to an explosion in research in universities on hardware-assisted security. They’re looking at how to modify any ISA to improve security with a much more fine-grained and policy-based mechanism for formally provable correctness security? These kinds of things were not possible before because of the lack of access to an industrial-strength ISA as a baseline on which to do that research. And now, suddenly, you see projects all over the place happening on that. None of them has yet shown great results, but it is early days for that.

Wachs: SiFive was created by the founders of RISC-V, which they initially for their research lab at Berkeley. It became very successful because it was so generally useful. But open source is not a panacea. We view open source as a way to get more people into the community, get educational institutions working on the same platform. That’s where we see the power of open source. It’s just enabling more and more people to be working in RISC-V space.

SE: Where do you see RISC-V gaining traction? Will it be in specific markets, or generally at the edge or in servers? And Will it displace some of the major processor architectures that are out there?

Ardizzone: We see a lot of horizontal applications for RISC-V. There is a lot of activity in AI right now. People want to lay down a lot of processors and maybe do a little customization of the processor itself and repeat that many times. So there’s quite a bit of interest. But over time you’re going to see this in all markets. This is not going to happen immediately. In the next few years, as the companies that provide processor IP and third-party ecosystem around it get bigger and develop more IP, you will see us moving to a broad number of market spaces.

SE: Does the edge help there, because at this point there is no defined ISA?

Wachs: The ISA was designed to be very modular and very scalable, so you can use the same ISA for edge computing all the way up to the cloud. You just tweak the parameters that you have chosen for those different implementations. But it is possible for RISC-V to tackle all markets because of the way it was designed.

Levine: If you use a particular definition of mainstream, you can make an argument that RISC-V is already mainstream. Someone who is designing a chip is going to consider RISC-V as a possible choice for an ISA for their CPUs, as compared to the more established ones. That’s a real choice that people are making today. It doesn’t have the market share, obviously, of some of the big players. But it’s positioned in a place where now it can grow and take over more and more market share.

Nikhil: It starts in places where the cost of replacement is not that high in terms of compatibility and so on. Embedded systems, small IoT systems, these are things where people can switch out on a dime if the costs make sense. RISC-V makes sense for that, and that’s where it will start. But it grows from there, and eventually it will catch up to the kinds of mainstream places in terms of mobile devices, servers, those kinds of things.

Related Stories
RISC-V Challenges And Opportunities
Who makes money with an open-source ISA, the current state of the RISC-V ecosystem, and what differentiates one vendor from the next.
Building Security Into RISC-V Systems
Experts at the Table, part 2: Emphasis shifting to firmware, system-level architectures, and collaboration between industry, academia and government.
Open ISAs Gaining Traction
Emphasis on flexibility, time to market and heterogeneity requires more processing options.
Open Source Processors: Fact Or Fiction?
Calling an open-source processor free isn’t quite accurate.
The Challenge Of RISC-V Compliance
Showing that a processor core adheres to a specification becomes more difficult when the specification is extensible.

Leave a Reply

(Note: This name will be displayed publicly)