Imagination Announces OmniShield: Hardware Security Zones For MIPS + PowerVR Ecosystemby Ryan Smith on May 20, 2015 2:00 AM EST
Though it would be unfair to state that there was a point where device security never mattered, it’s safe to say that the interest in security from hardware manufacturers, developers, and consumers alike has never been greater. Thanks to a combination of greater hardware capabilities, wider than ever deployments of computers in all facets of life (e.g. IoT), and yes, no shortage of high-profile security breaches, device security has become increasingly important.
So far pretty much every vendor has taken their own crack at the matter, and Imagination Technologies is no different. As the owner of the MIPS architecture and the PowerVR family of GPUs, Imagination has been working on the matter for some time now. Most recently, as our long-time readers may recall, the company announced that their forthcoming PowerVR Series 7 GPUs would support multiple hardware security zones.
This brings us to today. Building off of the earlier PowerVR announcement and in conjunction with this week’s US Imagination Summit, today Imagination is announcing that they are expanding their hardware security zone technology in to its own brand, OmniShield. Under the OmniShield banner, the technology will eventually be supported across Imagination’s MIPS CPUs, PowerVR GPUs, and Ensigma communications processors.
Though Imagination doesn’t say so by name, OmniShield is essentially Imagination’s answer to ARM’s TrustZone technology, but for the Imagination ecosystem. With Imagination’s latest CPUs and GPUs supporting OmniShield, Imagination has the ability to setup hardware security zones that cover both the CPU and the GPU, isolating not only the CPU but preventing the GPU from being used as a backdoor as well. And though the technology can be used to some extent piecemeal, it is clear that for best results the technology is best used as part of a complete MIPS Warrior + PowerVR design.
From a technology standpoint, OmniPath works by using hardware virtualization to create multiple zones where various applications and system components can be isolated from each other, allowing them to communicate only as much as desired by the hypervisor. There are several ways that developers can setup secure environments with this technology, the most basic of which is simply isolating the important parts of the OS inside a secure zone, and letting everything else run in an insecure zone. However with the ability to support up to 8 zones – a feature unique to OmniShield – Imagination is also pitching the possibilities of having various classes of applications located in their own zones, so that not only is the OS protected from apps, but apps are protected from each other as well.
As for why a developer would want to do this, the use cases are varied, but all pretty straightforward. In the consumer space this would include isolating the OS and sensitive apps (e.g. banking) from wilder apps such as web browsers, and by the same token isolating DRM-enabled apps to prevent the breaking of DRM. Meanwhile in server and embedded scenarios, this can include everything from isolating various systems operating in a firewall/router to securing core systems from entertainment systems in cars that make heavy use of embedded processors (e.g. self-driving cars).
Ultimately Imagination is responding to customer demands for additional security options in their products, but at the same time Imagination is looking to get ahead of the curve by rolling out improved security technologies ahead of the competition. Doing this level of fine grained zoning can definitely incur some overhead in weaker systems, which is why Imagination is pushing hardware virtualization so hard for both CPUs and GPUs. As for what systems the technology will end up in, with today’s launch being a branding of existing technology, OmniShield is already available in some product designs. Though from the sounds of it, shipping products using OmniShield-enabled SoCs may be a bit further off.