Imagination Technologies’ OmniShield is a secure hypervisor that supports secure virtual machines on Imagination’s MIPS-based processor cores (see “Don't Tamper with This Core” on electronicdesign.com). The key to OmniShield is its support for the PowerVR series GPU in addition to the MIPS cores (Fig. 1).
OmniShield is a trusted hypervisor that starts from a secure boot. It in turn can provide similar support to trusted operating systems in virtual machines (VMs) running on the MIPS cores. These may also utilize the GPU support found on SoCs. The two types of cores share a coherent, shared memory environment. The trust zone for a VM is managed by OmniShield and can encompass any number of heterogeneous cores.
GPU and Video Processor Target Mid-Range Mobile
64-bit MIPS Architecture Targets High Performance Designs
Typically, processor cores that support VMs can already be secured, but GPUs have often been unsecured. Using a virtualized GPU interface allows this to be done, but with a performance hit. The PowerVR Series7 GPU (Fig. 2) incorporates the same type of secure MMU as the processor cores. This greatly simplifies the hypervisor software support.
This support is useful for more than military applications where secure hypervisors have been more common. Examples include automotive and medical applications where displays are often handled by single-chip, SoC solutions, but where operating environments need to be isolated and secured. The approach is even applicable on mobile devices like smartphones and tablets where one or more secured environments may be necessary. One may handle network services while another may handle corporate applications. A user may even want one or more secure environments to separate their data.
Imagination Technologies’ security interest extends to its new Security PEG (prpl Engineering Group) within the open-source non-profit “prpl” foundation. Imagination helped start the foundation, along with a number of other companies such as Broadcom, Ikanos, and Elliptic Technologies.
