Ada and RISC-V Secure Nvidia’s Future

Jan. 23, 2020

Nvidia is using RISC-V for its security processor, and programming is handled via Ada/SPARK.

This article is part of TechXchange: RISC V and TechXchange: Ada and SPARK

A whitepaper on the use of SPARK by NVIDIA is available from Adacore.

Nvidia tends to hype the machine-learning (ML) capabilities of its system-on-chip (SoC) solutions like its DRIVE AGX Orin that targets automotive applications. Often lost in the mix is the security processor that is part of the package but these are critical to safe and secure applications.

Nvidia's security support has used a custom processor, but it's moving to RISC-V for future implementations. The company isn't alone in its adoption of RISC-V. Western Digital is taking advantage of SiFive’s RISC-V designs across the board for its storage solutions. NVIDIA isn't changing the SoC’s core processors at this point. These are still Arm Cortex cores, but the security processor is essentially isolated from the rest of the system and it runs its own firmware.

That firmware will not be written in C though. It is being done in SPARK, a provable subset of the Ada programming language. Ada 2012 added contracts to that language and SPARK takes advantage of this feature. It allows programmers to specify details like the characteristics of procedure inputs and outputs. The compiler can then enforce these rules for calls to the procedure as well as how the results will be used.

The contract support enables the compiler to prove that a procedure does what it is desired, and the code that calls and uses the results will operate as specified by the contracts and implicit contracts within the language definition. An example of the implicit language checking is the range checking done by Ada for arrays and strings. One of the biggest problems with C and C++ code has been buffer overruns, which can't happen with Ada.

The advantage of including the contract information and allowing the compiler to do the checking is that it can also remove many of the runtime checks often associated with Ada, because they are unnecessary. For example, the implicit array access range checks can be removed from the runtime if it's known that an index to the array can never exceed the size of the array.

Ada’s use in avionics is well-known, but it's also ideal for any embedded application. It can be extremely useful in safety applications like medical and automotive. Though the amount of code in a self-driving car will typically exceed that in even an advanced fighter jet, it will need the same level of scrutiny to provide safe and reliable operation. It makes a lot of sense to have the compiler checking that the code is doing what's desired rather than having humans do that same chore by examining the code.

“Self-driving cars are extremely complex and require sophisticated software that needs the most rigorous standards out there,” said Daniel Rohrer, vice president of Software Security at Nvidia. “Taking measures like incorporating Ada and SPARK languages into Nvidia platforms can improve the robustness and assurances of our automotive security.”

C and C++ remain the primary languages for embedded programming. However, there are advantages to using Ada and SPARK, including cost savings when looking at the total cost of ownership (TOC). Open-source versions of Ada and SPARK tools are available as well as online training.

>> Website Resources
.. >> Library: TechXchange
.. .. >> TechXchange: Embedded Software
.. .. .. >> Topic: Ada and SPARK

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form.

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below.

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence.