A Survey of Recent Developments in Testability, Safety and Security of RISC-V Processors

With the continued success of the open RISC-V architecture, practical deployment of RISC-V processors necessitates an in-depth consideration of their testability, safety and security aspects. This survey provides an overview of recent developments in this quickly-evolving field. We start with discussing the application of state-of-the-art functional and system-level test solutions to RISC-V processors. Then, we discuss the use of RISC-V processors for safety-related applications; to this end, we outline the essential techniques necessary to obtain safety both in the functional and in the timing domain and review recent processor designs with safety features. Finally, we survey the different aspects of security with respect to RISC-V implementations and discuss the relationship between cryptographic protocols and primitives on the one hand and the RISC-V processor architecture and hardware implementation on the other. We also comment on the role of a RISC-V processor for system security and its resilience against side-channel attacks

XDIVINSA: eXtended DIVersifying INStruction Agent to Mitigate Power Side-Channel Leakage

Side-channel analysis (SCA) attacks pose a major threat to embedded systems due to their ease of accessibility. Realising SCA resilient cryptographic algorithms on embedded systems under tight intrinsic constraints, such as low area cost, limited computational ability, etc., is extremely challenging and often not possible. We propose a seamless and effective approach to realise a generic countermeasure against SCA attacks. XDIVINSA, an extended diversifying instruction agent, is introduced to realise the countermeasure at the microarchitecture level based on the combining concept of diversified instruction set extension (ISE) and hardware diversification. XDIVINSA is developed as a lightweight co-processor that is tightly coupled with a RISC-V processor. The proposed method can be applied to various algorithms without the need for software developers to undertake substantial design efforts hardening their implementations against SCA. XDIVINSA has been implemented on the SASEBO G-III board which hosts a Kintex-7 XC7K160T FPGA device for SCA mitigation evaluation. Experimental results based on non-specific t-statistic tests show that our solution can achieve leakage mitigation on the power side channel of different cryptographic kernels, i.e., Speck, ChaCha20, AES, and RSA with an acceptable performance overhead compared to existing countermeasures.This work has been supported in part by EPSRC via grant EP/R012288/1, under the RISE (http://www.ukrise.org) programme.Peer ReviewedPostprint (author's final draft

Miniature Sapphire Acoustic Resonator - MSAR

A room temperature sapphire acoustics resonator incorporated into an oscillator represents a possible opportunity to improve on quartz ultrastable oscillator (USO) performance, which has been a staple for NASA missions since the inception of spaceflight. Where quartz technology is very mature and shows a performance improvement of perhaps 1 dB/decade, these sapphire acoustic resonators when integrated with matured quartz electronics could achieve a frequency stability improvement of 10 dB or more. As quartz oscillators are an essential element of nearly all types of frequency standards and reference systems, the success of MSAR would advance the development of frequency standards and systems for both groundbased and flight-based projects. Current quartz oscillator technology is limited by quartz mechanical Q. With a possible improvement of more than x 10 Q with sapphire acoustic modes, the stability limit of current quartz oscillators may be improved tenfold, to 10(exp -14) at 1 second. The electromagnetic modes of sapphire that were previously developed at JPL require cryogenic temperatures to achieve the high Q levels needed to achieve this stability level. However sapphire fs acoustic modes, which have not been used before in a high-stability oscillator, indicate the required Q values (as high as Q = 10(exp 8)) may be achieved at room temperature in the kHz range. Even though sapphire is not piezoelectric, such a high Q should allow electrostatic excitation of the acoustic modes with a combination of DC and AC voltages across a small sapphire disk (approximately equal to l mm thick). The first evaluations under this task will test predictions of an estimated input impedance of 10 kilohms at Q = 10(exp 8), and explore the Q values that can be realized in a smaller resonator, which has not been previously tested for acoustic modes. This initial Q measurement and excitation demonstration can be viewed similar to a transducer converting electrical energy to mechanical energy and back. Such an electrostatic tweeter type excitation of a mechanical resonator will be tested at 5 MHz. Finite element calculation will be applied to resonator design for the desired resonator frequency and optimum configuration. The experiment consists of the sapphire resonator sandwiched between parallel electrodes. A DC+AC voltage can be applied to generate a force to act on a sapphire resonator. With the frequency of the AC voltage tuned to the sapphire resonator frequency, a resonant condition occurs and the sapphire Q can be measured with a high-frequency impedance analyzer. To achieve high Q values, many experimental factors such as vacuum seal, gas damping effects, charge buildup on the sapphire surface, heat dissipation, sapphire anchoring, and the sapphire mounting configuration will need attention. The effects of these parameters will be calculated and folded into the resonator design. It is envisioned that the initial test configuration would allow for movable electrodes to check gap spacing dependency and verify the input impedance prediction. Quartz oscillators are key components in nearly all ground- and space-based communication, tracking, and radio science applications. They play a key role as local oscillators for atomic frequency standards and serve as flywheel oscillators or to improve phase noise in high performance frequency and timing distribution systems. With ultra-stable performance from one to three seconds, an Earth-orbit or moon-based MSAR can enhance available performance options for spacecraft due to elimination of atmospheric path degradation

Design and evaluation of buffered triple modular redundancy in interleaved-multi-threading processors

Fault management in digital chips is a crucial aspect of functional safety. Significant work has been done on gate and microarchitecture level triple modular redundancy, and on functional redundancy in multi-core and simultaneous-multi-threading processors, whereas little has been done to quantify the fault tolerance potential of interleaved-multi-threading. In this study, we apply the temporal-spatial triple modular redundancy concept to interleaved-multi-threading processors through a design solution that we call Buffered triple modular redundancy, using the soft-core Klessydra-T03 as the basis for our experiments. We then illustrate the quantitative findings of a large fault-injection simulation campaign on the fault-tolerant core and discuss the vulnerability comparison with previous representative fault-tolerant designs. The results show that the obtained resilience is comparable to a full triple modular redundancy at the cost of execution cycle count overhead instead of hardware overhead, yet with higher achievable clock frequency

A distributed avionics software platform for a liquid-fueled rocket

A distributed avionics software platform was developed as part of the Texas Rocket Engineering Lab’s efforts to become the first university lab to launch a liquid-fueled rocket to the edge of space (100km) and recover it successfully. There are four flight computers on the rocket, each running a real-time version of Linux and connected over an Ethernet network. The Avionics Software Platform runs on all flight computers, providing data handling, thread scheduling, clock synchronization, software error handling, and control logic abstractions for the rocket’s avionics system. The Platform executes the rocket’s control logic and device drivers at 100Hz, with only 6.2% of the total CPU time dedicated to Platform functions. The requirements, design, and verification of the Avionics Software Platform are presented in this thesis.Computer Science

SCISAT-1 ACE Mission C&DH Unit Development

The SCISAT-1 Atmospheric Chemistry Experiment (ACE) Mission is a part of the Canadian Space Agency’s (CSA’s) space science program, to support ongoing research in the areas of solarterrestrial relations, atmospheric sciences and space astronomy. Bristol Aerospace Limited is the CSA’s Spacecraft Prime Contractor for the ACE Mission. The ACE spacecraft will be launched on a Pegasus XL vehicle in mid-2002, co-manifested with a NASA spacecraft. A Control and Data Handling (C&DH) Unit is being developed by Bristol for the ACE Mission. This C&DH Unit will be responsible for all onboard command, control, monitoring and science data recording. This unit is being developed to support a range of Canadian small science missions, from Smallsats to Microsats. The unit is low power and light weight, and features a rad-tolerant core to assure reliable operation in a single string architecture. The C&DH Unit is comprised of a Controller Card (CC), Data Handling Card (DHC), Input/Output Card (IOC) and a Power Supply Card (PSC). Each card is housed in its own aluminum frame, and the frames are integrated into a vertical stack. The unit is expected to operate with 7 Watts orbit average power and uses a UTMC 80C196 16-bit processor running at 16 MHz to manage the satellite operations and perform attitude control. Mass storage of 1.5 Gbytes and CCSDS variable-rate telemetry up to 5 Mbits/sec are provided. This paper will present an overview of the ACE Mission and a description of the C&DH Unit, describing its architecture, hardware/software partitioning, FPGA functionality and key performance specifications

A first look at RISC-V virtualization from an embedded systems perspective

This article describes the first public implementation and evaluation of the latest version of the RISC-V hypervisor extension (H-extension v0.6.1) specification in a Rocket chip core. To perform a meaningful evaluation for modern multi-core embedded and mixedcriticality systems, we have ported Bao, an open-source static partitioning hypervisor, to RISC-V. We have also extended the RISC-V platformlevel interrupt controller (PLIC) to enable direct guest interrupt injection with low and deterministic latency and we have enhanced the timer infrastructure to avoid trap and emulation overheads. Experiments were carried out in FireSim, a cycle-accurate, FPGA-accelerated simulator, and the system was also successfully deployed and tested in a Zynq UltraScale+ MPSoC ZCU104. Our hardware implementation was opensourced and is currently in use by the RISC-V community towards the ratification of the H-extension specification.This work has been supported by FCT - undação para a Ciência e a Tecnologia within the R&D Units Project Scope: UIDB/00319/2020. This work has also been supported by FCT within the PhD Scholarship Project Scope: SFRH/BD/138660/2018

BRISC-V: An Open-Source Architecture Design Space Exploration Toolbox

In this work, we introduce a platform for register-transfer level (RTL) architecture design space exploration. The platform is an open-source, parameterized, synthesizable set of RTL modules for designing RISC-V based single and multi-core architecture systems. The platform is designed with a high degree of modularity. It provides highly-parameterized, composable RTL modules for fast and accurate exploration of different RISC-V based core complexities, multi-level caching and memory organizations, system topologies, router architectures, and routing schemes. The platform can be used for both RTL simulation and FPGA based emulation. The hardware modules are implemented in synthesizable Verilog using no vendor-specific blocks. The platform includes a RISC-V compiler toolchain to assist in developing software for the cores, a web-based system configuration graphical user interface (GUI) and a web-based RISC-V assembly simulator. The platform supports a myriad of RISC-V architectures, ranging from a simple single cycle processor to a multi-core SoC with a complex memory hierarchy and a network-on-chip. The modules are designed to support incremental additions and modifications. The interfaces between components are particularly designed to allow parts of the processor such as whole cache modules, cores or individual pipeline stages, to be modified or replaced without impacting the rest of the system. The platform allows researchers to quickly instantiate complete working RISC-V multi-core systems with synthesizable RTL and make targeted modifications to fit their needs. The complete platform (including Verilog source code) can be downloaded at https://ascslab.org/research/briscv/explorer/explorer.html.Comment: In Proceedings of the 2019 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA '19

2020 NASA Technology Taxonomy

This document is an update (new photos used) of the PDF version of the 2020 NASA Technology Taxonomy that will be available to download on the OCT Public Website. The updated 2020 NASA Technology Taxonomy, or "technology dictionary", uses a technology discipline based approach that realigns like-technologies independent of their application within the NASA mission portfolio. This tool is meant to serve as a common technology discipline-based communication tool across the agency and with its partners in other government agencies, academia, industry, and across the world

Massively Extended Modular Monitoring and a Second Life for Upper Stages

Launching science and technology experiments to space is expensive. Although commercial spaceflight has resulted in a drop of prices, the cost for a launch is still significant. However, most of theweight that is needed to conduct experiments in space belongs to the spacecraft’s bus and it is responsiblefor power distribution, thermal management, orbital control and communications. An upper stage, on the other hand, includes all the necessary subsystems andhas to be launched in any case. Many upper stages (e.g. ARIANE5) will even stay in orbit for severalyears after their nominal mission with all their subsystems intact but passivated.We proposea compact system based on a protective container and high-performance Commercial-off-the-Shelf (COTS) hardwarethat allows cost-efficient launching oftechnology experiments by reusing the launcher’s upper stage and its subsystems. Addingacquisition channels for various sensors gives the launch provider the ability to exploitthe computational power of the COTS hardwareduring the nominal mission. In contrast to existing systems,intelligent and mission-dependent data selection and compression can beapplied to the sensor data.In this paper, we demonstrate the implementation and qualification of a payload bussystem based on COTScomponentsthat is minimallyinvasive to the launcher(ARIANE5)and its nominal missionwhile offering computational power to both the launch provider and a potential payloaduser. The reliability of the COTS-based system is improvedby radiation hardening techniques and software-based self-test detecting and counteracting faults during the mission