New OmniShield platform implements multi-domain security for connected devices

Share on linkedin
Share on twitter
Share on facebook
Share on reddit
Share on digg
Share on email

There is revolution driving the world of semiconductors right now. From wearables to smart cars and homes, it seems connectivity is replacing orange as the new black of worldwide innovation. However, when connecting billions of users to the internet and to each other, companies must ensure that devices implement future-proof security.

The easiest way to address this is by relying on a powerful combination of hardware and software – and this is where OmniShield from Imagination steps in.

OmniShield explained

In anticipation of the Imagination Summit 2015 event in Santa Clara, Imagination is introducing OmniShield, a revolutionary approach to security across all markets.

Though current security solutions are acceptable for existing products, they don’t scale to meet the needs of next-generation products that are becoming increasingly connected and must support a range of new applications and services.

OmniShield - limited securityCurrent security solutions cannot scale

Think of your mobile processor as your home; if someone were to break into the house, they might then proceed to get access into every room.

OmniShield offers a vastly superior solution by implementing multiple locks (secure domains) protected by the strong, reinforced steel doors you see in movies (hardware isolation at the chip level); within every room, there are also many storage boxes with individual locks to provide further protection.

If thieves enter the house, it will be close to impossible to break into every room.

This ability to create multiple secure heterogeneous domains is a unique feature of our MIPS Warrior CPUs, PowerVR Series7 GPUs (and select PowerVR Series6XT GPUs) or Ensigma NPUs.

OmniShield - security software and hardware architecture___fOmniShield: hardware and software architecture

The diagram below presents a general use case for combining two of our OmniShield-ready families (MIPS Warrior CPUs and PowerVR Series7 GPUs) to obtain a next-generation platform that is designed to support fully secure applications.

OmniShield - security for all devices__fOmniShield adopts a platform-wide approach to security across many markets

Since MIPS CPUs and PowerVR GPUs are heterogeneous and coherent, they operate on a unified memory model, no longer copying data between memory buffers. Now that we’ve added virtualization to both families of silicon IP, we can create a fully protected and isolated architecture that implements secure virtualization in the context of coherent memory accesses.

MIPS Warrior CPUs support several secure domains

While competing solutions only offer up to one trusted zone where all virtualized software is forced to co-exist, MIPS Warrior CPUs support multiple secure domains. Remarkably and uniquely, this level of support is offered across the range, from M-class microcontrollers such as M5100 and M5150 to 64-bit I-class processors like I6400.

MIPS M5100 - hardware virtualizationMIPS MCUs implement multiple secure domains

This enables system designers to implement advanced security across a wide range of devices, from the smallest IoT sensors to data center many-core SoCs. Additionally, MIPS CPUs run the latest ultra-secure hypervisors and have been designed to support the latest technologies for secure content delivery or identity protection across multiple applications and content sources.

Virtualization goes beyond CPUs

Secure virtualization is not a CPU-only concern. System designers also pay particular attention to devices that incorporate firmware programmable processors that operate on memory shared with CPUs (including graphics, video, camera or network subsystems).

Imagination has recently announced a new generation of GPUs designed from the ground-up for secure virtualization. The new PowerVR Series7 family is designed to address the privacy and security needs of evolving and emerging connected applications.

PowerVR Series7XT and Series7XE GPUs are optimized to support multiple independent security contexts and execution domains by providing CPU-agnostic hardware virtualization deeply embedded in the graphics architecture.

PowerVR Series7 - virtualization_zonesAdvanced security and hardware virtualization is fully supported in PowerVR Series7 GPUs

This new generation of GPUs will enable customers in segments such as automotive to build systems where the dashboard and infotainment system can run independently and reliably on the same platform. For Android smartphones and tablets, hardware virtualization can keep a user’s personal data secure from health data collected by a wearable device.

Extending protection at the networking level

Ensigma NPUs implement a range of security solutions including basic building blocks for on-chip cryptography (symmetric/asymmetric ciphers, authentication engines), high-performance protocol processing engines (for IPSec, MACSec, and SSL/DTLS offload) and secure infrastructure for SoCs. These solutions are designed to reduce power consumption and increase performance for high-throughput data processing and secure communications.

Applications for OmniShield

Click on the links below if you want to know how consumer and enterprise markets can benefit from our OmniShield platform:

We will be showing a few demonstrations for these applications at our summit. Make sure you also follow us on Twitter (@ImaginationTech, @ImaginationTech) for the latest news and announcements from Imagination.

Alex Voica

Alex Voica

Before deciding to pursue his dream of working in technology marketing, Alexandru held various engineering roles at leading semiconductor companies in Europe. His background also includes research in computer graphics and VR at the School of Advanced Studies Sant'Anna in Pisa. You can follow him on Twitter @alexvoica.

Please leave a comment below

Comment policy: We love comments and appreciate the time that readers spend to share ideas and give feedback. However, all comments are manually moderated and those deemed to be spam or solely promotional will be deleted. We respect your privacy and will not publish your personal details.

Blog Contact

If you have any enquiries regarding any of our blog posts, please contact:

United Kingdom
Tel: +44 (0)1923 260 511

Search by Tag

Search by Author

Related blog articles

Neural network accelerator (NNA) for the automotive industry

Imagination and Humanising Autonomy Part 1: The path to safer roads

Welcome to the first in a series of articles where we explore how Imagination and Humanising Autonomy, a UK-based behaviour AI company, are teaming up to deliver practical, real-world AI-driven active safety. We have talked at length about the steps that Imagination takes every day to make our world safer with automotive AI. Today we see advanced driver assistance systems (ADAS) that have AI at their core. From simple, dynamic satnav route planning, through lane keep assist, to full autonomous driving stacks, drivers are gradually becoming equipped with more ways than ever to take the stress out of their journeys.

Read More »

Meet David Higham: Focusing on functional safety

The ISO 26262 Digital Conference is a not-for-profit functional safety event organised by safety practitioners heavily involved with ISO 26262 and is designed to provide opportunities for those in the industry to network, share knowledge and engage in discussions. For obvious reasons, the event this year is taking place entirely online and will run between 24th – 25th March 2021.

Read More »


Sign up to receive the latest news and product updates from Imagination straight to your inbox.