First secure IoT stack for RISC-V

wolfSSL, a provider of TLS cryptography, and Hex Five Security, provider of MultiZone™ Security, the first Trusted Execution Environment (TEE) for RISC-V, announced the general availability of the industry-first secure IoT stack for RISC-V – a TLS 1.3 reference implementation of FreeRTOS with hardware-enforced separation between OS, TCP/IP stack and root of trust.

FreeRTOS is the leading real-time operating system in the market. However, recentsecurity vulnerabilitiesidentified in its connectivity stack highlight the risk inherent in monolithic system designs – the lack of separation between individual functional blocks where the exploit of one vulnerable area exposes the entire system to attack. The MultiZone™ Security Trusted Execution Environment allows to separate the monolithic firmware into an unlimited number of physically isolated zones, de-facto preventing shared memory attacks, privilege escalation and lateral movement: the exploit of any zone vulnerability is confined to that zone and doesn’t propagate to the rest of the system.

“Security through separation is a fundamental building block of a secure system – however legacy Trusted Execution Environments have only enabled one barrier which does not support the complexity of a modern IoT device.” Said Todd Ouska, CTO and co-founder of wolfSSL. “MultiZone™ Security enables an unlimited number of secure zones, providing the flexibility for a proper security implementation.”

“wolfSSL’s TLS 1.3 library is broadly recognized as the gold standard for crypto performance and code size.” said Cesare Garlati, founder of Hex Five and member of the RISC-V Foundation. “We’re excited to partner with wolfSSL to bring their capabilities to the broad RISC-V community and provide the first secure IoT stack implementation for RISC-V.”

The concept of security through separation is particularly important in embedded computing. The complexity of modern systems, including packaging machinery, is such that no single vendor can really afford to develop all of the pieces that are, in the end, part of the final piece of machinery. So, there’s an implicit need to trust other vendors, including their own technology and their own software.

When machine builders get into safety and security, this is problematic because all it takes is an exploitable vulnerability in one single component of the overall system to compromise the brand and the equipment.

“We are all surrounded by connected devices, including packaging machinery, that are potentially exposed to remote attack since there’s no separation built into the hardware itself,” Garlati says. “That’s where MultiZone™ Security comes into play. It provides an unlimited number of containers, or separated zones as we call them, for the designer of the system to create the level of separation that allows for what we call Zero Trust, the model this kind of architecture allows. Zero Trust means that if any one of these individual functional blocks, that come from open source or third parties, is exploited, the attack will not spill or spread to the rest of the system.”

It’s well known that would-be attackers get into any target, for instance packaging machinery, via its weakest point, then propagate laterally throughout the system. MultiZone™ Security separation mitigates exposure to risk since it’s quarantined to the single point of ingress.

Why is this different and what does this mean to packaging OEMs? Machine builders as much as anyone have been forced to trust all of their supply chain vendors out of sheer necessity. And they will still need to rely on their controls and software providers. This system allows them to continue to do so, but in a safer way, according to Garlati. The RISC-V ISA is free, so there are no royalties associated with the development of the processor, limiting the overall price of the system. And the MultiZone Trusted Execution Environment is baked into the RISC-V hardware itself, so there’s no need to add expensive additional hardware components.

“Also, within the security community is the concept of an attack surface,’ Garlati says. “It’s often the case that the more complex is the software, the worse it gets just because more lines of code mean more exposure to attack. MultiZone Security is an extremely thin layer of firmware that goes into the hardware itself, and it’s so light that it allows for formal verifications, a mathematical verification process.”

The secure IoT stack for RISC-V is open source and available on GitHub at

More in Controls & automation