Download PDFOpen PDF in browserHardware Isolation Support for Low-Cost SoC-FPGAsEasyChair Preprint 882915 pages•Date: September 13, 2022AbstractIn the last years, System-on-Chip (SoC)-FPGAs have been widely used in Mixed-Criticality Systems, where multiple applications with different criticality domains are executed. In these systems, it is essential to guarantee isolation between the associated memory regions and peripherals of different application domains. Most high-performance SoC-FPGAs already provide hardware components for supporting isolation. By contrast, low-cost SoC-FPGAs usually don't have any mechanism for guaranteeing isolation. In this paper, we investigate the problem of hardware spatial isolation in low-cost SoC-FPGAs. First, we point out the issues and the limitations given by the fixed components in the Processing System and show how to address them. Second, we propose a Protection Unit, which is a lightweight hardware architecture for AXI communication that ensures memory and peripheral isolation between masters of different protection domains. The proposed architecture can be instantiated either on the master or on the slave side of an AXI interconnection. In addition, it is scalable from 1 to 16 memory regions, and application domains and policies are set up at run-time. We implement our architecture on the SoC-FPGA XC7Z020, where a Microblaze soft-core and the Arm Cortex-A9 are used simultaneously for different application domains. In the proposed implementation, the Protection Unit is implemented in combinatorial logic, and its execution does not contribute to the critical path. Therefore, it adds zero latency for the single communication transition and uses only 0,5% lookup tables and 0,1% flip-flops of the target SoC-FPGA. Keyphrases: Edge Computing, Hypervisor, Multi-core SoCs, hardware/software co-design, mixed-criticality systems, spatial isolation
|