Design and implementation of a RISC-V processor including security features

In an age where digital security is paramount, the development of secure and efficient processors is crucial for safeguarding sensitive information and ensuring the integrity of computing systems. As cyber threats evolve in sophistication, there is an increasing demand for hardware-level security features that can provide robust defenses against various attacks. One effective way to make processors more secure is to include special instructions directly in the hardware. This thesis focuses on designing and making a RISC-V processor that has these security features. The goal is to significantly improve the processor's capability to execute cryptography tasks efficiently and securely, leveraging the newly ratified RISC-V Cryptography Extensions. This research holds substantial significance as it advances secure processor design, which is critical for applications ranging from personal computing to large-scale data centers and vital infrastructure protection. The research begins by selecting SystemVerilog as the preferred hardware description language and evaluating various 64-bit cores for compatibility with Linux. Ultimately, the CVA6 is chosen as the optimal platform. This CPU adheres to the 64-bit RISC-V instruction set and supports multiple extensions and three levels of user access similar to Unix systems. The study also thoroughly investigates the RISC-V Cryptography Extensions Volume I to establish the project's foundation. It involves meticulously designing a cryptography accelerator within the processor, followed by rigorous testing phases that include functional testing, spike simulation validation, and comprehensive regression testing to ensure reliability. Extensive code coverage analysis validates the effectiveness of the test suite. The culmination of these efforts results in the successful integration of the cryptography accelerator as a co-processor within the CVA6 core, significantly enhancing its security capabilities and extending its functionality. For instance, the AES encryption algorithm demonstrates performance improvements with speed gains of approximately 94\% and reduced code size. In decryption, a 98\% reduction in execution time is observed, along with a decrease in code size, significantly enhancing the implementation security of cryptography algorithms through hardware-based computation. The thesis concludes with a thorough analysis of the results, underscoring the contributions' significance and suggesting avenues for future research and development. Hardware implementations inherently enhance security by isolating critical functions from the main processor, thereby reducing vulnerability to malicious software and mitigating certain types of attacks like side-channel threats. Moreover, hardware implementations offer constant-time execution for cryptography algorithms, further bolstering security measures.