{"id":13642186,"url":"https://github.com/hex-five/multizone-iot-sdk","last_synced_at":"2025-04-20T16:30:44.642Z","repository":{"id":62648708,"uuid":"321508264","full_name":"hex-five/multizone-iot-sdk","owner":"hex-five","description":"MultiZone® Trusted Firmware is the quick and safe way to build secure IoT applications with any RISC-V processor. It provides secure access to commercial and private IoT clouds, real-time monitoring, secure boot, and remote firmware updates. The built-in Trusted Execution Environment provides hardware-enforced separation ... ","archived":false,"fork":false,"pushed_at":"2024-01-22T18:27:19.000Z","size":8717,"stargazers_count":19,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-08-03T01:25:50.484Z","etag":null,"topics":["attestation","digilent-arty-board","embedded-systems","firmware","freertos","iot","lwip","mbedtls","mqtt","multizone","ota-firmware-updates","risc-v","root-of-trust","secure-boot","tcp-ip","tee","tls","trusted-execution-environment","trustzone","xilinx-fpga"],"latest_commit_sha":null,"homepage":"https://hex-five.com/multizone-trusted-firmware-riscv/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hex-five.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-12-15T00:25:44.000Z","updated_at":"2024-07-19T03:52:04.000Z","dependencies_parsed_at":"2024-01-22T20:08:21.795Z","dependency_job_id":null,"html_url":"https://github.com/hex-five/multizone-iot-sdk","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hex-five%2Fmultizone-iot-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hex-five%2Fmultizone-iot-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hex-five%2Fmultizone-iot-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hex-five%2Fmultizone-iot-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hex-five","download_url":"https://codeload.github.com/hex-five/multizone-iot-sdk/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223832866,"owners_count":17210731,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attestation","digilent-arty-board","embedded-systems","firmware","freertos","iot","lwip","mbedtls","mqtt","multizone","ota-firmware-updates","risc-v","root-of-trust","secure-boot","tcp-ip","tee","tls","trusted-execution-environment","trustzone","xilinx-fpga"],"created_at":"2024-08-02T01:01:28.276Z","updated_at":"2024-11-09T13:30:48.302Z","avatar_url":"https://github.com/hex-five.png","language":"C","funding_links":[],"categories":["Other TEEs"],"sub_categories":["Memory Protection"],"readme":"# multizone-iot-sdk\n\nMultiZone® Trusted Firmware is the quick and safe way to build secure IoT applications with any RISC-V processor. It provides secure access to commercial and private IoT clouds, real-time monitoring, secure boot, and remote firmware updates. The built-in Trusted Execution Environment provides hardware-enforced separation to shield the execution of trusted applications from untrusted 3rd party libraries.\n\nComplete IoT firmware optimized for RISC-V processors:\n\n- Provides secure access to any IoT clouds, secure boot, remote firmware updates, etc.\n- Works with any RISC-V processor: no need for proprietary TrustZone-like hardware\n- Rapid development: pre-integrated TEE, TCP/IP, TLS/ECC, MQTT, FreeRTOS, GCC, Eclipse\n- Built-in Trusted Execution Environment RTOS providing 4 separated HW/SW “worlds”\n- Commercial open source license: no GPL contamination, no royalties, priced per design\n\nMultiZone® Trusted Firmware works with any 32-bit and 64-bit RISC-V processor with standard U-mode extension. For a quick start, we recommend the development kit based on the open source softcore X300 developed by Hex Five Security. It is an enhanced version of the E300 SoC (Rocket rv32) originally developed at U.C. Berkeley. Like the E300, the X300 is designed to be programmed onto a Xilinx Artix-7. The X300 bitstream is entirely free for commercial and non-commercial use.\n\nThis version of MultiZone® Trusted Firmware supports the following hardware development kits:\n\n- [Xilinx Artix-7 Arty FPGA Evaluation Kit](https://www.xilinx.com/products/boards-and-kits/arty.html)\n\n- [Microchip PolarFire SoC FPGA Icicle Kit](https://www.microsemi.com/existing-parts/parts/152514)\n\nThis repository is for the Digilent ARTY board.\n\nThe Arty FPGA Evaluation Kit requires the following open source softcore:\n\n- [Hex Five X300 RV32ACIMU - Permissive license, free for any use.](https://github.com/hex-five/multizone-fpga)\n\nFor instructions on how to upload the bitstream to the ARTY board and how to connect the [Olimex debug head ARM-USB-TINY-H](https://www.olimex.com/Products/ARM/JTAG/ARM-USB-TINY-H/) see [Arty FPGA Dev Kit Getting Started Guide](https://sifive.cdn.prismic.io/sifive%2Fed96de35-065f-474c-a432-9f6a364af9c8_sifive-e310-arty-gettingstarted-v1.0.6.pdf) and [connecting the FPGA to a JTAG debugger](https://hex-five.com/wp-content/uploads/ARTY-JTAG.png)\n\n### Quick Start ###\n\nPrebuilt fpga bitstreams including the X300 RISC-V SoC and the MultiZone Trusted Firmware are provided as release assets ready to go:\n\n- [multizone-iot-sdk-arty-35t.mcs](https://github.com/hex-five/multizone-iot-sdk/releases/download/v2.2.8/multizone-iot-sdk-arty-35t.mcs)\n\n- [multizone-iot-sdk-arty-100t.mcs](https://github.com/hex-five/multizone-iot-sdk/releases/download/v2.2.8/multizone-iot-sdk-arty-100t.mcs)\n\nIf you are impatient to run the MultiZone Trusted Firmware demo, just upload the right bitstream to your Arty board and skip all steps below. For this you only need [Xilinx Vivado Lab](https://www.xilinx.com/support/download.html) an the instructions at https://github.com/hex-five/multizone-fpga#readme \n\n\n### Installation ###\n\nThe MultiZone SDK works with any versions of Linux, Windows, and Mac capable of running Java 1.8 or greater. The directions in this readme have been carefully verified with fresh installations of Ubuntu 20.04, Ubuntu 19.10, Ubuntu 18.04.5, and Debian 10.5. Other Linux distros are similar. Windows developers may want to install a Linux emulation environment like MYSYS2/MinGW64 or, even better, Windows Subsystem for Linux. Hex Five's precompiled gnu toolchain and openOCD for Windows are available at https://hex-five.com/download/\n\n**Linux prerequisites**\n\n```\nsudo apt update\nsudo apt install git make default-jre libhidapi-dev libftdi1-2\nsudo apt install gtkterm mosquitto-clients\n```\n_Note_: the package gtkterm is optional and required only to connect to the reference application via a local terminal. It is not required to build, debug, and load the MultiZone firmware or to connect to the target via Ethernet. Any other serial terminal application of choice would do.\n\n_Note_: the package mosquitto-clients is optional and required only to test MQTT funcionality including telemetry and remote firmware updates. It is not required to build, debug, and load the MultiZone firmware or to connect to the target via Ethernet. Any other MQTT client application of choice would do.\n\nUbuntu 18.04 LTS additional dependency\n```\nsudo add-apt-repository \"deb http://archive.ubuntu.com/ubuntu/ focal main universe\"\nsudo apt update\nsudo apt install libncurses-dev\n```\n\n**GNU RISC-V Toolchain**\n\nHex Five reference build: RISC-V GNU Toolchain Linux 64-bit June 18, 2021\n```\ncd ~\nwget https://hex-five.com/wp-content/uploads/riscv-gnu-toolchain-20210618.tar.xz\ntar -xvf riscv-gnu-toolchain-20210618.tar.xz\n```\n\n**OpenOCD on-chip debugger**\n\nHex Five reference build: RISC-V openocd Linux 64-bit August 7, 2021\n```\ncd ~\nwget https://hex-five.com/wp-content/uploads/riscv-openocd-20210807.tar.gz\ntar -xvf riscv-openocd-20210807.tar.gz\n```\n\n**Linux USB udev rules**\n\n```\nsudo vi /etc/udev/rules.d/99-openocd.rules\n\n# Future Technology Devices International, Ltd FT2232C Dual USB-UART/FIFO IC\nSUBSYSTEM==\"tty\", ATTRS{idVendor}==\"0403\",ATTRS{idProduct}==\"6010\", MODE=\"664\", GROUP=\"plugdev\"\nSUBSYSTEM==\"usb\", ATTR{idVendor} ==\"0403\",ATTR{idProduct} ==\"6010\", MODE=\"664\", GROUP=\"plugdev\"\n\n# Olimex Ltd. ARM-USB-TINY-H JTAG interface\nSUBSYSTEM==\"tty\", ATTRS{idVendor}==\"15ba\",ATTRS{idProduct}==\"002a\", MODE=\"664\", GROUP=\"plugdev\"\nSUBSYSTEM==\"usb\", ATTR{idVendor} ==\"15ba\",ATTR{idProduct} ==\"002a\", MODE=\"664\", GROUP=\"plugdev\"\n```\nReboot for these changes to take effect.\n\n**MultiZone IoT SDK**\n\n```\ncd ~\ngit clone --recursive https://github.com/hex-five/multizone-iot-sdk.git\ncd multizone-iot-sdk\ngit apply -p1 ext/lwip.patch --directory=ext/lwip\ngit apply -p1 ext/freertos.patch --directory=ext/freertos\n```\n**_Important_**: make sure to apply the lwIP patch above. Without the lwIP patch the firmware is NOT secure!\n\n**_Important_**: FreeRTOS is optional as the MultiZone TEE provides its own RTOS. If you intend to use FreeRTOS, make sure to apply the freertos patch above. \n\n\n### Build \u0026 load the MultiZone IoT firmware ###\n\nConnect the target board to the development workstation as indicated in the user manual.\n'ls multizone-iot-sdk/bsp' shows the list of supported targets: X300.\nAssign one of these values to the BOARD variable - default is X300.\n\n```\ncd ~/multizone-iot-sdk\nexport RISCV=~/riscv-gnu-toolchain-20210618\nexport OPENOCD=~/riscv-openocd-20210807\nexport BOARD=X300\nmake \nmake load\n```\nNote: With some older versions of the ftdi libraries, the first \"make load\" after powering the board may take a bit longer. If you don't want to wait, the simple workaround is to reset the FPGA board to abort the openOCD session. If you do this, make sure to kill the openocd process on your computer. Subsequent loads will work as expected and take approximately 10 seconds.\n\n\n### Connect the device to the MQTT Broker ###\n\nMake sure switch SW3 is positioned close to the edge of the board.\n\nMake sure the board is properly powered. An external power adapter 7-15V connected to J13 is recomended. USB hubs and weak computer USB ports will interfere with Ethernet operations and result in unexpected random behavior.     \n\nDisconnect the JTAG connector if OpenOCD is not in use otherwise the CPU is permanently halted and the system won't boot.\n\nConnect the UART port (ARTY micro USB J10) as indicated in the user manual. On your computer, start a serial terminal console (gtkterm) and connect to /dev/ttyUSB1 at 115200-8-N-1.\n\nConnect the Ethernet port to an Internet router, or to your computer if Internet sharing is enabled - see https://help.ubuntu.com/community/Internet/ConnectionSharing. The router should provide DHCP configuration including one DNS servers. There is no need to open inbound ports for the MQTT client to work. If your local network blocks outbound connections to the default MQTT/TLS port 8883, you can reconfigure the client to use the HTTPS/TLS port 443, which is usually open - see MQTT configuration file [mqtt_config.h](https://github.com/hex-five/multizone-iot-sdk/blob/master/zone1/mqtt_config.h) \n\nPress the reset button on the board and hit the enter key a few times on your serial terminal to synchronize the UART port.  \n\nAfter a few seconds the client should connect to the Hex Five's public MQTT broker:\n\n```\n=====================================================================\n      \t             Hex Five MultiZone® Security                    \n    Copyright© 2020 Hex Five Security, Inc. - All Rights Reserved    \n=====================================================================\nThis version of MultiZone® Security is meant for evaluation purposes \nonly. As such, use of this software is governed by the Evaluation    \nLicense. There may be other functional limitations as described in   \nthe evaluation SDK documentation. The commercial version of the      \nsoftware does not have these restrictions.                           \n=====================================================================\nMachine ISA   : 0x40101105 RV32 ACIMU \nVendor        : 0x0000057c Hex Five, Inc. \nArchitecture  : 0x00000001 X300 \nImplementation: 0x20181004 \nHart id       : 0x0 \nCPU clock     : 64 MHz \nRTC clock     : 16 KHz \n\nPLIC @0x0c000000\nDMAC @0x10040000\nUART @0x10013000\nGPIO @0x10012000\nEMAC @0x60000000\n\nZ1 \u003e netif_link_callback: up\n \nZ1 \u003e netif_status_callback: address 192.168.0.130\n \nZ1 \u003e dns_callback: mqtt-broker.hex-five.com 54.176.2.35\n \nZ1 \u003e sntp_process: 1634164010 Wed Oct 13 15:29:30 2021\n \nZ1 \u003e client_id: mzone-2094fc9a\n \nZ1 \u003e mqtt: connecting ... \n \nZ1 \u003e mqtt: connected \n \nZ2 \u003e\n```\n\nHit enter on an empty line to show the list of commands available:\n\n```\nZ2 \u003e Commands: yield send recv pmp load store exec dma stats timer restart\n```\n\n- **yield**: yield the CPU to the next zone showing the time taken to loop through all zones\n- **send/recv**: exchange messages with any zones. Zone 1 is the gateway to the MQTT broker: messages sent to zone 1 are forwarded to the broker topic device-id/zone. Messages sent to the broker topic device-id/zone are forwarded to the respective zone\n- **pmp**: show the separation policies for zone 2, which is the zone operating the local terminal\n- **load/store**: read and write data from/to any arbitrary physical memory location\n- **exec**: jump the execution of the zone to any arbitrary memory location\n- **dma**: submit a protected DMA transfer request\n- **stats**: repeat the yield command multiple times and print detailed kernel statistics\n- **timer**: set the zone timer to current time plus a time delay expressed in milliseconds\n- **restart**: jump the execution of this zone to the base address of the first pmp range restarting the zone\n\nFor a detailed explanation of the features of the MultiZone TEE see the [MultiZone TEE Reference Manual](https://github.com/hex-five/multizone-iot-sdk/blob/master/ext/multizone/manual.pdf)\n\n_Note:_ take note of your randomly generated client_id as you'll need it to interact with the target via MQTT messages published and subscribed to topics mzone-xxxxxxxx/zonex (mzone-2094fc9a in the example above). The MQTT client_id is generated randomly for each new MQTT session upon board reset.\n\n\n### Send and receive MQTT messages ###\n```\ncd ~/multizone-iot-sdk\nexport MQTT=\" --host mqtt-broker.hex-five.com\"\nexport MQTT=$MQTT\" --cafile pki/hexfive-ca.crt\"\nexport MQTT=$MQTT\" --cert pki/test.crt\"\nexport MQTT=$MQTT\" --key pki/test.key\"\n```\n_Note:_ in the following examples replace \"mzone-2094fc9a\" with your randomly generated client id.\n\n\nSubscribe (listen) to all topics for your device - background process:\n```\nmosquitto_sub $MQTT -t mzone-2094fc9a/# -v \u0026\n```\n\nPublish (send) a \"ping\" message to zone #1:\n```\nmosquitto_pub $MQTT -t mzone-2094fc9a/zone1 -m ping\n```\nObserve the \"pong\" reply received in the background.\n\n\n### Deploy Remote Firmware Updates ###\n\nDeploy the rainbow LED appication to zone #3 (binary zone3.1/zone3.bin):\n```\nmosquitto_pub $MQTT -t mzone-2094fc9a/zone3 -f zone3.1/zone3.bin\n```\n\nDelopy the robot application to zone #4 (binary zone4.1/zone4.bin):\n```\nmosquitto_pub $MQTT -t mzone-2094fc9a/zone4 -f zone4.1/zone4.bin\n```\n\nOptional: delopy the FreeRTOS-based version of the robot application (binary zone4.2/zone4.bin):\n```\nmosquitto_pub $MQTT -t mzone-2094fc9a/zone4 -f zone4.2/zone4.bin\n```\n\n_Note:_ For a complete explanation of the functionality of each zone/application see the [MultiZone SDK Reference Manual](https://github.com/hex-five/multizone-iot-sdk/blob/master/ext/multizone/manual.pdf).\n\n\n### Technical Specs ###\n\n\u003ctable border=0 cellspacing=0 cellpadding=0 width=1122 style='width:841.25pt;border-collapse:collapse'\u003e\n \n\u003ctr style='height:33.55pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border:solid #FFC000 1.0pt;\n  border-right:none;background:#FFC000;padding:.05in .1in .05in .1in;\n  height:33.55pt'\u003e\n  \u003cp\u003e\u003cb\u003eStack Component\u003c/b\u003e\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border-top:solid #FFC000 1.0pt;\n  border-left:none;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  background:#FFC000;padding:.05in .1in .05in .1in;height:33.55pt'\u003e\n  \u003cp\u003e\u003cb\u003e\u003cspan style='color:black'\u003eFeatures\u003c/span\u003e\u003c/b\u003e\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border-top:solid #FFC000 1.0pt;\n  border-left:none;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  background:#FFC000;padding:.05in .1in .05in .1in;height:33.55pt'\u003e\n  \u003cp\u003e\u003cb\u003e\u003cspan style='color:black'\u003eSize\u003c/span\u003e\u003c/b\u003e\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border:solid #FFC000 1.0pt;\n  border-left:none;background:#FFC000;padding:.05in .1in .05in .1in;height:\n  33.55pt'\u003e\n  \u003cp\u003e\u003cb\u003e\u003cspan style='color:black'\u003eLicense\u003c/span\u003e\u003c/b\u003e\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n\n \u003ctr style='height:47.65pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border-top:none;border-left:\n  solid #FFC000 1.0pt;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  padding:.05in .1in .05in .1in;height:47.65pt'\u003e\n  \u003cp\u003e\u003cb\u003eReference Hardware\u003c/b\u003e\u003c/p\u003e\n  \u003cp class=MsoListParagraphCxSpFirst style='text-indent:-.25in'\u003eDigilent ARTY7 35T/100T FPGA\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eHex Five X300 SoC IP\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:47.65pt'\u003e\n  \u003cp class=MsoListParagraphCxSpMiddle\u003e\u0026nbsp;\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eRISC-V core RV32ACIMU 4-way i-cahe 65MHz\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eEthernet: Xilinx EthernetLite Ethernet core\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:47.65pt'\u003e\u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border-top:none;border-left:\n  none;border-bottom:solid #FFC000 1.0pt;border-right:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:47.65pt'\u003e\n  \u003cp\u003e\u003cspan lang=EN-GB\u003eApache 2.0 license\u003c/span\u003e\u003c/p\u003e\n  \u003cp\u003e\u003cspan lang=EN-GB\u003epermissive \u003c/span\u003e\u003c/p\u003e\n  \u003cp\u003ecommercial use ok\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr style='height:44.0pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border-top:none;border-left:\n  solid #FFC000 1.0pt;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  padding:.05in .1in .05in .1in;height:44.0pt'\u003e\n  \u003cp\u003e\u003cb\u003eIDE \u0026amp; Toolchain\u003c/b\u003e\u003c/p\u003e\n  \u003cp class=MsoListParagraphCxSpFirst style='text-indent:-.25in'\u003eEclipse IDE + openOCD debug\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eGNU GCC, GDB, …\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:44.0pt'\u003e\n  \u003cp style='text-indent:-.25in'\u003eGCC multi-lib rv32, rv32e, rv64, GDB, openOCD\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eHex Five pre-built GCC binaries (optional)\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eHex Five pre-built OpenOCD binaries (optional)\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:44.0pt'\u003e\u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border-top:none;border-left:\n  none;border-bottom:solid #FFC000 1.0pt;border-right:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:44.0pt'\u003e\n  \u003cp\u003eGNU General Public License version 3\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr style='height:50.2pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border-top:none;border-left:\n  solid #FFC000 1.0pt;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e\u003cb\u003eTCP/IP library\u003c/b\u003e\u003c/p\u003e\n  \u003cp class=MsoListParagraphCxSpFirst style='text-indent:-.25in'\u003eLWIP 2.1.3\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eHex Five security extensions\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp style='text-indent:-.25in'\u003eIP, ICMP, UDP, TCP, ARP, DHCP, DNS, SNTP, MQTT\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eLight weight single threaded execution\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eFully integrated with SSL stack\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e 40KB ROM\u003c/p\u003e\n  \u003cp\u003e 16KB RAM\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border-top:none;border-left:\n  none;border-bottom:solid #FFC000 1.0pt;border-right:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003eModified BSD\u003c/p\u003e\n  \u003cp\u003epermissive\u003c/p\u003e\n  \u003cp\u003ecommercial use ok\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr style='height:50.2pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border-top:none;border-left:\n  solid #FFC000 1.0pt;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e\u003cb\u003eSSL library\u003c/b\u003e\u003c/p\u003e\n  \u003cp class=MsoListParagraphCxSpFirst style='text-indent:-.25in'\u003embed TLS 2.28.1\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eHex Five secure configuration\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp style='text-indent:-.25in'\u003eTLSv1.2, Cipher TLS_AES_128_GCM_SHA256\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eECC: prime256v1, Private Key NIST CURVE: P-256\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eMutual authentication, Cert expiration verification, TLS large\n  fragment \u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e 64KB ROM\u003c/p\u003e\n  \u003cp\u003e 32KB RAM\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border-top:none;border-left:\n  none;border-bottom:solid #FFC000 1.0pt;border-right:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e\u003cspan lang=EN-GB\u003eApache 2.0 license\u003c/span\u003e\u003c/p\u003e\n  \u003cp\u003e\u003cspan lang=EN-GB\u003epermissive \u003c/span\u003e\u003c/p\u003e\n  \u003cp\u003ecommercial use ok\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr style='height:50.2pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border-top:none;border-left:\n  solid #FFC000 1.0pt;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e\u003cb\u003eReal Time OS \u003c/b\u003e(optional)\u003c/p\u003e\n  \u003cp class=MsoListParagraphCxSpFirst style='text-indent:-.25in'\u003eFreeRTOS 10.3.0\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eHex Five integration with TEE\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp style='text-indent:-.25in'\u003eSecure unprivileged execution of kernel, tasks, and interrupt\n  handlers\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eNo memory shared with TCP/IP and SSL library code\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eNo memory shared with other applications running in separate\n  zones\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e 32KB ROM\u003c/p\u003e\n  \u003cp\u003e 16KB RAM\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border-top:none;border-left:\n  none;border-bottom:solid #FFC000 1.0pt;border-right:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003eMIT open-source license\u003c/p\u003e\n  \u003cp\u003epermissive\u003c/p\u003e\n  \u003cp\u003ecommercial use ok\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr style='height:50.2pt'\u003e\n  \u003ctd width=246 valign=top style='width:184.25pt;border-top:none;border-left:\n  solid #FFC000 1.0pt;border-bottom:solid #FFC000 1.0pt;border-right:none;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e\u003cb\u003eTrusted Execution Environment\u003c/b\u003e\u003c/p\u003e\n  \u003cp class=MsoListParagraphCxSpFirst style='text-indent:-.25in'\u003eMultiZone Security TEE 2.2.2\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eRISC-V secure DMA extension\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eRISC-V shared PLIC extension\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=528 valign=top style='width:5.5in;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp style='text-indent:-.25in'\u003e4 separated Trusted Execution Environments (zones) enforced via\n  PMP\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003e8 memory-mapped resources per zone – i.e. ram, rom, i/o, uart,\n  gpio, eth, …\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eSecure inter-zone messaging – no shared memory, no buffers, no\n  stack, etc\u003c/p\u003e\n  \u003cp style='text-indent:-.25in'\u003eProtected user-mode interrupt handlers mapped to zones – plic /\n  clint\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=96 valign=top style='width:71.75pt;border:none;border-bottom:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003e   8KB ROM\u003c/p\u003e\n  \u003cp\u003e   2KB RAM\u003c/p\u003e\n  \u003c/td\u003e\n  \u003ctd width=252 valign=top style='width:189.25pt;border-top:none;border-left:\n  none;border-bottom:solid #FFC000 1.0pt;border-right:solid #FFC000 1.0pt;\n  padding:.05in .1in .05in .1in;height:50.2pt'\u003e\n  \u003cp\u003eFree evaluation\u003c/p\u003e\n  \u003cp\u003eCommercial license priced per design perpetual, no\n  royalties, no GPL contamination\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/table\u003e\n\n\n### Additional Resources ###\n\n- [MultiZone IoT Firmware Quick Start Guide](https://hex-five.com/)\n- [MultiZone IoT Firmware Datasheet](https://hex-five.com/)\n- [MultiZone IoT Firmware Website](https://hex-five.com/multizone-secure-iot-firmware-riscv/)\n- [MultiZone TEE Reference Manual](http://github.com/hex-five/multizone-sdk/blob/master/manual.pdf)\n- [MultiZone TEE Datasheet](https://hex-five.com/wp-content/uploads/2020/01/multizone-datasheet-20200109.pdf)\n- [MultiZone TEE Website](https://hex-five.com/multizone-security-sdk/)\n- [Frequently Asked Questions](http://hex-five.com/faq/)\n- [Contact Hex Five http://hex-five.com/contact](http://hex-five.com/contact)\n\n\n### Legalities ###\n\nPlease remember that export/import and/or use of strong cryptography software, providing cryptography hooks, or even just communicating technical details about cryptography software is illegal in some parts of the world. So when you import this software to your country, re-distribute it from there or even just email technical suggestions or even source patches to the authors or other people you are strongly advised to pay close attention to any laws or regulations which apply to you. Hex Five Security, Inc. and the authors of the software included in this repository are not liable for any violations you make here. So be careful, it is your responsibility.\n\n_MultiZone and HEX-Five are registered trademarks of Hex Five Security, Inc._\n\n_MultiZone technology is protected by patents US 11,151,262 and PCT/US2019/038774_\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhex-five%2Fmultizone-iot-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhex-five%2Fmultizone-iot-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhex-five%2Fmultizone-iot-sdk/lists"}