Software Multi-Tenancy.
-Aviral Mittal

Connect @


What is Software Multi-tenancy in Embedded Systems.
Have you been wondering what exactly multi-tenancy means in SoCs, or embedded systems? yes? you are at the right place. Let me explain what it is in plain text, and give you some context and challenges associated with it. Again its all about ARM Cortex-M based systems.
Let us consider a SoC, an IoT SoC, which has an application processor, a Blue-Tooth Subsystem, a Wi-Fi Subsystem and may be an Audio Subsystem.
You are the SoC designer/Manufacturer so you own the SoC hardware, but you source the software running on your SoC from various vendors. E.g. you can have a dobly decoder from dobly, you can have a mp3 decoder from 'A' company, you can have Blue-tooth Software from 'B' company and Wi-Fi software from  'C' company.
All these software IP are high value IPs, and each of these companies providing their software would want to protect their binary source code from being visible to each other. The companies supplying their software IPs may even not want you as the SoC manufacturer to have access to their binary code, in a potential, where you can see it.
So you see, your SoC is hosting software IPs from various companies, so your memory system is hosting multiple tenants. So you are now required to implement 'Multi-Tenancy', such that the binary code of these IPs are fully protected.
You may want to sell your SoC with software IPs from multiple organizations as exemplified above to an OEM, and then it is your responsibility to protect these IPs from the OEM as well.
So the biggest challenge here is to host these binary IPs on single SoC, and yet protect them from anyone out there. In other words Software IP protection is the main challenge in building a system with multi-tenancy.

There is yet another challenge, though related to above, but not obviously visible. That is every IP vendor may want to debug their IP on your SoC, using an External Debugger, e.g JTAG or Serial Wire Debugger. How will then the identity of the agent behind the debugger will be established? Who is actually behind the debugger, i.e. is it Dolby, or is it company A, or company B or company C, or yourself or the OEM? And once the identity of the debugging agent is known, how will you then make sure that while company A is debugging their IP on your SoC, they only can see the binaries of their IP, and not the binaries of other IPs?

Multi-Tenancy : IP Protection
To be able to distinguish the software running on the SoC, the processor which is executing the software, must offer some hardware support to be able to make distinction between the software. in ARM world, the bare minimum requirement for the processor is to support what is called privilege mode and user (unprivileged) mode. Cortex M0 or M1 dont have this support, so the bare minimum you would need is M0+ or M3.
Once the processor support is present, its not a very difficult task, at least conceptually. The implementation may or may not be complex, but that is beyond the scope of this techerature.
The processor which supports the privilege mode and user (unprivileged) mode., always starts execution from privileged mode immediately after reset.

                                    Next => SoC Memory Architecture

Click Here to Make Comments or ask Questions