What is Software Multi-tenancy in Embedded
Have you been wondering what exactly multi-tenancy means in SoCs, or
embedded systems? yes? you are at the right place. Let me explain
what it is in plain text, and give you some context and challenges
associated with it. Again its all about ARM Cortex-M based systems.
Let us consider a SoC, an IoT SoC, which has an application
processor, a Blue-Tooth Subsystem, a Wi-Fi Subsystem and may be an
You are the SoC designer/Manufacturer so you own the SoC hardware,
but you source the software running on your SoC from various
vendors. E.g. you can have a dobly decoder from dobly, you can have
a mp3 decoder from 'A' company, you can have Blue-tooth Software
from 'B' company and Wi-Fi software from 'C' company.
All these software IP are high value IPs, and each of these
companies providing their software would want to protect their
binary source code from being visible to each other. The companies
supplying their software IPs may even not want you as the SoC
manufacturer to have access to their binary code, in a potential,
where you can see it.
So you see, your SoC is hosting software IPs from various companies,
so your memory system is hosting multiple tenants. So you are now
required to implement 'Multi-Tenancy', such that the binary code of
these IPs are fully protected.
You may want to sell your SoC with software IPs from multiple
organizations as exemplified above to an OEM, and then it is your
responsibility to protect these IPs from the OEM as well.
So the biggest challenge here is to host these binary IPs on single
SoC, and yet protect them from anyone out there. In other words
Software IP protection is the main challenge in building a system
There is yet another challenge, though related to above, but not
obviously visible. That is every IP vendor may want to debug their
IP on your SoC, using an External Debugger, e.g JTAG or Serial Wire
Debugger. How will then the identity of the agent behind the
debugger will be established? Who is actually behind the debugger,
i.e. is it Dolby, or is it company A, or company B or company C, or
yourself or the OEM? And once the identity of the debugging agent is
known, how will you then make sure that while company A is debugging
their IP on your SoC, they only can see the binaries of their IP,
and not the binaries of other IPs?
Multi-Tenancy : IP Protection
To be able to distinguish the software running on the SoC, the
processor which is executing the software, must offer some hardware
support to be able to make distinction between the software. in ARM
world, the bare minimum requirement for the processor is to support
what is called privilege
mode and user (unprivileged) mode. Cortex M0 or M1 dont have
this support, so the bare minimum you would need is M0+ or M3.
Once the processor support is present, its not a very difficult
task, at least conceptually. The implementation may or may not be
complex, but that is beyond the scope of this techerature.
The processor which supports the privilege
mode and user (unprivileged) mode., always starts execution
from privileged mode immediately after reset.
Next => SoC Memory Architecture
Click Here to Make Comments or ask Questions