CVA6's Data cache: Structure and Behavior

Abstract

This paper addresses the critical lack of detailed documentation regarding the data cache microarchitecture within the widely used RISC-V CVA6 core, a necessary precursor for successful security research. Since microarchitectural attacks like Prime+Probe are increasingly targeting RISC-V CPUs, understanding the underlying hardware is mandatory for replication and mitigation studies. The work provides a rigorous analysis of the CVA6 data cache structure and behavior, focusing on its memory layout and the process of handling memory allocation requests.

Report

Key Highlights

• Security Context: The research is situated within the field of microarchitectural attacks, stemming from disclosures like Spectre and Meltdown, emphasizing the continued relevance of cache attacks (e.g., Prime+Probe).
• RISC-V Targeting: Microarchitectural attacks are increasingly moving beyond Intel architectures to challenge RISC-V CPUs, specifically targeting the popular OpenHW Group's CVA6 (formerly Ariane) core.
• Documentation Gap: The core contribution is filling a significant gap in knowledge by presenting detailed, previously unavailable information on the CVA6 data cache structure and behavior.
• Enabling Research: This detailed information is deemed mandatory for researchers attempting to replicate microarchitectural studies, such as the Prime+Probe attack, on the CVA6 CPU.

Technical Details

• Target CPU: CVA6 (formerly Ariane), developed by ETH Zurich and maintained by the OpenHW Group.
• Core Specification: CVA6 is described as a 6-stage, single-issue, in-order CPU.
• Focus Area: Detailed microarchitectural presentation of the Data cache implementation.
• Methodology: The paper focuses on the cache's internal memory structure and uses several examples to explain the processes involved when a memory allocation request is handled.

Implications

• Enhanced RISC-V Security Research: By providing granular details of the cache implementation, this paper acts as a foundational resource, enabling sophisticated security analysis and the development of effective hardware mitigations against side-channel and microarchitectural attacks on the CVA6 core.
• Ecosystem Maturity: The necessity of documenting these low-level details confirms that RISC-V cores like CVA6 are maturing into significant targets, requiring the same deep security introspection previously reserved for commercial x86 architectures.
• Transparency for Open Hardware: This documentation improves transparency for one of the most prominent open-source RISC-V implementations, benefiting both academic researchers and commercial adopters of the OpenHW Group’s IP.