How to Secure Unique Ecosystem Shipping 1 Billion+ Cores?
Black Hat USA 2025 · Day 1 · Briefings
NVIDIA is shipping over one billion RISC-V cores across its GPU, SoC, and data center product lines, having replaced its proprietary Falcon architecture with a custom RISC-V implementation called NVRISCV inside a hardware subsystem called Peregrine. At Black Hat 2025, Adam Zabrocki and Marco Mittik detailed the full security stack NVIDIA built atop this foundation — including pointer masking, hardware control flow integrity, memory tagging, a formally verified separation kernel written in Ada SPARK, and hardware glitch protections — along with the hard lessons learned about RISC-V fragmentation, custom extension costs, and the inescapable need for hardware-software co-design at scale. ---
AI review
NVIDIA shipping a billion RISC-V cores with a formally verified Ada SPARK separation kernel and hardware CFI is not a marketing slide — it's the most serious embedded security engineering I've seen discussed publicly from a GPU vendor. Zabrocki understands that co-design isn't a buzzword; it's the only option.