Cyber Security White Paper—Cyber Security White Paper of HiSilicon (Shanghai)

HiSilicon (Shanghai) Technology Co., Ltd, hereinafter referred to as HiSilicon (Shanghai), is a world-leading fabless semiconductor design company, providing leading chipset solutions and services for general smart devices in smart homes, smart cities, smart mobility, and more. Our portfolio covers a wide range of fields, including smart vision, smart IoT, smart media, smart transportation, automotive electronics, and display.

HiSilicon (Shanghai) provides developer-oriented services, delivering chipsets and SDKs to manufacturers. SDKs include LiteOS, secure OS, SOC drivers & peripheral drivers, UNF/MPI (media processing interface), and communication protocol stacks (PLC/Wi-Fi/NB-IoT/BT/4G/5G), tools, reference code, open-source and third-party software, and documents. Manufacturers can define, design, develop, test, release, produce, and maintain their own products based on the deliverables of HiSilicon (Shanghai). Figure 1-1 shows the business scope of HiSilicon (Shanghai).

Figure 1-1 Business scope

Business Scope

1. Commercial components delivered by HiSilicon (Shanghai): chipsets and SDKs. Here, SDKs refer to LiteOS, secure OS, SOC drivers & peripheral drivers, UNF/MPI (media processing interface), communications protocol stack (PLC/Wi-Fi/NB-IoT/BT/4G/5G), open-source and third-party software, as well as documents.
2. Non-commercial components delivered by HiSilicon (Shanghai): tools and reference code contained in SDKs
3. Deliverables by manufacturers: In addition to developing the application layer code, manufacturers will add, modify, and delete the code delivered by HiSilicon (Shanghai) based on their product requirements.

Cyber Security Responsibility Model

HiSilicon (Shanghai) does not directly sell chip products to end users but sells chipsets, SDKs, and documents to manufacturers who can add, modify, and delete the code we provide based on their requirements. That means we cannot provide technical support for end users on devices. End users who encounter any problems when using a product containing chipsets from HiSilicon (Shanghai) should contact the manufacturer for direct technical support.
The following describes the cyber security responsibility model that is based on the business scope shown in Figure 1-1.
1. HiSilicon (Shanghai) provides basic cyber security technologies for commercial chipsets and SDKs, including LiteOS, secure OS, SOC drivers & peripheral drivers, UNF/MPI (media processing interface), communications protocol stack (PLC/Wi-Fi/NB-IoT/BT/4G/5G), and documents. It also provides vulnerability remediation solutions for open-source and third-party software used in the SDKs. HiSilicon (Shanghai) offers cyber security support according to contracts.
2. The tools in the SDKs delivered by HiSilicon (Shanghai) are used only for development and debugging by manufacturers, and the reference code provided is used only to demonstrate chip functions – it is not commercially available. HiSilicon (Shanghai) makes no representations or warranties of any kind to the tools and reference code.
3. Manufacturers are responsible for the security of the code that they add, modify, and delete in addition to their application code.

HiSilicon (Shanghai) is dedicated to closely collaborating, innovating, and establishing standards with stakeholders to ensure that the integrity and security of the chipsets and solutions we provide meet or exceed the needs of our manufacturers and provide the assurance confidence required by their own customers.