feature article
Subscribe Now

Safe, Secure, and ARMed

It’s a tough world out there. Bad guys try to hack into our computers and embedded systems. Even without the hackers, systems sometimes just crash. Building tough and reliable systems is hard to do. That must be why we get paid the big bucks.

This week, three companies are doing something about that (the security, not the pay). Open Kernel Labs, CPU Tech, and ARM all have new products designed to make secure, reliable, affordable systems easier to design and build.  

“Can You Text Me Now?”

In this corner, we have Open Kernel Labs, an Australian company that specializes in virtualization – the technique of running multiple applications or operating systems on one microprocessor. Virtualization has become a big deal in the world of big iron: servers and mainframes. But it’s only now catching on in embedded systems. In part, that’s because embedded systems are now becoming powerful enough and complex enough to support the necessary overhead. It’s also because they’re complicated enough to need it. That’s where Open Kernel Labs comes in.

If you smash your average cell phone, you’re likely to find two processors inside: a traditional microprocessor and a digital signal processor (DSP), otherwise known as the application processor and the baseband processor, respectively. One processor handles the phone/RF functions while the other manages the (increasingly important) user interface, address book, applications, and other “computer-ish” tasks. Wouldn’t it be cool if all of that code could run on one processor? And wouldn’t that be cheaper, too?

In fact, it would be and it is. Open Kernel Labs’ hypervisor software runs underneath mobile phone operating systems, fooling them into thinking there are two processors by abstracting away the details of the hardware. It’s the same trick server customers have been using for years to reduce their hardware costs. If the underlying chip is a multicore processor, so much the better, but it doesn’t have to be. The majority of cell phones today run on conventional single-core ARM processors, and that’s Open Kernel Labs’ primary target.

The business plan is to enable makers of low-end cell phones to upgrade their wares. Through virtualization, a handset manufacturer can add gee-whiz features to an existing hardware design without redesigning the entire thing around a second processor. Given that Open Kernel Labs has already shipped about 300 million copies of its hypervisor, the plan seems to be working.

The Unhackable PowerPC

Counterfeiting. It’s not just for greenbacks any more. Counterfeit embedded systems have become a surprisingly nettlesome problem for makers of network equipment, games, security systems, and others. The good guys battle the bad guys in a proverbial arms race of measures and countermeasures designed to keep the other side off balance.

The threat might be commercial, as when a processor or embedded subsystem is cloned and counterfeited, depriving the rightful vendor of customer revenue. Or it might be viral, such as when malicious software is inserted into an otherwise sound system. Or the threat might be clandestine, where the system is hacked and examined only to determine its weaknesses and to develop countermeasures. In any case, the system fails: it fails to work, fails to provide revenue, or fails to protect its intended users.

Enter CPU Tech, a well-established chip company that’s taken it upon itself to give the good guys a leg up. The company makes PowerPC processors, but their new Acalis CPU872 is a processor with a difference.

Over and above its security features (about which more anon), the ’872 is a darn nice microprocessor. It’s a dual-core PowerPC with two 440 processor cores, each with its own 32K first-level cache and its own 256K L2 cache. Each core also has its own 4 MB bank of on-chip DRAM and a DDR2 controller for off-chip memory. Oh, and separate floating-point units, too. You could almost cut the chip in half and have two respectable PowerPC processors.

Where it gets interesting is in its on-chip mesh router. More than just a simple two-core interconnect, the mesh routing connects to two cores to all kinds of on-chip resources, including five (count ‘em) 10-Gbps Express interfaces, a 1-Gbps Ethernet interface, a pair of DMA controllers, and streaming I/O processors that keep all the peripherals fed and happy without bothering the PowerPC processors.

But wait, there’s more. CPU Tech’s real goal in creating the ’872 was to make it secure – the unhackable processor. Part of the magic is the chip’s embedded DRAM. By keeping data on-chip, it avoids the “Princeton attack,” or the trick of applying freeze spray to keep DRAM contents alive long after the power has been removed. If encryption keys – or with 4 MB of DRAM, entire algorithms – can be kept on-chip, they can’t be teased out of external memory.

The ’872 is also fabricated at a secure facility, where silicon masks and design files are carefully controlled and monitored. It doesn’t do any good to use a secure processor if the processor itself has been hacked. The processor also includes a “zero-ization” circuit that allows off-chip sensors or signals to immediately blank the chip, wiping its state and contents if, for example, a computer case is opened. The more subtle and elegant security features are, of course, kept secret. 

Free ARMs Race

As embedded designers, we can always rely on ARM to produce something almost weekly. This week, it’s a new development system that comes with free ARM processor core downloads.

The imaginatively named MPS (microcontroller prototyping system) is a big box stuffed with Altera FPGAs and an assortment of familiar peripheral chips. What makes it fun is that you can download an ARM Cortex-M0 or –M3 processor into one of the FPGAs, thereby making yourself a “soft” ASIC. Combined with your own hardware IP, it’s a good way to prototype a chip and/or get acquainted with the Cortex processor family. And the processor cores cost nothing.

How do they do it? The FPGA netlists for the two processors are encrypted. You never really see or get access to the internal chip designs themselves, although they work just fine and behave like “real” ARM processors. At 50 MHz (maximum), the FPGA simulacrum is probably just as fast as you need it to be.

There are other FPGA chips with ARM processors embedded inside, but they’re meant for volume production. The MPS is really intended for experimenting and prototyping. If you’re planning an ASIC or a moderately high-volume FPGA project, the MPS may be just the ticket.

Late-Breaking Gnus

In other business news, Apple (AAPL) is expected to begin selling a line of white-colored bricks. Investors greeted the news with skepticism, given the current state of the housing market and low demand for construction materials. An Apple spokesperson, however, allayed concerns stating, “Apple’s vaunted design aesthetic, patented simplicity®, and ease of use™ enable us to revitalize an otherwise dormant market. Based on past experience, we’re certain to build a loyal – not to say fanatical – following. Besides, our bricks are just cooler than anyone else’s.

Insignificant Bits: Sun Microsystems updates its popular open-source language with improvements to garbage collection; new version to be called Jawa. Intel anticipates sales of Itanium processors may exceed 5000 units by 2012. IBM signs memorandum of understanding to acquire Comerica Bank, General Motors, and Delta Airlines. Freescale switches its processors to little-endian byte ordering; declares “Intel way is better.”

Leave a Reply

featured blogs
Jul 3, 2020
[From the last episode: We looked at CNNs for vision as well as other neural networks for other applications.] We'€™re going to take a quick detour into math today. For those of you that have done advanced math, this may be a review, or it might even seem to be talking down...
Jul 2, 2020
Using the bitwise operators in general -- and employing them to perform masking, bit testing, and bit setting/clearing operations in particular -- can be extremely efficacious....
Jul 2, 2020
In June, we continued to upgrade several key pieces of content across the website, including more interactive product explorers on several pages and a homepage refresh. We also made a significant update to our product pages which allows logged-in users to see customer-specifi...

Featured Video

Product Update: DesignWare® TCAM IP -- Synopsys

Sponsored by Synopsys

Join Rahul Thukral in this discussion on TCAMs, including performance and power considerations. Synopsys TCAMs are used in networking and automotive applications as they are low-risk, production-proven, and meet automotive requirements.

Click here for more information about DesignWare Foundation IP: Embedded Memories, Logic Libraries & GPIO

Featured Paper

Cryptography: Fundamentals on the Modern Approach

Sponsored by Maxim Integrated

Learn about the fundamental concepts behind modern cryptography, including how symmetric and asymmetric keys work to achieve confidentiality, identification and authentication, integrity, and non-repudiation.

Click here to download the whitepaper

Featured Chalk Talk

Fuses in Automotive Applications

Sponsored by Mouser Electronics and Littelfuse

Automotive applications put a high demand on fuses. With the increasing electrical content in modern vehicles, correct fuse specification is a critical item for safety, and standards have been slow to catch up with demands. In this episode of Chalk Talk, Amelia Dalton chats with Saad Lambaz from Littelfuse to discuss the evolution of standards for fuses in automotive use, and how to do about choosing fuses in your next design.

Click here for more information about Littelfuse Automotive & Industrial Standard Fuses