It’s a tough world out there. Bad guys try to hack into our computers and embedded systems. Even without the hackers, systems sometimes just crash. Building tough and reliable systems is hard to do. That must be why we get paid the big bucks.
This week, three companies are doing something about that (the security, not the pay). Open Kernel Labs, CPU Tech, and ARM all have new products designed to make secure, reliable, affordable systems easier to design and build.
“Can You Text Me Now?”
In this corner, we have Open Kernel Labs, an Australian company that specializes in virtualization – the technique of running multiple applications or operating systems on one microprocessor. Virtualization has become a big deal in the world of big iron: servers and mainframes. But it’s only now catching on in embedded systems. In part, that’s because embedded systems are now becoming powerful enough and complex enough to support the necessary overhead. It’s also because they’re complicated enough to need it. That’s where Open Kernel Labs comes in.
If you smash your average cell phone, you’re likely to find two processors inside: a traditional microprocessor and a digital signal processor (DSP), otherwise known as the application processor and the baseband processor, respectively. One processor handles the phone/RF functions while the other manages the (increasingly important) user interface, address book, applications, and other “computer-ish” tasks. Wouldn’t it be cool if all of that code could run on one processor? And wouldn’t that be cheaper, too?
In fact, it would be and it is. Open Kernel Labs’ hypervisor software runs underneath mobile phone operating systems, fooling them into thinking there are two processors by abstracting away the details of the hardware. It’s the same trick server customers have been using for years to reduce their hardware costs. If the underlying chip is a multicore processor, so much the better, but it doesn’t have to be. The majority of cell phones today run on conventional single-core ARM processors, and that’s Open Kernel Labs’ primary target.
The business plan is to enable makers of low-end cell phones to upgrade their wares. Through virtualization, a handset manufacturer can add gee-whiz features to an existing hardware design without redesigning the entire thing around a second processor. Given that Open Kernel Labs has already shipped about 300 million copies of its hypervisor, the plan seems to be working.
The Unhackable PowerPC
Counterfeiting. It’s not just for greenbacks any more. Counterfeit embedded systems have become a surprisingly nettlesome problem for makers of network equipment, games, security systems, and others. The good guys battle the bad guys in a proverbial arms race of measures and countermeasures designed to keep the other side off balance.
The threat might be commercial, as when a processor or embedded subsystem is cloned and counterfeited, depriving the rightful vendor of customer revenue. Or it might be viral, such as when malicious software is inserted into an otherwise sound system. Or the threat might be clandestine, where the system is hacked and examined only to determine its weaknesses and to develop countermeasures. In any case, the system fails: it fails to work, fails to provide revenue, or fails to protect its intended users.
Enter CPU Tech, a well-established chip company that’s taken it upon itself to give the good guys a leg up. The company makes PowerPC processors, but their new Acalis CPU872 is a processor with a difference.
Over and above its security features (about which more anon), the ’872 is a darn nice microprocessor. It’s a dual-core PowerPC with two 440 processor cores, each with its own 32K first-level cache and its own 256K L2 cache. Each core also has its own 4 MB bank of on-chip DRAM and a DDR2 controller for off-chip memory. Oh, and separate floating-point units, too. You could almost cut the chip in half and have two respectable PowerPC processors.
Where it gets interesting is in its on-chip mesh router. More than just a simple two-core interconnect, the mesh routing connects to two cores to all kinds of on-chip resources, including five (count ‘em) 10-Gbps Express interfaces, a 1-Gbps Ethernet interface, a pair of DMA controllers, and streaming I/O processors that keep all the peripherals fed and happy without bothering the PowerPC processors.
But wait, there’s more. CPU Tech’s real goal in creating the ’872 was to make it secure – the unhackable processor. Part of the magic is the chip’s embedded DRAM. By keeping data on-chip, it avoids the “Princeton attack,” or the trick of applying freeze spray to keep DRAM contents alive long after the power has been removed. If encryption keys – or with 4 MB of DRAM, entire algorithms – can be kept on-chip, they can’t be teased out of external memory.
The ’872 is also fabricated at a secure facility, where silicon masks and design files are carefully controlled and monitored. It doesn’t do any good to use a secure processor if the processor itself has been hacked. The processor also includes a “zero-ization” circuit that allows off-chip sensors or signals to immediately blank the chip, wiping its state and contents if, for example, a computer case is opened. The more subtle and elegant security features are, of course, kept secret.
Free ARMs Race
As embedded designers, we can always rely on ARM to produce something almost weekly. This week, it’s a new development system that comes with free ARM processor core downloads.
The imaginatively named MPS (microcontroller prototyping system) is a big box stuffed with Altera FPGAs and an assortment of familiar peripheral chips. What makes it fun is that you can download an ARM Cortex-M0 or –M3 processor into one of the FPGAs, thereby making yourself a “soft” ASIC. Combined with your own hardware IP, it’s a good way to prototype a chip and/or get acquainted with the Cortex processor family. And the processor cores cost nothing.
How do they do it? The FPGA netlists for the two processors are encrypted. You never really see or get access to the internal chip designs themselves, although they work just fine and behave like “real” ARM processors. At 50 MHz (maximum), the FPGA simulacrum is probably just as fast as you need it to be.
There are other FPGA chips with ARM processors embedded inside, but they’re meant for volume production. The MPS is really intended for experimenting and prototyping. If you’re planning an ASIC or a moderately high-volume FPGA project, the MPS may be just the ticket.
In other business news, Apple (AAPL) is expected to begin selling a line of white-colored bricks. Investors greeted the news with skepticism, given the current state of the housing market and low demand for construction materials. An Apple spokesperson, however, allayed concerns stating, “Apple’s vaunted design aesthetic, patented simplicity®, and ease of use™ enable us to revitalize an otherwise dormant market. Based on past experience, we’re certain to build a loyal – not to say fanatical – following. Besides, our bricks are just cooler than anyone else’s.
Insignificant Bits: Sun Microsystems updates its popular open-source language with improvements to garbage collection; new version to be called Jawa. Intel anticipates sales of Itanium processors may exceed 5000 units by 2012. IBM signs memorandum of understanding to acquire Comerica Bank, General Motors, and Delta Airlines. Freescale switches its processors to little-endian byte ordering; declares “Intel way is better.”