feature article
Subscribe Now

What Makes Secure Processors Different?

Rambus Offers a Separate CPU to Secure Your Normal One

“The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true.” ― James Branch Cabell

Given the magnificent complexity of modern microprocessors, it’s inevitable that they’ll have bugs and security holes. It might even be physically impossible to create a bug-free CPU, but that’s a mathematics/physics/EDA/statistics/philosophical conundrum that’s above my paygrade. For now, we finds the bugs and we works around ’em. 

But what if… 

What if a processor could be designed with security in mind, first and foremost? Would that be possible, and if so, would it be useful? Or, would a maximum-security CPU be uselessly slow, complicated, and unwieldy? 

It’s a thorny problem, and one not easily solved – or even answered. After all, it’s not as though today’s CPU designers are slacking off and deliberately allowing bugs to creep in. It just happens, and it might not be possible to do any better. 

Rambus thinks it has one good solution, however, and that’s to make a security-first processor that sits alongside your normal one. It’s a coprocessor to handle the usual cryptography tasks, but one that also is designed and hardened against weird side-channel attacks like clock glitching, undervoltage dips, spooky RF emissions, physical tampering, and the like. It’s like having a bodyguard to stand over your main processor. 

The company calls it CryptoManager Root of Trust, and it comes in seven different levels of complexity, from a quick-and-dirty IoT version to the fiendishly complex military edition. Much of its block diagram is familiar: RISC-V processor core, AES and SHA accelerators, hardware root of trust, ECC hardware, and so on. These are fine features, but they’re often included in high-end CPUs or available elsewhere from other hardware vendors. 

Where Rambus thinks CryptoManager stands out is in its resistance to outright attacks. Most versions include a “Canary Core monitor” that acts as the proverbial canary in the coal mine, sniffing out nefarious activity intended to circumvent the other security measures. Specifically, Rambus says it can detect momentary under-voltage attacks like Plundervolt and alert the main processor. Deliberate clock glitching also triggers an alarm. 

The key to securing the secure processor is that it isn’t designed to do much else. Yes, okay, it’s programmable and can run useful code (which Rambus provides), but that’s not really its purpose. Unlike, say, your Cortex-A57, Ryzen 3970X, or Core i7-10510, CryptoManager isn’t designed for performance first and security (hopefully) a close second. Once you give up on the idea of making a fast and efficient processor that’s also secure, you can start designing the processor differently. 

That includes circuit-design tricks that Rambus is hesitant to disclose. CryptoManager is supplied as licensed IP, not a physical chip, so customers implement it on the same silicon die as the processor(s) and other hardware they’re protecting. It would be hard to physically attack or electrically manipulate the main processor without also triggering CryptoManager. 

For code that runs internally on CryptoManager, the device has multiple levels of privilege, combining the concepts of task ID and privilege level. Most CPUs today have “binary” privilege. That is, code is either privileged (supervisor) or it’s not (user). Privileged code can do things that unprivileged code can’t, such as access internal CPU registers, execute certain instructions, or update restricted areas of memory. The x86 family has four privilege levels arranged in conceptual “rings,” but the concept is the same. 

In each case, the privilege is applied equally across all programs and tasks, which means Privileged Program A can generally do anything that Privileged Program B can do. That’s not always a good thing, and that egalitarianism has been the root cause of a few security bugs. Sometimes, you want one, and only one, program to be able to update the system’s memory maps or handle cryptography keys. Clearly, the operating system and/or BIOS needs to be able to set these things up at boot time, but why should every piece of privileged code have the same potential ability?

CryptoManager expands those levels of security with unique privileges for each program. Instead of a broad-brush approach, it’s more fine-grained, doling out a different set of rights and privileges for each individual task. Even if Program A is deemed safe, it’s assigned its own unique safety level, and it’s incapable of accessing other secure applications running within CryptoManager. That helps avoid tricky privilege-elevation bugs when one privileged program asks another equally privileged one to do something naughty on its behalf. 

Of course, the “running within CryptoManager” part is important. It’s great at securing itself but it can’t magically make your iPhone or Windows 10 system bulletproof. Rambus’s security coprocessor is an add-on, not a replacement, for the main processor(s). Treat it like a useful peripheral and it’ll do its job. 

One thought on “What Makes Secure Processors Different?”

Leave a Reply

featured blogs
May 26, 2022
Introducing Synopsys Learning Center, an online, on-demand library of self-paced training modules, webinars, and labs designed for both new & experienced users. The post New Synopsys Learning Center Makes Training Easier and More Accessible appeared first on From Silico...
May 26, 2022
CadenceLIVE Silicon Valley is back as an in-person event for 2022, in the Santa Clara Convention Center as usual. The event will take place on Wednesday, June 8 and Thursday, June 9. Vaccination You... ...
May 25, 2022
There are so many cool STEM (science, technology, engineering, and math) toys available these days, and I want them all!...
May 24, 2022
By Neel Natekar Radio frequency (RF) circuitry is an essential component of many of the critical applications we now rely… ...

featured video

Building safer robots with computer vision & AI

Sponsored by Texas Instruments

Watch TI's demo to see how Jacinto™ 7 processors fuse deep learning and traditional computer vision to enable safer autonomous mobile robots.

Watch demo

featured paper

Introducing new dynamic features for exterior automotive lights with DLP® technology

Sponsored by Texas Instruments

Exterior lighting, primarily used to illuminate ground areas near the vehicle door, can now be transformed into a projection system used for both vehicle communication and unique styling features. A small lighting module that utilizes automotive-grade digital micromirror devices, such as the DLP2021-Q1 or DLP3021-Q1, can display an endless number of patterns in any color imaginable as well as communicate warnings and alerts to drivers and other vehicles.

Click to read more

featured chalk talk

10X Faster Analog Simulation with PrimeSim Continuum

Sponsored by Synopsys

IC design has come a very long way in a short amount of time. Today, our SoC designs frequently include integrated analog, 100+ Gigabit data rates and 3D stacked DRAM integrated into our SoCs on interposers. In order to keep our heads above water in all of this IC complexity, we need a unified circuit simulation workflow and a fast signoff SPICE and FastSPICE architecture. In this episode of Chalk Talk, Amelia Dalton chats with Hany Elhak from Synopsys about how the unified workflow of the PrimeSim Continuum from Synopsys can help you address systematic and scale complexity for your next IC design.

Click to read more about PrimeSim Continuum