feature article
Subscribe Now

What Makes Secure Processors Different?

Rambus Offers a Separate CPU to Secure Your Normal One

“The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true.” ― James Branch Cabell

Given the magnificent complexity of modern microprocessors, it’s inevitable that they’ll have bugs and security holes. It might even be physically impossible to create a bug-free CPU, but that’s a mathematics/physics/EDA/statistics/philosophical conundrum that’s above my paygrade. For now, we finds the bugs and we works around ’em. 

But what if… 

What if a processor could be designed with security in mind, first and foremost? Would that be possible, and if so, would it be useful? Or, would a maximum-security CPU be uselessly slow, complicated, and unwieldy? 

It’s a thorny problem, and one not easily solved – or even answered. After all, it’s not as though today’s CPU designers are slacking off and deliberately allowing bugs to creep in. It just happens, and it might not be possible to do any better. 

Rambus thinks it has one good solution, however, and that’s to make a security-first processor that sits alongside your normal one. It’s a coprocessor to handle the usual cryptography tasks, but one that also is designed and hardened against weird side-channel attacks like clock glitching, undervoltage dips, spooky RF emissions, physical tampering, and the like. It’s like having a bodyguard to stand over your main processor. 

The company calls it CryptoManager Root of Trust, and it comes in seven different levels of complexity, from a quick-and-dirty IoT version to the fiendishly complex military edition. Much of its block diagram is familiar: RISC-V processor core, AES and SHA accelerators, hardware root of trust, ECC hardware, and so on. These are fine features, but they’re often included in high-end CPUs or available elsewhere from other hardware vendors. 

Where Rambus thinks CryptoManager stands out is in its resistance to outright attacks. Most versions include a “Canary Core monitor” that acts as the proverbial canary in the coal mine, sniffing out nefarious activity intended to circumvent the other security measures. Specifically, Rambus says it can detect momentary under-voltage attacks like Plundervolt and alert the main processor. Deliberate clock glitching also triggers an alarm. 

The key to securing the secure processor is that it isn’t designed to do much else. Yes, okay, it’s programmable and can run useful code (which Rambus provides), but that’s not really its purpose. Unlike, say, your Cortex-A57, Ryzen 3970X, or Core i7-10510, CryptoManager isn’t designed for performance first and security (hopefully) a close second. Once you give up on the idea of making a fast and efficient processor that’s also secure, you can start designing the processor differently. 

That includes circuit-design tricks that Rambus is hesitant to disclose. CryptoManager is supplied as licensed IP, not a physical chip, so customers implement it on the same silicon die as the processor(s) and other hardware they’re protecting. It would be hard to physically attack or electrically manipulate the main processor without also triggering CryptoManager. 

For code that runs internally on CryptoManager, the device has multiple levels of privilege, combining the concepts of task ID and privilege level. Most CPUs today have “binary” privilege. That is, code is either privileged (supervisor) or it’s not (user). Privileged code can do things that unprivileged code can’t, such as access internal CPU registers, execute certain instructions, or update restricted areas of memory. The x86 family has four privilege levels arranged in conceptual “rings,” but the concept is the same. 

In each case, the privilege is applied equally across all programs and tasks, which means Privileged Program A can generally do anything that Privileged Program B can do. That’s not always a good thing, and that egalitarianism has been the root cause of a few security bugs. Sometimes, you want one, and only one, program to be able to update the system’s memory maps or handle cryptography keys. Clearly, the operating system and/or BIOS needs to be able to set these things up at boot time, but why should every piece of privileged code have the same potential ability?

CryptoManager expands those levels of security with unique privileges for each program. Instead of a broad-brush approach, it’s more fine-grained, doling out a different set of rights and privileges for each individual task. Even if Program A is deemed safe, it’s assigned its own unique safety level, and it’s incapable of accessing other secure applications running within CryptoManager. That helps avoid tricky privilege-elevation bugs when one privileged program asks another equally privileged one to do something naughty on its behalf. 

Of course, the “running within CryptoManager” part is important. It’s great at securing itself but it can’t magically make your iPhone or Windows 10 system bulletproof. Rambus’s security coprocessor is an add-on, not a replacement, for the main processor(s). Treat it like a useful peripheral and it’ll do its job. 

One thought on “What Makes Secure Processors Different?”

Leave a Reply

featured blogs
Oct 20, 2020
Voltus TM IC Power Integrity Solution is a power integrity and analysis signoff solution that is integrated with the full suite of design implementation and signoff tools of Cadence to deliver the... [[ Click on the title to access the full blog on the Cadence Community site...
Oct 19, 2020
Have you ever wondered if there may another world hidden behind the facade of the one we know and love? If so, would you like to go there for a visit?...
Oct 16, 2020
Another event popular in the tech event circuit is PCI-SIG® DevCon. While DevCon events are usually in-person around the globe, this year, like so many others events, PCI-SIG DevCon is going virtual. PCI-SIG DevCons are members-driven events that provide an opportunity to le...
Oct 16, 2020
[From the last episode: We put together many of the ideas we'€™ve been describing to show the basics of how in-memory compute works.] I'€™m going to take a sec for some commentary before we continue with the last few steps of in-memory compute. The whole point of this web...

featured video

Demo: Inuitive NU4000 SoC with ARC EV Processor Running SLAM and CNN

Sponsored by Synopsys

See Inuitive’s NU4000 3D imaging and vision processor in action. The SoC supports high-quality 3D depth processor engine, SLAM accelerators, computer vision, and deep learning by integrating Synopsys ARC EV processor. In this demo, the NU4000 demonstrates simultaneous 3D sensing, SLAM and CNN functionality by mapping out its environment and localizing the sensor while identifying the objects within it. For more information, visit inuitive-tech.com.

Click here for more information about DesignWare ARC EV Processors for Embedded Vision

featured paper

Designing highly efficient, powerful and fast EV charging stations

Sponsored by Texas Instruments

Scaling the necessary power for fast EV charging stations can be challenging. One solution is to use modular power converters stacked in parallel. Learn more in our technical article.

Click here to download the technical article

Featured Chalk Talk

Benefits of FPGAs & eFPGA IP in Futureproofing Compute Acceleration

Sponsored by Achronix

In the quest to accelerate and optimize today’s computing challenges such as AI inference, our system designs have to be flexible above all else. At the confluence of speed and flexibility are today’s new FPGAs and e-FPGA IP. In this episode of Chalk Talk, Amelia Dalton chats with Mike Fitton from Achronix about how to design systems to be both fast and future-proof using FPGA and e-FPGA technology.

Click here for more information about the Achronix Speedster7 FPGAs