Part of the  

Chip Design Magazine


About  |  Contact

Posts Tagged ‘processor’

Deeper Dive – Cortus IP connects the third wave of computational devices

Thursday, October 9th, 2014

Two 32bit processor IPs have been released by Cortus, the company’s second generation of processor IP that takes a minimalist approach to the ‘third wave’ of applications. Caroline Hayes spoke to Roddy Urqhart, Vice President Sales & Marketing, Cortus.

Cortus challenges the dominance of ARM in connected, intelligent devices, with the introduction of two processor cores that are power and silicon-efficient. Urqhart classifies the third wave of computational devices as connected and intelligent and now with sensors, connectivity and intelligence. They mark, says Urqhart (pictured), the edge of the IoT (Internet of Things).

“There are similar requirements to automotive sensing,” says Urqhart. “There is little standardisation, as for example, in the mobile market, with LTE for communications. RTOS will be suitable, and WiFi, Bluetooth and ZigBee will all play a part.”

The connected devices will need to have a small form factor and low power consumption. Batteries cannot be changed every night – they will need to last months, he points out. This will require minimalist cores. “The third wave of connected devices will require a new set of design rules,” he asserts.

The embedded APS23 32bit core is based on the company’s v2 instruction set and offers increased code density to meet the need for this new wave of devices.

The company licenses low-power, 32bit processor cores for intelligent connected devices. It is the first to use the v2 instruction set which reduces the size of a system’s instruction memory in always on/always listening systems or Bluetooth Smart applications, which use lower clock frequencies.

The Harvard architecture has 16 32bit registers, a three-stage pipeline and a sequential multiplier. It supports the AXI4-Lite bus as well as Cortus APS peripherals. The core delivers 2.83DMIPS/MHz and 1.44CoreMarks/MHz in computational performance.

The CPU starts at 9.8kgates, when optimised for area and delivers dynamic power of 12µW/MHz with a 90nm process.

The second release, the APS25 IP core supports extendable, dual- and multi-core systems. The core is aimed at embedded systems, increased computational performance and system complexity, with maximum code density and extendibility.

It has been designed to support accelerating computation by using coprocessors or symmetric multiprocessing. It is intended to be used as a building block in dual-, or multi-core systems.

It also has a Harvard architecture, 16 32bit registers, a five-stage pipeline, a sequential multiplier. It supports the AXI4 bus as well as APS peripherals.

Up to eight co-processors can be added to a core.

The coprocessor interface allows licensees to add custom coprocessors, to accelerate functions such as cryptography or signal processing, without knowing details of the internals of the core. Co-processor instructions can be inserted into C-code appearing as function calls.

Its size make it possible to be used where two cores are required. For example, two cores to execute the same code in lock step and to trigger an alarm if the results do not match. Another use is secure execution, to physically separate the execution of secure software by running it on a supervisory CPU, while application code runs on another CPU core.

For both cores, the v2 instruction set allows the seamless mixing of 16-, 24- and 32bit instructions without mode switching. (The company will continue to offer products based on the v1 instruction set in parallel with those based on the v2 instruction set. All C/C++ or assembler code can be used unmodified on the v2 cores. If changes are needed, however, that does not pose a major upset, according to Urqhart. “Recompilation and assembly is not onerous, says Urqhart, “you have to that for embedded software, anyway.”

All cores interface to the company’s peripherals including Ethernet 10/100 MAC, USB 2.0 Device and USB 2.0 OTG via the APS bus. They also share the simple vectored interrupt structure, which ensures rapid, real time interrupt response, with low software overhead.

The APS tool chain and IDE (for C and C++) is available to licensees free of charge, and can be customised for final customer use. Ports of various RTOSs are available such as FreeRTOS, Micrium μC/OSII.

Security will be a challenge in the third wave of devices, as the connected devices will present a bigger attack surface, says Urqhart. “The minimalist core, and the many licensees are focused on security,” he says “With continuity but new instruction sets and two cores, based on an instruction set. The small core means there are less circuits to switch and dynamic power is reduced in proportion.” The complexity of firmware has increased,” maintains Urqhart, “so the instruction memories have got bigger. The key is to balance memory, core size and the instruction, with 16, 24 and 32bit instructions.”

Cortus cores have already been designed into a wide range of embedded applications and have been adopted by over 35 licensees.

Caroline Hayes – October 09, 2014

Legacy vs New IP – Trends in IOT JPG and Drone Applications

Thursday, February 23rd, 2017
YouTube Preview Image

Deeper Dive – Software Attacks

Thursday, February 20th, 2014

By Caroline Hayes, Senior Editor

Big Brother is no longer suspected of watching you – it’s more likely to be a technology corporation. In response, system level designers have made the security of data and content a prime objective in our connected lives.

Following the acquisition of WhatsApp by Facebook, one commentator questioned the real reason for the inflated sum paid for the mobile messaging service. (Facebook paid $16billion with $3billion reserved shares for executives, although Google offered just $1billion for the company last year.)

StJohn Deakins, founder of the soon-to-be launched citizenme, described as a personal, digital identity guardian, believes that the value of WhatsApp lies in the information and content shared by its 450million members. “Currently, WhatsApp can change terms and conditions at any time, without notifying users… Meanwhile, Facebook already has a very broad copyright license on people’s content and already shares [users’] data with many other services”. He continues: “Social data is being concentrated into silos – Facebook also bought Instagram for $1bn…Yahoo bought Tumblr, Google purchased YouTube and Android – all these acquisitions are really about buying customers, and therefore, buying data…It’s not just the network that is being sold, it’s our data that really makes the purchase, as they combine it with all the other personal data they already hold about us”.

The Internet of Things is accelerating the pace of connectivity for a range of devices, with peripherals that can be susceptible to attack or vulnerable, with hardcoded passwords, insecure APIs (Application Programming Interfaces) and third party service integrations.
Many companies are integrating ARM TrustZone technology for embedded security in mobile and connected devices. ARM’s Rob Coombs believes that system designers need to think about software attack from the outset. “Security needs to be designed into the hardware with roots of trust and secure boot and then build outwards from there. Typically a specialized secure Trusted OS is needed to provide secure services that live in hardware isolation to the main code. In ARM designs the Trusted OS normally exists in the Secure World that TrustZone architecture provides”.

He explains that the TrustZone operating system, TEE (Trusted Execution Environment) provides a Trusted World secure state, or, the highest level of TrustZone security, EL3 (Exception Level 3) in the ARMv8 architecture. TEE works with conventional operating systems, such as Android and Linux. Security extensions allow the system to be physically partitioned into secure and non-secure elements, isolating them protects the system as the operating system cannot directly access secure memory or peripherals.

TrustZone also offers system security features not available to the hypervisor, for example it supports secure debug, secure bus transactions and takes secure interrupts directly for trusted inputs.

Isolating secure application code and data from normal operations adds a secure state, only allowing secure code to be executed or secure addresses to be accessed from the memory or secure peripherals.

Coombs makes the case that a TrustZone based TEE can provide robust security with little effect on design and manufacturing costs. For example, a monitor mode acts as a gatekeeper to control access, for example to malicious software, which will not be able to address any secure assets of executable code.

It also places an additional bit on the AXI (Advanced eXtensible Interface) system bus. This NS (Non-Secure) bit indicates the processor state i.e. TEE or non-secure in normal operation) when the transaction is requested. Other bus masters can make a secure transaction or restrict them. Peripherals can be statically configured to be secure on non-secure or by using an ARM TrustZone Protection Controller which can be dynamically configured to be accessible by the Trusted World level or the Normal World. The NS bit also secures peripherals. If taken off-chip, all transactions from external masters (i.e. RAM, fuses or I/O) can only be controlled by on-chip bus masters. Coombs elaborates – once exposed and with access to the rest of the AXI system bus, there is line exposed to force secure address access. By this NS bit mechanism, external devices cannot access secure assets on-chip.

Ideally, JTAG and trace debug should be disable in the production process. JTAG could compromise security by allowing the inspection of memory or arbitrary code execution while trace debug could leak information.

Selecting I/O peripherals either dynamically or as part of the design of the IC allows secure input, secure display or secure storage. The Protection Controller can execute a request from the Normal World software to dynamically change a peripheral from being accessible by the Normal World state, to a secure one. The trusted application receives a PIN entry and secure text which cannot be physically accessed by software running in the Normal World. Alternatively, an interface to a storage device can be encrypted by the Trusted World and the data stored in the Normal World. Paths for audio and video can be similarly configured for secure decoding and display.

According to Coombs, the virtualization extensions and secure processor cores of TrustZone provides a secure base for SoC (System on Chip) designs “that simply cannot be matched by a PC-based design” while facing the main threat of networked mobile devices: software attack.