Back in February, AMD raised the possibility that future processors from the company might include ARM cores. The assumption at the time was that these ARM cores would be used for computation. The company has revealed its first plans for chips combining x86 and ARM cores, but it turns out they won't be used for computing at all: the embedded ARM cores will be used to provide security services.
From next year, AMD will have APUs that include x86 cores, a GPU, and a Cortex-A5 ARM core. Cortex-A5 is a low-power, simple ARM design supporting the ARMv7 instruction set (the same instruction set as is supported by the more powerful Cortex A8 and A9 designs popular in smartphones).
AMD wants to take advantage of an ARM feature called TrustZone. TrustZone allows the processor to run in two modes: "normal world," which is used to run the operating system and user software, and "secure world," which runs a secure operating system, trusted applications, and a system monitor. While the secure world software can inspect and verify the integrity of normal world software, the reverse isn't true. Normal world can't tamper with anything running in secure world.
An example of how this might be used is a DRM scheme. A normal world operating system could ask the secure world to perform some decryption or key exchange on its behalf, using keys that only the secure world software can access. The keys would then be safely protected from malware running on the normal world operating system. Another possibility is a trusted boot capability: a secure world operating system that verifies the integrity of the normal world operating system or hypervisor before it boots it.
The use of TrustZone fills a gap in AMD's hardware line-up. Intel has a technology called Trusted Execution Technology (TXT) that enables similar facilities on many of its chips. TXT is used by Intel's vPro platform to provide a secure execution environment for monitoring software that can validate the integrity of the boot environment and securely manage encryption keys.
Since its 2010 purchase of anti-virus firm McAfee, the company is also working on other security systems that similarly use special processor modes to create secure execution environments. DeepSAFE uses hardware virtualization support, rather than TXT, to protect the security software from the operating system and any software running within it.
While AMD is coming late to the secure execution mode party—TrustZone made its debut in 2004, and TXT in 2007—its decision to use TrustZone rather than develop its own technology means that AMD can leverage existing expertise and secure world software to quickly bring things to market.
AMD didn't name specific models, but said that its first target will be low power processors for use in tablets. From 2014, the technology will be rolled out across the company's entire range of desktop and server processors.
This widespread rollout could give AMD an advantage in the trendy Bring Your Own Device (BYOD) market. TrustZone and TXT alike can be used to ensure that employee-owned hardware remains secured against malware and can be trusted with encryption keys—both important features for IT departments. Intel, however, treats TXT and vPro as premium features. The two entities can only be found in corporate-oriented, premium-priced motherboards and processors. If AMD can roll out TrustZone across its entire product range, it would give users and IT departments access to secure systems at a much wider range of price points than Intel is willing to.
Listing image by AMD
reader comments
31