Future AMD APUs to integrate ARM security tech

Yesterday, AMD and ARM took the stage here in Bellevue, Washington to announce their joint stewardship of the Heterogeneous Systems Architecture Foundation. That’s not the only thing the two companies are collaborating on, though. This morning, AMD announced that its future processors will integrate security functionality designed by ARM.

Known as TrustZone Technology, the functionality works by partitioning the processor into two virtual CPUs. Sensitive tasks are run on one virtual CPU, in what ARM calls the “secure world,” and other tasks are run in the “normal world.” The idea, of course, is to keep processes running on the secure virtual CPU inaccessible to those running on the normal one. ARM says applications for TrustZone include “secure payment, digital rights management (DRM), enterprise and web-based services.”

Here’s what AMD has planned for the technology:

AMD plans to provide development platforms that have TrustZone security features on select APUs in 2013, expanding further across its product portfolio in 2014. In a presentation this week at the AMD Fusion Developer Summit 2012 (AFDS), AMD Senior Vice President and Chief Information Officer Mike Wolfe described AMD’s vision to advance computing security by enhancing AMD’s existing security technologies. This is expected to include developing a platform security processor using an ARM Cortex™-A5 CPU that features TrustZone technology, to monitor and help protect against malicious access to sensitive data and operations at the hardware level.

TrustZone is also integrated in ARM’s Cortex-series processor cores—including the Cortex-A9, which can be found in a huger number of today’s smartphones, tablets, and other handhelds.

Comments closed
    • mutarasector
    • 7 years ago

    This doesn’t sound all that different from VIA’s Padlock security engine. This sounds exactly like what I once mentioned almost two years ago in a breadbox thread here somewhere. What would be even better is if AMD/ARM take this a step further and do something jointly with CheckPoint’s (ZoneAlarm firewall) Open Platform for Security (OPSEC) framework and alliance for integration and interoperability.

    • Hattig
    • 7 years ago

    Makes sense to go with the industry standard security platform rather than implementing their own, and then having to validate it. A Cortex A5 will use under 1mm^2 of die space too, so probably a no-brainer to include it. They’ve probably got another one in there running the power management features for all we know.

    • HisDivineOrder
    • 7 years ago

    Surprise, surprise.

    AMD is marching their way slowly to becoming a full-on ARM maker and ridding themselves of the x86 baggage they can no longer keep up with Intel at. I’m sure internally they think they can win against ARM (particularly their old adversary nVidia), but they are mistaken.

    No shock, though. This is their first step toward ARM. It won’t be the last. So much for the promise of Fusion. AMD, ATI. I’d like to say it was nice knowing you, but man your drivers always sucked.

      • Krogoth
      • 7 years ago

      “ATI Driver suck” meme is so 1990s.

      ATI got rid of that dreadful reputation since Catalyst-era, it is only the die-hard haters that keep persisting the meme.

      Nvidia and ATI are equal to each other in driver quality. They each have their own set of minor issues that the fanboys like to exaggerate. The problems typically affect bleeding edge platforms (no big surprise).

        • TheBulletMagnet
        • 7 years ago

        Look, both of my machines at home run AMD processors. However when my work machine’s ATI’s HD3400 tries to autoupdate… BLUESCREEN. I’m on Windows 7 and the ATI related bluescreen’s are the only bluescreens I get.

          • Philldoe
          • 7 years ago

          Yeah, and my home server has an nvidia chipset that gives me a bluescreen about once a month while my Desktop and laptop, both with AMD/ATI hardware have /never/ given me a bluescreen. I don’t run around the internet screaming doom and gloom for nvidia drivers.

      • mutarasector
      • 7 years ago

      “AMD is marching their way slowly to becoming a full-on ARM maker and ridding themselves of the x86 baggage they can no longer keep up with Intel at. I’m sure internally they think they can win against ARM (particularly their old adversary nVidia), but they are mistaken.”

      This is exactly what crossed my mind as well. Shades of Microsoft/IBM NT/OS2 Warp redux, no?

    • Arclight
    • 7 years ago

    [quote<]AMD plans to provide development platforms that have TrustZone security features on select APUs in 2013, expanding further across its product portfolio in 2014. In a presentation this week at the AMD Fusion Developer Summit 2012 (AFDS), AMD Senior Vice President and Chief Information Officer Mike Wolfe described AMD’s vision to advance computing security by enhancing AMD’s existing security technologies. This is expected to include developing a platform security processor using an ARM Cortex™-A5 CPU that features TrustZone technology, to monitor and help protect against malicious access to sensitive data and operations at the hardware level.[/quote<] As long as this remains in the non x86 world or it is only used for applications that need them (eg. in computers used by Government agencies, firms dealing with sensitive data etc) they can go bananas on this thing. I couldn't care less.

    • jensend
    • 7 years ago

    This sounds more like “let’s find some excuse to collaborate” than “we’re addressing a market need.”

      • esterhasz
      • 7 years ago

      Here’s an allegory: Intel paid $7.6B for McAfee.

        • jensend
        • 7 years ago

        If by “here’s an allegory” you mean “here’s something that seemed equally ridiculous” I’m in total agreement.

      • derFunkenstein
      • 7 years ago

      Yes, of course, there are no security issues in the desktop/notebook space.

        • jensend
        • 7 years ago

        Maybe this will surprise everybody and be a marvelous security panacea, and even if it doesn’t really have much of a benefit a handful of people might buy into it for locked-down embedded applications.

        But how much of a real impact on security has Intel’s TXT had? Are we all just completely elated to have it on our processors because it’s made the world a tidy secure place? Or rather, is enabling it practically unheard of because its lockdown is restrictive without providing much of a benefit?

        If all the code for which you really care about security has to run as a STIPlet on the A5, how much security are you really going to gain unless you abandon use of the x86 core? The only obvious use I can see is having DRM code as a STIPlet. I don’t think that really benefits those purchasing the processor.

        They say they may eventually integrate this into all of their chips across their entire CPU line. Probably the vast majority of people won’t want to enable it, just like TXT. An A5 is pretty tiny and power-efficient and a disabled A5 probably won’t have any real negative performance impacts, but an extra core on my processor which can only be used to lock it down seems like something I would end up paying extra NOT to have.

        • Philldoe
        • 7 years ago

        For the idiots down voting derFunk, he’s being sarcastic.

          • jensend
          • 7 years ago

          No kidding. Do you really have such a low opinion of your fellow gerbils as to think they’re so thickheaded that they couldn’t tell when he was laying it on so thick?

          Or rather, have you just failed to consider the possibility that people felt his pointless sarcasm contributed nothing to the discussion?

          • derFunkenstein
          • 7 years ago

          Yes! Yes I am. I feel my sarcasm transmitter is broken. I’ll try to get it fixed.

    • tbone8ty
    • 7 years ago

    my smartphone is huger than yur smartphone 😉

    • ew
    • 7 years ago

    Console makers will like this.

      • khands
      • 7 years ago

      Only if they end up using an x64-86 A/CPU, the IBM Power architecture they’re all hung up on right now has had some form of hardware DRM at least since the Cell architecture in the PS3. Hell, you can call consoles themselves a giant DRM box if you’re so inclined and wouldn’t be far off from the truth.

        • thefumigator
        • 7 years ago

        “Only if they end up using an x64-86 A/CPU”
        They are going to use them, I believe, in the PS4 and next Xbox

        • BobbinThreadbare
        • 7 years ago

        I’m downvoting you because as you note the PS3 doesn’t use Power, it uses Cell.

          • ColeLT1
          • 7 years ago

          “Cell combines a general-purpose Power Architecture core of modest performance with streamlined coprocessing elements”

          It’s a central Power cpu, surrounded by SPEs. Still a Power Architecture chip.

          If Cell isn’t Power because of SPEs, then Tegra 3 isn’t ARM because of the companion core.

    • chuckula
    • 7 years ago

    AMD outsourced its DRM…. if this is the future of AMD then I feel sorry for the fanboys who will have to spin this crap out as being the end of Intel…

      • Deanjo
      • 7 years ago

      TPM dejavu?

        • chuckula
        • 7 years ago

        At least Intel had the decency to come up with its own implementation.

          • Deanjo
          • 7 years ago

          Why reinvent the wheel?

          • OneArmedScissor
          • 7 years ago

          They also bought McAfee.

          McAfee!

          But you didn’t mention that, because you can’t put that word in the same sentence as “decency.” :p

            • destroy.all.monsters
            • 7 years ago

            I lol’ed. +1

          • NeelyCam
          • 7 years ago

          ?

          I think this qualifies as a -40 wannabe… join me in THUMBYDOWNIES!!!

      • BobbinThreadbare
      • 7 years ago

      The only thing more annoying than fanboys is trolls baiting fanboys.

    • Parallax
    • 7 years ago

    Um… no thanks. I’ll take viruses over walled-garden processors.

      • Grigory
      • 7 years ago

      What? Why?

        • BobbinThreadbare
        • 7 years ago

        Who gets to decide what gets to run in the “secure world?”

          • Rand
          • 7 years ago

          Microsoft or Apple depending on your preference, until the government objects and then they decide what you run.

        • Parallax
        • 7 years ago

        1. Some programs will start to require a secure component whether or not they actually need it. What happens if an installer says it needs to install something into the secure OS, but [u<]I[/u<] don't trust it. 2. DRM abuse. Do we really need another way to add to this mess? 3. This splits the software and possibly hardware between too many components. Say I'm running an application in a version of Windows designed for this processor. I could now have the windows secure kernel, windows kernel, secure OS, and monitor all running at once. This could become a nightmare for programmers. 4. Performance suffers. The monitor examining every command running to prevent violations. Imagine I'm also running multi-threaded applications. Does the secure OS hog some cores or other system resources? Does the secure OS have priority over the apps I'm running? If a program requires TrustZone, does part of it reside in Windows and the other in the secure OS simultaneously? How is communication handled between the two? 5. Exploitable bugs that render the system irrelevant. Security systems are only as good as the programmers, and in this case the drivers they produce. After the secure OS becomes easy to break into, why should I still have to run it? For that matter, how would updates to the secure OS be handled? Yay for required updates for multiple operating systems at once. Here's an easy-to-imagine example that incorporates these all at once: I want to watch my futureistic Purple-Ray movie on such a system. My media software runs on the secure OS because it is "required". It also requires a secure video chain between my drive and monitor. Unfortunately, my AMVidia drivers only run in non-secure mode for performance reasons and can't use hardware decoding. No problem, while I'm waiting for them to make new drivers that support this I'll just use the software decoding. Except the secure OS and monitor suck up too much CPU time to make this feasible. So I download the movie from a less-than-reputable website and watch it to my heart's content since the DRM was broken weeks after its introduction. By the way, that legal version of the movie cost me 40% extra because of the R&D for these "features". Oh, and at least most current viruses can be easily identified by the immediate problems they cause, as opposed to the organizational bloat and conflicts caused by "legitimate" software.

          • NeelyCam
          • 7 years ago

          Whoa.. way tttttttldr

      • chuckula
      • 7 years ago

      Don’t worry too much… there’s still plenty of malware that gets over the walls and eats the petunias anyway.

      • Goty
      • 7 years ago

      Umm… XD/NX/XN bits anyone? Seems just like an extension of what’s already there.

      • Deanjo
      • 7 years ago

      Did you really think this wasn’t going to happen? The writing on the wall has been there for years. First they started killing licensing out of chipsets, then they started integrating the graphics on the CPU, then they bring up great stuff like secure boot and this. The days of having an open system are numbered. It won’t be long until the only expansion capabilities that a person will have is through external devices.

        • Chun¢
        • 7 years ago

        At the same time this feature is probably super useful on a server chip.

Pin It on Pinterest

Share This