Arm introduced a processor architecture that aims to meet the growing need for both enhanced security and AI functionality at the edge.
It has been nearly a decade since Arm introduced a new architecture, but growth of the IoT and the movement of artificial intelligence (AI) to these edge devices are trends the company has clearly been tracking. Arm has just introduced a processor architecture that aims to meet the growing need for both enhanced security and AI functionality at the edge.
The Armv9 architecture launched at the end of March, with the aim of enhancing AI processing in IoT devices. The need seems clear: the company estimates that 90% of new IoT applications will contain some kind of AI element. Among the applications expected to require AI are voice processing for device control, vision processing for industrial automation and consumer systems, and machine learning for robotics, autonomous mobile devices, and smart sensors. AI is also providing developers with an alternative to custom programming when adapting their device designs to specific use cases.
To enhance the v9’s AI processing, Arm partnered with Fujitsu to create the Scalable Vector Extension (SVE) architecture. For the new processor, Arm expanded and adapted that architecture to create its SVE2 hardware design. SVE2 allows the processor to automatically scale the vector length of SIMD (single instruction, multiple data) instructions to simplify software development. The result is enhanced processing power for both machine learning and digital signal processing (DSP) operations. Future enhancements to the v9 architecture to speed matrix multiplication are in the works, as well.
The second focus in the v9 architecture is enhancing the operational security of IoT designs. Despite the long history of growing security issues with personal computers and mobile devices, many early IoT designs ignored or downplayed security issues. It has become increasingly clear, however, that edge devices need just as much protection, if not more. Both the rise of botnets formed from hijacked consumer IoT devices and the increasing use of IoT in critical infrastructure and industrial control systems has demonstrated the need for enhanced security.
Arm has implemented numerous hardware security measures in its v9 processor architecture, creating a new Confidential Compute Architecture (CCA) to shield portions of code and data from access or modification while in use. This CCA will introduce and support the use of dynamically-created realms – regions of memory separate from both the secure and non-secure worlds. Such realms can help protect commercially-sensitive data and code at all times, whether it is in-use, in-transit, or at-rest.
One of these CCA enhancements is the Privileged Access Never (PAN) command, which can help protect user memory from many common cyber-attack vectors. The PAN command can help keep a kernel of hypervisor from accessing memory that has been allocated to user mode. Normally, such higher-level software has privileges that allow it to access the resources being used for lower-level code. This access provides the opportunity for cyber attacks that hijack the kernel to read and modify user code. With the PAN instruction, however, the processor’s hardware will block such access even if the kernel is tricked into making the attempt.
Another CCA enhancement is the implementation of a Memory Tag Extension (MTE) in commands that read from or write to protected memory. Industry analysis of cyber-security exploits suggest that more than 70% of security issues are related to memory safety. The two main types of memory-safety issues are temporal and spatial safety. Temporal safety is violated when an object such as a buffer gets accessed after the object has expired and the memory allocation is released. Spatial safety is violated when such an object is accessed outside of its true bounds, such as writing beyond a buffer’s bounds. The MTE hardware works to mitigate both kinds of memory-safety issues.
MTE works by including in hardware an extension to memory access commands to create a kind of lock-and-key mechanism. Each memory access instruction must include the matching key that has been defined for that block of memory. If the key is absent or incorrect, hardware blocks the memory access and sets a flag that the operating system can read. The availability of this flag can be a boon to software developers by identifying memory-safety errors in their code. It can also help developers identify when cyber-attacks have attempted to exploit system vulnerabilities, and where in the code the vulnerability exists, so that they can modify and update the code to eliminate the exploit.
Release of the Armv9 architecture is only the first step in the availability of actual hardware, but it is highly likely that Arm’s partners will soon be offering processors and tools that developers can use. Companies such as Cadence, Fujitsu, Google, NXP, RedHat, Renesas, Synopsys, and TSMC, along with many others, participated in Arm’s v9 announcement. That’s a good indicator that processors, software, development tools, and foundry services will soon be available to help turn the Armv9 architecture into operating designs.
This article was originally published on EDN.
Rich Quinnell is a retired engineer and writer, and former Editor-in-Chief at EDN.