think edge: how to migrate intelligence from the cloud to ...€¦ · platform security...

1Copyright © 2019 Arm TechCon, All rights reserved.Copyright © 2019 Arm TechCon, All rights reserved.

#ArmTechCon

Think Edge:How to Migrate Intelligence from the Cloud to Endpoint Devices

Director of Embedded SolutionsArm

Chris Shore

2Copyright © 2019 Arm TechCon, All rights reserved. 2Copyright © 2019 Arm TechCon, All rights reserved.

Market Trends – Acceleration of Technology Deployment

26 years 4 years

20171991 2021

100 billionchips shipped

100 billionchips shipped

1 Trillionchips shipped

3Copyright © 2019 Arm TechCon, All rights reserved.

Emerging sensing and control use cases need ultra-efficient solutions in the smallest devices

Blend of signal processing compute and inference machine learning compute

Vibration and motion Voice and sound Vision and image

Secure connectivity is mandatory

Drivers for Next Wave of Embedded Intelligence On-device


The Best Place to Compute

Base StationLocal Global

Sensor

Actuator

• Bandwidth / Cost / Power

• Security

• Privacy

• Real time / latency

• Reliability

• Safety

Gateway Server


Think Edge

Increase autonomy

Reduce bandwidth

Increase security &

privacy

Reduce latency

Reduce power consumption

Increase safety

“Think Edge”


Think Edge

Heterogeneous system

architecture

Optimized DSP

Platform Security

Scalable processing

Machine Learning

Functional Safety

“Think Edge”


SecurityThink Edge


Security Cannot be Optional

Is your product upgradeable?

Does your product store valuable information?

Is your product connected?

• Wi-Fi• Bluetooth• ZigBee• Thread Ethernet• USB• UART• I2C

• Firmware upgrades• Feature upgrades• Unlock paid features• Security upgrades

• Keys• Certificates• Wi-Fi password• Biometric data• Personal information• Firmware


Energy grid Automotive Healthcare

Smart city BT Beacon VR / AR

Environmental

Farming Identity & tracking

Home automation

Robotics Temp Sensor Smart lightingIndustrial IoT

Enterprise Retail

Connectedclothing

Smart watch

Building automation

Coffee maker

Connected Upgradable High value information

What is Your Application?


Attack Types

Communication Attacks• Man-in-the-Middle• Weak RNG• Code vulnerabilities

Software Attacks▪ Buffer overflows▪ Interrupts▪ Malware

Physical Attacks• Fault injection: clock or

power glitch, alpha ray• Side-channel analysis• Probing, FIB

Lifecycle Attacks• Code downgrade• Excess manufacturing• Integrity vulnerabilities

Assets

Attackers’ goals: extraction of secrets and/or modification of the product behavior (e.g. get it to trust rogue SW)


Software Isolation

1. Two processors 2. Memory protection unit 3. TrustZone for Armv8-M

Different methods with the same objective

Cortex-M

SRAM

Interconnect

SRAMFlash Peripherals

Cortex-M

SRAM

MPU MPU


Hardware IsolationA Secure Enclave provides security-related services to the system

Security Enclave

Non-secure processing environment

Secure processing environment

Non-secure processing Environment

Secure processing environment (SPE)

OS Libraries

OS Kernel

Application Firmware

Non-secure

Partition


Increasing Need for Physical Security

SIMNFCBiometric

POS Point of Sale terminal Smart lock

Smart watch

Smart phoneSmart meter

Banking with fingerprint

Container sealing


How Much Physical Protection do you Need?

Only a small zone in the room requires strong protection from attacks.

Used to store small, high value items.

Standard door lock is sufficient for the rest of the room.


Unlocking digital transformation

Platform Security Architecture (PSA)The open device security framework, with independent testing

PSA: enabling right-sized device security

CertifyIndependently testing SoCs, devices and OSes

ImplementHardware and software

Architect

Hardware and firmware architecture specs

Analyze

Threat modelling

STAGE 1

STAGE 2

STAGE 3

STAGE 4


Security Architecture and IP

Physical mitigation Software mitigation

Lifecycle mitigationCommunication mitigation

Arm SecurCore,Arm Cortex-M35P CPU,CryptoCell-312P,CryptoIsland-300P

Arm TrustZone, CMSIS-ZONEArm Keil MDK, Armprocessors with TrustZonesupport and Trusted Firmware

Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform,Arm CoreSight SDC-600, Kigenfamily

Arm CryptoCell & CryptoIsland, Arm Pelion IoT Platform, Kigen family

Platform Security Architecture

Hardware & firmware architecture specifications

Architect

ImplementFirmware source code

Threat models &security analysis

Analyze


Arm Secure Foundations Reference designs for the heart of your SoC

Corstone Subsystem• Tested system designs to build on or use as a reference

Corstone System IP• Vast collection of System IP

Processor IP• Cortex-A and/or Cortex-M

Security IP• Hardware security functions

Corstone Ready Software• TF-M and multiple RTOS support

Corstone Subsystem

CorstoneSystem IP

Cortex-A and Cortex-M Processor IP

PSA Principles

Security IP

Arm Secure Foundation

Corstone-ready Software

Dev

elo

pm

ent

Too

ls

Processor License

Corstone foundation IP License

Security IP License (optional)

Open Source Software


Functional SafetyThink Edge


Markets and Applications

AutomotiveAutonomous driving

IndustrialFactory automation

HealthcareRobotic surgery

TransportationTrain control systems

AvionicsFlight systems

ConsumerDomestic robots


What is Functional Safety?

“Absence of unreasonable risk due to hazards caused by malfunctions”

ISO 26262


Safety and Security

SecurityProtects things and defends from malicious attack

SafetyLimits uncontrolled system behaviour to prevent harm

An insecure system can never be safe

A secure system is not necessarily

a safe system

Safety is not possible without

security


Types of Fault

• Hard errors

• Soft errors

• Permanent faults

• Transient faults

• Latent faults

Managed by including features forfault detection and control

• Hardware errata

• Software bugs

• Incorrect specification

• Incomplete requirements

• Unfulfilled assumptions

Managed through design process, verification and assessment

Random faults Systematic faults


Safety Through the Entire Design Process

IP integratore.g. MCU designer

Tier 1 designer OEMIP supplier

ISO 26262

-1-2-3-4-5-6-7-8-9

Applicable requirementNot applicable requirements

Requirements, assumptions

Supporting documentation (evidence)

ISO 26262

-1-2-3-4-5-6-7-8-9

ISO 26262

-1-2-3-4-5-6-7-8-9

ISO 26262

-1-2-3-4-5-6-7-8-9


System-level Safety and Security

Heterogeneous processing

• High-performance, rich application processor

• Real-time safety island

Redundant execution

• Redundant application processors

• Split-lock safety island

Safety island

• Safety monitoring & hard real-time capability

• RTOS

Secure Enclave

• Provides secure isolation

Mission Redundant Safety island

CPU CPU

CPUCPU

Interrupts

Cache

CPU CPU

CPUCPU

Interrupts

Cache

MPU MPU

Coherent Interconnect

MPU

Accelerators

CPU CPU

Interrupts

Bus interface

Memory

Interconnect

MPU

Peripherals Secure Enclave

MPU


Digital Signal ProcessingThink Edge


Remember These?

Emerging sensing and control use cases need ultra-efficient solutions in the smallest devices

Blend of signal processing compute and inference machine learning compute

Vibration and motion Voice and sound Vision and image

Secure connectivity is mandatory


Advanced Embedded Compute Solutions Today

Single CPU

Compatible ISA

Same programmer’s model for development

Single toolchain and ecosystem

Arm TrustZone

Different ISA

Harder to program, maintain and support

Multi-sourced toolchains and ecosystems

Non-standard security solutions

CPU + custom hardware or DSP

Lower costsLower complexityIncreased security


A Versatile DSP Ecosystem for Cortex-M

Fundamental DSP functions on Cortex-M

– available for free!

Examples of ecosystem solutions and partners

CMSIS-DSP library

Transforms

Matrix functionsStatistical functions

Controller functions

Support functions

Interpolator functions

Complex math functions

Filters

Basic math functions

Fast math functions

Voice codecs

Image processing

Audio codecs

Keyword spotting

Sensor fusion

Motor control

Audio enhancement

Connectivity

Simulation tools


A Versatile DSP Ecosystem for Cortex-A with Neon

Extensive third-party ecosystem Extensive support in Open Source

• Android – NEON optimizations

• Skia library is 5x faster using NEON

ESPICO

2D GUI Library and GUI Visual Effects

NEON-optimized Audio and Video Codecs

The Arm Computer Vision and Machine Learning Library.Optimized functions for both Arm CPUs and GPUs using SIMD technologies.

https://github.com/Arm-software/ComputeLibrary

http://cairographics.org/

http://www.webmproject.org/

http://libav.org/index.html

http://en.wikipedia.org/wiki/File:Aricent_Group_color.gif

http://images.google.com/imgres?imgurl=http://www.khronos.org/img/member_logos/yappa.png&imgrefurl=http://www.khronos.org/members/conformant/&usg=__YTgXKZf0VwvT10OanoRAsYsET5o=&h=91&w=110&sz=1&hl=en&start=31&tbnid=y4DjhsSNLqjDIM:&tbnh=70&tbnw=85&prev=/images?q=yappa&gbv=2&ndsp=20&hl=en&safe=off&sa=N&start=20

http://www.tmath.co.jp/eng/index_e.html

http://www.frogdesign.com/

https://github.com/Arm-software/ComputeLibrary


NXP LPC 556x – A Different Approach

10x DSP performance increase


Simplified development

Developers can benefit from one toolchain to reduce development

efforts and costs

Arm Helium Technology: Foundation for Intelligent Endpoint Devices

Enhanced performance

Up to 15x performance

uplift to machine learning

and up to 5x uplift to signal

processing

System-wide security

Built-in security with TrustZone for Armv8-M

and PSA principles


Scalable ProcessingThink Edge


Diverse Applications Need Diverse Compute

Hard real-time

Deterministic responsiveness

Cortex-R

Low-power

Always-on efficiency

Cortex-M

High performance

Platform OS, rich user experience

Cortex-A Neoverse

Infrastructure foundation

Scalable from hyperscale to edge of the network


Scalable Processing

Power consumption (𝜇W/MHz)

Perf

orm

ance

(C

ore

Mar

ks)

Cortex-M4Cortex-M33

Cortex-M7

Cortex-M3

Cortex-M23

Cortex-M0Cortex-M0+

Power consumption (mW/GHz)Pe

rfo

rman

ce (

SPEC

INT/

GH

z)

Cortex-A73

Cortex-A75

Cortex-A76

Cortex-A55

Cortex-A53

Cortex-A32Cortex-A35


Cortex-A is Everywhere in the Embedded Markets Today

>70%

Arm market share in rich embedded

Source: VDC (CPU & SoC unit volume in embedded, excluding mobile, tablets, and networking)

Example market segments and products

Smart Embedded

Smart Home

Wearables


Smart Surveillance Camera

Video encoder

GPU

Cortex-A55

1 -

4 s

enso

rs

ISP

Display

• OSD / graphics overlay

• CPU use optional

• H.264, H.265

• Single / dual encode

• HDMI output

• Resolution downscale

• CPU use optional

• Neural Network processor

• Convolution accelerator

Arm ML processor

• Right-size compute

• Linux / Android

Scalable Arm NN solution

Metadata - regions of interest encode

Graphics overlay

Simultaneous Downscale

Scaled frames

Non-scaled frames

Tuned image

RAW image

HDMI out

• HDR, GDC, 3A

• 1-4 sensors, up to 64Mpx

Mobile stream

Local HD / mobile stream

DDR

DDR

DDR

DDR

DDR

DDR


Arm Secure FoundationsExtendable for differentiation and diversity

Corstone foundation IP package

• Pre-integrated processor and security IP

• Pre-verified, modifiable subsystems

Corstone-ready software

• Standardized interfaces and architecture

• Mbed OS and Mbed Linux

Tools

• Arm and third-party development tools

• FPGA, fast models, test chip boards

Note: Arm Corstone replaces Arm System Design Kits (SDK)

Corstone Subsystem

CorstoneSystem IP

Cortex-A and Cortex-M Processor IP

PSA Principles

Security IP

Arm Secure Foundation

Corstone-ready Software

Dev

elo

pm

ent

Too

ls


Corstone Foundation IP – Subsystem for Embedded (SSE)A range of subsystems available with security

SSE-123TrustZone

SSE-200TrustZone

CryptoCell pre-integrated

Secure debug

SSE-700Cortex-A + Cortex-M CPUs

TrustZone

Secure enclave

Firewalls

Protected multi-domains debug support

Isolated domains

Rich nodes / gateways ConstrainedMainstream


Machine LearningThink Edge


Flexible, Scalable ML Solutions

Mali GPUs

Arm NPUs

Cortex-M/A CPUsML

per

form

ance

(o

ps/

seco

nd

)

ML capabilities

Keyword detection

Pattern training

Voice & image recognition

Smart cameras

Image enhancement

Autonomous driving

Data centerTypical ML hardware choice

Deliver use cases with multiple hardware solutions

Choose best balance of ML performance versus capabilities per use case

Only Arm can enable ML everywhere


Heterogeneous Processing ArchitecturesThink Edge


SSE-700 Rich Embedded Subsystem

Processor choice

• Cortex-A for performance

• Cortex-M for real-time

Security enclave

• CryptoIsland

• Use your own module

Built on PSA principles

• Secure system architecture

• Common software architecture

Cortex-Munit(s)

Secure AXI interconnect

Cortex-AHost processor

Firewall

SecureDebug

CryptoIslandSecure enclave

ROM

Power control


System example

Initial IoT Solution with Corstone-700

• Processor choice• Cortex-A32• Any Cortex-M

• Security enclave• Ready to be

combined with Pluton IP

• Expansion• Machine learning,

media components, customacceleration

• …

SSE-700 subsystem

AXI interconnect

Cortex-A32subsystem

System control

ROMPower control

DebugSecurity enclave

(Azure Sphere)

Expansion

Expansion

MH

U M-Class system

Firewall

RAM

M-Class system

Firewall

An expandable system compliant with Microsoft Azure Sphere specifications

Firewall

FW


LPDDR4x

A Heterogeneous Automotive/Industrial System

Bus network

Interconnect

DMCPeripherals

Safety island

I/O

SRAM

ISP

Security Enclave

DMA

CoreLink GIC-600AE

Crypto Accel

Video

Cortex-R

DCLS

Display

System MMU

• Isolated for highest reliability & integrity

• System monitoring, diagnostics & recovery

• Failsafe communication

GPU

Application stack & APIs

Functional Safety

NPU

System MMU

Cortex-ABig

Cortex-ABig

Cortex-ALittle

FirmwareRTOS Linux Hypervisor Compute Library Device drivers Software Test Library


“Think Edge”

Think Edge

Heterogeneous system

architecture

Platform Security

Architecture

Optimized DSP

Scalable processing

Machine Learning

Functional Safety


Partner Solutions - Cypress

The PSoC 6 MCU contains:

• Arm® Cortex®-M4 for high-performance tasks,

• Arm® Cortex®-M0+ for low-power tasks, and with security built-in, as a dual-core architecture


June 2018 – Microchip release SAM L10/L11 based on Cortex-M23

• 32-bit MCU with robust, chip-level security and Arm TrustZone Technology

• SAM L11 with Arm TrustZone, hardware isolation between certified libraries, IP and application code

• Additional security features Advanced Encryption Standard (AES), Galois Counter Mode (GCM) and Secure Hash Algorithm (SHA)

• Target applications - IoT and security, Smart cities, Home automation, Industrial automation, Medical devices, Accessories authentication

Partner Solutions - Microchip


• September 2018 – Nuvoton released Cortex-M23 with TrustZone-based secure microcontrollers focusing on IoT security

• Nuvoton M2351 series with support for Arm PSA

• TrustZone with additional security• Secure Attribution Unit (SAU, inside of Cortex-M23 CPU)• Implementation Defined Attribution Unit (IDAU)• Flash Memory Controller (FMC)• Security Configuration Unit (SCU, which supports SRAM and peripheral configurations)

• Target applications - biometric security (fingerprint e), auto meter reading

Partner Solutions - Nuvoton


October 2018 – NXP announced LPC55xx - Cortex-M33 TrustZone based microcontroller series

LPC550X, 56S6X, 56Sxx

• First dual-core Cortex-M33

• First DSP/ML co-processor on Cortex-M

• PRINCE module for real-time encryption of data, AES, SHA2

• Physically Unclonable Function (PUF) for unique device identity

• System-wide, secure resource isolation for trusted hardware

• Programmable Logic Unit

• Applications - Building control and automation, Consumer electronics, Industrial IoT, Secure Transaction and Retail Payments

Partner Solutions - NXP


October 2018 – NXP announced i.MX RT600 Crossover Processor with Cortex-M33 TrustZone

i.MX RT600

• Co-processors• PowerQuad hardware accelerator for DSP functions• CASPER crypto co-processor• HiFi DSP co-processor (600MHz) for audio processing

• Advanced Security features - Physical Unclonable Function (PUF) key generation module, SHA1/SHA2 Secure Hash for Secure Boot, AES256

• Target applications - Consumer Electronics, Audio Subsystems, Voice Recognition Consumer Electronic, Voice UI enabled IoT Devices

Partner Solutions - NXP


October 2018 - ST announced the STM32L5 ultra-low-power Cortex-M33 Microcontrollers for TrustZone secured IoT applications

• ST-proprietary ultra-low-power technologies create class-leading low energy MCU- EEMBC 385 ULPMark-CP

• Contains support for secure boot, full hardware isolation, hardware crypto accelerators

• ST has engineered TrustZone to ensure support for secure boot, special read-out and write protection for integrated SRAM (256KB) and Flash (512KB)

• Applications - Fitness trackers, Home automation, Thermostat, Metering (Gas, water, Electricity), Medical, Mobile POS

Partner Solutions - ST


Much More Than a CPU for Product Success

Verified subsystem

Physical IP

Tools

Models

Software IoT & cloud services

Community

Training

Support

Design partners

ServicesProcessor IP

EDA

Foundryservices

Download my “Think Edge” white paper to learn more:https://pages.arm.com/think-local


Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm Ltd. (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

Copyright © 2019

Thank You!

#ArmTechCon

think edge: how to migrate intelligence from the cloud to ...€¦ · platform security...

Documents