think edge: how to migrate intelligence from the cloud to ...€¦ · platform security...
TRANSCRIPT
1Copyright © 2019 Arm TechCon, All rights reserved.Copyright © 2019 Arm TechCon, All rights reserved.
#ArmTechCon
Think Edge:How to Migrate Intelligence from the Cloud to Endpoint Devices
Director of Embedded SolutionsArm
Chris Shore
2Copyright © 2019 Arm TechCon, All rights reserved. 2Copyright © 2019 Arm TechCon, All rights reserved.
Market Trends – Acceleration of Technology Deployment
26 years 4 years
20171991 2021
100 billionchips shipped
100 billionchips shipped
1 Trillionchips shipped
3Copyright © 2019 Arm TechCon, All rights reserved.
Emerging sensing and control use cases need ultra-efficient solutions in the smallest devices
Blend of signal processing compute and inference machine learning compute
Vibration and motion Voice and sound Vision and image
Secure connectivity is mandatory
Drivers for Next Wave of Embedded Intelligence On-device
4Copyright © 2019 Arm TechCon, All rights reserved.
The Best Place to Compute
Base StationLocal Global
Sensor
Actuator
• Bandwidth / Cost / Power
• Security
• Privacy
• Real time / latency
• Reliability
• Safety
Gateway Server
5Copyright © 2019 Arm TechCon, All rights reserved.
Think Edge
Increase autonomy
Reduce bandwidth
Increase security &
privacy
Reduce latency
Reduce power consumption
Increase safety
“Think Edge”
6Copyright © 2019 Arm TechCon, All rights reserved.
Think Edge
Heterogeneous system
architecture
Optimized DSP
Platform Security
Scalable processing
Machine Learning
Functional Safety
“Think Edge”
7Copyright © 2019 Arm TechCon, All rights reserved.
SecurityThink Edge
8Copyright © 2019 Arm TechCon, All rights reserved.
Security Cannot be Optional
Is your product upgradeable?
Does your product store valuable information?
Is your product connected?
• Wi-Fi• Bluetooth• ZigBee• Thread Ethernet• USB• UART• I2C
• Firmware upgrades• Feature upgrades• Unlock paid features• Security upgrades
• Keys• Certificates• Wi-Fi password• Biometric data• Personal information• Firmware
9Copyright © 2019 Arm TechCon, All rights reserved.
Energy grid Automotive Healthcare
Smart city BT Beacon VR / AR
Environmental
Farming Identity & tracking
Home automation
Robotics Temp Sensor Smart lightingIndustrial IoT
Enterprise Retail
Connectedclothing
Smart watch
Building automation
Coffee maker
Connected Upgradable High value information
What is Your Application?
10Copyright © 2019 Arm TechCon, All rights reserved.
Attack Types
Communication Attacks• Man-in-the-Middle• Weak RNG• Code vulnerabilities
Software Attacks▪ Buffer overflows▪ Interrupts▪ Malware
Physical Attacks• Fault injection: clock or
power glitch, alpha ray• Side-channel analysis• Probing, FIB
Lifecycle Attacks• Code downgrade• Excess manufacturing• Integrity vulnerabilities
Assets
Attackers’ goals: extraction of secrets and/or modification of the product behavior (e.g. get it to trust rogue SW)
11Copyright © 2019 Arm TechCon, All rights reserved.
Software Isolation
1. Two processors 2. Memory protection unit 3. TrustZone for Armv8-M
Different methods with the same objective
Cortex-M
SRAM
Interconnect
SRAMFlash Peripherals
Cortex-M
SRAM
MPU MPU
12Copyright © 2019 Arm TechCon, All rights reserved.
Hardware IsolationA Secure Enclave provides security-related services to the system
Security Enclave
Non-secure processing environment
Secure processing environment
Non-secure processing Environment
Secure processing environment (SPE)
OS Libraries
OS Kernel
Application Firmware
Non-secure
Partition
13Copyright © 2019 Arm TechCon, All rights reserved.
Increasing Need for Physical Security
SIMNFCBiometric
POS Point of Sale terminal Smart lock
Smart watch
Smart phoneSmart meter
Banking with fingerprint
Container sealing
14Copyright © 2019 Arm TechCon, All rights reserved.
How Much Physical Protection do you Need?
Only a small zone in the room requires strong protection from attacks.
Used to store small, high value items.
Standard door lock is sufficient for the rest of the room.
15Copyright © 2019 Arm TechCon, All rights reserved.
Unlocking digital transformation
Platform Security Architecture (PSA)The open device security framework, with independent testing
PSA: enabling right-sized device security
CertifyIndependently testing SoCs, devices and OSes
ImplementHardware and software
Architect
Hardware and firmware architecture specs
Analyze
Threat modelling
STAGE 1
STAGE 2
STAGE 3
STAGE 4
16Copyright © 2019 Arm TechCon, All rights reserved.
Security Architecture and IP
Physical mitigation Software mitigation
Lifecycle mitigationCommunication mitigation
Arm SecurCore,Arm Cortex-M35P CPU,CryptoCell-312P,CryptoIsland-300P
Arm TrustZone, CMSIS-ZONEArm Keil MDK, Armprocessors with TrustZonesupport and Trusted Firmware
Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform,Arm CoreSight SDC-600, Kigenfamily
Arm CryptoCell & CryptoIsland, Arm Pelion IoT Platform, Kigen family
Platform Security Architecture
Hardware & firmware architecture specifications
Architect
ImplementFirmware source code
Threat models &security analysis
Analyze
17Copyright © 2019 Arm TechCon, All rights reserved.
Arm Secure Foundations Reference designs for the heart of your SoC
Corstone Subsystem• Tested system designs to build on or use as a reference
Corstone System IP• Vast collection of System IP
Processor IP• Cortex-A and/or Cortex-M
Security IP• Hardware security functions
Corstone Ready Software• TF-M and multiple RTOS support
Corstone Subsystem
CorstoneSystem IP
Cortex-A and Cortex-M Processor IP
PSA Principles
Security IP
Arm Secure Foundation
Corstone-ready Software
Dev
elo
pm
ent
Too
ls
Processor License
Corstone foundation IP License
Security IP License (optional)
Open Source Software
18Copyright © 2019 Arm TechCon, All rights reserved.
Functional SafetyThink Edge
19Copyright © 2019 Arm TechCon, All rights reserved.
Markets and Applications
AutomotiveAutonomous driving
IndustrialFactory automation
HealthcareRobotic surgery
TransportationTrain control systems
AvionicsFlight systems
ConsumerDomestic robots
20Copyright © 2019 Arm TechCon, All rights reserved.
What is Functional Safety?
“Absence of unreasonable risk due to hazards caused by malfunctions”
ISO 26262
21Copyright © 2019 Arm TechCon, All rights reserved.
Safety and Security
SecurityProtects things and defends from malicious attack
SafetyLimits uncontrolled system behaviour to prevent harm
An insecure system can never be safe
A secure system is not necessarily
a safe system
Safety is not possible without
security
22Copyright © 2019 Arm TechCon, All rights reserved.
Types of Fault
• Hard errors
• Soft errors
• Permanent faults
• Transient faults
• Latent faults
Managed by including features forfault detection and control
• Hardware errata
• Software bugs
• Incorrect specification
• Incomplete requirements
• Unfulfilled assumptions
Managed through design process, verification and assessment
Random faults Systematic faults
23Copyright © 2019 Arm TechCon, All rights reserved.
Safety Through the Entire Design Process
IP integratore.g. MCU designer
Tier 1 designer OEMIP supplier
ISO 26262
-1-2-3-4-5-6-7-8-9
Applicable requirementNot applicable requirements
Requirements, assumptions
Supporting documentation (evidence)
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
24Copyright © 2019 Arm TechCon, All rights reserved.
System-level Safety and Security
Heterogeneous processing
• High-performance, rich application processor
• Real-time safety island
Redundant execution
• Redundant application processors
• Split-lock safety island
Safety island
• Safety monitoring & hard real-time capability
• RTOS
Secure Enclave
• Provides secure isolation
Mission Redundant Safety island
CPU CPU
CPUCPU
Interrupts
Cache
CPU CPU
CPUCPU
Interrupts
Cache
MPU MPU
Coherent Interconnect
MPU
Accelerators
CPU CPU
Interrupts
Bus interface
Memory
Interconnect
MPU
Peripherals Secure Enclave
MPU
25Copyright © 2019 Arm TechCon, All rights reserved.
Digital Signal ProcessingThink Edge
26Copyright © 2019 Arm TechCon, All rights reserved.
Remember These?
Emerging sensing and control use cases need ultra-efficient solutions in the smallest devices
Blend of signal processing compute and inference machine learning compute
Vibration and motion Voice and sound Vision and image
Secure connectivity is mandatory
27Copyright © 2019 Arm TechCon, All rights reserved.
Advanced Embedded Compute Solutions Today
Single CPU
Compatible ISA
Same programmer’s model for development
Single toolchain and ecosystem
Arm TrustZone
Different ISA
Harder to program, maintain and support
Multi-sourced toolchains and ecosystems
Non-standard security solutions
CPU + custom hardware or DSP
Lower costsLower complexityIncreased security
28Copyright © 2019 Arm TechCon, All rights reserved.
A Versatile DSP Ecosystem for Cortex-M
Fundamental DSP functions on Cortex-M
– available for free!
Examples of ecosystem solutions and partners
CMSIS-DSP library
Transforms
Matrix functionsStatistical functions
Controller functions
Support functions
Interpolator functions
Complex math functions
Filters
Basic math functions
Fast math functions
Voice codecs
Image processing
Audio codecs
Keyword spotting
Sensor fusion
Motor control
Audio enhancement
Connectivity
Simulation tools
29Copyright © 2019 Arm TechCon, All rights reserved.
A Versatile DSP Ecosystem for Cortex-A with Neon
Extensive third-party ecosystem Extensive support in Open Source
• Android – NEON optimizations
• Skia library is 5x faster using NEON
ESPICO
2D GUI Library and GUI Visual Effects
NEON-optimized Audio and Video Codecs
The Arm Computer Vision and Machine Learning Library.Optimized functions for both Arm CPUs and GPUs using SIMD technologies.
https://github.com/Arm-software/ComputeLibrary
30Copyright © 2019 Arm TechCon, All rights reserved.
NXP LPC 556x – A Different Approach
10x DSP performance increase
31Copyright © 2019 Arm TechCon, All rights reserved.
Simplified development
Developers can benefit from one toolchain to reduce development
efforts and costs
Arm Helium Technology: Foundation for Intelligent Endpoint Devices
Enhanced performance
Up to 15x performance
uplift to machine learning
and up to 5x uplift to signal
processing
System-wide security
Built-in security with TrustZone for Armv8-M
and PSA principles
32Copyright © 2019 Arm TechCon, All rights reserved.
Scalable ProcessingThink Edge
33Copyright © 2019 Arm TechCon, All rights reserved.
Diverse Applications Need Diverse Compute
Hard real-time
Deterministic responsiveness
Cortex-R
Low-power
Always-on efficiency
Cortex-M
High performance
Platform OS, rich user experience
Cortex-A Neoverse
Infrastructure foundation
Scalable from hyperscale to edge of the network
34Copyright © 2019 Arm TechCon, All rights reserved.
Scalable Processing
Power consumption (𝜇W/MHz)
Perf
orm
ance
(C
ore
Mar
ks)
Cortex-M4Cortex-M33
Cortex-M7
Cortex-M3
Cortex-M23
Cortex-M0Cortex-M0+
Power consumption (mW/GHz)Pe
rfo
rman
ce (
SPEC
INT/
GH
z)
Cortex-A73
Cortex-A75
Cortex-A76
Cortex-A55
Cortex-A53
Cortex-A32Cortex-A35
35Copyright © 2019 Arm TechCon, All rights reserved.
Cortex-A is Everywhere in the Embedded Markets Today
>70%
Arm market share in rich embedded
Source: VDC (CPU & SoC unit volume in embedded, excluding mobile, tablets, and networking)
Example market segments and products
Smart Embedded
Smart Home
Wearables
36Copyright © 2019 Arm TechCon, All rights reserved.
Smart Surveillance Camera
Video encoder
GPU
Cortex-A55
1 -
4 s
enso
rs
ISP
Display
• OSD / graphics overlay
• CPU use optional
• H.264, H.265
• Single / dual encode
• HDMI output
• Resolution downscale
• CPU use optional
• Neural Network processor
• Convolution accelerator
Arm ML processor
• Right-size compute
• Linux / Android
Scalable Arm NN solution
Metadata - regions of interest encode
Graphics overlay
Simultaneous Downscale
Scaled frames
Non-scaled frames
Tuned image
RAW image
HDMI out
• HDR, GDC, 3A
• 1-4 sensors, up to 64Mpx
Mobile stream
Local HD / mobile stream
DDR
DDR
DDR
DDR
DDR
DDR
37Copyright © 2019 Arm TechCon, All rights reserved.
Arm Secure FoundationsExtendable for differentiation and diversity
Corstone foundation IP package
• Pre-integrated processor and security IP
• Pre-verified, modifiable subsystems
Corstone-ready software
• Standardized interfaces and architecture
• Mbed OS and Mbed Linux
Tools
• Arm and third-party development tools
• FPGA, fast models, test chip boards
Note: Arm Corstone replaces Arm System Design Kits (SDK)
Corstone Subsystem
CorstoneSystem IP
Cortex-A and Cortex-M Processor IP
PSA Principles
Security IP
Arm Secure Foundation
Corstone-ready Software
Dev
elo
pm
ent
Too
ls
38Copyright © 2019 Arm TechCon, All rights reserved.
Corstone Foundation IP – Subsystem for Embedded (SSE)A range of subsystems available with security
SSE-123TrustZone
SSE-200TrustZone
CryptoCell pre-integrated
Secure debug
SSE-700Cortex-A + Cortex-M CPUs
TrustZone
Secure enclave
Firewalls
Protected multi-domains debug support
Isolated domains
Rich nodes / gateways ConstrainedMainstream
39Copyright © 2019 Arm TechCon, All rights reserved.
Machine LearningThink Edge
40Copyright © 2019 Arm TechCon, All rights reserved.
Flexible, Scalable ML Solutions
Mali GPUs
Arm NPUs
Cortex-M/A CPUsML
per
form
ance
(o
ps/
seco
nd
)
ML capabilities
Keyword detection
Pattern training
Voice & image recognition
Smart cameras
Image enhancement
Autonomous driving
Data centerTypical ML hardware choice
Deliver use cases with multiple hardware solutions
Choose best balance of ML performance versus capabilities per use case
Only Arm can enable ML everywhere
Project Trillium: Arm’s ML Computing Platform
Armv8 SVE
41 © 2019 Arm Limited
42Copyright © 2019 Arm TechCon, All rights reserved.
Heterogeneous Processing ArchitecturesThink Edge
43Copyright © 2019 Arm TechCon, All rights reserved.
SSE-700 Rich Embedded Subsystem
Processor choice
• Cortex-A for performance
• Cortex-M for real-time
Security enclave
• CryptoIsland
• Use your own module
Built on PSA principles
• Secure system architecture
• Common software architecture
Cortex-Munit(s)
Secure AXI interconnect
Cortex-AHost processor
Firewall
SecureDebug
CryptoIslandSecure enclave
ROM
Power control
44Copyright © 2019 Arm TechCon, All rights reserved.
System example
Initial IoT Solution with Corstone-700
• Processor choice• Cortex-A32• Any Cortex-M
• Security enclave• Ready to be
combined with Pluton IP
• Expansion• Machine learning,
media components, customacceleration
• …
SSE-700 subsystem
AXI interconnect
Cortex-A32subsystem
System control
ROMPower control
DebugSecurity enclave
(Azure Sphere)
Expansion
Expansion
MH
U M-Class system
Firewall
RAM
M-Class system
Firewall
An expandable system compliant with Microsoft Azure Sphere specifications
Firewall
FW
45Copyright © 2019 Arm TechCon, All rights reserved.
LPDDR4x
A Heterogeneous Automotive/Industrial System
Bus network
Interconnect
DMCPeripherals
Safety island
I/O
SRAM
ISP
Security Enclave
DMA
CoreLink GIC-600AE
Crypto Accel
Video
Cortex-R
DCLS
Display
System MMU
• Isolated for highest reliability & integrity
• System monitoring, diagnostics & recovery
• Failsafe communication
GPU
Application stack & APIs
Functional Safety
NPU
System MMU
Cortex-ABig
Cortex-ABig
Cortex-ALittle
FirmwareRTOS Linux Hypervisor Compute Library Device drivers Software Test Library
46Copyright © 2019 Arm TechCon, All rights reserved.
“Think Edge”
Think Edge
Heterogeneous system
architecture
Platform Security
Architecture
Optimized DSP
Scalable processing
Machine Learning
Functional Safety
47Copyright © 2019 Arm TechCon, All rights reserved.
Partner Solutions - Cypress
The PSoC 6 MCU contains:
• Arm® Cortex®-M4 for high-performance tasks,
• Arm® Cortex®-M0+ for low-power tasks, and with security built-in, as a dual-core architecture
48Copyright © 2019 Arm TechCon, All rights reserved.
June 2018 – Microchip release SAM L10/L11 based on Cortex-M23
• 32-bit MCU with robust, chip-level security and Arm TrustZone Technology
• SAM L11 with Arm TrustZone, hardware isolation between certified libraries, IP and application code
• Additional security features Advanced Encryption Standard (AES), Galois Counter Mode (GCM) and Secure Hash Algorithm (SHA)
• Target applications - IoT and security, Smart cities, Home automation, Industrial automation, Medical devices, Accessories authentication
Partner Solutions - Microchip
49Copyright © 2019 Arm TechCon, All rights reserved.
• September 2018 – Nuvoton released Cortex-M23 with TrustZone-based secure microcontrollers focusing on IoT security
• Nuvoton M2351 series with support for Arm PSA
• TrustZone with additional security• Secure Attribution Unit (SAU, inside of Cortex-M23 CPU)• Implementation Defined Attribution Unit (IDAU)• Flash Memory Controller (FMC)• Security Configuration Unit (SCU, which supports SRAM and peripheral configurations)
• Target applications - biometric security (fingerprint e), auto meter reading
Partner Solutions - Nuvoton
50Copyright © 2019 Arm TechCon, All rights reserved.
October 2018 – NXP announced LPC55xx - Cortex-M33 TrustZone based microcontroller series
LPC550X, 56S6X, 56Sxx
• First dual-core Cortex-M33
• First DSP/ML co-processor on Cortex-M
• PRINCE module for real-time encryption of data, AES, SHA2
• Physically Unclonable Function (PUF) for unique device identity
• System-wide, secure resource isolation for trusted hardware
• Programmable Logic Unit
• Applications - Building control and automation, Consumer electronics, Industrial IoT, Secure Transaction and Retail Payments
Partner Solutions - NXP
51Copyright © 2019 Arm TechCon, All rights reserved.
October 2018 – NXP announced i.MX RT600 Crossover Processor with Cortex-M33 TrustZone
i.MX RT600
• Co-processors• PowerQuad hardware accelerator for DSP functions• CASPER crypto co-processor• HiFi DSP co-processor (600MHz) for audio processing
• Advanced Security features - Physical Unclonable Function (PUF) key generation module, SHA1/SHA2 Secure Hash for Secure Boot, AES256
• Target applications - Consumer Electronics, Audio Subsystems, Voice Recognition Consumer Electronic, Voice UI enabled IoT Devices
Partner Solutions - NXP
52Copyright © 2019 Arm TechCon, All rights reserved.
October 2018 - ST announced the STM32L5 ultra-low-power Cortex-M33 Microcontrollers for TrustZone secured IoT applications
• ST-proprietary ultra-low-power technologies create class-leading low energy MCU- EEMBC 385 ULPMark-CP
• Contains support for secure boot, full hardware isolation, hardware crypto accelerators
• ST has engineered TrustZone to ensure support for secure boot, special read-out and write protection for integrated SRAM (256KB) and Flash (512KB)
• Applications - Fitness trackers, Home automation, Thermostat, Metering (Gas, water, Electricity), Medical, Mobile POS
Partner Solutions - ST
53Copyright © 2019 Arm TechCon, All rights reserved.
Much More Than a CPU for Product Success
Verified subsystem
Physical IP
Tools
Models
Software IoT & cloud services
Community
Training
Support
Design partners
ServicesProcessor IP
EDA
Foundryservices
Download my “Think Edge” white paper to learn more:https://pages.arm.com/think-local
54Copyright © 2019 Arm TechCon, All rights reserved.
Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm Ltd. (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
Copyright © 2019
Thank You!
#ArmTechCon