This article is more than 1 year old
ARM: Hold my beer, we'll install patches for your crappy IoT gear for you
CPU designer touts cloud to push updates securely to all devices
The bad (or, rather, the worrying)
Well, some of you will be screaming at the idea of mbed Cloud managing potentially millions of devices. Let's start with the easy one: when ARM's device management service gets hacked – not if, when – the miscreants behind the infiltration will hit the jackpot. They will have a control panel to the world.
ARM has got to have the mechanisms in place that do not allow crooks, government snoops and bored teenagers who have compromised mbed Cloud to gain access to all those end points and push malicious firmware updates to countless gadgets in people's homes, offices, cities, hospitals, schools and factories. The keys required to do this must be stored outside the mbed Cloud. And if a manufacturer gets hacked, there must be barriers to stop miscreants within its network from reaching its mbed Cloud account, private keys in hand, to push malware-laden software to gizmos in the field.
There's putting all your eggs in one basket, and then there's managing hundreds of thousands, possibly millions, of devices from one service.
Next, the provisioning of keys in the factory must be done in a way to not wreck the trust and security of the system. These keys better not be symmetric, and it must be assumed they'll eventually be extracted from their secure holding pen. If extracting the factory-set key exposes the devices to attack then all is lost from the start. Cryptographers will be poring over the implementation details as they emerge and any weaknesses found are going to make interesting hacker conference talks.
Then there's the matter of people writing terrible software and there's not really much ARM can do about that. You can have kick-ass security right down to the silicon level, but as soon as you install an OS on top that has default or hardcoded administrative passwords, like shedloads of IoT gear out there, it's game over: malware like Mirai, which helped take down Dyn and a chunk of the internet last week, will be able to log in and do what they want.
It's the same with TrustZone: it's nice having separate secure and non-secure worlds, but it can be blown apart by a single careless bug. And it's the same at the application level: it's all fun and games until your embedded web server suffers a buffer overflow or gets exploited through bad path parsing.
At least with mbed OS and Cloud, it will be possible to patch vulnerable devices when flaws are discovered, provided hackers don't find a way to disable the update mechanism. mbed Cloud can't stop another Mirai-like outbreak but it can kill it off once the infection mechanism is found, fixed, tested and distributed.
But then we get to the final problem: manufacturers have to actually use the thing. ARM already has three partners lined up, but it needs to get so, so much more of the ecosystem onboard. And it's a complicated ecosystem – the microcontroller or system-on-chip in a device will be fabricated by one organization, then another will assemble the electronics and sell it as a component to someone who puts it in a nice case with logo on it and a manual and sells it via a marketplace.
Someone in that chain has to take responsibility for actually developing and testing the firmware updates as needed and push them out via the mbed Cloud. ARM intends to charge for that service, so someone has to pay for it and that will be tricky in the low-margin world of cheap consumer-grade embedded electronics.
Right now, the Internet of Things doesn't need an ecosystem – it needs an ego-system and perhaps ARM, a modestly sized business, has to become that ego without becoming a single point of failure.
And another thing: new Cortex-M33 and Cortex-M23
ARM has also revealed a couple of new Cortex-M cores; these are microcontroller-class designs, not the sort you find powering your quad-core smartphone. These typically turn up in all sorts of things from household appliances to robotics and wearables. The new Cortex-M33 and Cortex-M23 feature TrustZone so for the first time, the Cortex-M-family is getting TZ.
The M33 has a builtin DSP and is a performance part; the M23 is low-power and the smallest ARM core with TrustZone, we're told. The M33 is an ARMv8-M 32-bit core with, apparently, 20 per cent more performance than the M4. It also has a coprocessor interface that allows it to hook into up to eight buddy engines that provide things like fast Fourier transform and specialist math operations.
This is the first time the standard ARM coprocessor interface, along with most of the usual coprocessor instructions, has appeared in the Cortex-M family. A spokesperson for the engineering team told us:
The interface is designed to look like a bus with simple handshaking, and does not require a pipeline follower, which makes the design and integration much simpler.
From the programmer's point of view, the coprocessor interface is very similar to previous ARM cores: the Cortex-M33 uses the same set of instructions with coprocessors CP0 to CP7 available. The Cortex-M33 supports register transfer
CDPcommand instructions but not memory transfer instructions
STC– coprocessor hardware can implement custom memory interfaces to provide access to their own data structures as required.
"Generally, peripherals are accessed using a memory-mapped arrangement, transferring registers' data and commands with dedicated load/store," the team continued.
"The coprocessor interface provides a similar mechanism allowing straight-forward integration of peripherals but with an exclusive data and command channel – separated from the AHB interface – and twice the data bandwidth: 64-bits per cycle rather than 32-bits per cycle. The interface fully supports the low interrupt latency capabilities of all ARM Cortex-M processors.
"Chip vendors can optionally add an AHB/APB interface to a coprocessor to make its registers accessible as memory-mapped registers to enable software developers to access the same registers with multiple methods, which is useful if the system also contains other bus masters. Having the coprocessor registers visible as memory-mapped registers also makes it easier to debug."
Finally, we're told the 32-bit ARMv8-M M23 can take 240 interrupts, is 75 per cent smaller than the M33, and has the same power efficiency as the minimalist Cortex-M0+.
Meanwhile, mbed OS 5.2 is out – its release notes are here.
ARM will also today announce its CoreLink SIE-200 design which sits on top of an AMBA 5 AHB5 interface and extends TrustZone security to an ARMv8-M microcontroller's peripherals. It will also announce the CoreLink SSE-200 subsystem for ARMv8-M microcontroller designers who wish to add TrustZone CryptoCell security to their chips. Then there's the new Cordio-B50 Bluetooth 5 controller design, Cordio-E154 Zigbee controller, and the Cordio-C50, which does BT 5 and Zigbee. If the hardcore semiconductor engineers among you want to drill into more details on those, you can look over here on ARM's website. ®