It is no wonder that device security dominates news. Every aspect of our lives is approaching always connected status. Whether it is a major company forgetting to change a default password or an inexpensive connected webcam that is easily exploitable, security is now more important than ever.
ARM has a pretty good track record in providing solutions to their partners to enable a more secure computing experience in this online world. Their first entry to address this was SecurCore which was introduced in 2000. Later they released their TrustZone in 2003. Eventually that technology made it into multiple products as well as being adopted by 3rd party chip manufacturers.
Today ARM is expanding the program with this PSA announcement. Platform Security Architecture is a suite of technologies that encompasses software, firmware, and hardware. ARM technology has been included in over 100 billion chips shipped since 1991. ARM expects that another 100 billion will be shipped in the next four years. To get a jump on the situation ARM is introducing this comprehensive security architecture to enable robust security features for products from the very low end IoT to the highest performing server chips featuring ARM designs.
PSA is not being rolled out in any single product today. It is a multi-year journey for ARM and its partners and it can be considered a framework to provide enhanced security across a wide variety of products. The first products to be introduced using this technology will be the Armv8-M class of processors. Cortex-M processors with Trusted Firmware running on the Mbed OS will be the start of the program. Eventually it will branch out into other areas, but ARM is focusing much of its energy on the IoT market and ensuring that there is a robust security component to what could eventually scale out to be a trillion connected products.
There are two new hardware components attached to PSA. The first is the CryptoIsland 300 on-die security enclave. It is essentially a second layer of hardware security beyond that of the original TrustZone. The second is the SDC-600. This is a secure debug port that can be enabled and disabled using certificates. This cuts off a major avenue for security issues. These technologies are integrated into the CPUs themselves and are not offered as a 3rd party chip.
If we truly are looking at 1 trillion connected devices over the next 10 years, security is no longer optional. ARM is hoping to get ahead of this issue by being more proactive in developing these technologies and working with their partners to get them implemented. This technology will evolve over time to include more and more products in the ARM portfolio and hopefully will be adopted by their many licensees.
As long as the security
As long as the security certificates do not get spaffed out there by some cubicle monkey. So maybe some some unified security critificate authority with standarized security practices and the ability to cancel any security certificates that may be compromised. A trillion ARM processors, and some with integrated GPUs. I wonder what the hash rate is for a trillion ARM SOCs could do for some coin mining.
Now if they could just start shipping PCs/laptops/phones with Type one Hypervisors and allowing users to load whetever OS they want with the Hypervisor/VM Facility dealing with the drivers and such while the OS/s the users want to run could be run sandboxed to whatever OS security level the end user desired and multiple OS’s run on the same device all with their memory encrypted separately by the PSP provided Key. That way users could run the most secure OS(Secure Linux OS) in its own VM instance for banking and such secure uasge and a less secure OS(Redmond’s OS Tat) in another VM instance for more control the other not so secure stuff baked into that OS.
Let the PCs/Laptops/Phones/IOT devices have a Hypervisor facility that is in charge of the hardware drivers and passing through to the OS instance/s access to whatever hardware in connected with the hardware drivers installed on the hypervisor facility and not directly on the OS. And the Hypervisor(Open source Hypervisor) in charge of managing what OS instance gets access to whatever hardware and the devices with users able to run any OS that works under that Hypervisor. No more worries about the actual devices’s hardware drivers ever being made obsolete by the OS makers as that would be on a standarized hypervisor(Open Source) that every device maker would use and base the OEM devices’ hardware drivers on the standard open source hypervisor and let the end users make their own OS choices.