APM86791 PacketPro
AppliedMicro's single-core Mamba APM86190 and dual core APM86290 (see Multicore Server Processor Slims Down Secure Networking) introduced the Scalable Lightweight Intelligent Management Processor (SLIMpro) Trusted Management Module (TMM). SLIMpro is at the heart of the new APM86791 PacketPro processor (Fig. 1) that is designed to deliver the highest level of security for network applications.
AppliedMicro's approach is key to providing secured devices as well as running secure applications because it all starts at boot time. Still, many chips provide secure boot and assume that software will prevent attacks. The TMM is designed to isolate much of that support from the host processor allowing designers to better control overall system security. TMM could prevent a compromised host application from changing the boot code.
The TMM support provides a secure on-chip cryptographic boundary region by hiding keys, passwords and digital certificates. It enables:
- Secure Boot for the itself and the main processor
- Secure communication managed at the hardware level
- Secure software updates so all update images are decrypted and authenticated
- Secure software checks to detect violations and breaches with periodic exams
The SLIMpro TMM incorporates a secure boot ROM and includes an EFUSE array, encryption engine, RTC, Public Key Accelerator and True Random Number Generator (TRNG). Encryption hardware delivers inline Internet Protocol Security (IPSec) support Advanced Encryption Standards (AES) AES-GCM and AES-GMAC along with Encapsulating Security Payload (ESP) encryption and authentication at wirespeed rates. It has an on-chip protected cryptographic boundary for private/public storage for authentication handshaking. Lookaside security utilizes the integrated DMA engine as well as the TRNG and a Public Key Accelerator.
The 250 MHz SLIMpro is the first component of the chip to start up controlling the secure booting of the 1 GHz PowerPC 465 processor core. The PowerPC core has a floating point unit, 32 Kbytes of L1 I-cache, 32 Kbytes of D-cache and a 256 Kbyte L2 cache with hardware I/O coherency. The DDR3 memory controller optionally supports ECC. Network support is provided by four 10/100/1000 Ethernet ports (RGMII & SGMII) with network offload support including the Programmable Packet Accelerator, a Queue Manager, and a Traffic Manager. The chip also has a pair of PCI-Express Gen1/2 ports, two USB 2.0 with integrated PHY, two SDHC ports and a SATA 2.0 port.
The 40nm chip comes in a 19mm by 19mm WB-PBGA package.