Dual PowerPC Micro Delivers Secure Processing Platform

    May 7, 2009
    Start with a two-core PowerPC. Add a secure boot microcontroller. That’s what CPU Technology did with its Acalis CPU872 secure, multicore microcontroller designed for applications needing hardware-based security (Fig. 1). There’s nothing

    1 of Enlarge image

    CPU Technology's secure PowerPC microcontroller architecture

    Start with a two-core PowerPC. Add a secure boot microcontroller. That’s what CPU Technology did with its Acalis CPU872 secure, multicore microcontroller designed for applications needing hardware-based security (Fig. 1).

    There’s nothing special about the PowerPC cores used in the chip, which is good. They are stock cores with 256 kbytes of L2 cache and 64-bit floating-point support designed to run stock applications. The key is the boot process and the secure boot microcontroller.

    This secure microcontroller boots from an encrypted serial flash and then loads additional encrypted boot code for the PowerPC into the on-chip 4-Mbyte DRAM before allowing the PowerPC cores to run. The starting code is secure as a result, and that’s the root of security on any system.

    SPLITTING THE DIFFERENCE

    The Acalis layered approach employs secure boot, secure on-chip memory, an isolated processor with a secure message passing interface, and firewalled I/O. Of course, a secure boot is just the start of the process, which is also used with the Trusted Platform Module (TPM) approach common on many systems today, but this is just the start of the Acalis security features. This approach can be extended throughout a system as well.

    The other part of the problem is keeping things safe, and that’s more easily done if there are limits to the areas of compromise. In this case, CPU Technology isolated one of the two 64-bit PowerPC 440 cores. It communicates only with the other core using a dedicated and secure message passing interface that acts as a hardware firewall. The I/O processor must handle all peripheral exchanges for the secure processor.

    The communication channels that the peripheral processor has may be secure but it doesn’t matter, since communication over insecure channels is a common requirement where authenticated or encrypted data can be employed. The use of embedded DRAM with error-correction code (ECC) means the secure application cannot be compromised from outside.

    Each PowerPC core has its own 64-bit DDR2 interface with ECC support for off-chip memory as well. An external zeroization signal can force a reset as well as a clearing of all memory should an external breach be detected. Of course, hardware encryption is part of the mix.

    The I/O processor has access to Gigabit Ethernet, five 10-Gbit/s express interfaces, an I2C interface, and multiple general-purpose I/O (GPIO) pins. Each PowerPC core is augmented with its own stream processors and direct memory access (DMA) engines.

    Secure computing is becoming more important in regular applications, not just in high-security environments. So, the Acalis chip will likely be showing up in more places that a conventional micro is currently being employed. The CPU872 secure, multicore microcontrollers are built at IBM’s Trusted Foundry. The micro comes in a 31- by 31-mm, 899-ball ballgrid array (BGA). Typical power draw is 8 W (Fig. 2).

    An evaluation board and development software are also available, including a secure JTAG backchannel into the chip via an FPGA. This permits secure, Ethernet based debugging during software development.

    BILL WONG

    CPU TECHNOLOGYwww.cputech.com
    About the Author

    William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

    I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

    You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

    Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

    You can visit my social media via these links:

    I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

    I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

    Email

    Continue Reading

    Sponsored Recommendations

    Comments

    To join the conversation, and become an exclusive member of Electronic Design, create an account today!