AMD 2013 APUs To Include ARM Cortex-A5 Processor For TrustZone Capabilities
by Ryan Smith on June 13, 2012 8:00 AM ESTAt AMD’s 2012 Financial Analyst Day, as part of their presentation on their future strategy AMD’s CTO Mark Papermaster announced that AMD would be looking into integrating 3rd party IP into future AMD APUs. At the time there was a strong assumption that this would be mobile focused – perhaps in the form of a cellular modem or an ARM core – and it turns out the assumptions were both right and wrong. Today AMD is announcing that they are in fact going to start integrating ARM cores into future APUs starting in 2013, but not in the way you’re probably thinking.
If you look at AMD’s long term strategy, not only do they need to continue to compete with Intel on the technology front, but they also want to better position themselves to compete on the tablet front. AMD has the basic hardware for this with their APU families, particularly for tablets with their Zacate based entry-level APUs, but they have a feature gap in certain markets. Both Intel and ARM have hardware trusted platform/security technologies but AMD lacks such a technology.
For various reasons we’ll get to in a moment, AMD believes they need some kind of hardware security platform technology to continue to compete in the market in the future. Intel’s Trusted Execution Technology is not part of the x86 specification and is therefore not shared, so AMD would need to come up with their own technology. Designing and implementing such a technology is not only resource intensive but by its very nature it fragments the market, which is something AMD doesn’t necessarily have the clout to get away with all the time. So rather than design their own technology they’ve chosen to license an existing technology, and this brings us to ARM.
In order to implement a hardware security platform on their future APUs, AMD has chosen to enter into a strategic partnership with ARM for the purpose of gaining access to ARM’s TrustZone technology. By licensing TrustZone, AMD gains a hardware security platform that’s already in active use, which means they avoid fragmenting the market and the risks that would bring. Furthermore AMD saves on the years of work – both technical and evangelical – that they would have needed had they rolled their own solution. Or more simply put, given their new willingness to integrate 3rd party IP, licensing was the easy solution to getting a hardware security platform quickly.
But because TrustZone is an ARM technology (both in name and ISA) AMD needs an ARM CPU to execute it. So the key to all of this will be the integration of an ARM processor into an AMD APU, specifically ARM’s Cortex-A5 CPU. The Cortex-A5 is ARM’s simplest ARMv7 application processor, and while it’s primarily designed for entry-level and other lower-performance devices, as it turns out it fits AMD’s needs quite nicely since it won’t be used as a primary application processor.
ARM TrustZone Hardware Model; Normal World Would Be On x86
This also means that the ARM and x86 CPU cores will fit together in an interesting manner unlike any existing ARM or Intel x86 CPU. By integrating a low-power/low-performance ARM CPU in this manner an application will be split up over multiple CPUs, with the TrustZone secure backend executing on the Cortex-A5 while the frontend logic will be executing as normal on AMD’s x86 CPU and GPU cores. This gives AMD a dedicated security co-processor with all the benefits and drawbacks thereof, while on full ARM processors and on Intel’s x86 processors TrustZone and TXT respectively are hardware features of a single CPU.
By implementing a hardware security platform in this manner AMD not only gains a relatively quick turnaround time on the hardware, but on the software side too. AMD is specifically looking to leverage existing ARM applications for their tablet ambitions by taking advantage of the fact that existing TrustZone application cores can easily (if not directly) be ported over to AMD’s APUs. Developers would still need to put in some effort to write the necessary x86 frontends (in all likelihood written in scratch for Win8 as opposed to any kind of Android), but the hard part of implementing and validating the TrustZone functionality would simply carry over, leaving the new x86 frontend to talk to the existing ARM TrustZone application core. AMD isn’t in any position to talk about specific software yet, but we’re told that they’ve been working with select software partners even before this announcement in order to get a jump on developing applications.
As for the hardware details AMD hasn’t named any specific APUs that will be receiving the Cortex-A5, but they have told us that they intend to start with the low-power APUs in order to go after the tablet market. That means we’re almost certainly looking at the 2013 successor to the Zacate APU found at the heart of AMD’s Brazos platform. However AMD won’t be stopping there, and in 2014 and beyond AMD will continue to add it to further APUs until AMD’s entire APU lineup from mobile to desktop to server contains the Cortex-A5 and TrustZone functionality.
Having covered the technology, let’s also quickly discuss why AMD is pursuing this move. As AMD is pitching this it’s not just closing a feature gap but also about what it enables. A big focus of this of course is on trusted computing in the classical sense, meaning DRM for consumer applications and on platform lockdown and auditing for business IT purposes. But as we’ve seen Intel do with their acquisition of McAfee some years back, there’s also a strong focus on securing systems from malware in the form of new anti-virus technologies and in newer applications such as mobile payments. Even cloud services get a mention in here, since TrustZone can be used to make sure malware isn’t watching in on a session from the client.
It’s worth noting that AMD also has a bit of self-interest in here. AMD’s Chief Information Officer Mike Wolfe is spearheading this announcement with a focus on how AMD intends to use this technology internally. AMD recently implemented a Bring Your Own Device (BYOD) policy for employees to let them use their own computers at work. BYOD is popular with employees because it allows them to use the device they like the most, but it’s a potential headache for IT since it means many different devices that need to be supported and secured. As a result only a select number of generally high-end devices are allowed in AMD’s BYOD environment because most low-end x86 devices lack hardware security platform technology. By implementing this in their entire range of APUs, AMD expects to be self-serving here by expanding the range of devices they can support. At the same time AMD and Wolfe expect other companies to adopt BYOD too, in which case this will help to quickly set up AMD to serve a potentially large market.
Wrapping things up, we would be remiss to ignore the elephant in the room, which of course is the inclusion of an ARM core in the first place. A lot of speculation has been going on that AMD is considering adopting the ARM architecture on a broader basis – particularly if HSA takes off and makes the underlying architecture less important – and this certainly is going to fuel more of that. The Cortex-A5 in AMD’s future APUs will be a fully functional ARM processor and in theory it is possible to run full ARM applications on the processor (OS differences not withstanding), though at this point in time AMD hasn’t released the full details on how accessing the ARM processor will work. Even if AMD just intends to use ARM for TrustZone today, this opens the door to comprehensive native ARM code execution in the future if AMD wanted to go that way; but at the same time this could end up being as far as AMD ever goes.
In any case we aren’t expecting AMD to go into any more detail about this announcement here at AFDS, but there are still two days of keynotes to go. Otherwise we’d expect AMD to discuss this in greater detail once they’re ready to unveil more details about their 2013 APUs. So until then stay tuned.
36 Comments
View All Comments
Craig234 - Wednesday, June 13, 2012 - link
Don't assume the reader knows what an APU is, the first time it's used define it.Not needed with CPU or probably GPU, but I think it is with APU.
twotwotwo - Wednesday, June 13, 2012 - link
Apple's just implemented, and Intel's talked about, having your PC sync while asleep. That's one of the really handy features of my phone, too -- recent e-mail, etc. is always already there. An ARM environment that's just smart enough to stay connected and pull down new e-mail, etc., without eating much battery, would be awesome. It wouldn't necessarily have to talk super-closely with the main OS -- just save the new data it pulls down to a little bit of dedicated flash or memory it has, say.tipoo - Wednesday, June 13, 2012 - link
To switch between the x86 cores and ARM cores interchangeably in Windows 8, it would need a special version with both binaries of course. That could save a lot of power, or feature a quick boot mode, or both.tecknurd - Wednesday, June 13, 2012 - link
The Cortex-A5 in AMD's next APU is not going to run ARM code. It is mainly going to sit in the chip and monitor data that requires security. The microcode of the APU will handle everything transparently. The processor by itself will still be an 80x86 processor, but all the security requests will be off-loaded to the ARM processor. This is not any different compared to other processors that uses another ARM processor to handle something besides applications. nVidia uses another ARM processor to control power management and data flow to other parts of their Tegra chips.Switching from Windows to Android and then Android to Windows already been done with an 80x86 and ARM processor.
yyrkoon - Wednesday, June 13, 2012 - link
Not to mention this would be akin to a featured article here some time ago. Concerning the Curcial SSD that had dual A9's for controllers on it. You'd have a driver at most I would think.The Cortex A5 is also capable of big endian, or little endian byte ordering. So to some extent. The "ARM / x86 code issue" is rendered moot. No need for two abstraction layers.
Think of it like this. A Cortex A5 MCU can/could be used as a keyboard controller. Among many other possible uses. Do you ever worry about about what any I/O device connected to your computer. Uses for a processor ? I don't . . .
Tujan - Friday, June 15, 2012 - link
.. you mean. Not ARM for APU .Since some of this idea does not josh- that is ARM cpus are not that powerful,and thus the 'front-end'will mean (at least at this examined/explained emplementation) of notebooks,devices little for the actual compute end. DRM can still be vacated,and well as instilled,but dont force this as a necesary hardware implementation. As for most applications,the user has the choice use it or dont'. Howebeit the environment you have shown in this article (might be__) byo device etc.
The article does a lot to generalize 'front-end,and back-end'. However does not make much sense if both the smallish ARM cpu described here will ''only'' be used with 'end-user' technologies. As I can tell,the small cpus simply barf at doing cryptollogy,and if an additive must of doing high resolution video ,and e.g. wireless vid conf etc, that would be about the limit of that platform. And being so,this 'weak-end',is fairly self serving.
Since if a business was to buy into the technology described here,they would also have to outfit themselves with the back-end side of the ARM Trusted Platform technology. Being so said,meaning,if you buy this here 'front-end',you will also have to buy-it-here 'back-end'. Larger back-end say server side ARM technology ?
I'm a little confused,as I have seen some large performance of cryptography static from other smallish technology manufacturers. Performance that did not necesitate comparing the specific technology here as ARM Trusted Platform technology. Why I say, APU for ARM,rather than ARM for APU.
Gleefully pretensing that perhaps (and I dont know),AMD is simply assisting getting a silicon vendor an off the floor assist.