DOCSLIB.ORG

Voltpillager: Hardware-Based Fault Injection Attacks Against Intel SGX Enclaves Using the SVID Voltage Scaling Interface

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Voltpillager: Hardware-Based Fault Injection Attacks Against Intel SGX Enclaves Using the SVID Voltage Scaling Interface VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, and Flavio D. Garcia School of Computer Science, University of Birmingham, UK Abstract bit flips into computations, including those inside Hardware-based fault injection attacks such as volt- an Intel Software Guard Extensions (SGX) enclave age and clock glitching have been thoroughly stud- (cf. CVE-2019-11157). Using the software-exposed ied on embedded devices. Typical targets for such interface Model Specific Register (MSR) 0x150, at- attacks include smartcards and low-power microcon- tacks against Intel SGX were mounted by under- trollers used in IoT devices. This paper presents the volting from (untrusted) software running with root first hardware-based voltage glitching attack against privileges. Intel have addressed this vulnerability by a fully-fledged Intel CPU. The transition to complex providing features to disable software undervolting CPUs is not trivial due to several factors, including: through this MSR. Because SGX was compromised, a complex operating system, large power consump- Intel have initiated Trusted Computing Base (TCB) tion, multi-threading, and high clock speeds. To this recovery and modified remote attestation to verify end, we have built VoltPillager, a low-cost tool for that software-based undervolting is disabled. This injecting messages on the Serial Voltage Identifica- requires Microcode (µCode) and BIOS updates. tion bus between the CPU and the voltage regu- Hardware fault injection considers a different ad- lator on the motherboard. This allows us to pre- versarial model where the adversary has physical ac- cisely control the CPU core voltage. We leverage this cess to the device under attack. When targeting powerful tool to mount fault-injection attacks that an SGX enclave running on a fully patched sys- breach confidentiality and integrity of Intel SGX en- tem (with the latest µCode and BIOS updates), claves. We present proof-of-concept key-recovery at- software-based fault attacks have been fully miti- tacks against cryptographic algorithms running in- gated and that is where hardware-based attacks be- side SGX. We demonstrate that VoltPillager attacks come relevant. Fault attacks induce a computation are more powerful than recent software-only under- fault in the target processor, such as skipping an volting attacks against SGX (CVE-2019-11157) be- instruction, by changing the physical operating en- cause they work on fully patched systems with all vironment of the chip, e.g., the supply voltage. They countermeasures against software undervolting en- do not rely on the presence of a software vulnerabil- abled. Additionally, we are able to fault security- ity or any code execution privileges. Voltage fault critical operations by delaying memory writes. Mit- injection (aka, glitching) in particular has the ad- igation of VoltPillager is not straightforward and vantage of being very powerful whilst not requiring may require a rethink of the SGX adversarial model expensive lab equipment. where a cloud provider is untrusted and has physical access to the hardware. 1.1 Our Contribution 1 Introduction In this paper, we analyse the dynamic voltage scaling features of x86 systems at the hardware level. We Modern computing platforms allow the operating found that a three-wire bus, Serial Voltage Identifi- system to self-regulate the processor’s core frequency cation (SVID), is used to send the currently required and voltage in order to manage heat and power con- voltage to an external Voltage Regulator (VR) chip sumption. Several authors [37, 24, 40] have shown on the motherboard. The VR then adjusts the volt- that an adversary can abuse this feature to inject age supplied to the CPU. We reverse-engineered the communication protocol of SVID and developed a 1.3 Related Work small microcontroller-based board that can be con- nected to the SVID bus. As there is no crypto- Since their introduction by Boneh et al. [6], fault- graphic authentication of the SVID packets, we were injection attacks with physical access have been able to inject our own commands to control the widely investigated in the context of embedded de- CPU voltage. With this, we reproduced Plunder- vices. Those attacks are based on the fact that the volt’s [37] open-source Proof-of-Concept (PoC) at- execution semantics of an IC can change when it is tacks, including against code running inside an SGX operated outside the specified operating conditions. enclave. Beyond that, we also found (and document) Examples of fault injection include: over and under- faults not previously observed. These faults affect el- volting (“voltage glitching”), overclocking, exposure ementary operations such as memory accesses. Be- to high or low temperature, or laser light [3, 53]. cause the software interface MSR 0x150 is not used, The fault injection threat model changed with the Intel’s countermeasures do not prevent this attack. discovery of software-based attacks. In 2014, Kim The main contributions of this paper are: et al. reported the Rowhammer effect: bits could be flipped in DRAM by accessing neighbouring rows • We showcase the (to our knowledge) first but not the actual target location [26]. Several au- hardware-based attack that directly breaches thors [43, 17, 28] have since discovered applications, SGX’s integrity guarantees. We demonstrate its variations, and improvements of the original attack, practicality with end-to-end secret-key recovery including the successful bypass of countermeasures attacks against mbed TLS and the unmodified in recent DDR4 DRAM chips [14]. While Rowham- file-encryptor sample enclave from Microsoft mer can be performed from unprivileged software, Open Enclave. another class of software-based fault injection at- • We show that Intel’s countermeasures for CVE- tacks require the adversary to have root privileges. 2019-11157 do not prevent fault-injection attacks These generally target a Trusted Execution Envi- from adversaries with physical access. This chal- ronment (TEE) such as ARM TrustZone or Intel lenges the widely accepted belief that SGX can SGX, which should defend the code running inside protect enclave integrity against a malicious cloud the TEE even against a privileged adversary. provider (cf. e.g., [2, 5, 27, 8]). CLKSCREW [50] was the first attack of this type: • We demonstrate novel fault effects discovered it exploited the software-controlled overclocking fea- through hardware-based undervolting, in partic- tures on the ARM processor of a Nexus 6 smart- ular by briefly delaying memory writes. phone. CLKSCREW was able to extract crypto- • We present VoltPillager, an open-source hardware graphic secrets from TrustZone and to bypass signa- device to inject SVID packets. VoltPillager is ture checks, leading to code execution inside Trust- based on a low-cost, widely available microcon- Zone. Qiu et al. later found a similar attack, troller board, the Teensy 4.0, and can be built VoltJockey, against TrustZone, this time controlling for approximately $ 30. We also document the the CPU’s core voltage from privileged software [41]. internal power management interfaces on mod- This line of work continued with voltage fault in- ern motherboards, SVID and System Manage- jection attacks on Intel SGX enclaves [37, 24, 40], ment Bus (SMBus). which use the software-exposed MSR 0x150 to un- dervolt during enclave execution and thus trigger bit flips in certain operations, e.g., multiplications, vec- 1.2 Responsible Disclosure tor instructions, and cryptographic operations. We reported this issue to Intel on 13 March 2020. Hardware-based attacks against TEEs have, so Intel evaluated our report and concluded on 5 May far, received less attention. Cui et al. showed that that “... opening the case and tampering of inter- electro-magnetic fault injection can be used to by- nal hardware to compromise SGX is out of scope pass the TrustZone-based secure boot process of a for SGX threat model. Patches for CVE-2019-11157 Broadcom ARM CPU [9]. Similarly, Roth et al. pre- (Plundervolt) were not designed to protect against sented fault injection attacks with physical access to hardware-based attacks as per the threat model”, ARMv8-M processors, among others breaking the and, therefore, they will not further address the is- TrustZone-M security on certain CPUs [46]. sue. Intel have not requested an embargo for the Lee et al. presented a side-channel attack [29] on vulnerabilities described in this paper. We discuss SGX by physically connecting to, and eavesdropping the implications of Intel’s response in relation to the on, the DRAM memory bus. They showed that by widely adopted threat model of SGX in Section 1.4. observing the pattern of the (encrypted) memory ac- cesses, they can recover secret information from a SVID reverse engineering, we occasionally refer to it range of example enclaves. Notably, their attack as i3-7100-GZ170 in Section 4. requires specialized and expensive test equipment We used 64-bit Ubuntu 18.04.3 LTS as our oper- (e.g., $ 170,000 for a JLA320A signal analyzer). ating system with stock Linux 5.0.0-23-generic ker- nel, Intel SGX driver V2.6 and Intel SGX-SDK 1.4 Attacker Model V2.8. We publicly release all source code at https: //github.com/zt-chen/voltpillager. We are using the widely adopted SGX adversary model with physical access to the target CPU and 1.6 Outline full control over all software running outside the en- clave, including BIOS and operating system. Cru- The remainder of this paper is structured as follows: cially, our attacks do not require expensive lab first, in Section 2, we discuss Intel’s mitigation for equipment (e.g., for invasive attacks on the CPU CVE-2019-11157. In Section 3, we then describe the die), but can be mounted with an inexpensive micro- two main interfaces for controlling CPU voltage on controller board and only require board-level access modern systems.
Load more

Recommended publications
  • Hardware Monitoring
    HARDWARE MONITORING SECTION 7 HARDWARE MONITORING Walt Kester INTRODUCTION Today's computers require that hardware as well as software operate properly, in spite of the many things that can cause a system crash or lockup. The purpose of hardware monitoring is to monitor the critical items in a computing system and take corrective action should problems occur. Microprocessor supply voltage and temperature are two critical parameters. If the supply voltage drops below a specified minimum level, further operations should be halted until the voltage returns to acceptable levels. In some cases, it is desirable to reset the microprocessor under "brownout" conditions. It is also common practice to reset the microprocessor on power-up or power-down. Switching to a battery backup may be required if the supply voltage is low. Under low voltage conditions it is mandatory to inhibit the microprocessor from writing to external CMOS memory by inhibiting the Chip Enable signal to the external memory. Many microprocessors can be programmed to periodically output a "watchdog" signal. Monitoring this signal gives an indication that the processor and its software are functioning properly and that the processor is not stuck in an endless loop. The need for hardware monitoring has resulted in a number of ICs, traditionally called "microprocessor supervisory products," which perform some or all of the above functions. These devices range from simple manual reset generators (with debouncing) to complete microcontroller-based monitoring sub-systems with on-chip temperature sensors and ADCs. The ADM8691-series (see Figures 7.1 and 7.2) are examples of traditional microprocessor supervisory circuits.
    [Show full text]
  • Rog Strix Z390-E Gaming
    ROG STRIX Z390-E GAMING BIOS Manual Motherboard E14965 First Edition November 2018 Copyright© 2018 ASUSTeK COMPUTER INC. All Rights Reserved. No part of this manual, including the products and software described in it, may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except documentation kept by the purchaser for backup purposes, without the express written permission of ASUSTeK COMPUTER INC. (“ASUS”). Product warranty or service will not be extended if: (1) the product is repaired, modified or altered, unless such repair, modification of alteration is authorized in writing by ASUS; or (2) the serial number of the product is defaced or missing. ASUS PROVIDES THIS MANUAL “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL ASUS, ITS DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE OR DATA, INTERRUPTION OF BUSINESS AND THE LIKE), EVEN IF ASUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ARISING FROM ANY DEFECT OR ERROR IN THIS MANUAL OR PRODUCT. SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ASUS. ASUS ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
    [Show full text]
  • Single-Phase PWM Controller for CPU / GPU Core Power Supply General Description Features
    RT8152E/F Single-Phase PWM Controller for CPU / GPU Core Power Supply General Description Features The RT8152E/F is a single phase PWM controller with l Single Phase PWM Controller with Integrated integrated MOSFET drivers. Moreover, it is compliant with MOSFET Driver Intel IMVP6.5 Voltage Regulator Specification to fulfill its l Low-Gain Compensator with CCRCOT Topology mobile CPU core and Render core voltage regulator (Constant Current Ripple Constant On Time) requirements. The RT8152E/F adopts G-NAVP (Green- l 7-bit DAC Native AVP), which is a Richtek's proprietary topology l 0.8% DAC Accuracy derived from finite DC gain compensator constant on-time l 1.5% or 11.5mV System Accuracy mode, making it an easy setting PWM controller meeting l Fixed VBOOT (For CPU Core Only) all Intel AVP (Active Voltage Positioning) mobile CPU/ l Differential Remote Voltage Sensing Render requirements. The output voltage of the RT8152E/ l G-NAVP Topology (Green-Native AVP) F is set by 7-bit VID code. The built-in high accuracy DAC l Programmable Output Transition Slew Rate Control converts the VID code ranging from 0V to 1.5V with l System Thermal Compensated AVP 12.5mV per step. The system accuracy of the controller l Ringing Free Mode at Light Load Condition can reach 1.5%. The part supports VID on-the-fly and mode l Fast Transient Response change on-the-fly functions that are fully compliant with l IMVP6.5 Compatible Power Management States IMVP6.5 specification. It operates in single phase and l Power Good diode emulation modes.
    [Show full text]
  • Analysis of the Power Consumption of a Multimedia Server Under Different DVFS Policies
    Analysis of the Power Consumption of a Multimedia Server under Different DVFS Policies Waltenegus Dargie Chair for Computer Networks Faculty of Computer Science Technical University of Dresden 01062 Dresden, Germany Email: [email protected] Abstract—Dynamic voltage and frequency scaling (DVFS) has [19]. Hence, reducing the voltage of the processor or memory been a useful power management strategy in embedded systems, by one fold will reduce the energy consumption of these mobile devices, and wireless sensor networks. Recently, it has subsystems by two fold. Likewise, reducing the operation fre- also been proposed for servers and data centers in conjunction with service consolidation and optimal resource-pool sizing. In quency will linearly reduce the energy consumption. There is, this paper, we experimentally investigate the scope and usefulness of course, a corresponding penalty in performance, but many of DVFS in a server environment. We set up a multimedia server argue that often Internet-based servers are over provisioned; which will be used in two different scenarios. In the first scenario, providing services at 30 to 70% of thier full capacity much the server will host requests to download video files of known and of the time [1] [14]. Consequntly, by operating these servers available formats. In the second scenario, videos of unavailable formats can be accepted; in which case the server employs a at lower frequencies (as well as voltages) when the workload transcoder to convert between AVI, MPEG and SLV formats is less time critical, it is possible to minimize the idle state before the videos are downloaded. The workload we generate has power consumption, which accounts for more than 50% of the a uniform arrival rate and an exponentially distributed video size.
    [Show full text]
  • Investigation of Alternative Power Architectures for CPU Voltage Regulators
    Investigation of Alternative Power Architectures for CPU Voltage Regulators Julu Sun Dissertation submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical Engineering Fred C. Lee, Chairman Dusan Boroyevich Ming Xu William T. Baumann Carlos T.A. Suchicital Elaine P. Scott November 22nd, 2008 Blacksburg, Virginia Keywords: two-stage, voltage regulator, high power density, high efficiency Investigation of Alternative Power Architectures for CPU Voltage Regulators Abstract Since future microprocessors will have higher current in accordance with Moore’s law, there are still challenges for voltage regulators (VRs). Firstly, high efficiency is required not only for easy thermal management, but also for saving on electricity costs for data centers, or battery life extension for laptop computers. At the same time, high power density is required due to the increased power of the microprocessors. This is especially true for data centers, since more microprocessors are required within a given space (per rack). High power density is also required for laptop computers to reduce the size and the weight. To improve power density, a high frequency is required to shrink the size of the output inductors and output capacitors of the multi-phase buck VR. It has been demonstrated that the output bulk capacitors can be eliminated by raising the VR control bandwidth to around 350kHz. Assuming the bandwidth is one-third of the switching frequency, a VR should run at 1MHz to ensure a small size. However, the efficiency of a 12V VR is very poor at 1MHz due to high switching losses.
    [Show full text]
  • Introduction to Richtek VCORE Regulators
    Application Note Roland van Roy AN051 – May 2017 Introduction to Richtek VCORE Solutions ABSTRACT VCORE regulators are used to provide the power supply for the CPU core and graphics (GPU) core in computing applications like Desktop PC, Notebook PC, Server, Industrial PC, etc. The requirements for these supplies are quite different from standard POL regulators: CPU and GPU rails have extremely fast load changes, require Dynamic Voltage Positioning with high accuracy, require Load Line, can switch between several states of power saving and provide a variety of parameter sensing and monitoring. These systems make use of a serial Bus interface between the CPU and the voltage regulator, where the CPU will request different supply operating conditions based on CPU loading and operation modes. This application note explains the VCORE regulator application and the specific regulator operating conditions related to CPU & GPU commands. Richtek VCORE design advantages are explained and a guide is given how to find the right Richtek VCORE solution for a specific CPU family type. CONTENTS 1. Introduction .................................................................................................................................................................. 2 2. Basic Vcore regulator applications ................................................................................................................................. 2 3. VCORE regulator design aspects ...................................................................................................................................
    [Show full text]
  • System Power Management and Portable Power
    System Power Management and Portable Power Practical Power Solutions 1. Point-of-Load Power 2. System Power Management and Portable Power 3. Power for Mixed Analog/Digital Systems 4. Hardware Design Techniques Copyright © 2009 By Analog Devices, Inc. All rights reserved. This book, or parts thereof, must not be reproduced in any form without permission of the copyright owner. SECTION 2 SYSTEM POWER MANAGEMENT AND PORTABLE POWER Designing a Typical System Power Chain..........................................................................2.1 Microprocessor Supervisory Functions.........................................................................2.13 Power Supply Monitoring and Sequencing......................................................................2.20 Hot Swap Controllers..........................................................................................................2.32 Temperature Monitoring...................................................................................................2.42 Digital Isolation and Isolated Power...............................................................................2.48 Digital Power Applications.................................................................................................2.58 Powering Portable Systems..............................................................................................2.63 Technical References.......................................................................................................2.76 2.0 System Power Management
    [Show full text]
  • OC Guide Coffee Lake
    Coffee Lake Basic Overclocking Guide. The Coffee-Lake generation of processors represent a welcome (up to) 6-core family of parts with excellent IPC, z270-class memory controller and very good overclocking capability. Many 8700Ks run 5.0GHz and 4000+ ram speeds with little fuss. There is one design aspect that you either fix or live with and that is the TIM used at the die-IHS interfaced. In stock form the 8700K is a great 6 core cpu but can suffer from elevated temperatures. So, if you want to run 5+ GHz on this SKU, you’ll want to delid the CPU and replace Intel’s stock TIM with a liquid metal. Delided CPUs run 20+C cooler on average and as a result, usually overclock higher. Most delided 8700K can run 5.0GHz at less than 1.4V. Equipment used: ASUS Maximus X Apex Intel 8700K G.Skill 2x8GB 4400c19 ram kit (excellent B-die kit) Seasonic Prime 1000W PSU ASUS GTX 1080 Turbo Intel 750 SSD Koolance 380i CPU Water block Bitpower Full Cover GPU Water block GPU and CPU are cooled with a custom water loop (1x360 rad, 3 fans), the CPU is delidded with CLP between the die and IHS. Software: CPUZ HWiNFO64 SIV64 CoreTemp Real Bench There are two basic modes for overclocking for 24/7 use: Manual Override or fixed Vcore, and dynamically link voltage and frequency (Adaptive or Offset). Of course, each of these can be tuned for a specific user need or application, but let’s just get the basics down first.
    [Show full text]
  • Everything You Need to Know About the Motherboard Voltage Regulator Circuit
    Everything You Need to Know About The Motherboard Voltage Regulator Circuit Introduction If you are willing to learn more about motherboard quality you must deeply study the voltage regulator circuit, which is in charge of taking the voltage provided by the power supply – namely +12 V – and converting it into the appropriate voltage required by the CPU, memories, chipset and other circuits present. In this tutorial we will present an in- depth trip inside the motherboard voltage regulator circuit, showing you how to identify this circuit, how it works, what the most common projects are and how to identify good-quality components. The quality of the voltage regulator circuit is one of the best ways to have an idea about the overall motherboard quality and life-span for several reasons. A good voltage regulator won’t have any fluctuations or noise on its outputs, providing the CPU and other components with a clean and stable voltage, allowing them to work perfectly. A bad voltage regulator can lead to fluctuations or noise on the voltage that will lead to malfunctions like the computer crashing, resetting and presenting the infamous Blue Screen of Death on Windows. If this circuit uses low-quality electrolytic capacitors they will leak, swell or even explode. Frequently when a motherboard dies it is this circuit that goes bad. So having a good- quality voltage regulator circuit will ensure that you will have a stable system that will last for years. Recognizing this circuit is pretty easy. Since it is the only circuit on the motherboard that uses chokes (a kind of coil), locate the chokes and you will have located the voltage regulator circuit.
    [Show full text]
  • CPU Power Consumption Experiments and Results Analysis of Intel I7-4820K
    µSystems Research Group School of Electrical and Electronic Engineering CPU Power Consumption Experiments and Results Analysis of Intel i7-4820K Matthew Travers Technical Report Series NCL-EEE-MICRO-TR-2015-197 Matthew Travers: CPU Power Consumption Experiments and Results Analysis of Intel i7-4820K Contact: [email protected] NCL-EEE-MICRO-TR-2015-197 Copyright © 2015 Newcastle University µSystems Research Group School of Electrical and Electronic Engineering Merz Court Newcastle University Newcastle-upon-Tyne, NE1 7RU, UK http://async.org.uk NCL-EEE-MICRO-TR-2015-197, Newcastle University Matthew Travers: CPU Power Consumption Experiments and Results Analysis of Intel i7-4820K CPU Power Consumption Experiments and Results Analysis of Intel i7-4820K Matthew Travers June 2015 Abstract As we move into an ever more digital world, from communication techniques to data storage there has been an increase in the need of digital processors to process this information. We have come a long way since the early single core processors to a point where we can now have up to 8 cores in a single CPU (Central Processing Unit). Not only has the number of cores increased but the size has decreased and the speed increased. Whilst the world wants faster speeds this comes with a price, the price being power consumption. Power consumption is becoming a large factor to take into account since a lot of the processors being used today reside within mobile devices, for example mobile phones. These devices do not have an unlimited constant supply of electricity as they rely on batteries to operate and this is where a major problem is occurring.
    [Show full text]
  • CHAPTER 2 PIC® Microcontroller Low Power Tips 'N Tricks
    PIC® Microcontroller Low Power Tips ‘n Tricks CHAPTER 2 PIC® Microcontroller Low Power Tips ‘n Tricks Table Of Contents TIPS ‘N TRICKS INTRODUCTION Microchip continues to provide innovative products that are smaller, faster, easier to GENERAL LOW POWER TIPS ‘N TRICKS use and more reliable. The Flash-based PIC® TIP #1 Switching Off External Circuits/ microcontrollers (MCUs) are used in an wide Duty Cycle .......................................... 2-2 range of everyday products, from smoke TIP #2 Power Budgeting ................................ 2-3 detectors, hospital ID tags and pet containment TIP #3 Configuring Port Pins ......................... 2-4 systems, to industrial, automotive and medical TIP #4 Use High-Value Pull-Up Resistors ...... 2-4 products. TIP #5 Reduce Operating Voltage ................. 2-4 TIP #6 Use an External Source for PIC MCUs featuring nanoWatt technology CPU Core Voltage .............................. 2-5 implement a variety of important features which TIP #7 Battery Backup for PIC MCUs ........... 2-6 have become standard in PIC microcontrollers. Since the release of nanoWatt technology, DYNAMIC OPERATION TIPS ‘N TRICKS changes in MCU process technology and TIP #8 Enhanced PIC16 Mid-Range Core ..... 2-6 improvements in performance have resulted in TIP #9 Two-Speed Start-Up ........................... 2-7 new requirements for lower power. PIC MCUs TIP #10 Clock Switching .................................. 2-7 with nanoWatt eXtreme Low Power (nanoWatt TIP #11 Use Internal RC Oscillators ................ 2-7 XLP™) improve upon the original nanoWatt TIP #12 Internal Oscillator Calibration ............. 2-8 technology by dramatically reducing static TIP #13 Idle and Doze Modes ......................... 2-8 power consumption and providing new flexibility TIP #14 Use NOP and Idle Mode .....................
    [Show full text]
  • MAX17410 Dual-Phase, Quick-PWM Controller for IMVP6+ CPU Core
    19-4438; Rev 0; 1/09 EVALUATION KIT AVAILABLE Dual-Phase, Quick-PWM Controller for IMVP6+ CPU Core Power Supplies General Description Features MAX17410 The MAX17410 is a 2-/1-phase interleaved Quick- o Dual-/Single-Phase Interleaved Quick-PWM PWM™ step-down VID power-supply controller for Controller notebook IMVP6+ CPUs. True out-of-phase operation o ±0.5% VOUT Accuracy Over Line, Load, and reduces input ripple current requirements and output Temperature voltage ripple while easing component selection and o 7-Bit IMVP6+ DAC layout difficulties. The Quick-PWM control scheme pro- o Dynamic Phase Selection Optimizes Active/Sleep vides instantaneous response to fast load current Efficiency steps. Active voltage positioning reduces power dissi- o Transient Phase Overlap Reduces Output pation and bulk output capacitance requirements and Capacitance allows ideal positioning compensation for tantalum, o polymer, or ceramic bulk output capacitors. Active Voltage Positioning with Adjustable Gain o Accurate Lossless Current Balance The MAX17410 is intended for two different CPU core o applications: either bucking down the battery directly to Accurate Droop and Current Limit create the core voltage, or bucking down the +5V sys- o Remote Output and Ground Sense tem supply. The single-stage conversion method allows o Adjustable Output Slew-Rate Control this device to directly step down high-voltage batteries o Power-Good Window Comparator for the highest possible efficiency. Alternatively, 2-stage o conversion (stepping down the +5V system supply Power Monitor instead of the battery) at higher switching frequency o Programmable Thermal-Fault Protection provides the minimum possible physical size. o Phase Fault Output (PHASEGD) A slew-rate controller allows controlled transitions o Drives Large Synchronous Rectifier FETs between VID codes.
    [Show full text]