DOCSLIB.ORG

Bootstomp: on the Security of Bootloaders in Mobile Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bootstomp: on the Security of Bootloaders in Mobile Devices BootStomp: On the Security of Bootloaders in Mobile Devices Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna, UC Santa Barbara https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/redini This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX BootStomp: On the Security of Bootloaders in Mobile Devices Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna fnredini, machiry, dipanjan, yanick, antoniob, edg, yans, chris, [email protected] University of California, Santa Barbara Abstract by proposing simple mitigation steps that can be im- plemented by manufacturers to safeguard the bootloader Modern mobile bootloaders play an important role in and OS from all of the discovered attacks, using already- both the function and the security of the device. They deployed hardware features. help ensure the Chain of Trust (CoT), where each stage of the boot process verifies the integrity and origin of 1 Introduction the following stage before executing it. This process, in theory, should be immune even to attackers gaining With the critical importance of the integrity of today’s full control over the operating system, and should pre- mobile and embedded devices, vendors have imple- vent persistent compromise of a device’s CoT. However, mented a string of inter-dependent mechanisms aimed at not only do these bootloaders necessarily need to take removing the possibility of persistent compromise from untrusted input from an attacker in control of the OS in the device. Known as “Trusted Boot” [6] or “Verified the process of performing their function, but also many Boot,” [8], these mechanisms rely on the idea of a Chain of their verification steps can be disabled (“unlocked”) to of Trust (CoT) to validate each component the system allow for development and user customization. Apply- loads as it begins executing code. Ideally, this proce- ing traditional analyses on bootloaders is problematic, as dure can verify cryptographically that each stage, from hardware dependencies hinder dynamic analysis, and the a Hardware Root of Trust through the device’s file sys- size, complexity, and opacity of the code involved pre- tem, is both unmodified and authorized by the hardware’s clude the usage of many previous techniques. manufacturer. Any unverified modification of the various In this paper, we explore vulnerabilities in both the bootloader components, system kernel, or file system im- design and implementation of mobile bootloaders. We age should result in the device being rendered unusable examine bootloaders from four popular manufacturers, until a valid one can be restored. and discuss the standards and design principles that they Ideally, this is an uncircumventable, rigid process, re- strive to achieve. We then propose BOOTSTOMP, a moving any possibility of compromise, even when at- multi-tag taint analysis resulting from a novel combina- tackers can achieve arbitrary code execution on the high- tion of static analyses and dynamic symbolic execution, level operating system (e.g., Android or iOS). However, designed to locate problematic areas where input from an hardware vendors are given a great amount of discretion attacker in control of the OS can compromise the boot- when implementing these bootloaders, leading to varia- loader’s execution, or its security features. Using our tions in both the security properties they enforce and the tool, we find six previously-unknown vulnerabilities (of size of the attack surface available to an adversary. which five have been confirmed by the respective ven- Unfortunately, analyzing the code of bootloaders to dors), as well as rediscover one that had been previously- locate vulnerabilities represents a worst-case scenario reported. Some of these vulnerabilities would allow an for security analysts. Bootloaders are typically closed- attacker to execute arbitrary code as part of the boot- source [21], proprietary programs, and tend to lack loader (thus compromising the entire chain of trust), or typical metadata (such as program headers or debug- to perform permanent denial-of-service attacks. Our tool ging symbols) found in normal programs. By their also identified two bootloader vulnerabilities that can be very nature, bootloaders are tightly coupled with hard- leveraged by an attacker with root privileges on the OS ware, making dynamic analysis outside of the often- to unlock the device and break the CoT. We conclude uncooperative target platform impractical. Manual USENIX Association 26th USENIX Security Symposium 781 reverse-engineering is also very complicated, as boot- abilities (which could lead to persistent compromise loaders typically do not use system calls or well-known of the device) as well as two unlock-bypass vulner- libraries, leaving few semantic hints for an analyst to fol- abilities. low. • We propose mitigations against such attacks, which In this paper, we first explore the security properties, are trivial to retrofit into existing implementations. implementations, and weaknesses of today’s mobile de- In the spirit of open science, we make our analysis tool vice bootloaders. We begin with a discussion of the 1 proposed standards and guidelines a secure bootloader publicly available to the community . should possess, and what, instead, is left to the discretion of manufacturers. We then showcase four real-world An- 2 Bootloaders in Theory droid bootloader implementations on the market today. Then, we present a static analysis approach, imple- Today’s mobile devices incorporate a number of secu- mented in a tool called BOOTSTOMP, which uses a novel rity features aimed at safeguarding the confidentiality, combination of static analysis techniques and under- integrity, and availability of users’ devices and data. In constrained symbolic execution to build a multi-tag taint this section, we will discuss Trusted Execution Environ- analysis capable of identifying bootloader vulnerabili- ments, which allow for isolated execution of privileged ties. Our tool highlighted 36 potentially dangerous paths, code, and Trusted Boot, aimed at ensuring the integrity and, for 38.3% of them, we found actual vulnerabilities. and provenance of code, both inside and outside of TEEs. In particular, we were able to identify six previously- unknown vulnerabilities (five of them already confirmed by the vendors), as well as rediscover one that had been 2.1 TEEs and TrustZone previously-reported (CVE-2014-9798). Some of these vulnerabilities would allow an adversary with root privi- A Trusted Execution Environment (TEE) is the notion leges on the Android OS to execute arbitrary code as part of separating the execution of security-critical (“trusted”) of the bootloader. This compromises the entire chain of code from that of the traditional operating system (“un- trust, enabling malicious capabilities such as access to trusted”) code. Ideally, this isolation is enforced using the code and storage normally restricted to TrustZone, hardware, such that even in the event the un-trusted OS and to perform permanent denial-of-service attacks (i.e., is completely compromised, the data and code in the TEE device bricking). Our tool also identified two bootload- remain unaffected. ers that can be unlocked by an attacker with root privi- Modern ARM processors, found in almost all mobile leges on the OS. phones sold today, implement TrustZone[1], which pro- We finally propose a modification to existing, vulner- vides a TEE with hardware isolation enforced by the ar- able bootloaders, which can quickly and easily protect chitecture. When booted, the primary CPU creates two them from any similar vulnerabilities due to compromise “worlds”–known as the “secure” world and “non-secure” of the high-level OS. These changes leverage hardware world, loads the un-trusted OS (such as Android) into the features already present in mobile devices today and, non-secure world, and a vendor-specific trusted OS into when combined with recommendations from Google [8] the secure world. The trusted OS provides various cryp- and ARM [6], enforce the least-privilege principle, dra- tographic services, guards access to privileged hardware, matically constraining the attack surface of bootloaders and, in recent implementations, can be used to verify the and allowing for easier verification of the few remaining integrity of the un-trusted OS while it is running. The un- attackable components. trusted kernel accesses these commands by issuing the In summary, our contributions are as follows: Secure Monitor Call (SMC) instruction, which both trig- • We perform a study of popular bootloaders present gers the world-switch operation, and submits a command on mobile devices, and compare the security proper- the Trusted OS and its services should execute. ties they implement with those suggested by ARM ARM Exception Levels (EL). In addition to being in and Google. either the secure or non-secure world, ARM processors • We develop a novel combination of program anal- support “Exception Levels,” which define the amount of ysis techniques, including static analysis as well privilege to various registers and hardware features the as symbolic execution, to detect
Load more

Recommended publications
  • FAN53525 3.0A, 2.4Mhz, Digitally Programmable Tinybuck® Regulator
    FAN53525 — 3.0 A, 2.4 MHz, June 2014 FAN53525 3.0A, 2.4MHz, Digitally Programmable TinyBuck® Regulator Digitally Programmable TinyBuck Digitally Features Description . Fixed-Frequency Operation: 2.4 MHz The FAN53525 is a step-down switching voltage regulator that delivers a digitally programmable output from an input . Best-in-Class Load Transient voltage supply of 2.5 V to 5.5 V. The output voltage is 2 . Continuous Output Current Capability: 3.0 A programmed through an I C interface capable of operating up to 3.4 MHz. 2.5 V to 5.5 V Input Voltage Range Using a proprietary architecture with synchronous . Digitally Programmable Output Voltage: rectification, the FAN53525 is capable of delivering 3.0 A - 0.600 V to 1.39375 V in 6.25 mV Steps continuous at over 80% efficiency, maintaining that efficiency at load currents as low as 10 mA. The regulator operates at Programmable Slew Rate for Voltage Transitions . a nominal fixed frequency of 2.4 MHz, which reduces the . I2C-Compatible Interface Up to 3.4 Mbps value of the external components to 330 nH for the output inductor and as low as 20 µF for the output capacitor. PFM Mode for High Efficiency in Light Load . Additional output capacitance can be added to improve . Quiescent Current in PFM Mode: 50 µA (Typical) regulation during load transients without affecting stability, allowing inductance up to 1.2 µH to be used. Input Under-Voltage Lockout (UVLO) ® At moderate and light loads, Pulse Frequency Modulation Regulator Thermal Shutdown and Overload Protection . (PFM) is used to operate in Power-Save Mode with a typical .
    [Show full text]
  • Embedded Computer Solutions for Advanced Automation Control «
    » Embedded Computer Solutions for Advanced Automation Control « » Innovative Scalable Hardware » Qualifi ed for Industrial Software » Open Industrial Communication The pulse of innovation » We enable Automation! « Open Industrial Automation Platforms Kontron, one of the leaders of embedded computing technol- ogy has established dedicated global business units to provide application-ready OEM platforms for specifi c markets, includ- ing Industrial Automation. With our global corporate headquarters located in Germany, Visualization & Control Data Storage Internet-of-Things and regional headquarters in the United States and Asia-Pa- PanelPC Industrial Server cifi c, Kontron has established a strong presence worldwide. More than 1000 highly qualifi ed engineers in R&D, technical Industrie 4.0 support, and project management work with our experienced sales teams and sales partners to devise a solution that meets M2M SYMKLOUD your individual application’s demands. When it comes to embedded computing, you can focus on your core capabilities and rely on Kontron as your global OEM part- ner for a successful long-term business relationship. In addition to COTS standards based products, Kontron also of- fers semi- and full-custom ODM services for a full product port- folio that ranges from Computer-on-Modules and SBCs, up to embedded integrated systems and application ready platforms. Open for new technologies Kontron provides an exceptional range of hardware for any kind of control solution. Open for individual application Kontron systems are available either as readily integrated control solutions, or as open platforms for customers who build their own control applications with their own look and feel. Open for real-time Kontron’s Industrial Automation platforms are open for Real- Industrial Ethernet Time operating systems like VxWorks and Linux with real time extension.
    [Show full text]
  • Mediatek Linkit™ Development Platform for RTOS Get Started Guide
    MediaTek LinkIt™ Development Platform for RTOS Get Started Guide Version: 3.0 Release date: 30 June 2016 © 2015 - 2016 MediaTek Inc. This document contains information that is proprietary to MediaTek Inc. (“MediaTek”) and/or its licensor(s). MediaTek cannot grant you permission for any material that is owned by third parties. You may only use or reproduce this document if you have agreed to and been bound by the applicable license agreement with MediaTek (“License Agreement”) and been granted explicit permission within the License Agreement (“Permitted User”). If you are not a Permitted User, please cease any access or use of this document immediately. Any unauthorized use, reproduction or disclosure of this document in whole or in part is strictly prohibited. THIS DOCUMENT IS PROVIDED ON AN “AS-IS” BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES OF ANY KIND AND SHALL IN NO EVENT BE LIABLE FOR ANY CLAIMS RELATING TO OR ARISING OUT OF THIS DOCUMENT OR ANY USE OR INABILITY TO USE THEREOF. Specifications contained herein are subject to change without notice. MediaTek LinkIt™ Development Platform for RTOS Get Started Guide Document Revision History Revision Date Description 1.0 24 March 2016 Initial version. 2.0 17 May 2016 Move the contents relative to flash, HDK, and build comments to corresponding documents. Add the support of Keil 3.0 30 June 2016 Add the support of IAR. Refine the architecture and provide more information on the SDK usage. © 2015 - 2016 MediaTek Inc. Page i of v This document contains information that is proprietary to MediaTek Inc.
    [Show full text]
  • MINDSTORMS EV3 User Guide
    User Guide TABLE OF CONTENTS Introduction + Welcome ...................................................................................................................... 3 + How to Use This Guide .................................................................................... 4 + Help ................................................................................................................................. 5 EV3 Technology + Overview ..................................................................................................................... 6 + EV3 Brick ..................................................................................................................... 7 Overview ...................................................................................................................... 7 Installing Batteries ............................................................................................... 10 Turning On the EV3 Brick ................................................................................ 11 + EV3 Motors ................................................................................................................. 12 Large Motor ............................................................................................................... 12 Medium Motor ......................................................................................................... 12 + EV3 Sensors ............................................................................................................
    [Show full text]
  • We Shape the Connected World Automotive Autonomy Generating Energy Effectively Wearable Technology ARM’S Technology Is Cars Are Becoming Mobile Computing Platforms
    ARM Holdings plc Annual Report 2015: Strategic Report We shape the connected world Automotive autonomy Generating energy effectively Wearable technology ARM’s technology is Cars are becoming mobile computing platforms. Wind turbines and solar panels can be made Smart watches, biometric-monitors and More sensors and cameras are being included more effective by including technology that augmented reality headsets are intelligent, to assist the driver with lane detection, reading controls and monitors the wind turbine, and connected devices that can give us extra shaping the way we roadside signage and identifying potential hazards aggregates data across the entire wind farm. information to improve our health and or people crossing the road. In time, driver wellness, or just to help us have more fun. all live our lives; in the assistance may lead to a fully automated vehicle. home, as we travel, at school or work, and as we have fun with our friends Mobile computing Smart city streets Intelligent networks Smarter homes ARM-based mobile computers, including City infrastructure from street lights to car Broadband and mobile phone network speeds Cost-efficiency in the home can be improved smartphones, tablets and some laptops are, parking meters can be made more effective by are increasing, and latency decreasing, enabling through learning thermostats that understand for many people, the primary device for their embedding intelligent chips. Street lights that new services for operators to provide to your daily routine, domestic appliances that use work, whether in an office or on the road; can dim when no one is nearby will save energy consumers and enterprises, from delivering advanced algorithms for calculating water and for researching and writing school assignments; and reduce carbon emissions, and prognostics in more movie and TV options to collating and detergent requirements, and smart meters that and for engaging with friends.
    [Show full text]
  • Low-Power Ultra-Small Edge AI Accelerators for Image Recog- Nition with Convolution Neural Networks: Analysis and Future Directions
    Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 16 July 2021 doi:10.20944/preprints202107.0375.v1 Review Low-power Ultra-small Edge AI Accelerators for Image Recog- nition with Convolution Neural Networks: Analysis and Future Directions Weison Lin 1, *, Adewale Adetomi 1 and Tughrul Arslan 1 1 Institute for Integrated Micro and Nano Systems, University of Edinburgh, Edinburgh EH9 3FF, UK; [email protected]; [email protected] * Correspondence: [email protected] Abstract: Edge AI accelerators have been emerging as a solution for near customers’ applications in areas such as unmanned aerial vehicles (UAVs), image recognition sensors, wearable devices, ro- botics, and remote sensing satellites. These applications not only require meeting performance tar- gets but also meeting strict reliability and resilience constraints due to operations in harsh and hos- tile environments. Numerous research articles have been proposed, but not all of these include full specifications. Most of these tend to compare their architecture with other existing CPUs, GPUs, or other reference research. This implies that the performance results of the articles are not compre- hensive. Thus, this work lists the three key features in the specifications such as computation ability, power consumption, and the area size of prior art edge AI accelerators and the CGRA accelerators during the past few years to define and evaluate the low power ultra-small edge AI accelerators. We introduce the actual evaluation results showing the trend in edge AI accelerator design about key performance metrics to guide designers on the actual performance of existing edge AI acceler- ators’ capability and provide future design directions and trends for other applications with chal- lenging constraints.
    [Show full text]
  • A Comparative Analysis of Mobile Operating Systems Rina
    International Journal of Computer Sciences and Engineering Open Access Research Paper Vol.-6, Issue-12, Dec 2018 E-ISSN: 2347-2693 A Comparative Analysis of mobile Operating Systems Rina Dept of IT, GGDSD College, Chandigarh ,India *Corresponding Author: [email protected] Available online at: www.ijcseonline.org Accepted: 09/Dec/2018, Published: 31/Dec/2018 Abstract: The paper is based on the review of several research studies carried out on different mobile operating systems. A mobile operating system (or mobile OS) is an operating system for phones, tablets, smart watches, or other mobile devices which acts as an interface between users and mobiles. The use of mobile devices in our life is ever increasing. Nowadays everyone is using mobile phones from a lay man to businessmen to fulfill their basic requirements of life. We cannot even imagine our life without mobile phones. Therefore, it becomes very difficult for the mobile industries to provide best features and easy to use interface to its customer. Due to rapid advancement of the technology, the mobile industry is also continuously growing. The paper attempts to give a comparative study of operating systems used in mobile phones on the basis of their features, user interface and many more factors. Keywords: Mobile Operating system, iOS, Android, Smartphone, Windows. I. INTRUDUCTION concludes research work with future use of mobile technology. Mobile operating system is the interface between user and mobile phones to communicate and it provides many more II. HISTORY features which is essential to run mobile devices. It manages all the resources to be used in an efficient way and provides The term smart phone was first described by the company a user friendly interface to the users.
    [Show full text]
  • Tegra Linux Driver Package
    TEGRA LINUX DRIVER PACKAGE RN_05071-R32 | March 18, 2019 Subject to Change 32.1 Release Notes RN_05071-R32 Table of Contents 1.0 About this Release ................................................................................... 3 1.1 Login Credentials ............................................................................................... 4 2.0 Known Issues .......................................................................................... 5 2.1 General System Usability ...................................................................................... 5 2.2 Boot .............................................................................................................. 6 2.3 Camera ........................................................................................................... 6 2.4 CUDA Samples .................................................................................................. 7 2.5 Multimedia ....................................................................................................... 7 3.0 Top Fixed Issues ...................................................................................... 9 3.1 General System Usability ...................................................................................... 9 3.2 Camera ........................................................................................................... 9 4.0 Documentation Corrections ..................................................................... 10 4.1 Adaptation and Bring-Up Guide ............................................................................
    [Show full text]
  • Mediatek Inc
    01 May 2015 Asia Pacific/Taiwan Equity Research Semiconductor Devices MediaTek Inc. (2454.TW / 2454 TT) Rating NEUTRAL* Price (30 Apr 15, NT$) 395.00 RESULTS Target price (NT$) 405.00¹ Upside/downside (%) 2.5 Mkt cap (NT$ mn) 708,117 (US$ 23,121) 2Q lacks growth, but a high bar is set for 2H Enterprise value (NT$ mn) 544,619 ■ 1Q15 results in line with CS, but below street. 1Q15 sales were already Number of shares (mn) 1,792.70 Free float (%) 89.1 reported at NT$47.5 bn, -14.3% QoQ. Smartphone shipments were 85 mn 52-week price range 535.0 - 390.0 (30mn LTE), down from 95-100mn in 4Q14 due to seasonality and emerging ADTO - 6M (US$ mn) 101.0 market weakness. GMs met our 47.3% vs 46-48% guidance and OpM was also *Stock ratings are relative to the coverage universe in each analyst's or each team's respective sector. in line at 16.1% on cost controls. Lower non-op income kept EPS only in line ¹Target price is for 12 months. with our NT$4.62 and below street's NT$4.97. Research Analysts ■ 2Q15 guidance below, inventory elevated. Sales were guided -5% to +3% Randy Abrams, CFA QoQ, below CS/street's +9%/+18% QoQ on 3G price pressure and 4G mix 886 2 2715 6366 [email protected] skewed to the entry level. Margins are in line, with GMs at 45.5-47.5% and Nickie Yue OpM at 12.5-16.5%. Inventory is elevated, at 102 days and guided to stay 886 2 2715 6364 98-110 days in 2Q15, requiring 2H15 acceleration.
    [Show full text]
  • IN the UNITED STATES DISTRICT COURT for the WESTERN DISTRICT of TEXAS WACO DIVISION AMERICAN PATENTS LLC, Plaintiff, V. ANALOG D
    Case 6:18-cv-00356 Document 1 Filed 12/06/18 Page 1 of 64 IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF TEXAS WACO DIVISION AMERICAN PATENTS LLC, CIVIL ACTION NO. 6:18-CV-356 Plaintiff, ORIGINAL COMPLAINT FOR v. PATENT INFRINGEMENT ANALOG DEVICES, INC., CYPRESS JURY TRIAL DEMANDED SEMICONDUCTOR CORPORATION, MARVELL INTERNATIONAL, LTD., MEDIATEK INC., and MEDIATEK USA INC., Defendants. ORIGINAL COMPLAINT FOR PATENT INFRINGEMENT Plaintiff American Patents LLC (“American Patents” or “Plaintiff”) files this original complaint against Defendants Analog Devices, Inc., Cypress Semiconductor Corporation, Marvell International, Ltd., MediaTek Inc., and MediaTek USA Inc. (collectively “Defendants”), alleging, based on its own knowledge as to itself and its own actions and based on information and belief as to all other matters, as follows: PARTIES 1. American Patents is a limited liability company formed under the laws of the State of Texas, with its principal place of business at 2325 Oak Alley, Tyler, Texas, 75703. 2. Analog Devices, Inc. (“Analog”) is a corporation organized and existing under the laws of the state of Massachusetts. It can be served via its registered agent: CT Corp System, 1999 Bryan Street, Suite 900, Dallas, TX 75201. 3. Analog is one of the world’s largest manufacturers of integrated circuits. Case 6:18-cv-00356 Document 1 Filed 12/06/18 Page 2 of 64 4. Cypress Semiconductor Corporation (“Cypress”) is a corporation organized under the laws of the state of Delaware. Cypress can be served with process by serving its registered agent: Corporation Service Company d/b/a CSC-Lawyers Incorporating Service Company, 211 E.
    [Show full text]
  • A Systematic Survey of Firmware Extraction Techniques for Iot Devices
    Breaking all the Things | A Systematic Survey of Firmware Extraction Techniques for IoT Devices Sebastian Vasile, David Oswald, and Tom Chothia University of Birmingham [email protected], [email protected], [email protected] Abstract. In this paper, we systematically review and categorize differ- ent hardware-based firmware extraction techniques, using 24 examples of real, wide-spread products, e.g. smart voice assistants (in particular Amazon Echo devices), alarm and access control systems, as well as home automation devices. We show that in over 45% of the cases, an exposed UART interface is sufficient to obtain a firmware dump, while in other cases, more complicated, yet still low-cost methods (e.g. JTAG or eMMC readout) are needed. In this regard, we perform an in-depth investiga- tion of the security concept of the Amazon Echo Plus, which contains significant protection methods against hardware-level attacks. Based on the results of our study, we give recommendations for countermeasures to mitigate the respective methods. 1 Introduction Extracting the firmware from IoT devices is a crucial first step when analysing the security of such systems. From a designer's point of view, preventing the firmware from falling into the hands of an adversary is often desirable: for in- stance, to protect cryptographic keys that identify a device and to impede prod- uct counterfeit or IP theft. The large variety of IoT devices results in different approaches to firmware extraction, depending on the device in question. Past work has looked at the state of security of IoT devices, e.g.
    [Show full text]
  • ARM Roadmap Spring 2017
    ARM Roadmap Spring 2017 Robert Boys [email protected] Version 9.0 Agenda . Roadmap . Architectures ARM1™ die . Issues . What is NEW ! . big.LITTLE™ . 64 Bit . Cortex®-A15 . 64 BIT . DynamIQ 3 © ARM 2017 In the Beginning… . 1985 32 years ago in a barn.... 12 engineers . Cash from Apple and VLSI . IP from Acorn Computers . Proof of concept . No patents, no independent customers, product not ready for mass market. A barn, some energy, experience and belief: “We’re going to be the Global Standard” 4 © ARM 2017 The Cortex Processor Roadmap in 2008 Application Real-time Microcontroller Cortex-A9 Cortex-A8 ARM11 Cortex-R4F ARM9 Cortex-R4 ARM7TDMI ARM7 Cortex-M3 SC300 Cortex-M1 5 © ARM 2017 5 Cortex-A73 ARM 2017 Processor Roadmap Cortex-A35 Cortex-A32 Cortex-A72 Cortex-A57 ARM 7, 9, 11 Cortex-A17 Application Cortex-A53 Cortex-A15 Real-time Not to scale to Not Cortex-A9 (Dual) Microcontroller Cortex-A9 (MPCore) Cortex-A8 Cortex-A7 ARM11(MP) Cortex-A5 MMU ARM926EJ-S Cortex-R52 No MMU Cortex-R8 200+ MHz Cortex-R7 ARM9 Cortex-R5 Cortex-R4 Cortex-M7 200+ MHz Cortex-M33 ARM7TDM 72 – 150 + MHz Cortex-M4 Cortex-M3 ARM7I SC300 Cortex-M23 DesignStart™ Cortex-M1 SC000 Cortex-M0+ Cortex-M0 6 © ARM 2017 6 Versions, cores and architectures ? Family Architecture Cores ARM7TDMI ARMv4T ARM7TDMI(S) ARM9 ARM9E ARMv5TE ARM926EJ-S, ARM966E-S ARM11 ARMv6 (T2) ARM1136(F), 1156T2(F)-S, 1176JZ(F), ARM11 MPCore™ Cortex-A ARMv7-A Cortex-A5, A7, A8, A9, A12, A15, A17 Cortex-R ARMv7-R Cortex-R4(F), Cortex-R5, R7, R8 … Cortex-M ARMv7-M Cortex-M3, M4, M7 (M7 is ARMv7-ME) ARMv6-M Cortex-M1, M0, M0+ NEW ! ARMv8-A 64 Bit: Cortex-A35/A53/57/A72 Cortex-A73 Cortex-A32 NEW ! ARMv8-R 32 Bit: Cortex-R52 NEW ! ARMv8-M 32 Bit: Cortex-M23 & M33 TrustZone® 7 © ARM 2017 What is New ? DynamIQ ! .
    [Show full text]