DOCSLIB.ORG

Intel® Industrial Iot Workshop Security for Industrial Platforms

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Intel® Industrial IoT workshop Security for industrial platforms Gopi K. Agrawal Security Architect IOTG Technical Sales & Marketing Intel Corporation Legal © 2018 Intel Corporation No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Intel technologies' features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. Intel, the Intel logo, are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. Intel, the Intel logo, Intel® Xeon®, Intel® Core™, Intel Atom®, Pentium®, Celeron®, Intel. Experience What's Inside™, Intel® Firmware Support Package (Intel® FSP), Intel® System Studio, Intel® Media SDK, Intel® SDK for OpenCL™ Applications, Intel® OpenVINO™ toolkit, Intel® Context Sensing SDK, Intel® MAX®, Intel® Cyclone®, Intel® Arria®, Intel® XMM™, Intel® EPID, Intel® SGX are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. 2 Agenda • Learn more about the prevailing Threat environment & top market concerns, Intel Core Security Capabilities-HW Root of Trust capabilities & technologies, IoT Security Lifecycle, and use-cases. • Overview of hardware-based solutions to address the increasing need for security and manageability as Industrial IOT is evolving into new and more demanding uses that challenge existing practices. Intel® Industrial IoT workshop 3 HW Security is a Key Element to Scale IoT Deployments = receptive selling environment Source - Gartner Intel® Industrial IoT workshop 4 Uniqueness of IoT Device Lifecycle Plan • IoT Device usage mode implies Decommission Development 10+ years life time, longer than Retire / Client & Server traditional Replace Testing products Repair Technology Updates Debugging User Business • Security is intrinsic to each Optimize/ Experience Strategy Sustain stage of device lifecycle Deploy Repair Update Provisioning • Intel has assets to help protect Diagnose Configuration customer’s assets in all phases Monitor Control Manage Intel® Industrial IoT workshop 5 HW Instruments Software with Added Protections Trusted Device Stack DeviceIntel Attack Security Surface Technologies Protections Data Data Protected Encrypt Crypto Accel/RNG Storage ID Memory Applications Apps OS Hardening Execution Control VM Isolation Operating System/VMM OS/VMM OS Hardening Execution Control VM Isolation Transitive Transitive Trust Chain Threats BIOS/FW BIOS/FW Targeted Technologies Targeted Protected Boot Root of Trust Recovery Hardware Hardware Hardware Security Makes Entire Hardware Technologies Designed to System More Secure Harden Specific Attack Surfaces Intel® Industrial IoT workshop 6 Consistent Security Foundation What is it? • Set of foundational security capabilities that must be supported at platform level. • Recommended set of technologies for each capability. Why? • Enable common security posture on all platforms. • Promote reuse and consistency in Intel security solutions. Enables for the evolving IoT markets Intel® Industrial IoT workshop 7 Portfolio Definitions Core Capability Value Prop Achieved Industry Technologies Map to Intel Technologies Encryption /Decryption AES-NI, Quick Assist Crypto Hardware-assisted crypto acceleration and secure key generation Random Keys Secure Key Acceleration OS/VMM Hardening OS Guard, VT-d/x Device Identification PTT (TPM, measured Platform Protected and verified boot process with boot, RSA/EDCSA Key Integrity hardware attestation of the platform Support) Baseline Software Identification Protected Boot Boot Guard, OS Guard) Protected Data & Encryption and storage for sensitive data, keys, or Keys, & Identity credentials, at rest and in transport Protected Storage PTT, TME (future) Isolated enclaves to help protect sensitive data, processes, Trusted Trusted Execution and keys at runtime and create a trusted application SGX, DAL, VT -x Environment (TEE) Execution environment Intel® Industrial IoT workshop 8 Security & Management Technologies1 - Hardware CPU Platform Integrity (Access) CPU Intel® OS Guard Intel® Memory Protection Extension MPX OS GUARD Trusted Execution MPX OS GUARD Environment (TEE) Intel® Software Guard Trusted Execution Extension(SGX) SGX VT –x/io VT –x/io AES-NI / Environment (TEE) SHA Intel® Virtualization Technology AES-NI / SHA / RAND AES-NI / SHA / RAND Protect Data & Keys SEC Coprocessor*** Intel® Platform Trust Technology (TPM) SEC Coprocessor*** / PCH Crypto Acceleration PTT (TPM) Intel® AES-NI / Quick Assist* / HW & SW Identity Secure Key PTT (TPM) Intel® Secure Device Onboard / EPID Platform Integrity (Trust Crypto Acceleration EPID AES / SHA AES / SHA EPID Intel® AES-NI / Secure Key & Attestation) Intel® Trusted Execution Technology Platform Integrity (Protected BOOT BIOS BIOS GUARD Device Management TXT** Boot) GUARD Intel® BIOS Guard Intel® Active Management GUARD Intel® Boot Guard Technology AMT BOOT GUARD X-platform HW Security Capabilities 1 Subset of intel security technologies * Intel® Quick Assist Xeon only ***Intel® CSME / TXE / CSE/ SPS 9 Intel® Industrial IoT workshop Specific to Industrial & Energy **Intel® TXT vPro and Xeon only Securing Devices & Communication Threats Solutions Sensitive Data Protection Intel® Software Guard Extension(SGX)* Unauthorized access of app data due to Trusted Execution Environment (TEE) for Embedded week OS security Applications Applications, app run time protection Credential / Provisioning Intel® Secure Device Onboard / EPID Attacker can gain unauthorized Provides service that uses HW key to access to the device with little effort secure the rendezvous of device to its owner Escalation of Privilege / Ransom Ware Other Drivers Intel® OS GUARD / MPX / VT-x Using device vulnerable known Prevent escalation of privilege, boundary software exploit protection, utilize VT / containers Insecure Key Storage Intel® Platform Trust Technology (TPM) cryptographic keys used to protect platform and Enable secure PKI keys storage owner secrets easily recovered by hacker Operating System (Window & Linux) Insecure Data-in-Transit Intel® AES-NI/Quick Assist / Secure Key Sending data in clear increases Enable TLS/SSL ops without compromising eavesdropping risks performance Unsigned Firmware / Rootkit Intel® Boot Guard / Intel® TXT* Modification Of Firmware By Boot Drivers Malware Allows only trusted & untampered firmware to execute Unauthorized BIOS Write Intel® BIOS Guard Unprotected BIOS leaves device vulnerable to BIOS Signed OEM Secure bios update known exploit Hardware limitations Hardware Limited security options availability Intel® Industrial IoT workshop *SGX & TXT supported only on Xeon & Core 10 Customer Ecosystem Security Products Delivery Model Intel Customer Ready Security Solutions 5 Ecosystem OEM, OSV, ISV, CSP Partner Products 3 2 2 4 Trust Enabling Services SolutionsSolutions Tools Enabling Solutions & Tools Platform Products & References System SW & SDKs 1 Silicon Foundation Capabilities & Technologies Root of Trust Capabilities Platform Assurance Security Technologies Industry Security Use Cases & Threats Models Intel provides comprehensive edge to cloud security solutions rooted in HW security that the ecosystem turns into customer ready solutions Intel® Industrial IoT workshop 11 Security Products Delivery Model 5 Ecosystem OEM, OSV, ISV, CSP • Intel vPro Platform • Intel Cloud Integrity Technology 3 2 2 4 • Intel Transparent Supply Chain • Hyperledger Sawtooth Trust Enabling (Blockchain) SolutionsSolutions • Tianocore.org • Intel Secure Device Services Tools Onboard Platform Products & References System SW & SDKs • Intel SGX & EPID • Open Source – EPID Attestation • SDKs - SGX • CA, Key Gen, & Recovery • UEFI Developer Kit 1 Silicon Foundation • IDE - System Studio Baseline Capabilities Platform Assurance Security Technologies • Baseline Capabilities:- SGX, • Side Channel • Intel TXT PTT, Boot & OS Guard, AES-NI, Resistance • Intel BIOS Guard Secure Key, VT-x/d, TME • Intel Stratix 10 FPGA • Anti-tamper Yellow – are products supported by Non Protection • Download and Execute (DnX) IOTG groups • FIPS 140-2
Recommended publications
  • Intel® Architecture Instruction Set Extensions and Future Features Programming Reference

    Intel® Architecture Instruction Set Extensions and Future Features Programming Reference

    Intel® Architecture Instruction Set Extensions and Future Features Programming Reference 319433-037 MAY 2019 Intel technologies features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Intel does not assume any liability for lost or stolen data or systems or any damages resulting from such losses. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifica- tions. Current characterized errata are available on request. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Intel does not guarantee the availability of these interfaces in any future product. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1- 800-548-4725, or by visiting http://www.intel.com/design/literature.htm. Intel, the Intel logo, Intel Deep Learning Boost, Intel DL Boost, Intel Atom, Intel Core, Intel SpeedStep, MMX, Pentium, VTune, and Xeon are trademarks of Intel Corporation in the U.S.
  • A Superscalar Out-Of-Order X86 Soft Processor for FPGA

    A Superscalar Out-Of-Order X86 Soft Processor for FPGA

    A Superscalar Out-of-Order x86 Soft Processor for FPGA Henry Wong University of Toronto, Intel [email protected] June 5, 2019 Stanford University EE380 1 Hi! ● CPU architect, Intel Hillsboro ● Ph.D., University of Toronto ● Today: x86 OoO processor for FPGA (Ph.D. work) – Motivation – High-level design and results – Microarchitecture details and some circuits 2 FPGA: Field-Programmable Gate Array ● Is a digital circuit (logic gates and wires) ● Is field-programmable (at power-on, not in the fab) ● Pre-fab everything you’ll ever need – 20x area, 20x delay cost – Circuit building blocks are somewhat bigger than logic gates 6-LUT6-LUT 6-LUT6-LUT 3 6-LUT 6-LUT FPGA: Field-Programmable Gate Array ● Is a digital circuit (logic gates and wires) ● Is field-programmable (at power-on, not in the fab) ● Pre-fab everything you’ll ever need – 20x area, 20x delay cost – Circuit building blocks are somewhat bigger than logic gates 6-LUT 6-LUT 6-LUT 6-LUT 4 6-LUT 6-LUT FPGA Soft Processors ● FPGA systems often have software components – Often running on a soft processor ● Need more performance? – Parallel code and hardware accelerators need effort – Less effort if soft processors got faster 5 FPGA Soft Processors ● FPGA systems often have software components – Often running on a soft processor ● Need more performance? – Parallel code and hardware accelerators need effort – Less effort if soft processors got faster 6 FPGA Soft Processors ● FPGA systems often have software components – Often running on a soft processor ● Need more performance? – Parallel
  • Intel® Quartus® Prime Design Suite Version 18.1 Update Release Notes

    Intel® Quartus® Prime Design Suite Version 18.1 Update Release Notes

    Intel® Quartus® Prime Design Suite Version 18.1 Update Release Notes Updated for Intel® Quartus® Prime Design Suite: 18.1.1 Standard Edition Subscribe RN-01080-18.1.1.0 | 2019.04.17 Send Feedback Latest document on the web: PDF | HTML Contents Contents 1. Intel® Quartus® Prime Design Suite Version 18.1 Update Release Notes........................ 3 2. Issues Addressed in Update 1......................................................................................... 4 2.1. Intel Quartus Prime Pro Edition Software.................................................................. 4 2.2. Intel Quartus Prime Standard Edition Software.......................................................... 7 2.3. IP and IP Cores..................................................................................................... 8 2.4. DSP Builder for Intel FPGAs...................................................................................12 2.5. Intel High Level Synthesis Compiler........................................................................12 2.6. Intel FPGA SDK for OpenCL*................................................................................. 13 3. Issues Addressed in Update 2....................................................................................... 15 3.1. Intel Quartus Prime Pro Edition Software.................................................................15 3.2. IP and IP Cores................................................................................................... 15 3.3. Intel FPGA SDK for OpenCL..................................................................................
  • Intel Atom® Processor C3000 Series for Embedded and Iot Applications: Product Brief

    Intel Atom® Processor C3000 Series for Embedded and Iot Applications: Product Brief

    Product brief Internet of Things Intel Atom® Processor C3000 Series Expanding Intelligence and Flexibility at the Edge Scalable, dense-compute SoC for demanding IoT workloads From the factory foor to the energy grid, airplanes to supply chains, the sensors, controls, gateways, and other connected devices of Internet of Things (IoT) are driving the next industrial revolution. As IoT continues its explosive growth, the need for intelligent devices for more specialized applications is also growing exponentially. Industrial, energy, aerospace, robotics, public sector, and other customers with demanding IoT workloads want new ways to easily extract value from their data, reduce their time to market, and innovate connected technologies quickly and efciently. Moreover, they increasingly require reliable IoT solutions that bring maximum performance and greater capabilities to an ever-expanding array of challenging locations and operating conditions. The Intel Atom® processor C3000 series extends low-power Intel® architecture into new segments and accelerates IoT innovation across a wide range of demanding environments and use cases. With high performance per watt, low thermal design power (TDP) of 9.5W, and up to 20 confgurable high-speed input/output (HSIO) lanes, and pin-to-pin compatibility, this new system-on-a-chip (SoC) family delivers next-generation, multicore performance and scalability for a broad variety of low-power, high-density, and fanless designs. Multicore scalability With the Intel Atom processor C3000 series, customers are able to scale performance and achieve workload consolidation in situations and use cases that uP to require very low power, high density, and high I/O integration. Designed in an FCBGA 34mm x 28mm compact form factor, this SoC-based CPU is manufactured on Intel’s optimized 14nm process technology, available from 2 to 12 cores from 2.3X 1.6 to 2.0 GHz, and includes up to 256 GB DDR4 2133 MHz ECC (SODIMM, UDIMM, better PerforMANce or RDIMM) of addressable memory.
  • Demystifying Internet of Things Security Successful Iot Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M

    Demystifying Internet of Things Security Successful Iot Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M

    Demystifying Internet of Things Security Successful IoT Device/Edge and Platform Security Deployment — Sunil Cheruvu Anil Kumar Ned Smith David M. Wheeler Demystifying Internet of Things Security Successful IoT Device/Edge and Platform Security Deployment Sunil Cheruvu Anil Kumar Ned Smith David M. Wheeler Demystifying Internet of Things Security: Successful IoT Device/Edge and Platform Security Deployment Sunil Cheruvu Anil Kumar Chandler, AZ, USA Chandler, AZ, USA Ned Smith David M. Wheeler Beaverton, OR, USA Gilbert, AZ, USA ISBN-13 (pbk): 978-1-4842-2895-1 ISBN-13 (electronic): 978-1-4842-2896-8 https://doi.org/10.1007/978-1-4842-2896-8 Copyright © 2020 by The Editor(s) (if applicable) and The Author(s) This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Open Access This book is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this book are included in the book’s Creative Commons license, unless indicated otherwise in a credit line to the material.
  • Intel Atom® P5900 Processors for 5G Network Edge Acceleration

    Intel Atom® P5900 Processors for 5G Network Edge Acceleration

    PRODUCT BRIEF | Intel Atom® P5900 Processors ADVANCED PERFORMANCE FOR 5G WIRELESS BASE STATIONS As the radio access network (RAN) infrastructure of wireless carriers evolves to meet the intense demands of 5G, additional compute is required at the edge of the network. Careful consideration is critical across the board—from overarching design down to the selection of key components in base transceiver station equipment—for 5G networks to reliably meet the demands of next-generation service opportunities with lower latencies, higher bandwidth, and increased network capacity. RAN INFRASTRUCTURE EVOLUTION Intel has never had a stronger or more comprehensive portfolio of solutions to enable the RAN. From Intel® Xeon® Scalable processors to Intel Atom® processors, FPGAs, ASICS, and more, Intel continues to deliver cutting-edge hardware for 5G infrastructure. Even so, it’s our significant investments in software that enable service providers to make the most of our hardware, from drivers and operating systems up through entire production-quality software stacks. This interconnected platform of hardware and software allows service providers to get to market quickly while still offering the flexibility needed to address various deployment scenarios. Furthermore, with the increasing adoption of innovations found in cloud deployments, service providers are realizing the benefits of extending a platform combining common cloud software with Intel® architecture-based hardware from the core to the edge. A common software ecosystem for platform virtualization and customer applications—using a common Intel instruction set architecture across the infrastructure—enables faster deployment of new software and features while also making new service offerings and revenue models possible. PRODUCT BRIEF | Intel Atom® P5900 Processors AN EXCITING NEW CLASS OF EDGE PROCESSORS Intel Atom P5900 processors are the first of an all-new class of high-throughput, low-latency Intel Atom P processors for high-density network edge and security solutions.
  • (10) Patent No.: US 9037807 B2

    (10) Patent No.: US 9037807 B2

    US009037807B2 (12) United States Patent (10) Patent No.: US 9,037,807 B2 Vorbach (45) Date of Patent: May 19, 2015 (54) PROCESSOR ARRANGEMENT ON A CHIP Sep. 17, 2001 (DE) .................................. 101 45 792 INCLUDING DATA PROCESSING, MEMORY, Sep. 17, 2001 (DE) ... ... 101 45795 AND INTERFACE ELEMENTS Sep. 19, 2001 (DE) .................................. 101 46132 Sep. 30, 2001 (WO). ... PCT/EPO1/11299 (75) Inventor: Martin Vorbach, Munich (DE) Oct. 8, 2001 (WO) ....................... PCT/EPO1/11593 Nov. 5, 2001 (DE) .................................. 101 54. 259 (73) Assignee: srecinologies AG, Nov. 5, 2001 (DE) ... ... 101 54 260 Dec. 14, 2001 (EP) ..................................... O1129923 (*) Notice: Subject to any disclaimer, the term of this Jan. 18, 2002 (EP) ..................................... O2OO1331 patent is extended or adjusted under 35 Jan. 19, 2002 (DE). 102 O2 044 U.S.C. 154(b) by 0 days. Jan. 20, 2002 (DE) 102 O2 175 Feb. 15, 2002 (DE) 102 O2 653 (21) Appl. No.: 12/944,068 Feb. 18, 2002 (DE) ... ... 102 O6856 Feb. 18, 2002 (DE) ... ... 102 O6857 (22) Filed: Nov. 11, 2010 Feb. 21, 2002 (DE) ... ... 102 O7 224 Feb. 21, 2002 (DE) ... ... 102 O7 225 (65) Prior Publication Data Feb. 21, 2002 (DE) .................................. 102 O7 226 US 2011 FOO60942 A1 Mar. 10, 2011 (51) Int. Cl. O O G06F 3/4 (2006.01) Related U.S. Application Data G06F II/20 (2006.01) (60) Division of application No. 12/496.012, filed on Jul. 1, G06F 3/16 (2006.01) 2009, now abandoned, which is a continuation of G06F 12/00 (2006.01) application No. 10/471.061, filed as application No.
  • Intel® Stratix® 10 General Purpose I/O User Guide

    Intel® Stratix® 10 General Purpose I/O User Guide

    Intel® Stratix® 10 General Purpose I/O User Guide Updated for Intel® Quartus® Prime Design Suite: 21.2 Subscribe UG-S10GPIO | 2021.07.07 Send Feedback Latest document on the web: PDF | HTML Contents Contents 1. Intel® Stratix® 10 I/O Overview..................................................................................... 4 1.1. Intel Stratix 10 I/O and Differential I/O Buffers..........................................................5 1.2. Intel Stratix 10 I/O Migration Support...................................................................... 6 2. Intel Stratix 10 I/O Architecture and Features............................................................... 8 2.1. I/O Standards and Voltage Levels in Intel Stratix 10 Devices....................................... 8 2.1.1. Intel Stratix 10 I/O Standards Support......................................................... 9 2.1.2. Intel Stratix 10 I/O Standards Voltage Support............................................ 10 2.2. I/O Element Structure in Intel Stratix 10 Devices..................................................... 12 2.2.1. I/O Bank Architecture in Intel Stratix 10 Devices..........................................13 2.2.2. I/O Buffer and Registers in Intel Stratix 10 Devices...................................... 14 2.3. Programmable IOE Features in Intel Stratix 10 Devices............................................. 15 2.3.1. Programmable Output Slew Rate Control.....................................................17 2.3.2. Programmable IOE Delay.........................................................................
  • Product Change Notification

    Product Change Notification

    Product Change Notification Change Notification #: 117176 - 00 Change Title: Intel® Stratix® 10, PCN 117176-00, Documentation, Intel® Stratix® 10 Device Datasheet Update Date of Publication: September 27, 2019 Key Characteristics of the Change: Documentation Forecasted Key Milestones: September 27, 2019 Availability of Intel Stratix 10 device datasheet update: Description of Change to the Customer: Intel’s Network & Custom Logic Group (formerly known as the Programmable Solutions Group) is notifying customers of an important documentation update for Intel Stratix® 10 devices. It is necessary to update the datasheet with the new specifications, as the previous specifications were determined to be inaccurate. There is no change to the Intel® Stratix 10 product silicon and materials. Please review the revision history in the Intel Stratix 10 device datasheet for the complete history of updates. The Intel Stratix 10 device datasheet can be found here: https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/hb/stratix-10/s10_datasheet.pdf Customer Impact of Change and Recommended Action: Customers are requested to take note of the changes and determine the impact on their designs. For more information, please contact your local Field Applications Engineer (FAE) or submit a Service Request at the My Intel support page. Products Affected / Intel Ordering Codes: All Intel Stratix 10 devices. The list of affected part numbers (OPNs) can be downloaded in Excel form: https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/pcn/adv1915-opn-list.xlsx PCN Revision History: Date of Revision: Revision Number: Reason: September 27, 2019 00 Originally Published PCN Page 1 of 2 PCN #117176 - 00 Product Change Notification 117176 - 00 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
  • Intel Atom Processor E3800 Product Families in Retail

    Intel Atom Processor E3800 Product Families in Retail

    White Paper Intelligent Systems Intel® Celeron® Processor and Intel® Atom™ Processor E3800 Product Families Intel® Celeron® Processor and Intel® Atom™ Processor E3800 Product Families in Retail Transform user experiences in entry retail devices with full HD video decode, improved graphics, quad-core compute performance, and built-in security Introduction Advanced features include: Intelligent devices that provide HD • Media: Scalable full HD video playback video capability, compelling graphics, includes support for 10 or more responsive performance, and security are simultaneous video streams. transforming in-store retail experiences. • Graphics: Gen 7 Intel® Graphics Today’s retail customers expect POS Architecture enables enhanced visual systems, interactive kiosks, and digital processing over previous-generation signs to support rich media and graphics Intel Atom processors. experience for timely and visually compelling digital promotions and a range • Power and Form Factor: SoC with of choices at checkout, with confidence smaller package size and industrial “The Intel Celeron processor and that the device provides security to temperature range is ideal for thin, protect transactional and personal data. light and environmentally adaptive Intel Atom processor E3800 entry retail devices. The Intel® Celeron® processor and Intel® product families provide full Atom™ processor E3800 product families • Compute: Quad-core processing1 HD simultaneous video decode for intelligent systems help bring these enables improved out-of-order compute capabilities to entry retail devices. performance for more responsive user capability, delivering interactive Compared to previous-generation Intel experiences. Celeron and Atom processors, this new 2-D and 3-D graphics with much • Security: Built-in hardware-assisted processor family provides significantly security enhancements include Intel® improved playback enabling improved media and graphics performance AES New Instructions (Intel® AES NI)2 and enables smaller, more power-efficient immersive visual experiences and Secure Boot.
  • Intel® Atom™ Processor E3800 the Latest Low Power Platform E3800 Family Platform for Intelligent Systems

    Intel® Atom™ Processor E3800 the Latest Low Power Platform E3800 Family Platform for Intelligent Systems

    Intel® Atom™ Processor E3800 The Latest Low Power Platform E3800 Family Platform for Intelligent Systems tŚŝůĞĚĞƐŝŐŶĞĚƚŽďĞĂƚƌƵĞƚĞƐƚŽĨ/ŶƚĞů͛ƐƉĞƌĨŽƌŵĂŶĐĞŝŶƚŚĞƵůƚƌĂŵŽďŝůĞƐƉĂĐĞ͕^ŝůǀĞƌŵŽŶƚŝƐƚŚĞĮƌƐƚƚƌƵĞĂƌĐŚŝƚĞĐƚƵƌĞ ƵƉĚĂƚĞƚŽ/ŶƚĞů͛ƐƚŽŵƉƌŽĐĞƐƐŽƌƐŝŶĐĞŝƚƐŝŶƚƌŽĚƵĐƟŽŶŝŶϮϬϬϴ͘>ĞǀĞƌĂŐŝŶŐ/ŶƚĞů͛ƐĮƌƐƚϮϮŶŵƉƌŽĐĞƐƐĂŶĚĂǀĞƌLJůŽǁƉŽǁĞƌͲ ŵŝĐƌŽĂƌĐŚŝƚĞĐƚƵƌĞ͕^ŝůǀĞƌŵŽŶƚĂŝŵƐƐƋƵĂƌĞůLJĂƚƚŚĞůĂƚĞƐƚ<ƌĂŝƚĐŽƌĞƐĨƌŽŵYƵĂůĐŽŵŵĂŶĚZD͛ƐŽƌƚĞdžϭϱ͘ĂƐĞĚŽŶ ^ŝůǀĞƌŵŽŶƚ͕/ŶƚĞůΠŝŶƚƌŽĚƵĐĞƐϯϴϬϬƉƌŽĚƵĐƚĨĂŵŝůLJ͕ĂƐĞƌŝĞƐŽĨƐLJƐƚĞŵŽŶĐŚŝƉ;^ŽͿĚĞƐŝŐŶĞĚĨŽƌůŽǁͲƉŽǁĞƌ͕ĨĞĂƚƵƌĞͲƌŝĐŚ ĂŶĚŚŝŐŚůLJͲĐĂƉĂďůĞĂƉƉůŝĐĂƟŽŶƐ͘ ϯϴϬϬƉƌŽĚƵĐƚĨĂŵŝůLJƚĂŬĞƐƵƉƚŽĨŽƵƌ^ŝůǀĞƌŵŽŶƚĐŽƌĞƐ͕ĂŶĚĨŽƌƚŚĞĮƌƐƚƟŵĞŝŶĂŶƵůƚƌĂŵŽďŝůĞ/ŶƚĞů^Ž͕ŝƐƉĂŝƌĞĚǁŝƚŚ /ŶƚĞů͛ƐŽǁŶŐƌĂƉŚŝĐƐ/W͘/ŶŽƚŚĞƌǁŽƌĚƐ͕ƌĂƚŚĞƌƚŚĂŶƵƐŝŶŐĂ'WhďůŽĐŬĨƌŽŵ/ŵĂŐŝŶĂƟŽŶdĞĐŚŶŽůŽŐŝĞƐ͕E3800 product family leverages the same GPU architecture as the 3rdŐĞŶĞƌĂƟŽŶ/ŶƚĞůŽƌĞƉƌŽĐĞƐƐŽƌƐ;ĐŽĚĞŶĂŵĞĚ/ǀLJƌŝĚŐĞͿ͘ Silvermont Core Highlights Better Performance Better Power Efficiency 22nm Architecture 200 250 150 300 100 350 50 400 0 450 500 Out-of-order execuon engine Wider dynamic operang range 3D Tri-gate transistors tuned for New mul-core and system fabric Enhanced acve and idle power SoC products architecture management Architecture and design co-opmized with the process New IA instrucons extensions (Intel Core Westmere Level) Bay Trail: Not just for Atoms anymore E3800 product family combines a CPU based on Intel’s new Silver- mont architecture with a GPU that is architecturally similar to (but 4xPCIe* less powerful than) the HD 4000 graphics engine integrated in the 3rdŐĞŶĞƌĂƟŽŶ/ŶƚĞůΠŽƌĞƉƌŽĐĞƐƐŽƌƐůĂƵŶĐŚĞĚŝŶĞĂƌůLJϮϬϭϮ͘dŚĞƐĞ
  • CHERI Concentrate: Practical Compressed Capabilities

    CHERI Concentrate: Practical Compressed Capabilities

    1 CHERI Concentrate: Practical Compressed Capabilities Jonathan Woodruff, Alexandre Joannou, Hongyan Xia, Anthony Fox, Robert Norton, Thomas Bauereiss, David Chisnall, Brooks Davis, Khilan Gudka, Nathaniel W. Filardo, A. Theodore Markettos, Michael Roe, Peter G. Neumann, Robert N. M. Watson, Simon W. Moore Abstract—We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most developed capability-pointer system at present. Capability fat pointers are a primary candidate to enforce fine-grained and non-bypassable security properties in future computer systems, although increased pointer size can severely affect performance. Thus, several proposals for capability compression have been suggested elsewhere that do not support legacy instruction sets, ignore features critical to the existing software base, and also introduce design inefficiencies to RISC-style processor pipelines. CHERI Concentrate improves on the state-of-the-art region-encoding efficiency, solves important pipeline problems, and eases semantic restrictions of compressed encoding, allowing it to protect a full legacy software stack. We present the first quantitative analysis of compiled capability code, which we use to guide the design of the encoding format. We analyze and extend logic from the open-source CHERI prototype processor design on FPGA to demonstrate encoding efficiency, minimize delay of pointer arithmetic, and eliminate additional load-to-use delay. To verify correctness of our proposed high-performance logic, we present a HOL4 machine-checked proof of the decode and pointer-modify operations. Finally, we measure a 50% to 75% reduction in L2 misses for many compiled C-language benchmarks running under a commodity operating system using compressed 128-bit and 64-bit formats, demonstrating both compatibility with and increased performance over the uncompressed, 256-bit format.