DOCSLIB.ORG

A Trusted Open Platform

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Trusted Open Platform COVER FEATURE A Trusted Open Platform Microsoft’s next-generation secure computing base extends personal computers to offer mechanisms that let high-assurance software protect itself from the operating systems, device drivers, BIOS, and other software running on the same machine. omputers are entrusted with more per- a game with a vulnerability or back door. Paul sonal and valuable data every day, and •A user’s home finance transactions and data England local and remote users need mechanisms are vulnerable to Trojan horses that “snoop” Butler to safeguard this data against misuse. A actions and passwords. variety of access-control mechanisms •A bank cannot distinguish a legitimate trans- Lampson C 1 address this problem. For example, most com- action initiated by a person from an illegitimate John mercial systems require users to provide a pass- or sabotaged transaction instigated by a sub- Manferdelli word to log on. Users and administrators can con- verted application. Marcus figure the system to restrict access to resources, Peinado such as files containing sensitive data. One solution to these problems is to provide However, such mechanisms have limited effec- stricter control over platform hardware and soft- Bryan tiveness in a mass-market setting because the ker- ware by using a closed system. Set-top boxes, game Willman nel’s integrity cannot be ensured. One of the main machines, and smart cards take this approach. If it Microsoft reasons is that the commercial need for an open soft- is difficult or impossible to make a change to the Corporation ware and hardware architecture leads to operating operating system or run an unknown or unautho- systems that contain a large collection of peripheral rized application, it is easier to ensure data and devices and device drivers containing millions of transaction integrity. However, closed systems are lines of code. A single programming error or inten- far less flexible than open systems and are unlikely tional back door in this large and diverse code base to replace the personal computer. can give rise to an attack that renders the access- control system ineffective. Viruses and Trojan horses NEXT-GENERATION SECURE exploit such errors on large numbers of machines COMPUTING BASE on the Internet. Microsoft’s next-generation secure computing Furthermore, most home and corporate desktop base aims to provide robust access control while computers today are rather loosely administered. retaining the openness of personal computers. Even a functioning access-control system will be Unlike closed systems, an NGSCB platform can run ineffective if it is not correctly configured. any software, but it provides mechanisms that allow These problems expose open-system users to con- operating systems and applications to protect them- crete vulnerabilities: selves against other software running on the same machine. For example, it can make home finance •A corporate document prepared with a trust- data inaccessible to programs that the user has not worthy program is also accessible to a virus or specifically authorized. 0018-9162/03/$17.00 © 2003 IEEE Published by the IEEE Computer Society July 2003 55 To enable this mode of operation, NGSCB deployed that are also robust against hardware NGSCB platforms platforms implement attacks, especially in high-security corporate and government settings. isolate operating • isolation among operating systems and systems and among processes. OS isolation is related to AUTHENTICATED OPERATION processes and virtual machine monitors. However, some Traditional access-control systems protect data implement key NGSCB innovations make it more against unauthorized access through an authentica- robust than traditional VMMs by enabling tion mechanism such as a password, biometric data, hardware and a small machine monitor to isolate itself or smart card. Each access request triggers a system software security and other high-assurance components component, the guard, that is part of the trusted primitives. from the basic input/output system (BIOS), computing base. The guard grants or denies access, device drivers, and bus master devices. and can audit access requests according to the user, • hardware and software security primitives the request, and the system’s access-control policy.1 that allow software modules to keep Authenticated operation bases access-control secrets and authenticate themselves to local decisions in part on the identity of the program and remote entities. These primitives main- making a request. For example, a user can restrict tain the trustworthiness of OS access pro- access to files containing financial data to only cer- tections without preventing the platform tain authorized programs. from booting other operating systems. It is straightforward to extend most existing user-based access-control systems to code-based We refer to a security regimen that allows any access models.2 For example, a resource can have software to run but requires it to be identified in an access-control list that grants access only to a access-control decisions as authenticated operation, list of programs rather than to users who run these and we call a hardware-software platform that programs. We expect that most systems built to supports authenticated operation a trusted open support authenticated operation will base access- system. control decisions on both program and user A variety of commercial requirements and secu- resource requests. rity goals guided the NGSCB system design. The main commercial requirement was for an open Definition of code ID architecture that allows arbitrary hardware periph- Code-based access control requires a method of erals to be added to the platform and arbitrary establishing a program’s identity. If the operating software to execute without involving a central system can guarantee file-system integrity, it can authority. Furthermore, the system had to operate simply assume that the program “is who it says it in the legacy environment of personal computers. is.” However, in distributed systems or platforms While we introduced changes to core platform that let mutually distrustful operating systems run, components, most of the PC architecture remained establishing a cryptographic identity for programs unmodified. The system had to be compatible with is necessary. the majority of existing peripherals. Finally, the The simplest example is a cryptographic digest hardware changes had to be such that they would or “hash” of the program executable code. Within not have a significant impact on PC production this model the platform or operating system makes costs. no assumptions about the security of applications Our main security goal was assurance. Assurance stored on disk or on the network: If the application is not any particular security function. It refers to is modified, its cryptographic hash—and hence its the degree of confidence the owner of a system can identity and the services to which it is entitled— have in its correct behavior—especially in the pres- will change. Similar code ID mechanisms have been ence of attacks. A further goal was to enable used elsewhere.3-5 authenticated operation. The hardware platforms are not required to pro- Use of code ID vide protection against hardware tampering. Sealed storage and attestation are two mecha- Protection against tampering costs money, and it is nisms that rely on code IDs. clear that most security attacks facing users are Sealed storage. Sealed storage is a cryptographi- launched by malicious software, or are remotely cally implemented access-control mechanism in launched and exploit bugs in otherwise benign soft- which the sealer of a secret states which programs ware. However, we anticipate platforms will be (given by their code IDs) can unseal (read) the 56 Computer Figure 1. Seal and Seal Unseal Unseal primitives. Seal allows a piece Program Program Program Program 1 1 2 3 of software to protect a secret S Seal (S1, N1) Seal (S2, N2) Unseal (blob) and to name the Seal (S1, N1) Seal (S2, N2) Seal (S1, N1) Seal (S2, N2) programs N that can access the secret. If a program calls Unseal on previously sealed data. The secret. Sealed storage provides confidentiality and case of unsealed information being used as a cryp- secret is revealed integrity for persistently stored data. In principle, tographic key, the unsealer needs to know that an only if the sealed-storage primitives can be implemented at adversary did not provide the key. requester’s identity any system layer. For example, the hardware could Attestation. Sealed storage is a restricted form of is as specified in the implement sealed storage as a service to operating symmetric encryption that lets software programs sealed data block. systems or an operating system could implement keep long-lived secrets in persistent storage. Red lines indicate it as a service to applications. Attestation is a variant of public-key encryption failed Unseal Figure 1 illustrates the Seal and Unseal primi- that lets programs authenticate their code ID to requests, and green tives. Programs can call Seal and name their own remote parties.8 lines indicate code ID (the common case) or any other program’s A platform must have a certified public/private- successful code ID as the entity allowed to access the data. key pair for attestation. Consider the signing vari- Unseal requests. If called by a program that has the sealed code ant that we call Quote. The Quote operation ID, Unseal returns the sealed secret and the sealer’s concatenates an input string from the program code ID. If the requesting program has a differ- wishing to authenticate itself with the program’s ent code ID, Unseal returns an error. code ID, signs the resulting data structure with the Seal is designed as a local secret-storage mecha- platform’s privacy quoting key, and returns the nism: Sealed secrets are not accessible to other result to the caller. The requesting program can machines. The Seal and Unseal primitives have con- send this signed data structure to a remote party, siderable implementation flexibility.6 In general, the typically along with platform certificates that sup- implementation layer—for example, the hardware port use of the platform-quoting key.
Load more

Recommended publications
  • Trusted Platform Module (TPM) TCG 1.2 / 2.0
    Trusted Platform Module (TPM) TCG 1.2 / 2.0 USER GUIDE Revision 1.20 The information in this user's guide has been carefully reviewed and is believed to be accurate. The vendor assumes no responsibility for any inaccuracies that may be contained in this document, and makes no commitment to update or to keep current the information in this manual, or to notify any person or organization of the updates. Please Note: For the most up-to-date version of this manual, please see our website at www.supermicro.com. Super Micro Computer, Inc. ("Supermicro") reserves the right to make changes to the product described in this manual at any time and without notice. This product, including software and documentation, is the property of Supermicro and/ or its licensors, and is supplied only under a license. Any use or reproduction of this product is not allowed, except as expressly permitted by the terms of said license. IN NO EVENT WILL SUPER MICRO COMPUTER, INC. BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, SPECULATIVE OR CONSEQUENTIAL DAMAGES ARISING FROM THE USE OR INABILITY TO USE THIS PRODUCT OR DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN PARTICULAR, SUPER MICRO COMPUTER, INC. SHALL NOT HAVE LIABILITY FOR ANY HARDWARE, SOFTWARE, OR DATA STORED OR USED WITH THE PRODUCT, INCLUDING THE COSTS OF REPAIRING, REPLACING, INTEGRATING, INSTALLING OR RECOVERING SUCH HARDWARE, SOFTWARE, OR DATA. Any disputes arising between manufacturer and customer shall be governed by the laws of Santa Clara County in the State of California, USA. The State of California, County of Santa Clara shall be the exclusive venue for the resolution of any such disputes.
    [Show full text]
  • Introduction to Trusted Computing: TPM 101
    Introduction to Trusted Computing: TPM 101 Ariel Segall [email protected] Day 1 Approved for Public Release: 12-2749. Distribution unlimited Day 1 Approved for Public Release: 12-2749. Distribution unlimited 1 Ariel Segall [email protected] () TPM 101 / 1 License All materials are licensed under a Creative Commons \Share Alike" license. http://creativecommons.org/licenses/by-sa/3.0 Day 1 Approved for Public Release: 12-2749. Distribution unlimited 2 Ariel Segall [email protected] () TPM 101 / 1 What We'll Be Covering In this section: What is a TPM? What does it do? What's it good for? Some TPM myths (and the truths behind them) Why enterprises should care about TPMs All at a high level{ deep dive this afternoon. Day 1 Approved for Public Release: 12-2749. Distribution unlimited 3 Ariel Segall [email protected] () TPM 101 / 1 What is a TPM? Trusted Platform Module Inexpensive (<$1, usually) chip on almost all motherboards today Not in Macs Only some servers have them{ ask. Hardware basis for platform trust In secrets In platform state Combined with a Root of Trust for Measurement1 In platform identity Current version is 1.2 Unless otherwise specified, we'll always refer to 1.2 TPMs Previous version 1.1; next, 2.0. 1We'll get to these in a little while Day 1 Approved for Public Release: 12-2749. Distribution unlimited 4 Ariel Segall [email protected] () TPM 101 / 1 What's In a TPM? TPM Non−Volatile Memory Cryptographic Co−Processor Volatile Memory Execution Engine (Processor) Random Number Generator Day 1 Approved for Public Release: 12-2749.
    [Show full text]
  • The Road Ahead for Computing Systems
    56 JANUARY 2019 HiPEAC conference 2019 The road ahead for Valencia computing systems Monica Lam on keeping the web open Alberto Sangiovanni Vincentelli on building tech businesses Koen Bertels on quantum computing Tech talk 2030 contents 7 14 16 Benvinguts a València Monica Lam on open-source Starting and scaling a successful voice assistants tech business 3 Welcome 30 SME snapshot Koen De Bosschere UltraSoC: Smarter systems thanks to self-aware chips 4 Policy corner Rupert Baines The future of technology – looking into the crystal ball 33 Innovation Europe Sandro D’Elia M2DC: The future of modular microserver technology 6 News João Pita Costa, Ariel Oleksiak, Micha vor dem Berge and Mario Porrmann 14 HiPEAC voices 34 Innovation Europe ‘We are witnessing the creation of closed, proprietary TULIPP: High-performance image processing for linguistic webs’ embedded computers Monica Lam Philippe Millet, Diana Göhringer, Michael Grinberg, 16 HiPEAC voices Igor Tchouchenkov, Magnus Jahre, Magnus Peterson, ‘Do not think that SME status is the final game’ Ben Rodriguez, Flemming Christensen and Fabien Marty Alberto Sangiovanni Vincentelli 35 Innovation Europe 18 Technology 2030 Software for the big data era with E2Data Computing for the future? The way forward for Juan Fumero computing systems 36 Innovation Europe Marc Duranton, Madeleine Gray and Marcin Ostasz A RECIPE for HPC success 23 Technology 2030 William Fornaciari Tech talk 2030 37 Innovation Europe Solving heterogeneous challenges with the 24 Future compute special Heterogeneity Alliance
    [Show full text]
  • Trusted Platforms UEFI, PI and TCG-Based Firmware
    White Paper by Intel Corporation and IBM Corporation Trusted Platforms UEFI, PI and TCG-based firmware Vincent J. Zimmer Intel Corporation Shiva R. Dasari Sean P. Brogan IBM September 2009 Executive Summary This document provides an overview of the interactions of the Trusted Computing Group (TCG) [TCG Overview], the firmware standards work within the Unified Extensible Firmware Interface (UEFI) Forum, and implementation practices of UEFI PI-based [UEFI Book][UEFI Shell Book][UEFI Overview] implementations. In addition, this paper will provide some use-cases and implementation examples of this technology in addition to the industry threats that motivate the design of this class of technology. This paper is mainly intended for Hardware, firmware, software, and BIOS engineers. But beyond this audience, some of the information in this paper will be valuable for IT decision makers, marketing, and other parties. The goal of the paper is to take away an understanding of the motivations behind trusted platform design, the terminology of trust, how to navigate the Trusted Computing Group set of specifications and technology that relate to platform, impact on platform firmware and UEFI, instances of deployment in the market, and some future possible directions for hardware and firmware. ii Table of Contents Overview ............................................................................................................2 Problems to solve ...........................................................................................3 Security architecture
    [Show full text]
  • Fog Computing: a Platform for Internet of Things and Analytics
    Fog Computing: A Platform for Internet of Things and Analytics Flavio Bonomi, Rodolfo Milito, Preethi Natarajan and Jiang Zhu Abstract Internet of Things (IoT) brings more than an explosive proliferation of endpoints. It is disruptive in several ways. In this chapter we examine those disrup- tions, and propose a hierarchical distributed architecture that extends from the edge of the network to the core nicknamed Fog Computing. In particular, we pay attention to a new dimension that IoT adds to Big Data and Analytics: a massively distributed number of sources at the edge. 1 Introduction The “pay-as-you-go” Cloud Computing model is an efficient alternative to owning and managing private data centers (DCs) for customers facing Web applications and batch processing. Several factors contribute to the economy of scale of mega DCs: higher predictability of massive aggregation, which allows higher utilization with- out degrading performance; convenient location that takes advantage of inexpensive power; and lower OPEX achieved through the deployment of homogeneous compute, storage, and networking components. Cloud computing frees the enterprise and the end user from the specification of many details. This bliss becomes a problem for latency-sensitive applications, which require nodes in the vicinity to meet their delay requirements. An emerging wave of Internet deployments, most notably the Internet of Things (IoTs), requires mobility support and geo-distribution in addition to location awareness and low latency. We argue that a new platform is needed to meet these requirements; a platform we call Fog Computing [1]. We also claim that rather than cannibalizing Cloud Computing, F. Bonomi R.
    [Show full text]
  • Open Source TPM Support
    Open Source TPM support Open source application and support software for TPM is available for several operating systems like Linux, Android and in different programming languages supporting the following scenarios: - embedded Systems - servers - mobile communication and portable devices (e.g. tablet computer or smartphone) Open source implementations can also be ported to other platforms and processors and may be act as a starting point for the development of new applications. Some open source projects from the following list are supported by Infineon while other packages are separately developed by independent parties. The following list of Open Source software utilizing Trusted Computing and/or TPM software makes no claim to be complete and represents a limited number of projects: 1. Linux TPM Driver ( http://www.kernel.org ) Linux device driver for Trusted Platform Modules (TPM) in standard kernel (Vanilla). 2. I2C driver for TPM The driver is available on Linux kernel.org ( https://lkml.org/lkml/2011/7/22/137 ) 3. Trusted GRUB ( http://sourceforge.net/projects/trustedgrub ) Trusted GRUB extends the GRUB bootloader for Linux platforms with TPM support. This makes it possible to provide a secure Bootstrap architecture; Code is in general useful for initializing a Trusted Platform Module and execute integrity measurement based on Trusted Computing. 4. UBoot based on TPM with I2C ( http://git.chromium.org/gitweb/?p=chromiumos/third_party/u- boot.git;a=tree;f=drivers/tpm/slb9635_i2c;hb=chromeos-v2011.03 ) UBoot involving TPM using I2C interface. 5. The TROUSERS project ( http://sourceforge.net/projects/trousers ): An open-source TCG Software Stack implementation created and released by IBM.
    [Show full text]
  • A Dynamic Cloud Computing Platform for Ehealth Systems
    A Dynamic Cloud Computing Platform for eHealth Systems Mehdi Bahrami 1 and Mukesh Singhal 2 Cloud Lab University of California Merced, USA Email: 1 IEEE Senior Member, [email protected]; 2 IEEE Fellow, [email protected] Abstract— Cloud Computing technology offers new Application Programming Interface (API) could have some opportunities for outsourcing data, and outsourcing computation issue when the application transfer to a cloud computing system to individuals, start-up businesses, and corporations in health that needs to redefine or modify the security functions of the API care. Although cloud computing paradigm provides interesting, in order to use the cloud. Each cloud computing system offer and cost effective opportunities to the users, it is not mature, and own services to using the cloud introduces new obstacles to users. For instance, vendor lock-in issue that causes a healthcare system rely on a cloud Security Issue: Data security refers to accessibility of stored vendor infrastructure, and it does not allow the system to easily data to only authorized users, and network security refers to transit from one vendor to another. Cloud data privacy is another accessibility of transfer of data between two authorized users issue and data privacy could be violated due to outsourcing data through a network. Since cloud computing uses the Internet as to a cloud computing system, in particular for a healthcare system part of its infrastructure, stored data on a cloud is vulnerable to that archives and processes sensitive data. In this paper, we both a breach in data and network security. present a novel cloud computing platform based on a Service- Oriented cloud architecture.
    [Show full text]
  • Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
    Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed mobile storage encryption solutions for Windows environments were either too costly, required users to carry a key-resident device, or relied on keys residing on local disk. Sometimes the best solution under these circumstances was the presence of administrative controls (i.e. policies) prohibiting users from storing sensitive information on local laptop drives. With the proliferation of TPM 1.2 across most laptop platforms and the release of Microsoft Windows Vista, most roadblocks to laptop data encryption have been removed. In this paper, I explore the challenges facing security managers responsible for laptop data security, TPM technology, and how the features of a TPM can integrate with Microsoft’s Bitlocker and Active Directory technologies to provide for more secure data on the road. The Challenges Vulnerable Laptop Data When a mobile user’s laptop is stolen, a variety of data might be potentially exposed. The following is a short list of some of the most common types of sensitive information that might be found on a laptop drive: ¾ ePHI – Electronic Protected Health Information, protected under the HIPAA, is any information that can be used to uniquely identify a health care recipient. ¾ PII – Essentially, Personally Identifiable Information is any data that can be used to steal a person’s identity. Most states have passed laws requiring businesses to take steps to protect this information as well as to notify and assist victims if this information is compromised.
    [Show full text]
  • In-Memory Computing Platform: Data Grid Deep Dive
    In-Memory Computing Platform: Data Grid Deep Dive Rachel Pedreschi Matt Sarrel Director of Solutions Architecture Director of Technical Marketing GridGain Systems GridGain Systems [email protected] [email protected] @rachelpedreschi @msarrel © 2016 GridGain Systems, Inc. GridGain Company Confidential Agenda • Introduction • In-Memory Computing • GridGain / Apache Ignite Overview • Survey Results • Data Grid Deep Dive • Customer Case Studies © 2016 GridGain Systems, Inc. Why In-Memory Now? Digital Transformation is Driving Companies Closer to Their Customers • Driving a need for real-time interactions Internet Traffic, Data, and Connected Devices Continue to Grow • Web-scale applications and massive datasets require in-memory computing to scale out and speed up to keep pace • The Internet of Things generates huge amounts of data which require real-time analysis for real world uses The Cost of RAM Continues to Fall • In-memory solutions are increasingly cost effective versus disk-based storage for many use cases © 2015 GridGain Systems, Inc. GridGain Company Confidential Why Now? Data Growth and Internet Scale Declining DRAM Cost Driving Demand Driving Attractive Economics Growth of Global Data 35. 26.3 17.5 ZettabytesData of 8.8 DRAM 0. Flash Disk 8 zettabytes in 2015 growing to 35 in 2020 Cost drops 30% every 12 months © 2016 GridGain Systems, Inc. The In-Memory Computing Technology Market Is Big — And Growing Rapidly IMC-Enabling Application Infrastructure ($M) © 2016 GridGain Systems, Inc. What is an In-Memory Computing Platform?
    [Show full text]
  • Attestation and Trusted Computing
    Attestation and Trusted Computing Abstract A look at the cryptographic techniques and protocols used in trusted computing with particular attention to remote attestation. CSEP 590: Practical Aspects of Modern Cryptography March 2006 J. Christopher Bare Introduction Trusted computing, in some form, is almost certain to become part of the computing landscape over the next few years. This is because email viruses, trojans, spyware, phishing scams, key-stroke loggers, and security exploits are so much a part of the landscape already. The current computing infrastructure was built with a premium on openness and interoperability which has paid huge dividends in terms of creativity and innovation. But, the same openness is somewhat problematic for security. Experience has shown that the access control model of present operating systems is inadequate against many types of attacks particularly in the hands of inexpert users. Previous attempts to roll out cryptographic infrastructure to a mass-market have met with limited success.[10] The various competing visions of trusted computing seek to strike a workable balance between enhanced security and openness and backward-compatibility. One component of trusted computing that has attracted particular attention is remote attestation. Attestation allows a program to authenticate itself and remote attestation is a means for one system to make reliable statements about the software it is running to another system. The remote party can then make authorization decisions based on that information. This paper will look at the cryptographic techniques and protocols used in trusted computing with particular attention to remote attestation. Trusted Computing The term trusted computing applies to a number of distinct proposals and initiatives with the general goal of engineering more security into commodity computing systems.
    [Show full text]
  • The FPGA As a Computing Platform
    X01_Introduction.qxp 3/15/2005 3:31 PM Page 1 CHAPTER 1 The FPGA as a Computing Platform As the cost per gate of FPGAs declines, embedded and high-performance sys- tems designers are being presented with new opportunities for creating accel- erated software applications using FPGA-based programmable hardware platforms. From a hardware perspective, these new platforms effectively bridge the gap between software programmable systems based on traditional microprocessors, and application-specific platforms based on custom hard- ware functions. From a software perspective, advances in design tools and methodology for FPGA-based platforms enable the rapid creation of hardware-accelerated algorithms. The opportunities presented by these programmable hardware plat- forms include creation of custom hardware functions by software engineers, later design freeze dates, simplified field updates, and the reduction or elimi- nation of custom chips from many categories of electronic products. Increas- ingly, systems designers are seeing the benefits of using FPGAs as the basis for applications that are traditionally in the domain of application-specific in- tegrated circuits (ASICs). As FPGAs have grown in logic capacity, their ability to host high-performance software algorithms and complete applications has grown correspondingly. In this chapter, we will present a brief overview of FPGAs and FPGA- based platforms and present the general philosophy behind using the C lan- guage for FPGA application development. Experienced FPGA users will find 1 X01_Introduction.qxp 3/15/2005 3:31 PM Page 2 2 The FPGA as a Computing Platform much of this information familiar, but nonetheless we hope you stay with us as we take the FPGA into new, perhaps unfamiliar territory: that of high-performance computing.
    [Show full text]
  • Computing Platforms Chapter 4
    Computing Platforms Chapter 4 COE 306: Introduction to Embedded Systems Dr. Abdulaziz Tabbakh Computer Engineering Department College of Computer Sciences and Engineering King Fahd University of Petroleum and Minerals [Adapted from slides of Dr. A. El-Maleh, COE 306, KFUPM] Next . Basic Computing Platforms The CPU bus Direct Memory Access (DMA) System Bus Configurations ARM Bus: AMBA 2.0 Memory Components Embedded Platforms Platform-Level Performance Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 2 Embedded Systems Overview Actuator Output Analog/Digital Sensor Input Analog/Digital CPU Memory Embedded Computer Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 3 Computing Platforms Computing platforms are created using microprocessors, I/O devices, and memory components A CPU bus is required to connect the CPU to other devices Software is required to implement an application Embedded system software is closely tied to the hardware Computing Platform: hardware and software Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 4 Computing Platform A typical computing platform includes several major hardware components: The CPU provides basic computational facilities. RAM is used for program and data storage. ROM holds the boot program and some permanent data. A DMA controller provides direct memory access capabilities. Timers are used by the operating system A high-speed bus, connected to the CPU bus through a bridge, allows fast devices to communicate efficiently with the rest of the system. A low-speed bus provides an inexpensive way to connect simpler devices and may be necessary for backward compatibility as well. Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 5 Platform Hardware Components Computer systems may have one or more bus Buses are classified by their overall performance: lows peed, high- speed.
    [Show full text]