Microsoft said that it has developed a highly secure chip that Intel, AMD and Qualcomm plan to integrate in future central processing units used in laptops and other personal computers.
Microsoft said the Pluton security processor would bring more advanced protection to PCs using its flagship Windows operating system. Designed by Microsoft, the chip would be used to lock up secret information, including passwords, in a secure vault in the CPU itself, instead of on a separate component on the PCB. Microsoft said the Pluton chip would help stymie all sorts of attacks on the hardware and prevent the theft of secret keys used in cryptography.
The company is partnering with Intel, AMD, and Qualcomm to add Pluton as part of a system on a chip, where all the components of the personal computer, including the CPU, are housed on the same die. It is unclear when the integrated Pluton chips could hit the market. But Intel reportedly said that its chips would be ready to roll out to manufacturers in a couple of years.
Microsoft said that the Pluton chip would be integrated as a secure subsystem inside the SoC, adding another layer of protection on top of the internal defenses designed by Intel, AMD, and Qualcomm. The chip establishes a protected area that is physically secluded from the CPU, acting as a vault in charge of protecting secret keys and other information in the PC. That would help impede hackers trying to intercept information and steal it from the device.
"We believe that processors with built-in security like Pluton are the future of computing hardware," David Weston, who currently leads operating system security at Microsoft, said in a blog detailing the announcement. "With Pluton, our vision is to provide a more secure foundation for the intelligent edge and the intelligent cloud by adding this level of built-in trust to devices, and things everywhere."
Pluton incorporates a full stack of security technology akin to the trusted platform module, or TPM, used in personal computers today to store passwords and other secrets. TPM chips are tiny components that are segregated from the CPU to safeguard secret keys and carry out other chores in the PC. The TPM acts as the "root of trust" of the device, guaranteeing that the PC's combination of hardware and software has not been maliciously altered by hackers.
Today, software alone cannot address all the vulnerabilities present in insecure hardware. But hardware-based protections can comprise the front line of defense for device security.
The TPM chip serves as the strongbox of the computer. But it is not completely unassailable. Hackers have started to target the "interface bus" that connects the TPM to the CPU in the PC, intercepting secret keys and other information that leaks out of the internal connector. Once hackers have physical possession of the PC, they can breach the interface and loot sensitive information from the TPM or launch digital and physical assaults on the device.
Microsoft said the Pluton chip directly addresses such threats. By bringing the TPM and CPU together, Microsoft said that the hackers would be unable to use the interface to invade the device and steal the encryption keys, credentials, and identities. The interface is no longer there. According to Microsoft, none of the information can be removed from the Pluton module, even if the hackers have unfettered physical access to the internal hardware.
Even though it's tightly integrated with the CPU, Microsoft said Pluton runs separately so that the cryptography keys are isolated from the central processor in the PC. Microsoft said it also supports the Secure Hardware Cryptography Key (SHACK) technology, which guarantees that the secret keys kept in Pluton are never exposed outside of the protected hardware.
One of the other problems solved by Pluton is in updating system firmware and patching for bugs and other potential vulnerabilities. Weston said it would roll out fixes for the firmware in Pluton as part of the regular updates it sends out to the vast population of computers that use its Windows operating system. "Today, customers receive updates to their security firmware from a variety of different sources than can be difficult to manage," he said.
Microsoft has been developing chips that resist both hardware and software hacks for the last decade. The company said Pluton was pioneered as part of the integrated hardware and OS security in its Xbox One console released in 2013. The chip, which it worked on with AMD, prevents hackers from messing with the hardware, even when they can take the device apart.
The company rolled out Pluton as part of its Internet of Things solution Azure Sphere in 2018, which includes a secure operating system used in space-constrained devices called Azure Sphere OS and a service for securely updating their firmware over the cloud. Microsoft has partnered with other vendors to add the Pluton chip to energy-efficient MCUs for IoT devices.
By partnering with Intel and AMD—the No.1 and No.2 vendors of personal computer chips—Microsoft is aiming to add tougher protections to every Windows-based PC of the future. "Our vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a highly unified approach," the company said.
Microsoft said the Pluton chip would be used to supplement, rather than replace, the internal protections and firmware in chips made by Intel, AMD, and Qualcomm. No security protocol is ever completely impregnable. But the Pluton chip could strengthen the default amount of protection in PCs, despite the diverse range of manufacturers that work with Windows.
"AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC," Jason Thomas, head of product security at AMD, said in a statement. "We design and build products with security in mind and bringing Microsoft's Pluton technology to the chip level will enhance the already strong security capabilities of our CPUs."
Qualcomm is also rolling out chips based on blueprints from Arm Holdings for PCs. "We believe an on-die, hardware-based root-of-trust like the Microsoft Pluton is an important component in securing multiple use cases and the devices enabling them," Asaf Shen, a senior director of product management at Qualcomm Technologies, said in a statement.
>> Electronic Design Resources
.. >> Library: Article Series
.. .. >> Series: The Graphics Chip Chronicles
.. .. .. >> Introduction to this Series
.. .. .. << Nintendo 64
When 3D graphics controllers were emerging in the late 1990s, 3Dfx was experimenting with ways to scale up performance and accelerate 3D gameplay. One technology it developed was called scan-line interleave (SLI), which was introduced in 1998 as part of its second-generation graphics processor, the Voodoo2.
In SLI mode, two Voodoo2 add-in-boards (AIBs) could run in parallel, with each one drawing every other line of the display. The original Voodoo Graphics also had SLI capabilities, but the feature was generally used only in the arcade and pro graphics markets.
In addition to reducing scan time, SLI also promised to increase the available frame buffer’s memory. That would allow larger models to be loaded and it would also increase the maximum resolution of the screen. Unfortunately, the texture memory remained the same because each AIB needed to duplicate the scene data. That, combined with other overhead issues, dragged on the theoretical performance boost. As 3D models and screen resolutions continued to grow, so did the size and number of texture maps, further cutting into the promised benefits.
The Voodoo2 AIB.
3Dfx tried to overcome this problem by adding another chip: the texture mapping unit (TMU). The TMU allowed a second texture to be drawn during the same graphics engine pass with no performance penalty. When it was introduced, Voodoo2 was the only 3D AIB capable of single-cycle dual-texturing. Using the Voodoo2’s second TMU depended on the application software. Two very popular games of the time, Quake II and Unreal, successfully took advantage of dual-texturing. In fact, in 1998, multi-textures were almost the standard.
It took a little longer before the price-performance analysis showed up. An 8MB Voodoo2 AIB sold for $249 in 1998, about $480 today. A pair of Voodoo2 AIBs would be around $500 then. The problem was the average performance improvement was only 60 to 70% depending on the game and the central processing unit (CPU). The payoff was never there, nor could it ever be. However, in the end, the concept never faded out completely.
When Nvidia bought 3Dfx’s assets in 2000, included in the IP package was SLI. Nvidia didn’t reintroduce it until 2004 due to a lack of motherboards with dual AGP ports. And – Nvidia being Nvidia – they rebranded it to scan-line interface. Nvidia also expanded the concept, making it capable of combining up to four AIBs, which 3dfx had accomplished in the professional space with its Quantum3D products. The company also added several operating modes: Split-frame rendering (half per AIB), alternate frame rendering, and even SLI anti-aliasing as well as the ability to use an integrated GPU, a mode it called Hybrid SLI.
But expansion and rebranding could not solve SLI’s fundamental problem: the technology never delivered anything more than 170% improvement for 200% of the cost. On top of that, AIBs were increasing in price year after year. In addition, the driver support Nvidia had to provide, amounting to a tweak for almost every game, was adding up with each new generation.
AMD's Crossfire technology.(Image courtesy of AMD).
In late 2005, reacting to Nvidia’s SLI rebranding, AMD, which had just acquired ATI, introduced its own take on the technology, called CrossFire. Then, in 2013, AMD ushered the concept to the next level and eliminated the over-the-top (OTT) strap. Instead, the company used an extended direct memory access (XDMA) to open a direct channel of communication between multiple GPUs in a system, connected via the PCI Express (PCIe) interface.
AMD’s XDMA eliminated the external bridge by opening a direct channel between the multiple GPUs in a system. That channel operated over the same PCIe interface as AMD’s AIBs. PCIe is typically used to transfer graphics data between GPUs, main memory, and CPU. When AMD introduced XDMA, the AIBs at the time were not using all the bandwidth PCIe could offer, which was considerably more than an OTT strap. The bandwidth of an external OTT bridge was only 900 Mbps, whereas PCIe Gen 3 with 16 lanes could supply up to 32 Gbps.
AMD’s added bandwidth and elimination of the OTT (a perk that later on Nvidia charged extra for) gave it a competitive edge. However, AMD’s AIBs at the time struggled to match the performance level of Nvidia’s, which hurt it in the marketplace. Ironically, when AMD introduced the RX480 in 2016, the company pushed users to purchase a pair of AIBs that it claimed would outperform a single Nvidia AIB at a lower cost. It was a clever marketing pitch, but it didn’t help AMD’s sales. It also wasn’t true.
Nvidia's RTX 3000 Series GPUs.(Image courtesy of Nvidia).
In 2017, as AMD and Nvidia rolled out Dx12 AIBs, AMD dropped support for CrossFire. The company stated, “In DirectX 12, we reference multi-GPU as applications must support mGPU, whereas AMD has to create the profiles for DX11. We’ve accordingly moved away from using the CrossFire tag for multi-GPU gaming.”
Nvidia followed suit in 2019 and made it official in 2020. For its professional graphics AIB line, Quadro, Nvidia introduced a higher-bandwidth scheme it calls NVLink for multi-AIBs. NVLink specifies a point-to-point connection with data rates of 20, 25 and 50 Gbps.
In late 2020, the company introduced a high-end consumer graphics card, the RTX3090, and made NVLink an option for it. The 350-watt RTX 3090 was introduced at $1,499. It is unlikely many gamers will spend $3,000, plus another $90 for the NVLink technology. They may also need to add a larger power supply (PSU) to manage all the extra performance. However, content creators may want to shell out for the added performance.
>> Electronic Design Resources
.. >> Library: Article Series
.. .. >> Series: The Graphics Chip Chronicles
.. .. .. >> Introduction to this Series
.. .. .. << Nintendo 64
December 04, 2020 at 08:00AM
https://ift.tt/3gfugDW
Intel and AMD to Add Secure Pluton Processor to Future CPUs - Electronic Design
https://ift.tt/2ZDueh5
AMD
No comments:
Post a Comment