Qualcomm’s flagship Snapdragon 845 system-on-chip will include an isolated security core for handling sensitive personal information, among other new features.
The California chip designer showed off its upcoming 845 component at a tech summit in Hawaii on Wednesday, promising the silicon will power 2018’s high-end Android smartphones and most likely future Windows 10 PCs – following in the footsteps of its older sibling, the Snapdragon 835.
Here’s a summary of everything we’ve been able to gather from staff at litigation-magnet, Broadcom-stalked Qualcomm.
The 845 will be a 64-bit Armv8-compatible 10nm FinFET system-on-chip fabricated by Samsung using the Korean manufacturing giant’s 10LPP (low power plus) process technology. The package is about the same size as the 10nm FinFET 835, and packs in three or more billion transistor gates.
It uses four customized Arm Cortex-A75 and four customized Cortex-A55CPU cores. The tweaked A75s are the beefy power-hungry general-purpose brains of the device, clocked at up to 2.8GHz, and kick in when whatever code is running needs a burst of performance at a cost of battery life.
The modified A55s are called the efficiency cores because they require less power and provide less performance, and run application and operating system code most of the time, leaving the power cores to sleep. The A55s are clocked up to 1.8GHz.
The performance and efficiency cores each have their own private 64KB of L1 instruction and 64KB of L1 data cache. The performance cores each have 256KB of private unified L2 cache, while the efficiency cores have 128KB. They all share a 2MB L3 cache, and coordinate together using Arm’s DynamIQ technology. The eight compute cores are branded as Kryo 385.
Cache in hand
Interestingly, speaking of caches, the 845 has a system-wide 3MB cache between itself and its main memory. Whenever any internal component – the GPU, the CPU, the vector math units, etc – wants to access RAM, the requests go through this system-wide cache first. If the data to be read or written lies within the cache, it is accessed there and then, which is faster than going out to the main RAM.
This is good news for things like the vector math units, which twiddle lots of variables during machine-learning tasks, as they can play in the fast cache without having to go slowly out to memory over and over. It’s essentially a shared last-level cache for processing units that don’t typically have their own caches, such as the CPU cores.
The increase in cache, plus the fact the A75 can fetch and decode four instructions at once – one more than previous generations – as well as other improvements here and there, boosts the 845’s performance over the 835. Qualcomm claims the new chip is up to 30 per cent faster at certain tasks than its predecessor.
The tweaked A75s are, apparently, optimized for running non-Arm code under emulation, which is very handy seeing as the Snapdragon family is heading into Arm-based Windows 10 laptop-tablet computers that will run applications built for Intel/AMD x86 processors using emulation. Qualcomm also plugged into the 845 some internal bus quality-of-service mechanisms, and made some changes to the page table system to fit in its new hardware features that we’ll come to later.
As we reported in August, Qualcomm moved a bunch of its engineers off the Snapdragon CPU design team to concentrate on the Arm-compatible Centriq server processor. That left behind a skeleton crew to produce semi-custom versions of Arm’s stock Cortex cores, the kind employed in the Snapdragon 845. Qualcomm insists it can spin up a team to craft fully original Arm-compatible Kryo cores in future, if needed.
We wouldn’t be surprised if engineers were moved off the Krypo team to focus on other important areas of the chipset – such as the vector-math and the graphics processing units. Essentially, the CPU cores are a commodity: Arm produces Cortex-A cores that meet Qualcomm’s requirements, these blueprints are customized and integrated into the system-on-chip package, and that frees up engineers for other projects – such as DSPs and image-enhancing features – the stuff that differentiates Qualcomm’s silicon from rivals also licensing Arm cores.
Hidden security engine
One potential differentiator is the Secure Processing Unit (SPU), which is new to the 845. This is a modified Arm SC300.
It has its own CPU core, embedded private RAM, hardware random number generator and accelerated cryptographic functions, all on its own power island within the system-on-chip die. It runs code supplied by Qualcomm and whoever manufactured the device housing the system-on-chip.
It is designed to process in a secure and private manner, out of sight of the operating system and even the TrustZone portion of the CPU cores, things like fingerprints and facial imagery to authenticate the owner. It’s supposed to prevent hackers and malware that has compromised even the low levels of the system from being able to grab this sensitive biometric data – your prints, the map of your face, and so on – from the gadget. It is also supposed to safeguard cryptographic keys required by apps and the user.
It does this by walling off all access to its sensitive data, and securely processing things like fingerprints in private so that any code – including the OS kernel and any malware – running on the main CPUs can’t inspect or meddle with the information. It is completely separate from the traditional TrustZone area of protected memory and code, which Qualcomm admits has been defeated by state-sponsored hackers and computer security experts.
TrustZone is a special mode within the CPU cores: typically, the kernel or a low-level driver will set up some parameters and trigger the switch to TrustZone, at which point separate firmware code kicks in, fiddles with stuff in memory only it should be able to access, and then switches back to kernel mode with the results. The kernel, drivers and applications running on top shouldn’t be able to see the private stuff, such as crypto keys and fingerprints, the TrustZone code has access to.
The SPU is a physically separate CPU core with physically private memory, with its own built-in crypto engines, and mechanisms to prevent tampering and replay attacks from other software. At first, it sounds a little like Intel’s ill-fated Management Engine, that can be exploited by miscreants to hijack whole workstations and servers.
However, unlike the Management Engine, the SPU does not control the system-on-chip. We’re told it talks to various internal units, such as the GPU and the vector-calculation-crunching DSPs, via a mailbox-like interface, posting them data and requests and collecting the results.
Software running on the main CPUs shouldn’t be able to snoop on whatever these units are working on for the SPU, allowing tasks like fingerprint and facial recognition algorithms to be executed in secret by specialized math circuitry. Therefore, it shouldn’t be possible to remotely compromise the SPU, nor snoop on it locally by malicious apps or kernel-level drivers.
As always, things have bugs, and any flaws in the SPU or its firmware could lead to cracks emerging in Qualcomm’s security. Once upon a time, people said TrustZone was unhackable, and then it was allowed to run Qualy-developed code that didn’t do bounds checks.
It’s hoped the 845’s SPU will process not just fingerprints and facial scans, but also irises and voices to authenticate users and allow them to log into their devices and services. The SPU is also expected to implement other forms of authentication and authorization, allowing people’s phones to replace their chip bank cards, public transport payment cards, SIM cards, and so on.
So, let’s hope it holds up. Qualcomm executives are fairly coy about the SPU’s design. The more mystery there is surrounding its mechanisms, the less information is out there for hackers to exploit, is their thinking. Security through obscurity. “Part of it is obfuscation, the less you say about it the better,” said one senior staffer about the security unit when pressed on the unit’s internals.