On Thursday I had the distinct pleasure of attending the San Francisco launch of ARM Ltd.'s Cortex A15 “codename Eagle”–the next generation high-end multicore ARM processor. Amongst many impressive performance efficiency improvements, the feature I've been most jubilant about (and couldn't talk about until now!) is the addition of a hardware hypervisor mode for the virtualization of multiple guest operating systems: a message to the rest of the chip market that ARM intends to push into higher end embedded systems (and beyond).
Given that Intel (Atom with VT technology) and Freescale (QorIQ with Power 2.06 hypervisor extensions) have already introduced hypervisor hardware support into embedded/mobile processors, you may think that ARM is late to this vParty. Actually, ARM was the first major embedded processor architecture to include hardware virtualization assistance, when it launched TrustZone on the ARM 1176 back in 2003. TrustZone is available in the latest ARM application processor cores, including Cortex A8 and A9. Unlike the new ARM extensions, TrustZone enables a single guest operating system to execute at full speed (faster than what is possible with virtualization extensions) in the “normal state”, while a special purpose OS executes in the “secure state.” While this is not as flexible as a true hypervisor mode, many embedded virtualization use cases require only a single guest, partitioned from critical functions. TrustZone remains a key feature of the Cortex A15 platform. While it is possible to deploy hypervisors independent of the TrustZone OS, I prefer the streamlined approach of a single TrustZone OS/hypervisor for both secure state processing and guest OS virtualization.
While the original intent of TrustZone is a pure security play, ARM missed the boat by not marketing it as a virtualization play. Conversely, while this new extension is promoted as a virtualization play, ARM should also market it as a security play. At the launch I chatted about this with Warren East who agreed the increased need for attention to security in ARM-based devices, from embedded to enterprise. As an example, the virtualization extensions enable multiple security functions–such as anti-malware or DRM–to be incorporated as strongly isolated virtual appliances, instead of the traditional, weaker approach of adding them as applications within the main platform OS. Case in point: back in 2004, the Metal Gear Trojan was able to infiltrate and propagate across Symbian smartphones by first disabling the anti-virus software within Symbian!
Here’s a picture of the stronger virtual appliance approach from an old slide deck:
For more information on Cortex A15, go to ARM’s Cortex A15 product page.
David Kleidermacher , chief technology officer at Green Hills Software, writes about security issues.