https://fuse.wikichip.org/news/5699/arm-introduces-its-confidential-compute-architecture/ Skip to content Wednesday, June 23, 2021 Latest: * Arm Introduces Its Confidential Compute Architecture * Intel Talks 10nm DTCO, EUV Benefits * Intel's Diamond Mesa Bridges The Gap Between ASIC and FPGA * A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip * AMD 3D Stacks SRAM Bumplessly * WikiChip Fuse WikiChip Fuse Your Chips and Semi News [ ] * Home * Account * Main Site * Architectures + x86 + ARM + RISC-V + Power ISA + MIPS * Supercomputers * 14 nm * 12nm * 10nm * 7nm * 5nm Architectures Arm Introduces Its Confidential Compute Architecture June 23, 2021June 23, 2021 David Schor ARM, ARMv9, ARMv9.2, Confidential Compute Architecture (CCA), confidential computing, Dynamic TrustZone, Realm Management Extension (RME), secure enclave, TrustZone [arm-cca-header-1024x373] When Arm announced the Armv9 architecture earlier this year, they revealed a new architecture for confidential compute that would be introduced. Today Arm is introducing the new architecture. The Arm Confidential Compute Architecture (CCA) is an isolation technology that builds on Arm's existing TrustZone technology as its foundation. Within the new CCA architecture, application data is designed to be protected while in use. This includes the prevention of access to private data even from privileged software such as the hypervisor or the operating system. What Arm is introducing today is the first release of the behavior architecture specification for a compliant implementation of the architecture. Today spec introduction is designed to seed the software community and kickstart software enablement. Arm expects around 2-3 years until things reach production readiness and we can expect to see it shipping in silicon. [arm-cca-doc-src-release-1024x434] Note that the Confidential Compute Architecture is part of the new Armv9 architecture. Specifically, it will be an optional feature of the Armv9.2 and will likely eventually become a required extension in a future specification. Software developers will be able to check for CCA support by checking if the Realm Management Extension (RME) feature is present on the CPU (more on this later). [arm-cca-highlight-1024x536] Realms Previously, a high-trust environment was only accessible to silicon vendors and OEMs through things such as TrustZones. With the new Arm CCA, high-trust environments is being extended to all developers with the hope that it will be used by mainstream workloads. While initially this be implemented by OS-related software, Arm hopes that Realms will find their way into mainstream software such as smartphone apps (more on this later in this article). To that end, the new confidential compute architecture is designed to suit all markets from cloud to mobile, automotive, and to IoT. At the heart of the Confidential Compute Architecture are "Realms". Realms are effectively small, individual high-trust environments or enclaves. The Confidential Compute Architecture is designed to prevent private data access across the entire stack right from the silicon. To that end, the CCA provides support for strong protection between mutually distrusting workloads, strong protection against compromised rich operating systems (e.g., Linux, Windows), strong protection against compromised hypervisors, and new protection from applications running within the secure world. In other words, a Realm need not trust anyone. The CCA also supports attestation so that a Realm can verify trust in the device or platform and then present an attestation report to a relying party that can then independently verify trust. [arm-cca-realms-1024x491] The diagram in the slide below shows a high-level overview of how Arm's CCA is designed to work. You will notice that there are now two new states beyond the usual 'Normal' and 'Secure' states. They are called 'Realm' and 'Root'. The new states facilitate the new realm features. We will touch on this later in more detail. Realms are shown in the yellow boxes. When they are created - through the help of the hypervisor - they will migrate to the Realm state. The new realm enclaves cannot be accessed by the hypervisor or any of the TrustZone applications (in green) or even other realms. Realms can be created and destroyed dynamically on-demand. In striking contrast to TrustZone, resources dedicated to realms such as memory can also be adjusted on-demand (i.e., memory size can be increased or decreased as needed on-demand). The idea here is that by moving large software workloads into their own private realms, applications can have much greater confidence that the data they process and algorithms used cannot be used by other software and services running on the same hardware. A big part of the CCA is protecting realms from the underlying hypervisor. So while it is still responsible for allocating resources and is responsible for things such as scheduling, it is no longer able to access the data within a realm. It's worth noting that the CCA hardware-based protection includes virtually everything on the diagram shown with the only exception being the very lowest level of firmware (marked Monitor in the diagram). As far as how many realms can be supported; a system is capable of supporting any number of realms - limited by just the available system resources (i.e., memory, compute power). For example, small IoT devices might have just a handful of realms while a large server SoC might be running 100s of realms. Creating and destroying realms is meant to be light enough operation to be used by any application as desired. [arm-cca-overview-1024x477] Realm Management Extension (RME) The architecture specification being released today includes both the hardware requirements and the enabling firmware and software. As we mentioned earlier, the Arm CCA feature is being introduced as an optional feature of the Armv9.2 ISA. Hardware that supports the confidential compute architecture will have the Realm Management Extension (RME) available. At its core, processors that implement the Realm Management Extension have two new hardware capabilities: the creation of realms and dynamic memory assignment. The first new capability is the new ability to create and destroy hardware-enforced enclaves called realms. As we described them earlier, realms provide data and/or code protection from any other execution environment. This includes the hypervisor, kernel, other realms, and even TrustZone applications. When looking at a typical Arm processor with TrustZone support, the system is partitioned into two regions: one is a secure world and the other is a non-secure world (or normal world). Memory mapping divides the secure world from the non-secure world. Historically, one of the limitations that can impact the use of TrustZone is that memory has to be allocated to the secure world by the Monitor at boot time. And this is often done with limited granularity. This imposes various artificial constraints on the kind/size of resources that may be allocated to the secure world. With the new Realm Management Extension, pages can now transition from the non-secure world to the secure world and back again. This allows TrustZone to be utilized for much more memory-intensive applications. As a side note, when RME is being used exclusively for the enhancement of TrustZone (i.e., no Realms) with dynamic memory capabilities, this specific feature is now being called "Arm Dynamic TrustZone Technology." New RME States: Realm & Root Under the current architecture (Armv8.4-SecEL2), there are two worlds: Secure and Non-Secure (Normal). Each world is associated with its own security state (secure/non-secure) and a physical address space. The secure world is protected from the normal world at exception level 2 and above. Any attempt to access secure memory address space from the normal world will generate a hardware exception, halting execution. Software running within the secure world is able to access both secure and normal world memory. [arm-rme-armv84] Under the new RME, two new security states have been added: Root and Realm. Additionally, two new physical address spaces (also called Root and Realm) have been added. The lowest level of the hardware stack - the Monitor - now gets its own private address space and state called 'Root'. The new Root address space is protected from all other address spaces even the secure world. The new Realm Management Extension provides the ability to dynamically transition pages of memory between these physical address spaces. Arm calls those pages Granules. In order for the processor to support the new dynamic transitioning of memory pages between the various address spaces, Arm added a new table called the Granule Protection Table or GPT. The GPT is an extension of the MMU page tables that are controlled by the Monitor in EL3. The new GPT maps each table in memory to one of the four worlds. On each memory access attempt, a new Granule Protection Check takes place ensuring only permitted accesses are allowed. Invalid accesses trigger page faults. Note that any memory assigned to the Normal, Secure, Root, and Realm world is encrypted by the hardware prior to written to DRAM. [arm-rme-armv92] Realm Management Monitor (RMM) As part of the Arm CCA, a new firmware/software architecture is also defined. A new Realm Management Monitor (RMM) is defined which provides services for the hypervisor as well as to the realms themselves. This is done via a new Realm Management Interface (RMI). Services for the hypervisor include the creation and destruction of realms as well as adding and removing memory. Additionally, realms can also request attestation reports via the RMI which can be for the platform or the realm which can be presented to a requesting party. [arm-cca-firmware-1024x486] - Spotted an error? Help us fix it! Simply select the problematic text and press Ctrl+Enter to notify us. - * - Intel Talks 10nm DTCO, EUV Benefits * Share This Post: Related Articles The Mesh Network For Next-Generation Neoverse Chips Arm Updates Its Neoverse Roadmap: New BFloat16, SVE Support Qualcomm Launches The Snapdragon 710, A New Premium Mid-Range SoC Arm Announces a New Security Certification Program for IoT Devices Marvell Lays Out ARM Server Roadmap Arm Launches New Coherent And SoC Interconnects: CI-700 & NI-700 Top Six Articles * Arm Introduces Its Confidential Compute Architecture * Intel Talks 10nm DTCO, EUV Benefits * Intel's Diamond Mesa Bridges The Gap Between ASIC and FPGA * A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip * AMD 3D Stacks SRAM Bumplessly * Arm Launches ARMv9 Ezoicreport this ad Recent * Arm Introduces Its Confidential Compute Architecture Arm Introduces Its Confidential Compute Architecture June 23, 2021June 23, 2021 David Schor * Intel Talks 10nm DTCO, EUV Benefits Intel Talks 10nm DTCO, EUV Benefits June 22, 2021June 22, 2021 David Schor * Intel's Diamond Mesa Bridges The Gap Between ASIC and FPGA Intel's Diamond Mesa Bridges The Gap Between ASIC and FPGA June 13, 2021June 13, 2021 David Schor * A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip June 11, 2021June 11, 2021 David Schor * AMD 3D Stacks SRAM Bumplessly AMD 3D Stacks SRAM Bumplessly June 7, 2021June 7, 2021 David Schor * Arm Launches New Coherent And SoC Interconnects: CI-700 & NI-700 Arm Launches New Coherent And SoC Interconnects: CI-700 & NI-700 May 25, 2021May 25, 2021 David Schor * Comment * Recent No comments Arm Introduces Its Confidential Compute Architecture Arm Introduces Its Confidential Compute Architecture June 23, 2021June 23, 2021 David Schor Intel Talks 10nm DTCO, EUV Benefits Intel Talks 10nm DTCO, EUV Benefits June 22, 2021June 22, 2021 David Schor Intel's Diamond Mesa Bridges The Gap Between ASIC and FPGA Intel's Diamond Mesa Bridges The Gap Between ASIC and FPGA June 13, 2021June 13, 2021 David Schor A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip June 11, 2021June 11, 2021 David Schor AMD 3D Stacks SRAM Bumplessly AMD 3D Stacks SRAM Bumplessly June 7, 2021June 7, 2021 David Schor Ezoicreport this ad Random Picks DARPA ERI: How Ayar Labs Collaboration With GF Produces A Photonics Chiplet That Can Supercharge Intel FPGAs DARPA ERI: How Ayar Labs Collaboration With GF Produces A Photonics Chiplet That Can Supercharge Intel FPGAs July 20, 2019May 25, 2021 David Schor VLSI 2018: GlobalFoundries 12nm Leading-Performance, 12LP VLSI 2018: GlobalFoundries 12nm Leading-Performance, 12LP July 22, 2018May 25, 2021 David Schor TSMC N7+ EUV Process Starts Shipping TSMC N7+ EUV Process Starts Shipping October 7, 2019May 25, 2021 David Schor Intel's Total Memory Encryption, a new x86 extension for full memory encryption Intel's Total Memory Encryption, a new x86 extension for full memory encryption December 17, 2017May 25, 2021 David Schor ASML Starts NXE:3400C Shipment, But Supply Constraints Loom ASML Starts NXE:3400C Shipment, But Supply Constraints Loom October 17, 2019May 25, 2021 David Schor Random Tags 2.5D packaging 3D packaging 5 nm 5nm 7 nm 7nm 10 nm 10nm 12nm 14 nm 16nm AI AMD ARM ARMv8 ARMv9 chiplet Coffee Lake Core i5 Core i7 edge computing EMIB EUV FinFET Foveros GlobalFoundries Hot Chips IBM Ice Lake IEDM inference Intel ISSCC multi-chip package neural processors process technology RISC-V Samsung Sunny Cove Supercomputers TSMC VLSI Symposium x86 Zen Zen 2 x86 WorldView All Intel Launches 3rd Gen Ice Lake Xeon Scalable Architectures Server Processors Intel Launches 3rd Gen Ice Lake Xeon Scalable April 6, 2021May 23, 2021 David Schor Intel launches its 3rd Generation Xeon Scalable, formerly Ice Lake. Fabricated on the company's 10nm process, those server chips go up to 40 Sunny Cove cores and offer a 20% IPC improvement over the prior generation. The x86 Advanced Matrix Extension (AMX) Brings Matrix Operations; To Debut with Sapphire Rapids Architectures The x86 Advanced Matrix Extension (AMX) Brings Matrix Operations; To Debut with Sapphire Rapids June 29, 2020May 23, 2021 David Schor Centaur New x86 Server Processor Packs an AI Punch Architectures Neural Processors Server Processors Centaur New x86 Server Processor Packs an AI Punch January 24, 2020May 25, 2021 David Schor Zhaoxin Unveiled Next-Generation x86 SoC Plans: 32-Core Servers, Sub-7nm Client Designs Desktop Processors Mobile Processors Roadmaps Server Processors Zhaoxin Unveiled Next-Generation x86 SoC Plans: 32-Core Servers, Sub-7nm Client Designs December 12, 2019May 25, 2021 David Schor Centaur Unveils Its New Server-Class x86 Core: CNS; Adds AVX-512 Architectures Embedded Processors Neural Processors Server Processors Centaur Unveils Its New Server-Class x86 Core: CNS; Adds AVX-512 December 9, 2019May 25, 2021 David Schor SC19: Aurora Supercomputer To Feature Intel First Exascale Xe GPGPU, 7nm Ponte Vecchio Architectures Roadmaps Server Processors Supercomputers Supercomputing 19 SC19: Aurora Supercomputer To Feature Intel First Exascale Xe GPGPU, 7nm Ponte Vecchio November 17, 2019May 25, 2021 David Schor Random VLSI 2018: Next Week's Samsung and GlobalFoundries Papers VLSI 2018: Next Week's Samsung and GlobalFoundries Papers June 17, 2018May 25, 2021 David Schor Intel Opens AIB for DARPA's CHIPS Program as a Royalty-Free Interconnect Standard for Chiplet Architectures Intel Opens AIB for DARPA's CHIPS Program as a Royalty-Free Interconnect Standard for Chiplet Architectures July 24, 2018May 25, 2021 David Schor TSMC Ramps 5nm, Discloses 3nm to Pack Over a Quarter-Billion Transistors Per Square Millimeter TSMC Ramps 5nm, Discloses 3nm to Pack Over a Quarter-Billion Transistors Per Square Millimeter April 17, 2020May 25, 2021 David Schor Arm Launches The DSU-110 For New Armv9 CPU Clusters Arm Launches The DSU-110 For New Armv9 CPU Clusters May 25, 2021May 25, 2021 David Schor Intel Unveils the Tremont Microarchitecture: Going After ST Performance Intel Unveils the Tremont Microarchitecture: Going After ST Performance October 24, 2019May 25, 2021 David Schor IBM Introduces Next-Gen Z Mainframe: The z15; Wider Cores, More Cores, More Cache, Still 5.2 GHz IBM Introduces Next-Gen Z Mainframe: The z15; Wider Cores, More Cores, More Cache, Still 5.2 GHz September 14, 2019May 25, 2021 David Schor Huawei Expands Kunpeng Server CPUs, Plans SMT, SVE For Next Gen Huawei Expands Kunpeng Server CPUs, Plans SMT, SVE For Next Gen May 3, 2019May 25, 2021 David Schor ARM WorldView All Arm Introduces Its Confidential Compute Architecture Architectures Arm Introduces Its Confidential Compute Architecture June 23, 2021June 23, 2021 David Schor A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip IEDM 2020 Interconnects Packaging Subscriber Only Content A Look At Trishul: Arm's First High-Density 3D Logic Stacked Test-Chip June 11, 2021June 11, 2021 David Schor Arm Launches New Coherent And SoC Interconnects: CI-700 & NI-700 Architectures Interconnects Network-on-Chip Arm Launches New Coherent And SoC Interconnects: CI-700 & NI-700 May 25, 2021May 25, 2021 David Schor Arm Launches The DSU-110 For New Armv9 CPU Clusters Architectures Interconnects Mobile Processors Arm Launches The DSU-110 For New Armv9 CPU Clusters May 25, 2021May 25, 2021 David Schor Arm Launches Its New Flagship Performance Armv9 Core: Cortex-X2 Architectures Embedded Processors Mobile Processors Arm Launches Its New Flagship Performance Armv9 Core: Cortex-X2 May 25, 2021May 25, 2021 David Schor Arm Unveils Next-Gen Armv9 Little Core: Cortex-A510 Architectures Embedded Processors Mobile Processors Arm Unveils Next-Gen Armv9 Little Core: Cortex-A510 May 25, 2021May 26, 2021 David Schor About WikiChip WikiChip is an independent publisher based in New York. The WikiChip Fuse section publishes chips and semiconductor related news with our main site offering in-depth semiconductor resources and analysis. WikiChip Links * Main Site * WikiChip Fuse * Newsletter * * Main Site * WikiChip Fuse Copyright (c) 2021 WikiChip LLC. All rights reserved. Spelling error report The following text will be sent to our editors: Your comment (optional): [ ] [ ] [ ] Send Cancel