System Solutions with Intel CPUs and FPGAs
The purchase of field-programmable gate array (FPGA) supplier Altera by Intel® in 2015 surprised many companies in the electronics industry. And now that Altera is integrated into Intel, everyone is concerned about the future of the Altera programmable products and what direction Intel will take to leverage the configurable technology.
At this year’s Intel Developer Forum Intel hosted an entire day of presentations outlining product development directions and both software and hardware applications of the FPGAs. During his keynote presentation Intel CEO Brian Krzanich covered two major issues on the top of all attendees’ minds. First, he promised to keep the existing FPGAs with ARM cores and not replace the cores with x86 compatible cores. And, second, he gave a short look at the future roadmap for the FPGAs, which include system-on-a-chip solutions that combine the i86 cores and FPGA fabric, initially in the same package and eventually on the same chip. In these future products he indicated that x86 cores would play a significant role.
Many Application Opportunities
The role FPGAs will play in many applications was outlined in paper SOCTS02, in which Ian Land, the FPGA Marketing Manager for the Data Center Group at Intel, discusses how FPGAs can accelerate many functions within today’s legacy data centers (Figure 1a). In a typical data center, the FPGAs supplement the host CPU and can serve multiple roles: for example, in the network processing area the FPGAs can perform in-line processing, pre-processing, pre-filtering, cryptography, compression, protocol bridging and still other functions. And in the compute section, the FPGAs can accelerate machine learning algorithms, video transcoding, custom algorithms and still other tasks. Additionally, storage-related tasks such as compression, indexing and cryptography can also be accelerated. The flexibility of the FPGA SoCs that contain embedded processor cores allow them to also handle board management, protocol bridging and security tasks.
Further integration of the CPU and FPGA fabrics can reduce system complexity and bring the processing closer to memory to achieve higher performance by reducing latency (Figure 1b). Such a future data center design would also benefit since the integration would reduce power consumption and reduce the board area required. CPUs such as the Intel® Xeon® or Xeon® Phi™ would work side by side with FPGAs such as the Cyclone or Arria 10.
In the same session, Mike Fitton, from Intel’s Wireless and Access BD Programmable Solutions Group, examined how the FPGAs play a role in base stations and support computationally complex signal processing, new usage models, and the ability to handle emerging standards such as 5G communications. The embedded DSP functions, the programmable fabrics and other on-chip resources suit the FPGAs to handle the challenges posed by the evolving wireless infrastructure requirements (Figure 2).
The Arria 10 FPGA provides a system-on-a-chip (SoC) solution for the radio subsystem. The programmable logic fabric and embedded DSP blocks readily handle the filtering and signal conditioning and can perform amplifier digital predistortion. Supporting the functions implemented in the FPGA fabric, the embedded processor cores also perform all the housekeeping functions and system management, while at the same time handling some of the complex algorithms.
The growth of the Internet of things (IoT) in the industrial market segment and the use of FPGAs to support that market was discussed by Joerg Bertholdt of Intel’s Programmable Solutions Group. The huge amounts of data generated by various endpoints such as smart meters (35 Gbytes/day), jet planes (1 Tbyte/flight), and many other devices require significant preprocessing of the data in a smart gateway to reduce the amount of data sent to the cloud. By better analyzing the collected data, system efficiencies can be improved, failure prediction can prevent downtime by replacing parts before they fail, and that, in turn, improves the bottom line. The gateway in the example Bertholdt discussed was based on a Cyclone V SoC that includes dual ARM Cortex A9 processor cores that run a Linux kernel, implement OpenSSL encryption, and provide multiple Ethernet ports.
Data and System Security Key for IoT and Data Centers
Keeping systems secure is a challenge for every product, ranging from servers in a data center to the endpoints in IoT applications. In these areas, the FPGAs can also play an important role as Ryan Kenny, a technical marketing manager at Intel explained in his presentation (SOCTS04). The wide range of places where the data and intellectual property can be compromised include the supply chain, data in transit, data at rest, remote access/updates, and physical and reverse engineering. Thus preventing the circuit design or data from being compromised is a huge challenge since attacks can take on many forms:
- Non-invasive such as side-channel, boot code, over-voltage, over temp, clock skew, glitching, and others
- Invasive such as decapping a package, microprobing, chemical eroding, focused ion beam probing
- Supply chain such as mask set analysis, cloning, counterfeiting, boot code changes
- Software such as the addition of extra circuits
- Intellectual property such as the addition of extra circuits, hidden failure mode, extraction of data and keys
In addition to these well-established techniques to compromise the systems, new attacks are also emerging as systems get more interconnected. New types of attacks include denial of service (DoS), injection of ARM malware into SoC type FPGAs, and inter-FPGA attacks that include unauthorized partial reconfiguration, creation of routing violations, local thermal effects and partial reconfiguration timing attacks. To mitigate such attacks, FPGAs have included fuse scrambling to prevent embedded keys from being read out. Additionally, with the Stratix 10 series, physically unclonable functions (PUF) are used to protect the keys. In future versions of the FPGAs, Intel plans on providing features such as scripted zeroization, user-accessible PUF, secure RMA/debut/upgrade, whole device encryption/authentication, and even total domestic manufacturing.
A related presentation covering Security with Software (SOCTS07) presented by Rod Frazer, an embedded specialist field application engineer for Intel’s programmable solutions group, along with Michel Chabroux from Wind River and Lisko Lappalainen from MontaVista Software examined various techniques software can use to provide security. Frazer led off by detailing secure-boot techniques for both the Cyclone V and Arria 10 FPGA families. Intel and third-party partners also offer multiple hardware IP cores that could be incorporated into the secure boot design for either family. The secure boot capability on the Arria 10 FPGA includes an authentication capability that can be used independently or combined with encryption. A public authentication key (PAK) certification authority infrastructure (256 bit ECDSA authentication) and key authorization key (KAK) storage on the FPGA give designers more options.
The presentation by Wind River® examined the security issues with using an embedded real-time operating system with IoT devices. For IoT systems, security should be integrated in every aspect of the device to prevent any point from being compromised. To that end, Chabroux highlighted key features in VxWorks® that provide security support—encrypted containers, disk, secure boot, digitally signed binaries, TPM and TrouSerS (Trusted Computing Group software stack) to verify system integrity at runtime, security events handler, TEE (trusted execution environment) support (isolate credit-card application), network security (OpenSSL, Firewall, IKE, SCEP, etc.) to separate operations and business networks, and still other features. Lastly, Lappalainen rounded out the security discussion by examining how MontaVista’s embedded Linux software solution can secure SoC FPGAs. The use of a simple Linux root of trust, supplied by a hardware component, provides a chain of attestation through the bootloader, kernel, and userspace. That, combined with the integrity management architecture in Linux, allows transparent checking of file and FS metadata signatures before executing or reading.
The IDF2016 conference covered many other topics—the use of FPGAs for software acceleration, performance optimization, and applications in motor control, smart drones, memory configuration, and still other topics. For access to the presentations, go to:
http://www.intel.com/content/www/us/en/intel-developer-forum-idf/san-francisco/2016/idf-2016-san-francisco-technical-sessions.html and click on “Full Technical Session Catalog”.