árfolyamok

2021.06.22 13:00 UTC

BGN181,116Ft
CHF323,862Ft
CNY46,022Ft
CZK13,875Ft
DKK47,668Ft
EUR354,459Ft
GBP413,600Ft
HRK47,253Ft
JPY2,698Ft
NOK34,680Ft
PLN78,219Ft
RON71,961Ft
RSD3,019Ft
RUB4,072Ft
SEK34,846Ft
TRY34,246Ft
UAH10,940Ft
USD298,032Ft

hírek

SiFive’s highest performance Risc-V IP

2021-06-22 16:23 ElectronicsWeekly Steve Bush

SiFive has announced its highest performance implementation of a Risc-V core yet. Called the Performance P550, the intellectual property is said to deliver a SPECInt 2006 score of 8.65/GHz, “making it the highest performance Risc-V processor available today, and comparable to existing proprietary solutions in the application processor space” according to the company. THis is ...

This story continues at SiFive’s highest performance Risc-V IP

Or just read more coverage at Electronics Weekly

>>>


DevBoard watch: RoKit, the flexible electronics development kit

2021-06-22 16:01 ElectronicsWeekly Alun Williams

Check this one out - RoKit, which is described as an open platform flexible electronics development kit, from Royole.

This story continues at DevBoard watch: RoKit, the flexible electronics development kit

Or just read more coverage at Electronics Weekly

>>>


SiFive launches Cortex-A75 like RISC-V core debuting on Intel dev kit

2021-06-22 15:58 LinuxGizmos Eric Brown

SiFive has launched a Cortex-A75 like, RISC-V RV64GC “Performance P550” core plus a lower-end “Performance P270” that adds RVV extensions. The P550 core is being deployed by Intel in a new RISC-V dev platform. In Oct. 2019, leading RISC-V IP developer SiFive, Inc. announced a next-gen U8-Series platform for high-end Linux driven processors, starting with […]

>>>


APEC 2021: Critical conduction mode totem pole PFC controller

2021-06-22 15:38 ElectronicsWeekly Steve Bush

ON Semiconductor is introducing a critical conduction mode ‘bridge-less’ totem-pole PFC (power factor correction) controller, claiming it to be industry’s first dedicated IC. Bridge-less in this case is a misnomer. It indicates no front-end diode bridge (saving the diode drops), which is instead replaced with a bridge of four transistors- two in a totem-pole operating at ...

This story continues at APEC 2021: Critical conduction mode totem pole PFC controller

Or just read more coverage at Electronics Weekly

>>>


Ugly Head

2021-06-22 15:30 ElectronicsWeekly David Manners

Inflation is rearing its ugly head in the USA. The Consumer Price Index for All Urban Consumers (CPI-U) indicates that the broad CPI for all items is up 5% y-o-y and the core CPI which excludes the more volatile items like food and energy, was up3.8% y-o-y. < EWhile the increase in the ...

This story continues at Ugly Head

Or just read more coverage at Electronics Weekly

>>>


UK made: pancake motor rescues weather balloon tracker

2021-06-22 12:56 ElectronicsWeekly Steve Bush

Printed Motor Works of Hampshire is making a replacement servo motor for a weather balloon tracker made by South African company InterMet, after the original became unobtainable. “The discontinued motor had a very low profile which enabled it to fit within the base plate of the antenna’s turntable mount,” according to PMW. “It also had ...

This story continues at UK made: pancake motor rescues weather balloon tracker

Or just read more coverage at Electronics Weekly

>>>


PC-based Logic Analyzers Comparison: PGY-LA-EMBD vs Logic16 Pro vs SP209

2021-06-22 12:35 CNXSoft Saumitra Jagdale

Building an embedded system requires multiple devices to communicate with the central processor, generally through...

>>>


350W medical PSU peaks at 1kW

2021-06-22 12:29 ElectronicsWeekly Steve Bush

TDK-Lambda has introduced a series of ac-dc mains power supplies rated at 350W convection, 500W with forced air and 1kW peak. Called CUS350MP, the PSUs have medical and industrial safety certifications. Input can vary across 85 to 265Vac (with leakage current <300µA). Four output voltages are available: 24, 30, 36 and 48V, plus a 5V 300mA isolated stand-by voltage – ...

This story continues at 350W medical PSU peaks at 1kW

Or just read more coverage at Electronics Weekly

>>>


Posture correction smart sensor helps you sit or stand upright

2021-06-22 10:02 CNXSoft Jean-Luc Aufranc (CNXSoft)

It’s easy to adopt a bad posture either while sitting in front of a computer...

>>>


Glitch-free power-up from Maxim

2021-06-22 07:12 ElectronicsWeekly David Manners

Designers can now enhance system reliability in low-voltage IoT applications with the Essential Analog MAX16162 nanoPower supervisor with glitch-free power-up from Maxim. This supervisor IC claims to be the industry’s first to fully assert a system reset through the entire system power supply ramp; thereby eliminating low-voltage glitches during power-up and delivering higher system reliability. ...

This story continues at Glitch-free power-up from Maxim

Or just read more coverage at Electronics Weekly

>>>


The National Space Propulsion Test Facility is rocket testing

2021-06-22 07:10 ElectronicsWeekly Alun Williams

A UK rocket test facility has been unveiled by the Science Minister Amanda Solloway – the National Space Propulsion Test Facility (NSPTF), located at the Westcott Space Cluster in Aylesbury. The centre is designed to allow companies and universities to test state-of-the-art propulsion engines which are used to move small satellites in space. It could ...

This story continues at The National Space Propulsion Test Facility is rocket testing

Or just read more coverage at Electronics Weekly

>>>


Cliff adds multi-fibre push-on connector

2021-06-22 07:10 ElectronicsWeekly David Manners

Cliff Electronics have added a MTP/MTO (multi-fibre push on) connector to their FeedThrough connector range which allows through-panel connection of standard 12-72 multimode optical fibre cables. Demand for MTP/MTO connectivity is being driven by the development of 40G and 100G transceivers with MPO ports commonly used for data transmission over short distances to connect ports ...

This story continues at Cliff adds multi-fibre push-on connector

Or just read more coverage at Electronics Weekly

>>>


ON Semi drivers for developing LED luminaires

2021-06-22 07:00 ElectronicsWeekly David Manners

ON Semiconductor has announced two LED drivers which allow manufacturers to develop LED luminaires with light-based positioning technology and visible light communication. By adding data intelligence and accurate positioning (up to 30 cm), these solutions will revolutionize lighting in a variety of spaces including supermarkets, warehouses, hospitals, and airports. The NCL31000 from ON Semiconductor is ...

This story continues at ON Semi drivers for developing LED luminaires

Or just read more coverage at Electronics Weekly

>>>


Software bills of materials (SBOM) could help improve cybersecurity

2021-06-22 06:39 CNXSoft Jean-Luc Aufranc (CNXSoft)

There have been some widely publicized hacks in recent months including the SolarWinds hack and...

>>>


Software-based neural video decoder leverages AI accelerator on Snapdragon 888

2021-06-22 05:37 CNXSoft Jean-Luc Aufranc (CNXSoft)

Sometimes hardware blocks got to work on tasks they were not initially designed to handle....

>>>


Diamond Thermistors

2021-06-22 02:00 ElectronicsWeekly David Manners

Recently there has been a great deal of interest in the use of semiconducting diamond in thermistors and other devices. So, 61 years ago, started a story in Electronics Weekly’s edition of December 21st 1960. The story continues: The Diamond Research Laboratory in Johannesburg is engaged on a programme of research into the properties of ...

This story continues at Diamond Thermistors

Or just read more coverage at Electronics Weekly

>>>


Tiny i.MX8M Mini module also ships on dev kit with Digi XBee

2021-06-21 22:22 LinuxGizmos Eric Brown

Digi’s rugged “ConnectCore 8M Mini” module runs Linux or Android on an i.MX8M Mini with Digi TrustFence security, up to 2GB LPDDR4 and 8GB eMMC, and 802.11ac/Bluetooth 5.0. A dev kit offers mini-PCIe and Digi XBee expansion. Digi has launched a Digi ConnectCore 8M Mini module and development kit that feature NXP’s i.MX8M Mini and […]

>>>


Olimex STM32MP1 SoM and evaluation board support Linux 5.10

2021-06-21 15:48 CNXSoft Jean-Luc Aufranc (CNXSoft)

Olimex has just announced the availability of an STMicro STM32MP1 Cortex-A7/M4 powered system-on-module (SoM) and...

>>>


Intel and Cellwize hook up for vRAN

2021-06-21 15:45 ElectronicsWeekly David Manners

Cellwize Wireless Technologies (Cellwize) will enable its CHIME technology on Intel Xeon Scalable processors with built-in AI acceleration and Intel FlexRAN reference software in order to propel deployment of automated AI-driven 5G vRAN networks. As cellular networks progress from RAN to vRAN, implementing a scalable cloud-like architecture in 5G networks is important for operators. “This collaboration ...

This story continues at Intel and Cellwize hook up for vRAN

Or just read more coverage at Electronics Weekly

>>>


Stashing Cash

2021-06-21 15:23 ElectronicsWeekly David Manners

Switzerland is still the prime destination for private offshore wealth worldwide, according to the Boston Consulting Group. Foreign private wealth parked in Switzerland reached $ 2.4 trillion in 2020 – a quarter of the global total. The biggest growth, however, was expected in Hong Kong and Singapore – the top 2 and 3 on the list ...

This story continues at Stashing Cash

Or just read more coverage at Electronics Weekly

>>>


Intel and Qualcomm looking to combine strengths

2021-06-21 07:30 ElectronicsWeekly David Manners

Intel CEO Pat Gelsinger (pictured left) and Qualcomm CEO-elect Cristiano Amon (pictured right) are looking at areas of co-operation as compute and comms converge. “We are the unquestioned compute leader, and Qualcomm’s the unquestioned comms leader – compute meets comms – right – a lot of new use cases,” Gelsinger told CNBC, “between these two ...

This story continues at Intel and Qualcomm looking to combine strengths

Or just read more coverage at Electronics Weekly

>>>


624m 5G phones to be sold in 2021

2021-06-21 07:22 ElectronicsWeekly David Manners

624 million 5G smartphones will be sold this year up from 269 million in 2020, says Strategy Analytics. Q1 5G phone shipments were 135.7 million. Apple was top brand in Q1 on 40.4 million units; Oppo second on 21.5 million (up from 1.2 million in Q1 2020) and Vivo third with 19.4 million (2.9 million) ...

This story continues at 624m 5G phones to be sold in 2021

Or just read more coverage at Electronics Weekly

>>>


Imaging and sensing component market on 14.5% CAGR 2020-26

2021-06-21 07:14 ElectronicsWeekly David Manners

The global 3D imaging and sensing market is expected to grow to $15 billion in 2026, with a 14.5% CAGR 2020-2026, says Yole Developpement. Mobile & consumer is the main segment representing 46% of the total 3D imaging and sensing market in 2026. It is followed by the automotive and industrial segments, which will both ...

This story continues at Imaging and sensing component market on 14.5% CAGR 2020-26

Or just read more coverage at Electronics Weekly

>>>


Digi-Key launches myLists consolidated list management system

2021-06-21 07:12 ElectronicsWeekly Alun Williams

Digi-Key Electronics has launched a way – dubbed myLists – to make it easier for customers to manage their component sourcing lists in one place. The idea is to streamline customers’ BOM management, price and availability checking and repeat favorites into one system. The tool also includes an attrition calculator to plan for overages that ...

This story continues at Digi-Key launches myLists consolidated list management system

Or just read more coverage at Electronics Weekly

>>>


512Mb NOR flash supports 166MHz SPI clocks.

2021-06-21 07:10 ElectronicsWeekly David Manners

Winbond has added to its SPI NOR Flash portfolio with a monolithic 1.8V 512Mb SPI NOR flash that can support up to 166 MHz standard/dual/quad SPI clocks. Apart from the existing 3V 512Mb W25Q512JV, the new 1.8V W25Q512NW SPI NOR Flash also features pin-to-pin compatibility, enabling customers to upgrade to higher flash storage capacities without having ...

This story continues at 512Mb NOR flash supports 166MHz SPI clocks.

Or just read more coverage at Electronics Weekly

>>>


A better PEEK

2021-06-21 07:06 ElectronicsWeekly David Manners

Glasgow University researchers have used 3D printing to add new properties to polyether ether ketone (PEEK) which result in lightweight, impact-resistant plastic-based ‘honeycomb’ structures which can sense when they have been damaged. PEEK’s mechanical properties and resistance to high temperatures and chemicals have made it useful for a wide range of applications in the aerospace, ...

This story continues at A better PEEK

Or just read more coverage at Electronics Weekly

>>>


10BASE-T1L Ethernet chips enable up to 1.7 kilometer long Ethernet cables

2021-06-21 06:23 CNXSoft Jean-Luc Aufranc (CNXSoft)

The maximum length of Ethernet cables used to be 100 meters. While that may be...

>>>


RasPad 3 Review – Part 2: A Raspberry Pi 4 mini PC with integrated display

2021-06-21 04:00 CNXSoft Jean-Luc Aufranc (CNXSoft)

I started RasPad 3 review last week with an unboxing of the tablet shell for...

>>>


Ed The Cyber Sheriff

2021-06-21 02:00 ElectronicsWeekly David Manners

One of our cyber-geeks has found the Holy Grail which all governments want – a means to identify anyone and everyone who uses the internet. Now we can know exactly who it is who is asking for ransomware, exactly who it is who is interfering with elections, exactly who is making and receiving crypto-currency payments, ...

This story continues at Ed The Cyber Sheriff

Or just read more coverage at Electronics Weekly

>>>


Royole RoKit – A flexible display development kit with a Snapdragon 660 board

2021-06-20 07:03 CNXSoft Jean-Luc Aufranc (CNXSoft)

The Royole RoKit is a flexible display development kit with a Qualcomm Snapdragon 660 board...

>>>


Digi ConnectCore 8M Mini SOM and Mini Development Kit for Industrial IoT Applications

2021-06-19 04:38 CNXSoft Saumitra Jagdale

Digi International has announced the Digi ConnectCore 8M Mini System-on-Module (SOM) which is an addition...

>>>


Wind River Linux updates with Linux LTS 5.10 and a prebuilt binary

2021-06-18 22:30 LinuxGizmos Eric Brown

Wind River has released Wind River Linux LTS21, advancing to Linux LTS 5.10, Yocto Project 3.3, and Qt 5.15.2. New features include a Linux Assembly Tool for image creation and a pre-built binary distribution. We last heard from Wind River in Feb. 2020 when the company released an unnamed version of Wind River Linux that […]

>>>


UK made: VPX video frame grabber and streamer

2021-06-18 17:17 ElectronicsWeekly Steve Bush

Advanced Micro Peripherals of Cambridge has released two 3U video boards for VPX backplanes. XStream-VPX is a 40ms latency H.264/H.265 video streamer with eight PAL/NTSC inputs, one HDMI/DVI, RS343/RGB/STANAG, and one HD-SDI input AVC-VPX (pictured) is a multi-channel frame grabber with eight PAL/NTSC inputs, eight raw digital video streams to VPX host and live video ...

This story continues at UK made: VPX video frame grabber and streamer

Or just read more coverage at Electronics Weekly

>>>


Most Read articles – ARM IPO, Spaceport Cornwall, Xilinx acquisition

2021-06-18 15:37 ElectronicsWeekly Alun Williams

There's a strong quarter for the fabless, Nexperia investing in European wafer fabs, Dream Chaser flights coming to Spaceport Cornwall, Xilinx buying a C/C++programming tool provider and a Qualcomm view of an ARM IPO...

This story continues at Most Read articles – ARM IPO, Spaceport Cornwall, Xilinx acquisition

Or just read more coverage at Electronics Weekly

>>>


The Nokia Rocky Horror Show

2021-06-18 15:32 ElectronicsWeekly David Manners

Back in 2010 the Nokia horror story was beginning. At its peak the company was the world’s most valuable brand with a market cap of almost $200 billion. In 2010, however, failure to produce a rival to the iPhone resulted in the axe for Nokia CEO Olli-Pekka Kallasvuo. At that time, Nokia still had 34% ...

This story continues at The Nokia Rocky Horror Show

Or just read more coverage at Electronics Weekly

>>>


ICs push industrial Ethernet over 1.7km of cable

2021-06-18 13:55 ElectronicsWeekly Steve Bush

ADI has introduced a pair of industrial 10BASE-T1L Ethernet (IEEE 802.3cg) ICs which can operate over 1.7km of single twisted pair with 10Mbit/s 1Vp-p or 2.4Vp-p signalling. “By providing long-reach industrial Ethernet solutions that adhere to the 10BASE-T1L Ethernet standard, we’re making it possible for our customers to achieve reliable communications over much longer distances, ...

This story continues at ICs push industrial Ethernet over 1.7km of cable

Or just read more coverage at Electronics Weekly

>>>


KloudNote 10.3-inch E-reader supports WiFi, Bluetooth and cellular connectivity

2021-06-18 11:47 CNXSoft Jean-Luc Aufranc (CNXSoft)

Geniatech used to be better known for their Amlogic TV boxes, before expanding their business to...

>>>


Logic level 1.5mΩ 30V mosfet has low gate charge

2021-06-18 11:12 ElectronicsWeekly Steve Bush

Vishay has introduced a 30V n-channel mosfet with an on-resistance of 1.5mΩ (typ) at 4.5Vgate while achieving a 29.8mΩnC gate figure-of-merit (FoM). “The SiSS52DN’s FoM represents a 29% improvement over previous-generation devices, which translates into reduced conduction and switching losses to save energy in power conversion applications,” according to New Yorker Electronics, which is stocking ...

This story continues at Logic level 1.5mΩ 30V mosfet has low gate charge

Or just read more coverage at Electronics Weekly

>>>


TI AM64x 7-core processor is made for PLC’s, motor drives, industrial robots

2021-06-18 09:48 CNXSoft Jean-Luc Aufranc (CNXSoft)

Texas Instruments AM64x is a family of 64-bit Arm processors with functional safety designed for...

>>>


Arqit’s Federated Quantum System promises satellite-based encryption

2021-06-18 07:10 ElectronicsWeekly Alun Williams

A UK company, Arqit, which specialises in quantum encryption technology involving satellite links, is at the centre of a newly announced international consortium of companies and government organisations. Aimed at edge devices and cloud computing, the quantum encryption technology uses a federated system concept and is dubbed the Federated Quantum System (FQS). News of the ...

This story continues at Arqit’s Federated Quantum System promises satellite-based encryption

Or just read more coverage at Electronics Weekly

>>>


Outdoor air quality sensor

2021-06-18 07:05 ElectronicsWeekly David Manners

Renesas has expanded its ZMOD4510 Outdoor Air Quality (OAQ) gas sensor platform with an IP67-qualifed waterproof package and a new AI-based algorithm that enables ultra-low power selective ozone measurements. The enhanced ZMOD4510 claims to be the industry’s first fully calibrated, miniature digital OAQ sensor solution with selective ozone measurement capabilities, offering visibility into the air ...

This story continues at Outdoor air quality sensor

Or just read more coverage at Electronics Weekly

>>>


Entry-level Atomic Force Microscopes

2021-06-18 07:04 ElectronicsWeekly David Manners

Hitachi High-Tech Corp has launched its AFM100 and AFM100 Plus systems – entry-level and intermediate-level models of Hitachi’s Atomic Force Microscopes (AFM). These tools are designed to offer ease of use and superior reliability for high-throughput R&D or quality control applications. AFM100 Plus The AFM is a type of the Scanning Probe Microscope (SPM) that ...

This story continues at Entry-level Atomic Force Microscopes

Or just read more coverage at Electronics Weekly

>>>


Amphenol RF adds cable assembly options to MCX series

2021-06-18 07:01 ElectronicsWeekly David Manners

Amphenol RF has expanded its MCX product series to include additional cable assembly options on RG-174 cable. These 50 ohm assemblies are available in plug to plug configurations in an extensive range of standard lengths from six inches to three meters. MCX cable assemblies are suitable for a number of applications including global positioning systems, ...

This story continues at Amphenol RF adds cable assembly options to MCX series

Or just read more coverage at Electronics Weekly

>>>


paperd.ink 4.2-inch ESP32-based e-Paper display ships with a 3D printed enclosure (Crowdfunding)

2021-06-18 05:49 CNXSoft Jean-Luc Aufranc (CNXSoft)

We’ve covered a fair amount of connected e-Paper/e-Ink displays based on ESP32 WiFi & Bluetooth...

>>>


Achieving full MCU partition isolation: Fundamentals

2021-06-18 03:13 Embedded.com Ralph Moore
There is very little a hacker can do from inside of a partition that is fully isolated from the rest of the system. Achieving full isolation between processes using MMUs requires power-hungry processors, and doing so using MPUs comes with a high level of difficulty. This is the first in a series of papers discussing how to achieve full partition isolation in MCU systems.

To me, achieving full partition isolation is the Holy Grail of microcontroller unit (MCU) system security, because there is very little a hacker can do from inside of a partition that is fully isolated from the rest of the system. Achieving full isolation between processes using memory management units (MMUs) is relatively easy but requires power-hungry processors to achieve acceptable process switching times, and it is not appropriate at the task-level, anyway. Achieving full partition isolation for MCUs using memory protection units (MPUs) is possible, but comes with a high level of difficulty.

This is the first in a series of papers discussing how to achieve full partition isolation in MCU systems. Many papers have been written concerning MPUs. Ref. 1 is a particularly well-written introduction to the subject by Jean Labrosse, and I recommend that you read it ahead of this paper, as an introduction to MPU concepts. Refs. 2 and 3 are also helpful. The main problem with Ref. 1 is that it does not go far enough to achieve full partition isolation. However its contents are reviewed, in a few places in this series, in order to illustrate the consequences of different approaches to MPU usage and other aspects of partition isolation.

Game Plan

You may be a very good programmer. However, to write unhackable code, you should not assume that:

  1. You are smarter than the hacker, nor that
  2. you can hide flaws in your code from the hacker, nor that
  3. there is safety in small probabilities.

With regard to the latter, suppose there is a small flaw that you estimate can be broken only one time in a million tries. Safe, right? Wrong! For sake of discussion, suppose you have a slow buggy with only a 50 MHz clock and that can execute only about 10M instructions per second. Also suppose it takes about 100 instructions to attack your flaw. Then it will take the hacker about 1000 seconds, or 17 minutes to break in! So, you better fix it.

No doubt you can write small amounts of hacker-resistant code. But to write a whole system that way is clearly impractical – it would take too long and cost too much money. The bottom line is that we need a better methodology for writing embedded system code. Presenting such a methodology is the purpose of this series of articles.

Let’s Get Started

Figure 1 shows the structure of a typical embedded system. There is no structure and there are no partitions. If a hacker breaks in anywhere he has access everywhere – to the keys, to critical data, to everything. This is not good.


Figure 1: Typical Embedded System Structure (Source: Author)

Figure 2 shows a solution to the problem of safely adding networking to an existing, defenseless embedded system. It is shown here in order to discuss the basics of system partitioning – see Ref. 3 for more information on the solution.


Figure 2: Secure Network Solution (Source: Author)

Above the heavy line is umode (unprivileged or user mode, take your pick). Below the heavy line is pmode (privileged or protected mode). We call the heavy line the pmode Barrier, because it is enforced by the processor, and umode code cannot break through it. As shown, the Ethernet driver plus TCP/IP stack, both of which are notoriously vulnerable to hacking, are in a umode partition. This partition sees only encrypted data passing in or out. It connects to the Network Apps partition via a tunnel portal and it obtains system services via a Software Interrupt (SWI) interface, both of which severely limit what can be done from inside this partition. Note that only the Security partition connects to the Vault, which contains the keys, jewels, and other valuable property of the system owner.

In the above diagram, the entire embedded Application code has been grouped into a single pmode partition and thus it is also protected from an intrusion via the Internet. Figure 2 is a solution for legacy systems and is not typical for new systems, which are the main subject of this series of papers.

Advantages of Isolated Partitions

Dividing embedded system software into isolated partitions has many benefits:

  1. Protection from hackers.
  2. Higher reliability and safety.
  3. Isolation of low-quality or unknown quality software (SOUP).
  4. Better plug-in modularity.
  5. More disciplined design.
  6. On the spot detection of null and wild pointers and stack and buffer overflows.
  7. Easier incorporation of legacy software using isolated partitions.
  8. Partition reboot to recover rather than a full system reboot, which could interrupt vital operations.
  9. Support for partial updates of one or a few partitions.

Security and reliability are two sides of the same coin. In the first, hacks are deliberate; in the second, bugs and malfunctions are accidental. However, both can damage property and risk lives. Measures that improve one tend to improve the other. Hardware enforcement of full isolation enables interchangeability of modules within a system and better module reusability in future systems. Hardware enforcement of better design practices also helps to improve system security and reliability. Partial reboots and partial updates save time. These are all good reasons for partitioning.

The Need to Isolate Code As Well As Data

There seems to be some controversy concerning whether the code of each partition should be isolated from the code of other partitions, or not. For example Ref. 1 states:

Because of the fairly limited number of regions available in an MPU, regions are generally set up to prevent access to data (in RAM) and not so much to prevent access to code (in flash).

A competitive golfer must assume that his opponent will sink the putt, whatever the length. An analogous situation exists here – you must assume that a hacker knows where each of your functions is and what it does. Using this knowledge, he can wreak havoc upon your system simply by calling your functions at inappropriate times with inappropriate parameters. If, on the other hand, he can only access code within the partition that he has penetrated, then he can only damage that partition. Therefore, you do not want a hacker to be able to execute functions in other partitions. Code must be isolated in each partition, just like data.

The need for each partition to have unique data, code, and IO regions can easily exceed the number of MPU slots in most systems. We call this the MPU overflow problem. It is a big problem that we will address in next paper of this series. First, however, we will cover how to define partitions and how to manage the tasks within them.

Partition Definition

Partitions typically are subsystems that perform specific functions, e.g. file systems, networking systems, etc. Application code can and should also be partitioned, of course. In a new system, we would like to see as much application, middleware, and driver code put into umode partitions, as possible. (As previously noted, this is not likely to be practical for legacy systems.)

A partition must contain at least one main task. It may contain other helper tasks. When defining a new partition, it is a good idea to list all regions that the partition will need. This may reveal an MPU overflow problem. One technique to deal with MPU overflow is to divide the partition regions among the main task and one or more helper tasks. For example, a driver task might be created and assigned the IO regions along with others that it needs; a portal task might be created and assigned the portal regions along with others that it needs. This might allow the main task to fit the rest of the partition regions into the MPU for its operation.

This might be the standard solution for the MPU overflow problem, except that tasks are SRAM-hungry. A typical task has a 100-byte, or so, Task Control Block (TCB), it may require 500 bytes or more for its stack, and it may need other blocks of RAM, as well. For acceptable performance, these must all come from on-chip SRAM, which unfortunately is in short supply in most MCUs. Some RTOSs offer lightweight tasks, which might be sufficient for helper tasks. For example, TCBs might be of variable size, so a task that requires very few services could have a much smaller TCB. It is also possible that through careful design the stack could be whittled down to perhaps as little as 200 bytes (50 words).

Another type of lightweight task is the one-shot task. This type of task does not have an infinite loop in its code. Instead, when dispatched, it receives a stack from a stack pool, it runs straight through its code, and then it stops and returns the stack to the stack pool. This is possible because it has no need to store information between runs. One-shot tasks are a good fit for helper tasks. For example, the driver task, referred to above, need run only when a peripheral operation is required; the portal task need run only when a portal operation is required. With careful design, it can be assured that only one of these tasks, and possibly others, can run at a time. Also, tasks in different partitions can securely share stacks from the same stack pool. Consequently many tasks may be able to share just a few stacks. Thus a large amount of SRAM can be saved.

Parent/Child Tasks

There is a belief among some developers, that all tasks should be created during system initialization. This might improve security but it is not feasible in practice. For example, USB devices may be inserted or removed dynamically, and a task for each may be required by its class driver. Also there are USB controllers that can operate in either host mode or in device mode. Each requires its own set of tasks and code. Since tasks are SRAM-hungry, it is convenient to delete tasks for one mode and create tasks for the other mode when switching modes. It would surely ruin the professor’s experiment that is being run from a PC via USB to reboot in order to store some data on a thumb drive! So task deletion and creation must be done in situ.

There are many other cases where not allowing dynamic task creation and deletion would create severe implementation problems. It is not even acceptable to limit task operations to pmode, since USB stacks and similar code should be running in umode. On the other hand, allowing umode partitions to create, delete, and otherwise manipulate tasks does not seem like a good idea either.

The parent/child task concept shown in Fig. 3 provides a solution to this conundrum.


Figure 3: Parent/Child Tasks (Source: Author)

The basic principle is that a child task cannot do anything that its parent cannot do. Hence, the child task inherits all limitations (e.g. interrupt access and service call permissions) from its parent. In addition, it is limited to drawing its regions from the partition regions (shown as Partition Template in Fig 3), and it will likely have only a subset of its parent’s regions. A parent task can create or delete a child task; it can start it, stop it, and perform certain other task operations on it. A child task can also be a parent of its own child tasks. However, it cannot perform task operations on its parent, siblings, nor their children. From a security point of view, child tasks are no more than extensions of their parents.

It should be noted that partition main tasks are normally created in pmode and initially run in pmode because it is easier that way to initialize their partitions. Then main tasks restart themselves in umode and possibly go on to spawn child tasks and to complete the partition initialization in umode.

ptasks vs utasks

utasks provide a higher level of security than ptasks because the MPU cannot be changed from umode. In pmode, a hacker is only one instruction away from turning off the MPU and taking control of the system. However, ptasks have equal reliability protection to utasks, and it is not always possible to implement mission-critical functions in umode due to its lower performance and restrictions. In particular, all ptasks have sys_code and sys_data regions, which allow them to make direct, unfiltered calls for system services. As shown earlier in Figure 2, utasks must use the SWI mechanism for system services, which is much slower and more restrictive (services which could cause system damage are not permitted). In addition, interrupts cannot be disabled nor enabled from umode, which is essential for some low-level code.

Therefore, the importance of ptasks should not be overlooked. In fact, if all vulnerable partitions have been put into umode, then the pmode barrier should provide adequate protection from hacking for ptasks.

Conclusion

We have examined the need for and the advantages of partitioning embedded system software. In addition, we have explored the uses of pmode and umode and the relationship of tasks to partitions. However, this is only part of the story. In the next article in this series, we will examine strategies and techniques to effectively manage MPUs and present solutions to the MPU overflow problem.

References

  1. Jean Labrosse, “Using A Memory Protection Unit With An RTOS”, embeddedcomputing.com, May 2018.
  2. Ralph Moore, “Is Your Thing in Danger?”, smxrtos.com/securesmx, March 2021.
  3. Ralph Moore, “Where’s The Gold?”, smxrtos.com/securesmx, April 2021.
Ralph Moore is a graduate of Caltech. He and a partner started Micro Digital Inc. in 1975 as one of the first microprocessor design services. In 1989 Ralph decided to get into the RTOS business and he architected the smx RTOS kernel. After 20 years of selling Micro Digital products and managing the business, he went back into product development. Currently he does the whole job from product definition, architecture, design, coding, debug, documentation, patenting, to promotion. Recent products include eheap, SecureSMX, and FRPort. Ralph has three children and six grandchildren and lives in Southern California..

Related Contents:

For more Embedded, subscribe to Embedded’s weekly email newsletter.

The post Achieving full MCU partition isolation: Fundamentals appeared first on Embedded.com.

>>>


TI’s AM64x powers three modules and two new HummingBoard SBCs

2021-06-18 01:11 LinuxGizmos Eric Brown

TQ’s TQMa64xx, Phytec’s phyCore-AM64X, and SolidRun’s AM64x SOM modules run Linux on TI’s new FuSa-enabled Sitara AM64x with up to 6x GbE, 4x of which support TSN and fieldbus. The AM64x SOM also powers two new HummingBoard-T SBCs. Yesterday, we explored Texas Instruments’ new functional safety (FuSa) oriented Sitara AM64x SoC along with a pair […]

>>>


Screwing The Tax-Payer

2021-06-18 01:06 ElectronicsWeekly David Manners

There’s nothing so venal as politicians chasing funding. In a comical statement in pursuit of a 25% tax break for chip manufacturers a US senator said yesterday: “The United States can’t allow foreign governments to continue to lure companies’ manufacturing overseas, increasing risks to our economy and costing American workers good-paying jobs.” 25 years ago, ...

This story continues at Screwing The Tax-Payer

Or just read more coverage at Electronics Weekly

>>>


Raspberry Pi CM4 based controller offers isolated serial and DIO

2021-06-17 18:50 LinuxGizmos Eric Brown

OpenEmbed’s $159-and-up “EdgeBox-RPI4” industrial controller builds on the Raspberry Pi CM4 with GbE, optional WiFi/BT, HDMI 2.0, 2x USB, isolated RS485 and DIO and M.2 and mini-PCIe for NVMe and 4G. OpenEmbed, which has introduced products such as the RK3399-based em3399 module and emPAC-RK3399-EVB eval board, has launched a compact, semi-rugged edge controller and IoT […]

>>>


Siemens acquires Supplyframe for a ‘digital transformation’

2021-06-17 17:42 ElectronicsWeekly Caroline Hayes

The recent component shortage has highlighted the fragility of current supply chains, asserted Siemens, as it announced the acquisition of electronics Design-to-Source platform, Supplyframe. The transaction is expected to close at the end of this financial year. The acquisition is part of Siemens’ digital transformation said AJ Incorvaia, senior vice president, Siemens Digital Industries Software, Electronic ...

This story continues at Siemens acquires Supplyframe for a ‘digital transformation’

Or just read more coverage at Electronics Weekly

>>>


One I missed: Power Profiler Kit II from Nordic Semiconductor

2021-06-17 17:39 ElectronicsWeekly Steve Bush

I was watching Andeas Spiess‘ excellent embedded devices YouTube channel – which mostly assesses modules that are available for controlling, powering and sensing MCU-based maker projects. And he took a look as something think I should have known about: Nordic Semiconductor’s Power Profiler Kit II. Numbered nRF-PPK2, this is a combination of a handy pcb and computer ...

This story continues at One I missed: Power Profiler Kit II from Nordic Semiconductor

Or just read more coverage at Electronics Weekly

>>>