Texas Instruments is to build a security platfom from UK chip designer ARM into its next-generation mobile processors, in the latest move to head off the threat of worms and hackers on smartphones and PDAs.
The collaboration between TI and ARM follows the introduction of hardware-based security in Intel's next-generation XScale handheld chips, and the recent discovery of the first mobile-phone virus. ARM's hardware security platform, called TrustZone, has the potential to become a widespread standard since ARM's processor cores power most mobile phones and newer handheld computers.
The increasing sophistication of mobile phones is opening the way to the types of problems already plaguing Internet-connected PCs, according to industry observers - with the difference that a virus-induced wireless network outage could potentially be much more serious than a crashed PC.
"As devices become more powerful and capable of executing a wider range of functions and applications, the need for security increases," said John Cornish, director of product marketing at ARM. "For a large wireless network, a virus sweeping across clients and causing a disruption would have an enormous cost for the network operator and for the customers." Other major security issues include handset theft and content piracy.
For the solution, mobile chipmakers are turning to hardware-based security, a concept pioneered in the PC world with Microsoft's Next Generation Secure Code Base (NGSCB), formerly known as Palladium. Schemes put forward by Intel, the Open Mobile Alliance, TI and ARM all create a protected portion of memory separated from the rest of the processor, where applications can be verified and then run securely. "It creates a sandbox isolated from the other software, and prevents the possibility of interference between the two areas," said Cornish.
TI is to integrate ARM's take on hardware security, called TrustZone, into its OMAP family of mobile processors by licensing ARM's ARM1176JZF-S core, one of two cores that currently include TrustZone, TI said last week. TI has been using its own hardware security features in OMAP for the past year and a half, but TrustZone will extend what the chips can do, and will also potentially offer a standardised way for software makers to hook into hardware security. The features can be extended into peripherals and external memory, ARM said.
Key will be getting other chipmakers, software makers and content providers to sign up for TrustZone, but ARM believes it has the market clout to pull this off. The company said it has been working with major hardware and software developers since TrustZone's early days. "Because of the strength of the ARM architecture, we're able to work with other third parties at a very early stage, because they know this technology will be deployed in a lot of devices over the next couple of years," said Cornish.
He said the 1176JZ-S and 1176JZF-S cores, which both incorporate TrustZone, are becoming the processor of choice for next-generation mobile devices. Most major mobile chipmakers, including Intel, Motorola and TI, license ARM cores as an alternative to carrying out their own costly research and development work. Newer Palm and Pocket PC handhelds both rely on ARM-based chips. The first TrustZone-enabled OMAP chips are expected to appear in another 18 to 24 months, TI said.
Intel began pushing its own hardware security system with the introduction of its latest XScale family, the PXA27x, in April. The first chip, the PXA270, formerly code-named "Bulverde", introduced a security subsystem called the Wireless Trusted Platform, to be included in all PXA27x processors. The system consists of a programmable random number generator, secure memory for storing passwords and cryptographic keys and 32KB of trusted ROM that checks for unauthorised code in the system software. The new chip allows VPN functions to be carried out in the protected portion of the chip.
Intel's Wireless Trusted Platform is designed to be compatible with the Open Mobile Alliance's Digital Rights Management (OMA-DRM), an anti-piracy specification introduced in February and backed by players such as mm02, Nokia, Panasonic, RealNetworks, Samsung and Warner Bros. Nokia, Motorola, Sony Ericsson and Siemens already make several dozen handsets that use an early version of OMA-DRM. Microsoft, for its part, is sticking with its Windows Media DRM.
ARM said TrustZone is not necessarily incompatible with these security systems, and could be used with features such as VPN and digital rights management. "It is a very general technology with broad applicability. It brings the benefits of standardisation," said ARM's Cornish. "Everybody is working to address the same set of problems. From the end user perspective, the important thing is that they are addressed effectively."