Intel has continued the march down the Moore's Law path moving to a 32-nm process node, and now embedded designers have access to those processors based on the Westmere microarchitecture. Westmere continues along the Nehalem microarchitecture path adding a number of enhancements including the new Intel® AES Instructions that add hardware encryption support. The new instructions will enhance performance and security in applications such as medical, communications and military and aerospace. Moreover, hardware and software partners such as Emerson Network Power Embedded Computing* and LynuxWorks** are already supporting the new architecture.
Intel brought the Westmere architecture to embedded designers back in January including the Intel® Core i7, i5, and i3 families. The 32-nm process affords advantages in performance and power consumption, and allowed Intel to integrate more features on chip. For instance, these new processors integrate graphics support and ECC memory error correction. For more details, check out the blog post focused on the family done recently by my colleague Kenton Williston.
I want to focus this post on the advancements in encryption and the fact that engineers can use these new processors to deliver systems with superior performance and data security. Let's start with a look at the AES New Instructions. AES (Advanced Encryption Standard) is the primary block cipher scheme used in the industry for data encryption and decryption.
The six new instructions allow system designers to leverage full hardware support for AES – boosting performance relative to prior software implementations of AES. Four of the instructions implement encryption and decryption functions. The other two support AES key expansion.
In addition to performance improvements, the new instructions both reduce code size and result in improved data security. The hardware implementation eliminates the timing and cache-based security attacks that have succeeded in compromising table-based software AES implementations. Intel has an excellent white paper that details the instructions, provides AES background information, and provides guidelines to secure, high-performance AES implementations.
Designers already have a range of hardware choices that can jumpstart embedded systems applications. For instance, Emerson offers the i7 processor on a range of hardware platforms that can match a variety of form factors and ranging reliability requirements such as rugged environments.
For space-constrained applications, Emerson offers the i7 and i5 processors on Type 6 COM Express modules that feature a miniature 95x125-mm footprint. Still the modules include space for 8 Gbytes of DDR3 memory, along with an array of PCI Express, SATA, and USB ports.
The MATXM-CORE-411-B is a slightly larger MicroATX design that can host i7 variants at clock speeds up to 2.66 GHz. The board includes a PCI Express Mini Card socket than can host add-ons such as a Wi-Fi or WiMAX wireless module.
Emerson offers the i7 on a 6U VMEbus board for the most demanding mechanical environments. The iVME7210 integrates the Intel® QM57 Express chipset along with as much as 8 Gbytes of DDR3 memory, and 256 kbytes of non-volatile FeRAM (Ferroelectric Random Access Memory. The board also includes a DVI (Digital Visual Interface) port for high-end graphics support.
For secure system designs, engineers can leverage a variety of features integrated into both the i7 processor and the Emerson board. In addition to the processor's AES instructions, Emerson includes a TPM (Trusted Platform Module) security device designed in accordance with the TPM specification developed by the Trusted Computing Group. TPM implementations securely store cryptographic keys.
Software also comes into play when security is a focus. And a number of operating-system vendors have been quick to support the Westmere family of processors. Specifically for secure system designs, LynuxWorks has announced that its LynxSecure separation kernel will support the i7 family.
LynxSecure allows multiple guest operating systems to run simultaneously on one processor – each in a virtual partition. The technology allows non-secure functions such as a user interface to run in one partition while maintaining absolute data security in critical partitions that might for instance process critical medical data. See this prior blog post for more information on separation kernels.
Have you had the chance to take the new i7 architecture for a spin? How do you plan to use the AES Instructions. Please share your experience via a comment with other followers of the Intel® Embedded Community.
Roving Reporter (Intel Contractor)
Intel® Embedded Alliance
*Emerson Network Power Embedded Computing is a Premier Member of the Intel® Embedded Alliance
**LynuxWorks is an Affiliate Member of The Alliance.