back to article Inside Qualcomm's Snapdragon 845 for PCs, mobes: Cortex-A75s, fat caches, vector math, security stuff, and more

Qualcomm's flagship Snapdragon 845 system-on-chip will include an isolated security core for handling sensitive personal information, among other new features. The California chip designer showed off its upcoming 845 component at a tech summit in Hawaii on Wednesday, promising the silicon will power 2018's high-end Android …

Silver badge

The more mystery there is surrounding its mechanisms, the less information is out there for hackers to exploit, is their thinking.

Security through obscurity. Works fantastic you know, especially in a management component/trust zone anchor. Just look how well did it work for Intel vPro.

32
1

Obscurity Optional (but fails)

Check this guy - he pulls apart the x86 instruction set from the inside out. Really lovely technique, well thought out. Eventually he finds stuff that can kill a CPU stone dead. Nice! Well worth 45 minutes of time. Gotta say, my inner nerd is envious I didn't get to do this job!

https://www.youtube.com/watch?v=KrksBdWcZgQ

3
0

I agree, security through obscurity is not security. It's like hiding your cash under the mattress.

It is, however, a potential delaying tactic and can work well when paired with good security practices throughout. If few specifics are released, it could add a large time buffer between release and hackers finding an attack vector. If the underlying system is very secure, too, the system could well be past it's expected lifespan before an attack is formed.

It's pretty much like having a hidden safe: Before anyone can even try to break in to it, they have to find it.

That said, there's also the flip side. If details are released, white hats have a better chance of finding any holes before black hats do, which would allow Qually to fix them before an attack is available for use.

13
0
Silver badge

Security through obscurity

Come on, Kerckhoff didn't get round to that principle until the late 19th century, you have to wait a while for these things to filter through to the latest technology

1
0

Re: Obscurity Optional (but fails)

Dear oh Lor - that is one clever guy. I loved the page fault technique, that was *really* impressive thinking.

2
0
Anonymous Coward

"It's like hiding your cash under the mattress."

Shirley you mean "hiding your cache under the mattress"...

1
0
Bronze badge

It's pretty much like having a hidden safe: Before anyone can even try to break in to it, they have to find it.

Having a hidden safe and telling people you have a hidden safe filled with goodies inside your house defeats the point of having a hidden safe. The primary 'obfuscation' in this case is not letting people know you even have one.

However letting people know you have a safe worth looking for, and a narrow search zone - your house - to find it in has just blown 80% of the security - obfuscation - you are depending on.

Letting people know this secure processor exists is the same as letting people know you have a hidden safe. At this point you can no longer rely on obfuscation, you have to rely on the strength of the security - quality of the manufacture, strength of the walls, hinges, door, locking mechanism, unlocking mechanism. Therefore once the cat is out of the bag about the secure processor, there will be people actively trying to break it, therefore you now must rely on the strength of the security on the processor - no bugs in its firmware, no programmatic attack vectors from the main processors or I/O (can you access it via the USB port? If it's firmware is upgrade-able there must be some I/O channel that has access to it).

As a poster above stated, look how well relying on obfuscation - once it was known such a thing existed - worked for Intel.

2
0
Silver badge
FAIL

Delay is bad

... so lets say it takes 2 years to crack the secure CPU.

You now have millions of devices in the field, all vulnerable, and probably unpatchable. And we thought unpached landfill Android was bad....

1
0
Silver badge

According to the article, the secure processor is a black box to the VPU and vice versa. They don't even use the same physical memory, talking only through a single interface. If you can pwn a secure processor through a single interface port, you can probably pwn ANYTHING.

0
0
Silver badge

It's a nice problem to have but there is always something more powerful or cheaper just around the corner. When are the Snapdragon 855 powered phones and laptops coming?

1
0
Silver badge

For sure, there's always something faster around the corner. However, the processing requirements of user's evolving tasks over time isn't necessarily linear.

3
0
Silver badge

No, but the processing requirements for the OS and many programs seem to expand exponentially.

A bit of a segway but it does put Samsung getting full fat linux running on the S8 and Note8 into perspective. Maybe the S9 and Note9 with the 845 will boot into Android, Windows or Linux.

2
0
Silver badge

The issue is in part binary blob drivers from Qualcomm and other device manufacturers meeting the open source community's ethos.

4
0
Silver badge

Yay, yet another "secret" processor...

... running code from the people you trust the least, the CPU-vendor and the hardware vendor.

What could possibly go wrong? :)

13
0
Silver badge

Re: Yay, yet another "secret" processor...

Advantage Apple in a way I suppose then - the CPU vendor, hardware and OS vendor are all the same company so you only have to trust (or stay awake at night worrying about) one instead of three!

3
1
Anonymous Coward

I'm just not interested in CPUs/GPUs/chipsets that have MEs or "security features" that we have no access to. Patents and copy right exist to protect manufacturers ideas. They don't have to open source this software/firmware, although that would be great, but the software/firmware that makes it work should be available to the purchaser of said equipment to download, review, and compile if necessary.

7
0
Silver badge

Maybe it's time for a kickstarter campain...

... to design and build a simple SoC without any of the crap everyone hates.

Probably a RISC V architecture/instruction set, as that is free, then add a simple GPU, perhaps with some limited CPU cores to do accelerated graphics.

It wouldn't be the fastest SoC out there, but it could easily be the most secure one by miles.

6
2
Silver badge

Re: Maybe it's time for a kickstarter campain...

It likely wouldn't be very cheap or power-efficient, either. The development costs would be non-trivial, shared amongst a not-massive customer base. You would still want to audit the results - again, not a casual undertaking - so you might be better off with an existing SoC and auditing that. Also, your target market might ask themselves if they really need good graphics in their secure comms gadget. In the above steps, there is scope for human OpSec to be compromised or deliberately infiltrated - formal verification is possible for code but not human groups.

Organisations wanting security seem to be happy enough with Blackberry software running on iPhones.

4
0
Anonymous Coward

Re: Maybe it's time for a kickstarter campain...

There was a crowdfunding campaign last year for an ATX motherboard for IBM POWER8 processors.

On the other side of the spectrum are Chrombooks with ARM processors and a GPU which potentially can have Free software drivers, such as the Mali-T, and the reverse engineering efforts that could go into that. See: ASUS C201.

2
0
Silver badge

Re: Maybe it's time for a kickstarter campain...

... to design and build a simple SoC without any of the crap everyone hates.

Isn't that the sort of thing you could do on an FPGA these days? Might make development easier, though it won't do anything for the speed :-)

M.

2
0
Silver badge

Re: Maybe it's time for a kickstarter campain...

Not to mention power efficiency, which is a make-or-break issue with portable applications.

0
0
Chz

A75 sounds nice and all...

...but I'm really interested to see how A55 pans out. It's the first update to the "slow" cores in quite a long while. Given that cheaper devices will undoubtedly be using all-A55 SoCs, the performance will set a new standard for what to expect.

5
0
Silver badge

Impressive package

The 845's Spectra 280 image signal processor can capture Ultra HD Premium video: 4K resolution video at 60 frames per second, with 10bit-per-RGB-color and the Rec.2020 color gamut.

And that's just the GPU of a tiny chip that runs without a fan.

8
0
Silver badge

Re: Impressive package

Yeah, a possible bottleneck is actually NAND storage - it's far faster in some devices than in others.

4
0
Silver badge

Re: Impressive package

"And that's just the GPU of a tiny chip that runs without a fan."

What I would like to see with these things is a year number - the year in which the world's fastest supercomputer had about the same processing power.

Made difficult because nowadays these things have enormous numbers of CPUs, but a rough estimate in teraflops might be interesting.

6
0
Silver badge

RaspberryPi 4?

with as much cream as you want! And custard too.

And if Eben doesnt I hope someone else will - this would make a great maker device - RT music effects and everything!

3
0
Silver badge

Re: RaspberryPi 4?

The Raspberry Pi's went with a SoC vendor who was happy to provide them with open source drivers, IIRC.

1
2
Silver badge

Re: RaspberryPi 4?

who was happy to provide them with open source drivers, IIRC.

Doesn't sound like Broadcom (and that was before Silver Lake got involved). I thought that you had to register to download some of the codecs?

2
0
Bronze badge

Re: RaspberryPi 4?

They didnt.

Broadcom drivers were a binary blob.

2
0
Silver badge

Re: RaspberryPi 4?

The Raspberry Pi's went with a SoC vendor who was happy to provide them with open source drivers, IIRC.

No, they went with a SoC vendor with whom they already had a "good relationship" (Eben and Pete Lomas(?) worked for Broadcom) and who was willing to supply them with 10,000 of last-year's devices at pretty much bare-bones costs.

M.

5
0
Silver badge

Re: RaspberryPi 4?

That's due to MPEG-LA who hold MPEG-related patents.

1
0
Silver badge

Re: RaspberryPi 4?

When the SOC for the Pi was chosen, it was all binary blobs on the GPU side. Broadcom later opened everything up under user pressure and full kudos to them for doing so.

0
0
Silver badge

Without details on what prices we can expect devices containing this chip will retail at compared to a similar specification ones with Intel or AMD CPUs so it hard to judge if i would want one yet.

If the prices are significantly lower and the battery life much better then i would sacrifice some performance when running X86 code for the price/power consumption benefits. Well as long as i can install Linux on it and dual boot.

4
0
Silver badge

It's hard to tell without knowing your workload. My background is in mechanical CAD which once would have required quite a bit of grunt, but a lot of that functionality is available through a browser these days - and some jobs being far faster (rent a lot of cloud cores for a few minutes for a render job. Done locally, it'll take a while, slow my PC and drain the battery). If these ARM machines take off, then there'll be more incentive for 3rd party software Devs to create ARM compatible applications.

2
0
Anonymous Coward

Doesn't that also involve a lot of bandwidth, though, plus the matter of trust that no one will snoop on potential trade secrets?

0
0
Silver badge
Windows

Nice

I foresee a Windows 10 device using an 845 in my shopping basket sometime in 2018 after Windows 2016 has been compiled for native ARM.

0
5
Anonymous Coward

Qualcomm Snapdragons for PCs?

If using ARM instead of good old Intel/AMD chips entails getting locked to a walled garden (Windows 10S and the Microsoft Store), then I want no part of it.

If the OS vendor becomes the sole distributor and gatekeeper of what you can install, it really isn't a PC anymore, is it?

5
0

Nice article

Dear vulturetards, this was a good article, more of this please - feel free to go lower :)

Alec

4
1
Silver badge
Unhappy

What a shame

We should rejoice that perhaps the arm-lock that Intel has on the PC market might actually be loosened. However, it's Qualcomm.

Oh.

0
3
Silver badge

Re: What a shame

Call me when it can run Crysis at 1080p @ 60fps. THEN we can say it's caught up properly.

0
0
Bronze badge

Specialist processor for fingerprint and facial security

.. something that gets left all over fridges, desks, glasses, or posted onto facebook etc...

its the old "10 inch steel bank vault door on the front of a soggy cardboard box" security strategy. Again.

0
0
Silver badge

Re: Specialist processor for fingerprint and facial security

AGAIN, do you have any better ideas for people who can't remember a safe combination to save their lives?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017